ansible_become_password: "{{ vault_root_pass }}"
ansible_host: "{{ vault_ansible_host }}"
ansible_user: "{{ vault_ssh_user }}"

security_firewall_mangle_drop_privatenets: false
security_firewall_mangle_policy_forward: accept
security_firewall_filter_policy_forward: accept

k3s_cluster_name: internal
k3s_cluster_role: server
k3s_cluster_ip: "{{ vault_cluster_ip }}"

mariadb_server_root_password: "{{ vault_mariadb_server_root_password }}"
mariadb_server_run_custom_sql: true
mariadb_server_custom_sql: "{{ vault_mariadb_server_custom_sql }}"
mariadb_server_bind_addresses: "{{ vault_mariadb_server_bind_addresses }}"

postgresql_server_run_custom_sql: true
postgresql_nft_allowed_ingress_list: '{{ vault_postgresql_nft_allowed_ingress_list }}'
postgresql_server_custom_sql: "{{ vault_postgresql_server_custom_sql }}"
postgresql_server_bind_addresses: "{{ vault_postgresql_server_bind_addresses }}"
postgresql_server_databases_list:
  - name: '{{ vault_invidious_pg_dbname }}'
  - name: '{{ vault_opentofu_pg_dbname }}'
postgresql_server_accounts_list:
  - name: '{{ vault_invidious_pg_user }}'
    password: '{{ vault_invidious_pg_password }}'
  - name: '{{ vault_opentofu_pg_user }}'
    password: '{{ vault_opentofu_pg_password }}'
postgresql_server_hba_conf_list:
  - address: '10.42.0.0/16'
    databases:
      - '{{ vault_invidious_pg_dbname }}'
    contype: hostssl
    method: scram-sha-256
    users:
      - '{{ vault_invidious_pg_user }}'
  - address: '{{ vault_provider_geopoiesis }}/32'
    databases:
      - '{{ vault_opentofu_pg_dbname }}'
    contype: hostssl
    method: scram-sha-256
    users:
      - '{{ vault_opentofu_pg_user }}'
  - address: '{{ vault_provider_unobtainium }}/32'
    databases:
      - '{{ vault_opentofu_pg_dbname }}'
    contype: hostssl
    method: scram-sha-256
    users:
      - '{{ vault_opentofu_pg_user }}'
  - address: '{{ vault_provider_unsepttrium }}/32'
    databases:
      - '{{ vault_opentofu_pg_dbname }}'
    contype: hostssl
    method: scram-sha-256
    users:
      - '{{ vault_opentofu_pg_user }}'

k3s_cluster_helm_customizations:
k3s_cluster_additional_helm_charts:
  - release_name: redis
    release_namespace: default
    chart_ref: 'oci://registry-1.docker.io/bitnamicharts/redis'
    chart_version: '^18'
    values:
      replica:
        replicaCount: 1

k3s_cluster_additional_tf_resources:
  - name: Invoice Ninja
    git_repository: 'https://gitlab.0x2a.ninja/flowtech/oss/invoice-ninja.git'
    git_revision: 0.0.8
    terraform_dir: 'terraform'
    tfvars_content: '{{ vault_invoice_ninja_tfvars }}'
    backend_override: |-
      terraform {
        backend "pg" {}
      }
    backend_env:
      PGHOST: '{{ vault_ansible_host }}'
      PGDATABASE: '{{ vault_opentofu_pg_dbname }}'
      PGUSER: '{{ vault_opentofu_pg_user }}'
      PGPASSWORD: '{{ vault_opentofu_pg_password }}'

hc_vault_server_tls_cert_data: '{{ vault_hc_vault_server_tls_cert_data }}'
hc_vault_server_tls_key_data: '{{ vault_hc_vault_server_tls_key_data }}'
hc_vault_initialize: true