---
# Ansible Inventory for Forgejo Production
# Copy this file to hosts.yml and update with your values:
#   cp hosts.yml.example hosts.yml

all:
  children:
    forgejo:
      hosts:
        forgejo-prod:
          # UPDATE: Your server IP (from terraform output or cloud console)
          ansible_host: YOUR_SERVER_IP
          ansible_user: root
          ansible_port: 22
          ansible_python_interpreter: /usr/bin/python3

          # =============================================================
          # DOMAIN CONFIGURATION (REQUIRED!)
          # =============================================================
          # UPDATE: Your domain name pointing to the server IP
          forgejo_domain: git.example.com

          forgejo_version: "9.0.2"

          # Database configuration
          forgejo_db_type: postgres
          forgejo_db_name: forgejo
          forgejo_db_user: forgejo

          # Enable features
          forgejo_enable_letsencrypt: true
          forgejo_enable_backups: true
          forgejo_enable_2fa: true
          forgejo_use_redis: true

          # Security settings
          forgejo_disable_registration: true   # Disable public registration
          forgejo_require_signin_view: false   # Require login to view repos

          # Security: Tailscale VPN + UFW firewall
          forgejo_enable_tailscale: true
          forgejo_enable_ufw: true

          # Email configuration (optional)
          forgejo_enable_email: false
          # forgejo_email_host: smtp.example.com
          # forgejo_email_port: 587
          # forgejo_email_user: noreply@example.com

          # S3 configuration (optional)
          forgejo_enable_s3: false
          # forgejo_s3_endpoint: https://s3.example.com
          # forgejo_s3_bucket: forgejo-lfs
          # forgejo_s3_region: us-east-1

          # Backup configuration
          forgejo_backup_retention_days: 30
          forgejo_backup_to_s3: false

      vars:
        ansible_ssh_common_args: '-o StrictHostKeyChecking=no'