joakim/rick-infra
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
9e570ac2a3b62c0b6870a786fa9a567683cb140e
rick-infra/roles/valkey/defaults/main.yml
Joakim 0507e3291d Fix: Update authentik Caddy template to use HTTP backend 
- Change reverse_proxy from https:// to http:// backend
- Use authentik_http_port instead of authentik_https_port
- Remove unnecessary TLS transport configuration
- Remove health check for non-existent endpoint

This aligns the Ansible template with the working configuration
where authentik only serves HTTP internally and Caddy handles SSL.
2025-12-07 16:45:42 +01:00

93 lines
3.3 KiB
YAML
Raw Blame History

---
# =================================================================
# Valkey Infrastructure Role - Simplified Configuration
# =================================================================
# Provides Valkey (Redis-compatible) as shared infrastructure for applications
# Applications manage their own Valkey database selections and usage
# =================================================================
# Essential Configuration
# =================================================================
# Service Management
valkey_service_enabled: true
valkey_service_state: "started"
# Network Security (Unix socket with localhost TCP for compatibility)
valkey_bind: "127.0.0.1" # Listen on localhost for apps that don't support Unix sockets
valkey_port: 6379 # Keep TCP port for compatibility
valkey_protected_mode: true # Enable protection for TCP
# Unix socket configuration (also enabled for better performance)
valkey_unixsocket: "/run/valkey/valkey.sock"
valkey_unixsocketperm: 777 # Allows container access
# Unix Socket Configuration
valkey_unix_socket_enabled: true
valkey_unix_socket_path: "/var/run/valkey/valkey.sock"
valkey_unix_socket_perm: "770"
# Authentication
valkey_password: "{{ vault_valkey_password }}"
# =================================================================
# Performance Settings (Conservative Defaults)
# =================================================================
# Memory Management
valkey_maxmemory: "256mb"
valkey_maxmemory_policy: "allkeys-lru"
# Persistence (balanced approach)
valkey_save_enabled: true
valkey_save_intervals:
- "900 1" # Save if 1 key changed in 900s
- "300 10" # Save if 10 keys changed in 300s
- "60 10000" # Save if 10000 keys changed in 60s
# RDB and AOF settings
valkey_rdbcompression: true
valkey_rdbchecksum: true
valkey_appendonly: false # RDB only for simplicity
# =================================================================
# Security Configuration
# =================================================================
valkey_timeout: 300
valkey_tcp_keepalive: 300
valkey_tcp_backlog: 511
# =================================================================
# Database Configuration
# =================================================================
# Database allocation for applications
# Applications should use different database numbers:
# - authentik: database 1
# - nextcloud: database 2
# - future services: database 3, 4, etc.
valkey_databases: 16
# =================================================================
# Logging Configuration
# =================================================================
valkey_loglevel: "notice"
valkey_syslog_enabled: true
valkey_syslog_ident: "valkey"
# =================================================================
# Infrastructure Notes
# =================================================================
# This role provides minimal Valkey infrastructure
# Applications should configure their own Valkey usage:
#
# Environment variables in application configs:
# - VALKEY_HOST: "{{ ansible_default_ipv4.address }}" or "127.0.0.1"
# - VALKEY_PORT: "6379"
# - VALKEY_PASSWORD: "{{ vault_valkey_password }}"
# - VALKEY_DB: "1" (or 2, 3, etc. - unique per application)
#
# Note: Applications can also use REDIS_* environment variables
# for compatibility since Valkey is fully Redis-compatible
Reference in New Issue View Git Blame Copy Permalink