---
# 🔐 Global Access & Identity Settings
default_user: cmmcadmin
default_shell: /bin/bash
ssh_authorized_key: "{{ lookup('file', '~/.ssh/id_rsa.pub') }}"

# 🌐 Network & Proxy Settings
nextcloud_port: 8080
mailcow_port: 443
keycloak_port: 8081
tailscale_auth_key: tskey-abc123
stepca_port: 9000
wazuh_port: 55000

# 📦 Container Images
nextcloud_aio_image: nextcloud/all-in-one:latest
keycloak_image: quay.io/keycloak/keycloak:24.0.2
mailcow_image: mailcow/mailcow-dockerized:latest

# 🗂️ Data Directories
nextcloud_data_dir: /srv/nextcloud
mailcow_data_dir: /opt/mailcow
backup_base_dir: /srv/backups
logs_dir: /var/log/open-cmmc

# ⚙️ System Users
svc_keycloak: svc_keycloak
svc_mailcow: svc_mailcow
svc_wazuh: svc_wazuh
svc_stepca: svc_stepca

# 🔄 Backup/Restore
restic_password: changeme-securely
restic_repo: /srv/backups/restic-repo

# 📛 DNS & Hostname
domain_name: example.cmmc.local
hostname: open-cmmc-gateway

# 📜 Default Realm for Keycloak
keycloak_realm: OpenCMMC

# 📧 Mailcow Settings
mailcow_hostname: mail
mailcow_domain: "{{ domain_name }}"
mailcow_fqdn: "{{ mailcow_hostname }}.{{ mailcow_domain }}"
mailcow_timezone: America/New_York
mailcow_admin_user: admin
mailcow_admin_password: change_me_securely
mailcow_letsencrypt_email: it@example.com
mailcow_use_letsencrypt: "n"