---
bookstack_path: "{{ podman_volumes }}/bookstack"
cam2ip_path: "{{ podman_volumes }}/cam2ip"
cloud_path: "{{ podman_volumes }}/cloud"
cloud_skudak_path: "{{ podman_volumes }}/skudakcloud"
debyltech_path: "{{ podman_volumes }}/debyltech"
# drone_path: removed - Drone CI decommissioned
factorio_path: "{{ podman_volumes }}/factorio"
fulfillr_path: "{{ podman_volumes }}/fulfillr"
hass_path: "{{ podman_volumes }}/hass"
# nginx_path: removed - nginx no longer used
nosql_path: "{{ podman_volumes }}/nosql"
partkeepr_path: "{{ podman_volumes }}/partkeepr"
photos_path: "{{ podman_volumes }}/photos"
pihole_path: "{{ podman_volumes }}/pihole"
sshpass_cron_path: "{{ podman_volumes }}/sshpass_cron"
caddy_path: "{{ podman_volumes }}/caddy"

# Drone CI variables removed - infrastructure decommissioned
# drone_server_proto, drone_runner_proto, drone_runner_capacity

# Server names (used by Caddy)
base_server_name: bdebyl.net
assistant_server_name: assistant.bdebyl.net
bookstack_server_name: wiki.skudakrennsport.com
# ci_server_name: removed - Drone CI decommissioned
cloud_server_name: cloud.bdebyl.net
cloud_skudak_server_name: cloud.skudakrennsport.com
fulfillr_server_name: fulfillr.debyltech.com
home_server_name: home.bdebyl.net
parts_server_name: parts.bdebyl.net
photos_server_name: photos.bdebyl.net

# Legacy nginx/ModSecurity configuration removed - Caddy provides built-in security

# Web server configuration (Caddy is the default)
# Legacy nginx variables kept for cleanup tasks

# Caddy configuration
caddy_email: "{{ ssl_email }}"
# Use staging for testing, production for real certificates
caddy_acme_ca: https://acme-v02.api.letsencrypt.org/directory
# For testing/staging:
# caddy_acme_ca: https://acme-staging-v02.api.letsencrypt.org/directory

# Caddy ports
caddy_admin_port: 2019

# Caddy network configuration
caddy_local_networks:
  - 192.168.0.0/16
  - 127.0.0.1

# Caddy logging configuration
caddy_log_level: INFO
caddy_log_format: json

# Caddy performance tuning
caddy_max_request_body_mb: 500

# Caddy security headers (global defaults)
caddy_security_headers:
  Strict-Transport-Security: "max-age=31536000; includeSubDomains"
  X-Content-Type-Options: "nosniff"
  Referrer-Policy: "same-origin"
  X-Frame-Options: "SAMEORIGIN"