--- # ================================================================= # Valkey Infrastructure Role - Simplified Configuration # ================================================================= # Provides Valkey (Redis-compatible) as shared infrastructure for applications # Applications manage their own Valkey database selections and usage # ================================================================= # Essential Configuration # ================================================================= # Service Management valkey_service_enabled: true valkey_service_state: "started" # Network Security (localhost only - matches PostgreSQL pattern) valkey_bind: "127.0.0.1" valkey_port: 6379 valkey_protected_mode: true # Unix Socket Configuration valkey_unix_socket_enabled: true valkey_unix_socket_path: "/var/run/valkey/valkey.sock" valkey_unix_socket_perm: "770" # Authentication valkey_requirepass: "{{ vault_valkey_password }}" # ================================================================= # Performance Settings (Conservative Defaults) # ================================================================= # Memory Management valkey_maxmemory: "256mb" valkey_maxmemory_policy: "allkeys-lru" # Persistence (balanced approach) valkey_save_enabled: true valkey_save_intervals: - "900 1" # Save if 1 key changed in 900s - "300 10" # Save if 10 keys changed in 300s - "60 10000" # Save if 10000 keys changed in 60s # RDB and AOF settings valkey_rdbcompression: true valkey_rdbchecksum: true valkey_appendonly: false # RDB only for simplicity # ================================================================= # Security Configuration # ================================================================= # Systemd security hardening valkey_systemd_security: true # Valkey security settings valkey_timeout: 300 valkey_tcp_keepalive: 300 valkey_tcp_backlog: 511 # ================================================================= # Database Configuration # ================================================================= # Database allocation for applications # Applications should use different database numbers: # - authentik: database 1 # - nextcloud: database 2 # - future services: database 3, 4, etc. valkey_databases: 16 # ================================================================= # Logging Configuration # ================================================================= valkey_loglevel: "notice" valkey_syslog_enabled: true valkey_syslog_ident: "valkey" # ================================================================= # Infrastructure Notes # ================================================================= # This role provides minimal Valkey infrastructure # Applications should configure their own Valkey usage: # # Environment variables in application configs: # - VALKEY_HOST: "{{ ansible_default_ipv4.address }}" or "127.0.0.1" # - VALKEY_PORT: "6379" # - VALKEY_PASSWORD: "{{ vault_valkey_password }}" # - VALKEY_DB: "1" (or 2, 3, etc. - unique per application) # # Note: Applications can also use REDIS_* environment variables # for compatibility since Valkey is fully Redis-compatible