#SPDX-License-Identifier: MIT-0
---
# defaults file for garage

# Base directory configuration (inherited from base role or defined here)
docker_compose_base_dir: /etc/docker/compose
docker_volume_base_dir: /srv/data

# Garage-specific configuration
garage_service_name: garage
garage_docker_compose_dir: "{{ docker_compose_base_dir }}/{{ garage_service_name }}"
garage_docker_volume_dir: "{{ docker_volume_base_dir }}/{{ garage_service_name }}"

# Garage service configuration
garage_image: "dxflrs/garage:v2.1.0"
# FQDNs the garage S3 router accepts. The first entry is the canonical
# domain; garage.toml derives the virtual-hosted-style S3 root_domain
# from it as ".s3.<first-entry>"; further entries cover internal
# *.int.* names.
garage_s3_domains:
  - "storage.local.test"
garage_web_domain: "web.storage.local.test"
garage_webui_domain: "console.storage.local.test"

# Garage WebUI configuration
garage_webui_enabled: true
garage_webui_image: "khairul169/garage-webui:latest"
garage_webui_port: 3909
# WebUI basic auth credentials (plaintext, will be hashed automatically).
# Ignored when garage_webui_authentik_forward_auth is true — in that case
# authentik handles authentication via the ForwardAuth middleware below.
garage_webui_username: "admin"
garage_webui_password: "admin"

# Optional Authentik ForwardAuth in front of the WebUI. When true:
#   - the AUTH_USER_PASS env-var is dropped from the container so htpasswd
#     isn't enforced; authentik is the only gate.
#   - traefik attaches a ForwardAuth middleware pointing at the URL below.
# Leave false to keep classic htpasswd protection.
garage_webui_authentik_forward_auth: false
garage_webui_authentik_forward_auth_url: ""

# Garage ports
garage_s3_api_port: 3900
garage_s3_web_port: 3902
garage_admin_port: 3903
garage_rpc_port: 3901

# Garage configuration
garage_replication_factor: 1
garage_compression_level: 1
garage_db_engine: "lmdb"
garage_s3_region: "us-east-1"
garage_rpc_secret: "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef"
garage_admin_token: "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef"
garage_metrics_token: "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef"

# Traefik configuration
garage_traefik_network: "proxy"
garage_internal_network: "internal"
garage_use_ssl: true

# Optional: Garage cluster bootstrap configuration
garage_bootstrap_enabled: false
garage_bootstrap_zone: "dc1"
garage_bootstrap_capacity: "1G"

# Optional: S3 keys to create
# Example:
# garage_s3_keys:
#   - name: "my-key"
#     buckets:
#       - name: "my-bucket"
#         permissions: ["read", "write"]
garage_s3_keys: []