---
##########################
# General options ########
##########################

# enable_vault: "yes"
# enable_consul: "yes"
# enable_nomad: "yes"

# deployment_method: "docker"
# api_interface: "eth0"
# api_interface_address: "{{ ansible_facts[api_interface]['ipv4']['address'] }}"

# configuration_directory: "{{ lookup('env', 'PWD') }}/etc/hashistack"

##########################
# Support options ########
##########################

# hashistack_supported_distributions:
#   - ubuntu
#   - debian

# hashistack_supported_distribution_versions:
#   debian:
#     - "11"
#     - "12"
#   ubuntu:
#     - "20.04"
#     - "22.04"

# preflight_enable_host_ntp_checks: true
# vault_required_ports: [8200,8201]
# consul_required_ports: [8300,8301,8302,8500,8501,8502,8503,8600]
# nomad_required_ports: []

##########################
# Nomad options ##########
##########################

# hashi_nomad_cni_plugins_install: true
# hashi_nomad_start_service: true
# hashi_nomad_cni_plugins_version: latest
# hashi_nomad_cni_plugins_install_path: /opt/cni/bin
# hashi_nomad_version: latest
# hashi_nomad_deploy_method: host  # deployment method, either host or docker
# hashi_nomad_env_variables: {}
# hashi_nomad_data_dir: /opt/nomad
# hashi_nomad_extra_files: false
# hashi_nomad_extra_files_src: /tmp/extra_files
# hashi_nomad_extra_files_dst: /etc/nomad.d/extra_files
# #! nomad configuration
# hashi_nomad_configuration: {}

##########################
# Consul options #########
##########################

# hashi_consul_start_service: true
# hashi_consul_version: latest
# hashi_consul_deploy_method: host  # deployment method, either host or docker.
# hashi_consul_env_variables: {}
# hashi_consul_data_dir: "/opt/consul"
# hashi_consul_extra_files: false
# hashi_consul_extra_files_src: /tmp/extra_files
# hashi_consul_extra_files_dst: /etc/consul.d/extra_files
# hashi_consul_envoy_install: false
# hashi_consul_envoy_version: latest
# #! consul configuration
# hashi_consul_configuration: {}

##########################
# Vault options ##########
##########################

# vault_cluster_name: vault
# vault_storage_configuration:
#   raft:
#     path: "{{ hashi_vault_data_dir }}/data"
#     node_id: "{{ ansible_hostname }}"
#     retry_join: |
#       [
#       {% for host in groups['vault_servers'] %}
#         {
#           'leader_api_addr': 'http://{{ hostvars[host].api_interface_address }}:8200'
#         }{% if not loop.last %},{% endif %}
#       {% endfor %}
#       ]

# extra_vault_container_volumes: []
# default_container_extra_volumes:
#   - "/etc/timezone:/etc/timezone"
#   - "/etc/localtime:/etc/localtime"

# hashi_vault_start_service: true
hashi_vault_version: "latest"
# hashi_vault_deploy_method: "{{ deployment_method }}"  # deployment method, either host or docker
# hashi_vault_env_variables: {}
# hashi_vault_data_dir: "/opt/vault"
# hashi_vault_extra_files: false
# hashi_vault_extra_files_src: /tmp/extra_files
# hashi_vault_extra_files_dst: /etc/vault.d/extra_files
# hashi_vault_extra_container_volumes: "{{ default_container_extra_volumes | union(extra_vault_container_volumes) | unique }}"
##! vault configuration
# hashi_vault_configuration:
#   cluster_name: "{{ vault_cluster_name }}"
#   cluster_addr: "http://{{ api_interface_address }}:8201"
#   api_addr: "http://{{ api_interface_address }}:8200"
#   ui: true
#   disable_mlock: false
#   disable_cache: false
#   listener:
#     tcp:
#       address: "0.0.0.0:8200"
#       tls_disable: true
#       #tls_disable_client_certs: true
#       #tls_cert_file: "{{ hashi_vault_data_dir }}/tls/cert.pem"
#       #tls_key_file: "{{ hashi_vault_data_dir }}/tls/key.pem"
#   storage: "{{ vault_storage_configuration }}"

vault_extra_configuration:
  user_lockout:
    all:
      lockout_duration: "10m"
      lockout_counter_reset: "10m"