joakim/rick-infra
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
b3c3fe5c56306d96dcef4a0236f6aeb68e75d1a4
rick-infra/roles/valkey/defaults/main.yml
Joakim b3c3fe5c56 Merge authentik-quadlet-fix: Integrate working authentik implementation 
Merge completed authentik Quadlet implementation that resolves all deployment
issues and enables external HTTPS access. This brings the working solution
developed and tested on authentik-quadlet-fix branch into main.

All systemd services now generate correctly and authentik is fully operational
at https://auth.jnss.me with proper SSL termination via Caddy.
2025-12-04 19:43:36 +01:00

97 lines
3.4 KiB
YAML
Raw Blame History

---
# =================================================================
# Valkey Infrastructure Role - Simplified Configuration
# =================================================================
# Provides Valkey (Redis-compatible) as shared infrastructure for applications
# Applications manage their own Valkey database selections and usage
# =================================================================
# Essential Configuration
# =================================================================
# Service Management
valkey_service_enabled: true
valkey_service_state: "started"
# Network Security (Unix socket with localhost TCP for compatibility)
valkey_bind: "127.0.0.1" # Listen on localhost for apps that don't support Unix sockets
valkey_port: 6379 # Keep TCP port for compatibility
valkey_protected_mode: true # Enable protection for TCP
# Unix socket configuration (also enabled for better performance)
valkey_unixsocket: "/run/valkey/valkey.sock"
valkey_unixsocketperm: 777 # Allows container access
# Unix Socket Configuration
valkey_unix_socket_enabled: true
valkey_unix_socket_path: "/var/run/valkey/valkey.sock"
valkey_unix_socket_perm: "770"
# Authentication
valkey_password: "{{ vault_valkey_password }}"
# =================================================================
# Performance Settings (Conservative Defaults)
# =================================================================
# Memory Management
valkey_maxmemory: "256mb"
valkey_maxmemory_policy: "allkeys-lru"
# Persistence (balanced approach)
valkey_save_enabled: true
valkey_save_intervals:
- "900 1" # Save if 1 key changed in 900s
- "300 10" # Save if 10 keys changed in 300s
- "60 10000" # Save if 10000 keys changed in 60s
# RDB and AOF settings
valkey_rdbcompression: true
valkey_rdbchecksum: true
valkey_appendonly: false # RDB only for simplicity
# =================================================================
# Security Configuration
# =================================================================
# Security hardening is now built into the custom service file
# Valkey security settings
valkey_timeout: 300
valkey_tcp_keepalive: 300
valkey_tcp_backlog: 511
# =================================================================
# Database Configuration
# =================================================================
# Database allocation for applications
# Applications should use different database numbers:
# - authentik: database 1
# - nextcloud: database 2
# - future services: database 3, 4, etc.
valkey_databases: 16
# =================================================================
# Logging Configuration
# =================================================================
valkey_loglevel: "notice"
valkey_syslog_enabled: true
valkey_syslog_ident: "valkey"
# =================================================================
# Infrastructure Notes
# =================================================================
# This role provides minimal Valkey infrastructure
# Applications should configure their own Valkey usage:
#
# Environment variables in application configs:
# - VALKEY_HOST: "{{ ansible_default_ipv4.address }}" or "127.0.0.1"
# - VALKEY_PORT: "6379"
# - VALKEY_PASSWORD: "{{ vault_valkey_password }}"
# - VALKEY_DB: "1" (or 2, 3, etc. - unique per application)
#
# Note: Applications can also use REDIS_* environment variables
# for compatibility since Valkey is fully Redis-compatible
Reference in New Issue View Git Blame Copy Permalink