hetzner-ansible/group_vars/all/connect.yml

---
# If elastic is served from k8s we need to reach elastic via load balancer port tcp/443
shared_service_connect_data_hostname: "{{ stage }}-connect-data.{{ domain_env }}:443"
shared_service_connect_data_username: "{{ elastic_connect_data_username_vault | default(elastic_admin_username) }}"
shared_service_connect_data_password: "{{ elastic_connect_data_password_vault | default(elastic_admin_password) }}"

connect_id: "{{ inventory_hostname }}-connect"
connect_base_url: "{{ connect_id }}.{{ domain }}"
process_search_id: "{{ inventory_hostname }}-process-search"
wordpress_id: "{{ inventory_hostname }}-wordpress"
wordpress_base_url: "{{ wordpress_id }}.{{ domain }}"

connect_workflow_env:
  - "stage:{{ stage }}"
  - "protocol:{{ http_s }}"
  - "hostname:{{ connect_base_url }}"
  - "managementHostname:{{ shared_service_host_management }}"
  - "kibanaHostname:{{ shared_service_hostname_kibana }}"
  - "keycloakHostname:{{ shared_service_hostname_keycloak }}"
  - "smardigoUserToken:{{ smardigo_auth_token_value | default('-') }}"

smardigo_auth_token_name: "Smardigo-User-Token"

smardigo_default_theme: "/themes/netgo.json"

# digital ocean dns service (-> dns-challenge)
connect_customer_urls_digitalocean: []
# hetzner dns service (-> dns-challenge)
connect_customer_urls_hetzner: []
# dns is managed by external provider (-> http-challenge)
connect_customer_urls_extern: []

# configure reverse proxy for each url
# keycloak redirect/origins for each url
connect_customer_urls: "{{
    connect_customer_urls_digitalocean
  + connect_customer_urls_hetzner
  + connect_customer_urls_extern }}"

# allow customer specific access from ips in cidr notation (e.g. 1.2.3.4/32)
# use 0.0.0.0/0 for public access
connect_customer_networks: []