---
# Group variables for NetBox deployment
# These variables apply to all hosts in the netbox group

# System Update Configuration
system_update_reboot_if_needed: false
system_update_autoremove: true

# Docker Configuration
docker_users:
  - "{{ ansible_user }}"
docker_daemon_config:
  log-driver: "json-file"
  log-opts:
    max-size: "10m"
    max-file: "3"

# NetBox Configuration
netbox_install_dir: "/opt/netbox-docker"
netbox_backup_dir: "/opt/netbox-backups"
netbox_data_dir: "/opt/netbox-data"
netbox_repo_url: "https://github.com/netbox-community/netbox-docker.git"
netbox_repo_branch: "release"
netbox_repo_update: true

# Database Configuration
netbox_db_host: "postgres"
netbox_db_name: "netbox"
netbox_db_user: "netbox"
netbox_db_password: "{{ vault_netbox_db_password }}"
netbox_db_port: "5432"

# Redis Configuration
netbox_redis_host: "redis"
netbox_redis_port: "6379"
netbox_redis_password: "{{ vault_netbox_redis_password }}"

# Redis Cache Configuration
netbox_redis_cache_host: "redis-cache"
netbox_redis_cache_port: "6379"
netbox_redis_cache_password: "{{ vault_netbox_redis_cache_password | default('') }}"

# NetBox Settings
netbox_allowed_hosts: "*"
netbox_time_zone: "UTC"
netbox_language_code: "en"
netbox_debug: false
netbox_log_level: "INFO"
netbox_secret_key: "{{ vault_netbox_secret_key | default('') }}"

# Superuser Configuration
netbox_superuser_name: "admin"
netbox_superuser_email: "admin@{{ ansible_domain | default('example.com') }}"
netbox_superuser_password: "{{ vault_netbox_superuser_password | default('admin') }}"

netbox_additional_env:
  DB_WAIT_DEBUG: 1
  CORS_ORIGIN_ALLOW_ALL: True
  EMAIL_FROM: "netbox@jeansburger.net"
  EMAIL_PASSWORD: "{{ vault_netbox_email_password | default('') }}"
  EMAIL_PORT: 587
  EMAIL_SERVER: "smtp.postmarkapp.com"
  EMAIL_TIMEOUT: 5
  EMAIL_USERNAME: "{{ vault_netbox_email_username | default('') }}"
  # EMAIL_USE_SSL and EMAIL_USE_TLS are mutually exclusive, i.e. they can't both be `true`!
  EMAIL_USE_SSL: False
  EMAIL_USE_TLS: True
  GRAPHQL_ENABLED: True
  MEDIA_ROOT: "/opt/netbox/netbox/media"
  METRICS_ENABLED: True
  RELEASE_CHECK_URL: "https://api.github.com/repos/netbox-community/netbox/releases"
  SECRET_KEY: "{{ vault_netbox_secret_key | default('') }}"
  SKIP_SUPERUSER: True
  WEBHOOKS_ENABLED: True

# Domain Configuration
netbox_domain: "{{ vault_netbox_domain | default('netbox.example.com') }}"
traefik_domain: "{{ vault_netbox_domain | default('traefik.example.com') }}"

# Traefik Configuration
traefik_install_dir: "/opt/traefik"
traefik_data_dir: "/opt/traefik-data"
traefik_config_dir: "/opt/traefik-config"
traefik_image: "traefik:v3.0"
traefik_dashboard_enabled: true
traefik_dashboard_port: 8080
traefik_api_insecure: false
traefik_api_dashboard: true

# ACME Configuration
traefik_acme_enabled: true
traefik_acme_email: "{{ vault_traefik_acme_email | default('admin@example.com') }}"
traefik_acme_ca_server: "{{ vault_traefik_acme_ca_server }}"
traefik_acme_storage: "/data/acme.json"
traefik_acme_key_type: "RSA4096"

# Traefik Entry Points
traefik_entrypoints:
  web:
    address: ":80"
    http:
      redirections:
        - entrypoint:
            to: "websecure"
            scheme: "https"
            permanent: true
  websecure:
    address: ":443"
    http:
      tls:
        certResolver: "letsencrypt"

# Traefik Providers
traefik_providers:
  docker:
    endpoint: "unix:///var/run/docker.sock"
    exposedByDefault: false
    network: "traefik"

# Traefik Networks
traefik_networks:
  - name: "traefik"
    external: true

# Traefik Logging
traefik_log_level: "INFO"
traefik_access_logs: false

# Custom Root CA Configuration
traefik_custom_ca_enabled: true
traefik_custom_ca_url: "{{ vault_traefik_custom_ca_url }}"
traefik_custom_ca_path: "/etc/traefik/custom-ca.pem"
traefik_custom_ca_server_name: "jeansburger-ca.lan"
traefik_custom_ca_verify_ssl: false

# Docker Compose Overrides
netbox_docker_compose_overrides:
  services:
    netbox:
      restart: unless-stopped
      labels:
        - "traefik.enable=true"
        - "traefik.http.routers.netbox.rule=Host(`{{ netbox_domain }}`)"
        - "traefik.http.routers.netbox.tls.certresolver=letsencrypt"
        - "traefik.http.services.netbox.loadbalancer.server.port=8080"
      networks:
        - "traefik"
        - "netbox"
    netbox-worker:
      restart: unless-stopped
      networks:
        - "netbox"
    postgres:
      restart: unless-stopped
      networks:
        - "netbox"
      volumes:
        - "{{ netbox_data_dir }}/postgres:/var/lib/postgresql/data"
    redis:
      restart: unless-stopped
      networks:
        - "netbox"
      volumes:
        - "{{ netbox_data_dir }}/redis:/data"
    redis-cache:
      restart: unless-stopped
      networks:
        - "netbox"
      volumes:
        - "{{ netbox_data_dir }}/redis-cache:/data"
  networks:
    traefik:
      external: true
    netbox: {}