---
# Default variables for Forgejo role

# Forgejo version
forgejo_version: "9.0.2"
forgejo_docker_image: "codeberg.org/forgejo/forgejo"

# System user and group
forgejo_user: git
forgejo_group: git
forgejo_uid: 1100
forgejo_gid: 1100

# Installation paths
forgejo_base_path: /opt/forgejo
forgejo_data_path: "{{ forgejo_base_path }}/data"
forgejo_config_path: "{{ forgejo_base_path }}/config"
forgejo_custom_path: "{{ forgejo_base_path }}/custom"
forgejo_backup_path: "{{ forgejo_base_path }}/backups"

# External volume (if using cloud provider block storage)
forgejo_use_external_volume: false
forgejo_volume_device: /dev/sdb
forgejo_volume_mount: /mnt/forgejo-data

# Network configuration
# NOTE: Set your actual domain in ansible/inventory/production/hosts.yml
#       The value here is just a fallback default.
forgejo_domain: git.example.com
forgejo_http_port: 3000
forgejo_ssh_port: 2222
forgejo_protocol: https

# Database configuration
forgejo_db_type: postgres
forgejo_db_host: localhost
forgejo_db_port: 5432
forgejo_db_name: forgejo
forgejo_db_user: forgejo
forgejo_db_password: "{{ vault_forgejo_db_password | default('changeme') }}"

# PostgreSQL settings
postgres_version: "16"
postgres_data_dir: "{{ forgejo_data_path }}/postgres"
postgres_max_connections: 100
postgres_shared_buffers: "256MB"
postgres_effective_cache_size: "1GB"

# Redis configuration (optional, for caching)
forgejo_use_redis: true
redis_host: localhost
redis_port: 6379

# Admin user (created on first setup)
# NOTE: "admin" is a reserved name in Forgejo, use something else
forgejo_admin_username: forgejo_admin
forgejo_admin_password: "{{ vault_forgejo_admin_password | default('changeme') }}"
forgejo_admin_email: "admin@{{ forgejo_domain }}"

# HTTPS/SSL configuration
forgejo_enable_letsencrypt: true
letsencrypt_email: "admin@{{ forgejo_domain }}"
certbot_create_if_missing: true
certbot_auto_renew: true

# Object storage (S3-compatible)
forgejo_enable_s3: false
forgejo_s3_endpoint: ""
forgejo_s3_bucket: ""
forgejo_s3_region: ""
forgejo_s3_access_key: "{{ vault_s3_access_key | default('') }}"
forgejo_s3_secret_key: "{{ vault_s3_secret_key | default('') }}"

# Backup configuration
forgejo_enable_backups: true
forgejo_backup_schedule: "0 2 * * *"  # Daily at 2 AM
forgejo_backup_retention_days: 30
forgejo_backup_to_s3: false
forgejo_backup_s3_bucket: ""

# Security settings
forgejo_disable_registration: false
forgejo_require_signin_view: false
forgejo_enable_2fa: true

# Tailscale VPN configuration
# Recommended: Enable for secure SSH access
forgejo_enable_tailscale: true
tailscale_interface: tailscale0

# UFW Firewall configuration
# When enabled with Tailscale, SSH is only accessible via Tailscale
forgejo_enable_ufw: true
ufw_reset_on_configure: false  # Set to true to reset all rules before configuring

# Email configuration (optional)
forgejo_enable_email: false
forgejo_email_host: ""
forgejo_email_port: 587
forgejo_email_user: ""
forgejo_email_password: "{{ vault_email_password | default('') }}"
forgejo_email_from: "noreply@{{ forgejo_domain }}"

# Git configuration
forgejo_disable_http_git: false
forgejo_enable_lfs: true
forgejo_lfs_max_file_size: 100  # MB

# Performance tuning
forgejo_log_level: Info
forgejo_disable_gravatar: false

# Docker Compose configuration
docker_compose_version: "2.24.0"
docker_install_compose: true

# Firewall configuration
firewall_allowed_tcp_ports:
  - "22"
  - "80"
  - "443"
  - "{{ forgejo_ssh_port }}"

# System packages to install
system_packages:
  - curl
  - wget
  - git
  - htop
  - vim
  - tmux
  - unzip
  - jq
  - python3-pip
  - python3-docker
  - python3-psycopg2
  - acl

# Monitoring (optional)
forgejo_enable_prometheus: false
prometheus_port: 9090

# Restore from backup
forgejo_restore_from_backup: false
forgejo_restore_backup_file: ""