---

service: "connect"

connect_process_search_module: "external"
connect_loglevel_message_queue: "DEBUG"
connect_loglevel_document_index: "DEBUG"
connect_loglevel_workflow_index: "DEBUG"
connect_loglevel_workflow_analysis: "DEBUG"
connect_image_version: "8.3.0-SMARCH-70-1-SNAPSHOT"

hetzner_server_type: cx21
hetzner_server_labels: "stage={{ stage }} service={{ service }}"

connect_client_id: "{{ cluster_name }}"

connect_client_admin_username: "connect-admin"
connect_client_admin_password: "connect-admin"
current_realm_users: [
  {
    "username": "{{ connect_client_admin_username }}",
    "password": "{{ connect_client_admin_password }}",
  }
]

connect_realm_admin_username: "connect-realm-admin"
connect_realm_admin_password: "connect-realm-admin"

current_realm_clients: [
  {
    clientId: "{{ connect_client_id }}",
    name: '{{ connect_client_id }}',
    admin_url: '',
    root_url: '',
    redirect_uris: '
      [
        "https://{{ service_name }}.{{ domain }}/*",
      ]',
    secret: '{{ cluster_name }}',
    web_origins: '
      [
        "https://{{ service_name }}.{{ domain }}/*",
      ]',
  }
]

connect_postgres_host: "{{ shared_service_pg_master_hostname }}"
connect_postgres_database_name: "{{ stage }}_{{ tenant_id }}_{{ cluster_name }}_{{ cluster_service }}"
connect_postgres_admin_username: "root"
connect_postgres_admin_password: "connect-postgres-admin"

connect_elastic_host: "dev-elastic-stack-01-elastic"
connect_elastic_username: "{{ elastic_admin_username }}"
connect_elastic_password: "{{ elastic_admin_password }}"
connect_elastic_ca: "file:/usr/share/smardigo/ca.crt"
connect_elastic_prefix: "{{ stage }}-{{ tenant_id }}-{{ cluster_name }}"

connect_iam_module: external
smardigo_iam_client_enabled: 'true'
smardigo_iam_client_server_url: https://dev-iam-01.smardigo.digital

connect_auth_module: "oidc"
connect_oidc_client_id: "{{ connect_client_id }}"
connect_oidc_client_secret: "{{ cluster_name }}"
connect_oidc_registration_id: "{{ connect_client_id }}"
connect_oidc_issuer_uri: "https://{{ shared_service_keycloak_hostname }}/auth/realms/{{ current_realm_name }}"

connect_password_change_url: "https://{{ shared_service_keycloak_hostname }}/auth/realms/{{ current_realm_name }}/account/password"
connect_iam_user_management_url: "https://{{ shared_service_keycloak_hostname }}/auth/admin/{{ current_realm_name }}/console"

connect_jwt_enabled: true
connect_jwt_secret: 908ae14462d049d3be84964ef379c7c6

# TODO shouldn't be here at all -> currently the connect service needs knowlegde of the webdav secret -> smells like hell!
webdav_jwt_secret: "5646aee6dadc4c19b15f4b65f1e6549f"

#connect_csrf_token_name: "< see vault >"
#connect_csrf_token_value: "< see vault >"

connect_mail_properties_simulation: false