rick-infra/roles/valkey/defaults/main.yml

---
# =================================================================
# Valkey Infrastructure Role - Simplified Configuration  
# =================================================================
# Provides Valkey (Redis-compatible) as shared infrastructure for applications
# Applications manage their own Valkey database selections and usage

# =================================================================
# Essential Configuration
# =================================================================

# Service Management
valkey_service_enabled: true
valkey_service_state: "started"

# Network Security (Unix socket only - no TCP)
valkey_bind: ""  # Disable TCP, socket-only mode
valkey_port: 0  # Disable TCP port
valkey_protected_mode: false  # Not needed for socket-only mode

# Unix Socket Configuration
valkey_unix_socket_enabled: true
valkey_unix_socket_path: "/var/run/valkey/valkey.sock"
valkey_unix_socket_perm: "770"

# Group-Based Access Control
valkey_client_group: "valkey-clients"
valkey_client_group_create: true

# Authentication
valkey_password: "{{ vault_valkey_password }}"

# =================================================================
# Performance Settings (Conservative Defaults)
# =================================================================

# Memory Management
valkey_maxmemory: "256mb"
valkey_maxmemory_policy: "allkeys-lru"

# Persistence (balanced approach)
valkey_save_enabled: true
valkey_save_intervals:
  - "900 1"     # Save if 1 key changed in 900s
  - "300 10"    # Save if 10 keys changed in 300s  
  - "60 10000"  # Save if 10000 keys changed in 60s

# RDB and AOF settings
valkey_rdbcompression: true
valkey_rdbchecksum: true
valkey_appendonly: false  # RDB only for simplicity

# =================================================================
# Security Configuration
# =================================================================
valkey_timeout: 300
valkey_tcp_keepalive: 300
valkey_tcp_backlog: 511

# =================================================================
# Database Configuration
# =================================================================

# Database allocation for applications
# Applications should use different database numbers:
# - authentik: database 1
# - nextcloud: database 2
# - future services: database 3, 4, etc.
valkey_databases: 16

# =================================================================
# Logging Configuration  
# =================================================================

valkey_loglevel: "notice"
valkey_syslog_enabled: true
valkey_syslog_ident: "valkey"

# =================================================================
# Infrastructure Notes
# =================================================================
# This role provides minimal Valkey infrastructure
# Applications should configure their own Valkey usage:
#
# Environment variables in application configs:
# - VALKEY_HOST: "{{ ansible_default_ipv4.address }}" or "127.0.0.1"  
# - VALKEY_PORT: "6379"
# - VALKEY_PASSWORD: "{{ vault_valkey_password }}"
# - VALKEY_DB: "1" (or 2, 3, etc. - unique per application)
#
# Note: Applications can also use REDIS_* environment variables
# for compatibility since Valkey is fully Redis-compatible