88 lines
2.9 KiB
YAML
88 lines
2.9 KiB
YAML
---
|
|
# =================================================================
|
|
# Valkey Infrastructure Role - Simplified Configuration
|
|
# =================================================================
|
|
# Provides Valkey (Redis-compatible) as shared infrastructure for applications
|
|
# Applications manage their own Valkey database selections and usage
|
|
|
|
# =================================================================
|
|
# Essential Configuration
|
|
# =================================================================
|
|
|
|
# Service Management
|
|
valkey_service_enabled: true
|
|
valkey_service_state: "started"
|
|
|
|
# Network Security (localhost only - matches PostgreSQL pattern)
|
|
valkey_bind: "127.0.0.1"
|
|
valkey_port: 6379
|
|
valkey_protected_mode: true
|
|
|
|
# Authentication
|
|
valkey_password: "{{ vault_valkey_password }}"
|
|
|
|
# =================================================================
|
|
# Performance Settings (Conservative Defaults)
|
|
# =================================================================
|
|
|
|
# Memory Management
|
|
valkey_maxmemory: "256mb"
|
|
valkey_maxmemory_policy: "allkeys-lru"
|
|
|
|
# Persistence (balanced approach)
|
|
valkey_save_enabled: true
|
|
valkey_save_intervals:
|
|
- "900 1" # Save if 1 key changed in 900s
|
|
- "300 10" # Save if 10 keys changed in 300s
|
|
- "60 10000" # Save if 10000 keys changed in 60s
|
|
|
|
# RDB and AOF settings
|
|
valkey_rdbcompression: true
|
|
valkey_rdbchecksum: true
|
|
valkey_appendonly: false # RDB only for simplicity
|
|
|
|
# =================================================================
|
|
# Security Configuration
|
|
# =================================================================
|
|
|
|
# Security hardening is now built into the custom service file
|
|
|
|
# Valkey security settings
|
|
valkey_timeout: 300
|
|
valkey_tcp_keepalive: 300
|
|
valkey_tcp_backlog: 511
|
|
|
|
# =================================================================
|
|
# Database Configuration
|
|
# =================================================================
|
|
|
|
# Database allocation for applications
|
|
# Applications should use different database numbers:
|
|
# - authentik: database 1
|
|
# - nextcloud: database 2
|
|
# - future services: database 3, 4, etc.
|
|
valkey_databases: 16
|
|
|
|
# =================================================================
|
|
# Logging Configuration
|
|
# =================================================================
|
|
|
|
valkey_loglevel: "notice"
|
|
valkey_syslog_enabled: true
|
|
valkey_syslog_ident: "valkey"
|
|
|
|
# =================================================================
|
|
# Infrastructure Notes
|
|
# =================================================================
|
|
# This role provides minimal Valkey infrastructure
|
|
# Applications should configure their own Valkey usage:
|
|
#
|
|
# Environment variables in application configs:
|
|
# - VALKEY_HOST: "{{ ansible_default_ipv4.address }}" or "127.0.0.1"
|
|
# - VALKEY_PORT: "6379"
|
|
# - VALKEY_PASSWORD: "{{ vault_valkey_password }}"
|
|
# - VALKEY_DB: "1" (or 2, 3, etc. - unique per application)
|
|
#
|
|
# Note: Applications can also use REDIS_* environment variables
|
|
# for compatibility since Valkey is fully Redis-compatible
|