---
# Oberon Configuration

services:
  - alloy
  - docker

  - rabbitmq
  - searxng
  - smtp4dev

# Alloy
alloy_log_level: "warn"
rabbitmq_syslog_port: 51402
searxng_syslog_port: 51403

# MCP Switchboard Configuration
mcp_switchboard_user: mcpsb
mcp_switchboard_group: mcpsb
mcp_switchboard_directory: /srv/mcp_switchboard
mcp_switchboard_port: 22785
mcp_switchboard_docker_host: "tcp://miranda.incus:2375"
mcp_switchboard_db_host: portia.incus
mcp_switchboard_db_port: 5432
mcp_switchboard_db_name: mcp_switchboard
mcp_switchboard_db_user: mcpsb
mcp_switchboard_db_password: "{{ vault_mcp_switchboard_db_password }}"
mcp_switchboard_rabbitmq_host: localhost
mcp_switchboard_rabbitmq_port: 5672
mcp_switchboard_rabbitmq_user: rabbitmq
mcp_switchboard_rabbitmq_password: "{{ vault_mcp_switchboard_rabbitmq_password }}"
mcp_switchboard_secret_key: "{{ vault_mcp_switchboard_secret_key }}"

# Open WebUI Configuration
openwebui_user: openwebui
openwebui_group: openwebui
openwebui_directory: /srv/openwebui
openwebui_cors_allow_origin: https://openwebui.ouranos.helu.ca
openwebui_port: 22088
openwebui_host: puck.incus
openwebui_secret_key: "{{ vault_openwebui_secret_key }}"
openwebui_enable_signup: true
openwebui_enable_email_login: false

# OAuth/OIDC Configuration (Casdoor SSO)
openwebui_oauth_client_id: "{{ vault_openwebui_oauth_client_id }}"
openwebui_oauth_client_secret: "{{ vault_openwebui_oauth_client_secret }}"
openwebui_oauth_provider_name: "Casdoor"
openwebui_oauth_provider_url: "https://id.ouranos.helu.ca/.well-known/openid-configuration"

# Database Configuration
openwebui_db_host: portia.incus
openwebui_db_port: 5432
openwebui_db_name: openwebui
openwebui_db_user: openwebui
openwebui_db_password: "{{ vault_openwebui_db_password }}"

# API Keys
openwebui_openai_api_key: "{{ vault_openwebui_openai_api_key }}"
openwebui_anthropic_api_key: "{{ vault_openwebui_anthropic_api_key }}"
openwebui_groq_api_key: "{{ vault_openwebui_groq_api_key }}"
openwebui_mistral_api_key: "{{ vault_openwebui_mistral_api_key }}"

# Ollama Configuration
ollama_api_base_url: ""
openwebui_ollama_api_key: ""

# SSL Configuration
openwebui_enable_https: false
openwebui_ssl_cert_path: ""
openwebui_ssl_key_path: ""

# Logging
openwebui_log_level: info

# RabbitMQ Config
rabbitmq_user: rabbitmq
rabbitmq_group: rabbitmq
rabbitmq_directory: /srv/rabbitmq
rabbitmq_amqp_port: 5672
rabbitmq_management_port: 25582
rabbitmq_password: "{{ vault_rabbitmq_password }}"

# Redis password
redis_password: "{{ vault_redis_password }}"

# SearXNG Configuration
searxng_user: searxng
searxng_group: searxng
searxng_directory: /srv/searxng
searxng_port: 22083
searxng_base_url: http://oberon.incus:22083/
searxng_instance_name: "Ouranos Search"
searxng_secret_key: "{{ vault_searxng_secret_key }}"

# SearXNG OAuth2-Proxy Sidecar
# Note: Each host supports at most one OAuth2-Proxy sidecar instance
# (binary shared at /usr/local/bin/oauth2-proxy, unique systemd unit per service)
searxng_oauth2_proxy_dir: /etc/oauth2-proxy-searxng
searxng_oauth2_proxy_version: "7.6.0"
searxng_proxy_port: 22073
searxng_domain: "ouranos.helu.ca"
searxng_oauth2_oidc_issuer_url: "https://id.ouranos.helu.ca"
searxng_oauth2_redirect_url: "https://searxng.ouranos.helu.ca/oauth2/callback"

# OAuth2 Credentials (from vault)
searxng_oauth2_client_id: "{{ vault_searxng_oauth2_client_id }}"
searxng_oauth2_client_secret: "{{ vault_searxng_oauth2_client_secret }}"
searxng_oauth2_cookie_secret: "{{ vault_searxng_oauth2_cookie_secret }}"

# smtp4dev Configuration
smtp4dev_user: smtp4dev
smtp4dev_group: smtp4dev
smtp4dev_directory: /srv/smtp4dev
smtp4dev_port: 22085
smtp4dev_smtp_port: 22025
smtp4dev_imap_port: 22045
smtp4dev_syslog_port: 51405

# Home Assistant Configuration
hass_user: hass
hass_group: hass
hass_directory: /srv/hass
hass_media_directory: /srv/hass/media
hass_port: 8123
hass_version: "2026.2.0"
hass_db_host: portia.incus
hass_db_port: 5432
hass_db_name: hass
hass_db_user: hass
hass_db_password: "{{ vault_hass_db_password }}"
hass_metrics_token: "{{ vault_hass_metrics_token }}"