# DAARION Network - Global Variables
# These variables apply to all hosts

# =============================================================================
# SECURITY
# =============================================================================
security_packages:
  - fail2ban
  - ufw
  - auditd
  - rkhunter
  - unattended-upgrades
  - ca-certificates

# Firewall - allowed ports (in addition to SSH)
firewall_allowed_tcp_ports:
  - 6443   # K3s API
  - 10250  # Kubelet
  - 8200   # Vault
  - 8500   # Consul HTTP
  - 8600   # Consul DNS
  - 9090   # Prometheus
  - 3000   # Grafana
  - 5432   # PostgreSQL

firewall_allowed_outgoing:
  - { port: 53, proto: udp }    # DNS
  - { port: 80, proto: tcp }    # HTTP
  - { port: 443, proto: tcp }   # HTTPS
  - { port: 123, proto: udp }   # NTP

# Blocked networks (internal/private)
firewall_blocked_networks:
  - 10.0.0.0/8
  - 172.16.0.0/12

# =============================================================================
# DOCKER
# =============================================================================
docker_users:
  - "{{ ansible_user }}"

docker_daemon_options:
  storage-driver: "overlay2"
  log-driver: "json-file"
  log-opts:
    max-size: "100m"
    max-file: "3"

# =============================================================================
# K3S / KUBERNETES
# =============================================================================
k3s_version: "v1.29.0+k3s1"
k3s_disable:
  - traefik
  - servicelb

# =============================================================================
# VAULT
# =============================================================================
vault_version: "1.15.4"
vault_addr: "http://node1:8200"
vault_data_dir: "/opt/vault/data"

# =============================================================================
# CONSUL
# =============================================================================
consul_version: "1.17.1"
consul_data_dir: "/opt/consul/data"
consul_enable_connect: true

# =============================================================================
# OBSERVABILITY
# =============================================================================
prometheus_retention: "30d"
prometheus_storage_size: "50Gi"
loki_retention: "168h"  # 7 days
tempo_retention: "168h"  # 7 days

# =============================================================================
# POSTGRESQL
# =============================================================================
postgres_image: "postgres@sha256:23e88eb049fd5d54894d70100df61d38a49ed97909263f79d4ff4c30a5d5fca2"
postgres_user: "daarion"
postgres_db: "daarion_main"

# =============================================================================
# PATHS
# =============================================================================
scripts_dir: "/opt/scripts"
config_dir: "/opt/config"
logs_dir: "/var/log/daarion"
backup_dir: "/opt/backups"