---

hetzner_server_type: cx21
hetzner_server_labels: "stage={{ stage }} service=connect{{ tenant_id | ternary(' tenant=' + tenant_id, '', omit) }}"

connect_image_version: "8.3.0"

# unique id for a service, will be used for service access management as well (e.g. keycloak realm)
connect_client_id: "{{ cluster_name }}"

connect_postgres_host: "{{ shared_service_postgres_01_hostname }}"
connect_postgres_database: "{{ stage }}_{{ tenant_id }}_{{ cluster_name }}_connect"
connect_postgres_username: "{{ connect_postgres_database }}"
connect_postgres_password: "connect-postgres-admin"

#connect_process_search_module: "external"
connect_elastic_host: "{{ shared_service_elastic_stack_01_hostname }}"
connect_elastic_username: "{{ elastic_admin_username }}"
connect_elastic_password: "{{ elastic_admin_password }}"
connect_elastic_ca: "file:/usr/share/smardigo/ca.crt"
connect_elastic_prefix: "{{ stage }}-{{ tenant_id }}-{{ cluster_name }}"

connect_iam_module: "external"
smardigo_iam_client_enabled: "true"
smardigo_iam_client_server_url: "{{ http_s }}://{{ shared_service_iam_hostname }}/"

connect_auth_module: "oidc"
connect_oidc_client_id: "{{ cluster_name }}"
connect_oidc_client_secret: "{{ cluster_name }}"
connect_oidc_registration_id: "{{ cluster_name }}"
connect_oidc_issuer_uri: "https://{{ shared_service_keycloak_hostname }}/auth/realms/{{ current_realm_name }}"

connect_password_change_url: "{{ http_s }}://{{ shared_service_keycloak_hostname }}/auth/realms/{{ current_realm_name }}/account/password"
connect_iam_user_management_url: "{{ http_s }}://{{ shared_service_keycloak_hostname }}/auth/admin/{{ current_realm_name }}/console"

connect_jwt_enabled: true
connect_jwt_secret: 908ae14462d049d3be84964ef379c7c6

# TODO shouldn't be here at all -> currently the connect service needs knowlegde of the webdav secret -> smells like hell!
webdav_jwt_secret: "5646aee6dadc4c19b15f4b65f1e6549f"

#connect_csrf_token_name: "< see vault >"
#connect_csrf_token_value: "< see vault >"

connect_mail_properties_simulation: false

connect_loglevel_message_queue: "DEBUG"
connect_loglevel_document_index: "DEBUG"
connect_loglevel_workflow_index: "DEBUG"
connect_loglevel_workflow_analysis: "DEBUG"