---
##########################
# General options ########
##########################

enable_vault: "yes"
enable_consul: "no"
enable_nomad: "no"

deployment_method: "host"
api_interface: "eth0"
api_interface_address: "{{ ansible_facts[api_interface]['ipv4']['address'] }}"

configuration_directory: "{{ lookup('env', 'PWD') }}/etc/hashistack"
sub_configuration_directories:
  nomad_servers: "{{ configuration_directory }}/nomad_servers"
  vault_servers: "{{ configuration_directory }}/vault_servers"
  consul_servers: "{{ configuration_directory }}/consul_servers"

configuration_global_vars_file: "globals.yml"

default_container_extra_volumes:
  - "/etc/timezone:/etc/timezone"
  - "/etc/localtime:/etc/localtime"

##########################
# Support options ########
##########################

hashistack_supported_distributions:
  - ubuntu
  - debian

hashistack_supported_distribution_versions:
  debian:
    - "11"
    - "12"
  ubuntu:
    - "20.04"
    - "22.04"

preflight_enable_host_ntp_checks: true
vault_required_ports: [8200, 8201]
consul_required_ports: [8300, 8301, 8302, 8500, 8501, 8502, 8503, 8600]
nomad_required_ports: []

##########################
# Nomad options ##########
##########################

hashi_nomad_cni_plugins_install: true
hashi_nomad_start_service: true
hashi_nomad_cni_plugins_version: latest
hashi_nomad_cni_plugins_install_path: /opt/cni/bin
hashi_nomad_version: latest
hashi_nomad_deploy_method: host  # deployment method, either host or docker
hashi_nomad_env_variables: {}
hashi_nomad_data_dir: /opt/nomad
hashi_nomad_extra_files: false
hashi_nomad_extra_files_src: /tmp/extra_files
hashi_nomad_extra_files_dst: /etc/nomad.d/extra_files
hashi_nomad_configuration: {}

##########################
# Consul options #########
##########################

hashi_consul_start_service: true
hashi_consul_version: latest
hashi_consul_deploy_method: host  # deployment method, either host or docker.
hashi_consul_env_variables: {}
hashi_consul_data_dir: "/opt/consul"
hashi_consul_extra_files: false
hashi_consul_extra_files_src: /tmp/extra_files
hashi_consul_extra_files_dst: /etc/consul.d/extra_files
hashi_consul_envoy_install: false
hashi_consul_envoy_version: latest
hashi_consul_configuration: {}

##########################
# Vault options ##########
##########################

vault_cluster_name: vault
vault_seal_configuration:
  key_shares: 3
  key_threshold: 2

###############
# vault storage
###############
vault_storage_configuration:
  raft:
    path: "{{ hashi_vault_data_dir }}/data"
    node_id: "{{ ansible_hostname }}"
    retry_join: |
      [
      {% for host in groups['vault_servers'] %}
        {
          'leader_api_addr': 'http://{{ hostvars[host].api_interface_address }}:8200'
        }{% if not loop.last %},{% endif %}
      {% endfor %}
      ]

################
# vault listener
################
vault_enable_tls: false
vault_listener_configuration:
  tcp:
    address: "0.0.0.0:8200"
    tls_disable: true

vault_tls_listener_configuration:
  tcp:
    tls_disable: false
    tls_cert_file: "{{ hashi_vault_config_dir }}/cert.pem"
    tls_key_file: "{{ hashi_vault_config_dir }}/key.pem"

vault_extra_listener_configuration: {}

############################
# vault service registration
############################
vault_enable_service_registration: false
vault_service_registration_configuration:
  consul:
    address: "127.0.0.1:8500"
    scheme: "http"

#############################
# vault plugins configuration
#############################


#########################
# vault container volumes
#########################
extra_vault_container_volumes: []

#####################
# vault configuration
#####################
hashi_vault_start_service: true
hashi_vault_version: latest
hashi_vault_deploy_method: "{{ deployment_method }}"
hashi_vault_env_variables: {}
hashi_vault_config_dir: "/etc/vault.d"
hashi_vault_data_dir: "/opt/vault"
hashi_vault_extra_files: false
hashi_vault_extra_files_src: /tmp/extra_files
hashi_vault_extra_files_dst: /etc/vault.d/extra_files
hashi_vault_extra_container_volumes: "{{ default_container_extra_volumes | union(extra_vault_container_volumes) | unique }}"
hashi_vault_configuration:
  cluster_name: "{{ vault_cluster_name }}"
  cluster_addr: "http://{{ api_interface_address }}:8201"
  api_addr: "http://{{ api_interface_address }}:8200"
  ui: true
  disable_mlock: false
  disable_cache: false
  listener: "{{ vault_listener_configuration
    | combine((vault_enable_tls | bool) | ternary(vault_tls_listener_configuration, {}))
    | combine(vault_extra_listener_configuration | default({})) }}"
  storage: "{{ vault_storage_configuration }}"