rick-infra/host_vars/arch-vps/main.yml

---
# =================================================================
# Production Configuration for arch-vps (jnss.me)
# =================================================================

# =================================================================
# TLS Configuration - Production Setup
# =================================================================
caddy_tls_enabled: true
caddy_domain: "jnss.me"
caddy_tls_email: "{{ vault_caddy_tls_email }}"

# DNS Challenge Configuration (Cloudflare)
caddy_dns_provider: "cloudflare"
cloudflare_api_token: "{{ vault_cloudflare_api_token }}"

# Production Let's Encrypt CA
caddy_acme_ca: "https://acme-v02.api.letsencrypt.org/directory"

# =================================================================
# API Service Registration Configuration
# =================================================================
# Services now self-register using Caddy's admin API
caddy_api_enabled: true
caddy_server_name: "main"

# =================================================================
# Sigvild Gallery Configuration
# =================================================================
sigvild_gallery_frontend_domain: "sigvild.no"
sigvild_gallery_api_domain: "api.sigvild.no"

sigvild_gallery_local_project_path: "~/sigvild-gallery/"

# Backup configuration
sigvild_gallery_backup_enabled: true
sigvild_gallery_backup_local_path: "~/sigvild-gallery-backup/"

# Vault-encrypted passwords (create with ansible-vault)
sigvild_gallery_pb_su_email: "{{ vault_pb_su_email}}"
sigvild_gallery_pb_su_password: "{{ vault_pb_su_password}}"
sigvild_gallery_host_password: "{{ vault_sigvild_host_password }}"
sigvild_gallery_guest_password: "{{ vault_sigvild_guest_password }}"

# =================================================================
# Authentik Configuration
# =================================================================
authentik_domain: "auth.jnss.me"

# Database configuration
authentik_db_name: "authentik"
authentik_db_user: "authentik" 
authentik_db_password: "{{ vault_authentik_db_password }}"

# Cache configuration  
authentik_valkey_db: 1

# Core configuration
authentik_secret_key: "{{ vault_authentik_secret_key }}"
authentik_default_admin_email: "admin@jnss.me"
authentik_default_admin_password: "{{ vault_authentik_admin_password }}"

# Service configuration
authentik_service_enabled: true
authentik_service_state: "started"

# Infrastructure socket configuration
postgresql_unix_socket_enabled: true
postgresql_listen_addresses: ""  # Socket-only mode (no TCP)
valkey_unix_socket_enabled: true

# =================================================================
# Nextcloud Configuration
# =================================================================
nextcloud_domain: "cloud.jnss.me"

# Database configuration
nextcloud_db_name: "nextcloud"
nextcloud_db_user: "nextcloud"
nextcloud_db_password: "{{ vault_nextcloud_db_password }}"

# Cache configuration
nextcloud_valkey_db: 2  # Authentik uses 1

# Admin configuration
nextcloud_admin_user: "admin"
nextcloud_admin_password: "{{ vault_nextcloud_admin_password }}"

# Service configuration
nextcloud_service_enabled: true
nextcloud_service_state: "started"

# =================================================================
# Security & Logging
# =================================================================
caddy_log_level: "INFO"
caddy_log_format: "json"
caddy_systemd_security: true