---
# Prospero Configuration - PPLG Observability & Admin Stack
# Services: pplg (PgAdmin, Prometheus, Loki, Grafana + HAProxy + OAuth2-Proxy)

ansible_user: robert

services:
  - alloy
  - pplg

# Alloy
alloy_log_level: "warn"

# ============================================================================
# PPLG HAProxy Configuration
# ============================================================================

pplg_haproxy_user: haproxy
pplg_haproxy_group: haproxy
pplg_haproxy_uid: 800
pplg_haproxy_gid: 800
pplg_haproxy_domain: "ouranos.helu.ca"
pplg_haproxy_cert_path: /etc/haproxy/certs/ouranos.pem
pplg_haproxy_stats_port: 8404
pplg_haproxy_syslog_port: 51405

# ============================================================================
# Grafana
# ============================================================================

# Grafana Datasources
prometheus_datasource_name: Prospero-Prometheus
prometheus_host: prospero.incus
prometheus_port: 9090
prometheus_datasource_uid: prospero-prometheus
loki_datasource_name: Prospero-Loki
loki_host: prospero.incus
loki_port: 3100
loki_datasource_uid: prospero-loki

# Grafana Users
grafana_admin_name: "{{ vault_grafana_admin_name }}"
grafana_admin_login: "{{ vault_grafana_admin_login }}"
grafana_admin_password: "{{ vault_grafana_admin_password }}"
grafana_viewer_name: "{{ vault_grafana_viewer_name }}"
grafana_viewer_login: "{{ vault_grafana_viewer_login }}"
grafana_viewer_password: "{{ vault_grafana_viewer_password }}"

# Grafana OAuth (Casdoor SSO)
grafana_oauth_enabled: true
grafana_oauth_name: "Casdoor"
grafana_oauth_client_id: "{{ vault_grafana_oauth_client_id }}"
grafana_oauth_client_secret: "{{ vault_grafana_oauth_client_secret }}"
grafana_oauth_auth_url: "https://id.ouranos.helu.ca/login/oauth/authorize"
grafana_oauth_token_url: "https://id.ouranos.helu.ca/api/login/oauth/access_token"
grafana_oauth_api_url: "https://id.ouranos.helu.ca/api/userinfo"
grafana_oauth_scopes: "openid profile email"
grafana_root_url: "https://grafana.ouranos.helu.ca"
grafana_oauth_allow_sign_up: true
grafana_oauth_skip_tls_verify: false

# ============================================================================
# Prometheus
# ============================================================================

prometheus_user: prometheus
prometheus_group: prometheus
prometheus_scrape_interval: 15s
prometheus_evaluation_interval: 15s
alertmanager_host: prospero.incus
alertmanager_port: 9093
loki_metrics_port: 3100
prometheus_targets:
  - 'oberon.incus:9100'
  - 'portia.incus:9100'
  - 'ariel.incus:9100'
  - 'puck.incus:9100'
  - 'puck.incus:25571'
  - 'miranda.incus:9100'
  - 'sycorax.incus:9100'
  - 'prospero.incus:9100'
  - 'rosalind.incus:9100'

# Prometheus OAuth2-Proxy Sidecar
prometheus_proxy_port: 9091
prometheus_oauth2_proxy_dir: /etc/oauth2-proxy-prometheus
prometheus_oauth2_proxy_version: "7.6.0"
prometheus_oauth2_oidc_issuer_url: "https://id.ouranos.helu.ca"
prometheus_oauth2_client_id: "{{ vault_prometheus_oauth2_client_id }}"
prometheus_oauth2_client_secret: "{{ vault_prometheus_oauth2_client_secret }}"
prometheus_oauth2_cookie_secret: "{{ vault_prometheus_oauth2_cookie_secret }}"

# ============================================================================
# Alertmanager
# ============================================================================

alertmanager_user: prometheus
alertmanager_group: prometheus
alertmanager_resolve_timeout: 5m
alertmanager_group_wait: 30s
alertmanager_group_interval: 5m
alertmanager_repeat_interval: 4h
pushover_user_key: "{{ vault_pushover_user_key }}"
pushover_api_token: "{{ vault_pushover_api_token }}"
pushover_priority: 1
pushover_retry: 30
pushover_expire: 3600

# ============================================================================
# Loki
# ============================================================================

loki_user: loki
loki_group: loki
loki_data_dir: /var/lib/loki
loki_config_dir: /etc/loki
loki_config_file: config.yml
loki_grpc_port: 9096

# ============================================================================
# PgAdmin (Gunicorn - no Apache)
# ============================================================================

pgadmin_user: pgadmin
pgadmin_group: pgadmin
pgadmin_port: 5050
pgadmin_data_dir: /var/lib/pgadmin
pgadmin_log_dir: /var/log/pgadmin
pgadmin_email: "{{ vault_pgadmin_email }}"
pgadmin_password: "{{ vault_pgadmin_password }}"

# PgAdmin OAuth (Casdoor SSO)
pgadmin_oauth_client_id: "{{ vault_pgadmin_oauth_client_id }}"
pgadmin_oauth_client_secret: "{{ vault_pgadmin_oauth_client_secret }}"

# ============================================================================
# Casdoor Metrics (for Prometheus scraping)
# ============================================================================

casdoor_metrics_host: "titania.incus"
casdoor_metrics_port: 22081
casdoor_prometheus_access_key: "{{ vault_casdoor_prometheus_access_key }}"
casdoor_prometheus_access_secret: "{{ vault_casdoor_prometheus_access_secret }}"