---
# cadoles-pod repository configuration
cadoles_pod_debian_repository_url: https://vulcain.cadoles.com
cadoles_pod_debian_repository: bullseye-dev
cadoles_pod_debian_repository_key_url: https://vulcain.cadoles.com/cadoles.gpg

# packages versions
haproxy_package_version: '*'
cadoles_pod_hydra_v1_package_version: '*'
cadoles_pod_hydra_dispatcher_v1_package_version: '*'
cadoles_pod_shibboleth_sp_v3_package_version: '*'
cadoles_pod_hydra_remote_user_v1_package_version: '*'
cadoles_pod_hydra_passwordless_v1_package_version: '*'

# Hydra database configuration
hydra_use_external_database: no
hydra_database_name: hydra
hydra_database_user: hydra
hydra_database_password: hydra
hydra_database_host: 10.0.2.2
hydra_database_port: 3306

# HAProxy configuration

haproxy_public_base_url: http://{{ ansible_default_ipv4.address | default(ansible_all_ipv4_addresses[0]) }}
haproxy_hydra_dispatcher_base_path: /auth/dispatcher
haproxy_hydra_passwordless_base_path: /auth/passwordless
haproxy_hydra_saml_base_path: /auth/saml

haproxy_forwarded_proto: https
haproxy_forwarded_host: "%[req.hdr(Host)]"
haproxy_forwarded_port: "%[dst_port]"

# Hydra OIDC configuration

hydra_urls_self_issuer_url: "{{ haproxy_public_base_url }}"
hydra_urls_consent: "{{ haproxy_public_base_url }}{{ haproxy_hydra_dispatcher_base_path }}/consent"
hydra_urls_login: "{{ haproxy_public_base_url }}{{ haproxy_hydra_dispatcher_base_path }}/login"
hydra_urls_logout: "{{ haproxy_public_base_url }}{{ haproxy_hydra_dispatcher_base_path }}/logout"

hydra_log_level: warn
hydra_log_leak_sensitive_values: no

# This value should not be changed after first deployment !
hydra_secrets_seed: "{{ inventory_hostname }}"

# Hydra clients

hydra_clients:
  - client_id: default-client
    client_name: Default client

# Hydra Passwordless configuration

enable_hydra_passwordless: yes
hydra_passwordless_app_title: Adresse courriel
hydra_passwordless_app_description: Authentification via adresse courriel
hydra_passwordless_app_icon_url: https://upload.wikimedia.org/wikipedia/commons/4/48/You%27ve_got_mail.png
hydra_passwordless_smtp_host: smtp-server
hydra_passwordless_smtp_port: 25
hydra_passwordless_smtp_user: smtp-user
hydra_passwordless_smtp_password: smtp-password
hydra_passwordless_smtp_insecure_skip_verify: no
hydra_passwordless_smtp_use_start_tls: no
hydra_passwordless_sender_address: noreply@localhost
hydra_passwordless_sender_name: "[hydra-passwordless]"

# Hydra SAML configuration

enable_hydra_saml: yes
hydra_saml_app_title: SAML
hydra_saml_app_description: Authentification via SAML
hydra_saml_app_icon_url: 
hydra_saml_idp_entity_id: https://samltest.id/saml/idp
hydra_saml_idp_metadata_url: https://samltest.id/saml/idp

# OIDC Test configuration

enable_oidc_test_app: yes
oidc_test_app_public_base_url: http://{{ ansible_default_ipv4.address | default(ansible_all_ipv4_addresses[0]) }}:8080
oidc_test_app_client_id: oidc-test
oidc_test_app_client_secret: '$oidc-test&123456$'