---

users:
  - name: admin
    password_hash: !vault |
      $ANSIBLE_VAULT;1.1;AES256
      30623138653735643561343061356531373430393662383764633038383238383837626636393432
      3138653539356430306266663864343563616332656131310a343632323363653665646363366437
      66643430626437333461656231303339656435346261336238313036306431396333643965666631
      3665393163623266320a373838313538626438623330393533353931336331623464613664633430
      32303734396634376431383936643431313561303864343930393363623130663236666636353637
      63613237383666656263316661333031643032323266636464313839653065316138343035346161
      64313037336666353136383462333832373031623637636630326330313832333265386632343139
      30306638356434376635346637346134653064613236326333656566383137353166393063333563
      32623638343263313463313062303465626439356461613235656661623364656138
    ssh_public_keys: 
      - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDKNzJdo6/c7uXrg0lqVwyXOhcNxO/BnylyJeqoBe4rAO5fhjwWLsvMAeCEmYa/3i8ITSvurFEou7BELo25vM58dNfGQHig52LrA/GU/jwDAhHyTXP3AvqqgIFa0ysMaHasYny6oqXi+eb2w/KimtgOhe5/oUdNBe/KgqZ+hP3qlTchxBl5MEzZIKgXTXQeYJpYYrnFb0l/R8qSkFBJv2xzxVJxEamN71SG7OIsi9m14D6hd2pNDHDDqHgKBVbN5irxDuJAzHN5upzfziXiYCOusud23tX6/nNv8t03CbB7FW0OxaCGhAjbavTFAf164L9GM7j76BGsLwWSh2HhG9G9lKs2bEI3IQudllMc6p9N6j2FhMOCKK6YYekdAOVc3ozTFc73VLkXtN8pnTC8OCSavthSt5jOUd0qTsQGH91lWlEkVe0bWi+s9nggfeWFM7HMVmqsR1jYlOXoi5s7xYwKLUdeUjRk3/rkzIFoOxquE5sVVuNDRNCaqcpPVY4k0gE= openpgp:0x8880F3E0"
      - "ssh-ed25519 \
         AAAAC3NzaC1lZDI1NTE5AAAAIJRnXU2My2iMXl1yCIEoASZYAUW0q1qn3P5tSUI0B0+4 \
         openpgp:0xAD2BFD7F"
    opendoas_settings: "permit persist admin as root"
  - name: ansible
    password_hash: ""
    ssh_public_keys:
      - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDKNzJdo6/c7uXrg0lqVwyXOhcNxO/BnylyJeqoBe4rAO5fhjwWLsvMAeCEmYa/3i8ITSvurFEou7BELo25vM58dNfGQHig52LrA/GU/jwDAhHyTXP3AvqqgIFa0ysMaHasYny6oqXi+eb2w/KimtgOhe5/oUdNBe/KgqZ+hP3qlTchxBl5MEzZIKgXTXQeYJpYYrnFb0l/R8qSkFBJv2xzxVJxEamN71SG7OIsi9m14D6hd2pNDHDDqHgKBVbN5irxDuJAzHN5upzfziXiYCOusud23tX6/nNv8t03CbB7FW0OxaCGhAjbavTFAf164L9GM7j76BGsLwWSh2HhG9G9lKs2bEI3IQudllMc6p9N6j2FhMOCKK6YYekdAOVc3ozTFc73VLkXtN8pnTC8OCSavthSt5jOUd0qTsQGH91lWlEkVe0bWi+s9nggfeWFM7HMVmqsR1jYlOXoi5s7xYwKLUdeUjRk3/rkzIFoOxquE5sVVuNDRNCaqcpPVY4k0gE= openpgp:0x8880F3E0"
      - "ssh-ed25519 \
         AAAAC3NzaC1lZDI1NTE5AAAAIJRnXU2My2iMXl1yCIEoASZYAUW0q1qn3P5tSUI0B0+4 \
         openpgp:0xAD2BFD7F"
    opendoas_settings: "permit nopass ansible"


postgresql_global_config_options:
  - option: unix_socket_directories
    value: '{{ postgresql_unix_socket_directories | join(",") }}'
  - option: log_directory
    value: 'log'
  - option: listen_addresses
    value: "*"

postgresql_auth_method: scram-sha-256

postgresql_hba_entries:
  - {type: local, database: all, user: postgres, auth_method: peer}
  - {type: host, database: all, user: all, address: '127.0.0.1/32', auth_method: "{{ postgresql_auth_method }}"}
  - {type: host, database: forgejo_db, user: forgejo, address: '192.168.0.20/32', auth_method: "{{ postgresql_auth_method }}"}

postgresql_databases:
  - name: forgejo_db
    owner: forgejo

postgresql_users:
  - name: forgejo
    password: !vault |
      $ANSIBLE_VAULT;1.1;AES256
      63306634323739306638666538376262643231306337343036313737373735303264356238663335
      6430623539346236303539333764666137613762623330640a643834326436363631626537396264
      31653265343035626439376134633839376432313962323163626436633466386165386332333737
      6339386339303566310a623236323630376665623664656563376430643836666433656433386434
      62623536376461323563616237316232366633663834333365633334646264313831376661366436
      61313538333965313062313138383935663739303935643331333238363463386537383238616466
      62343232326661346563353236373163373463383431646334623537616231396137393663376332
      35373132333865306634316433663539396632373638626130343331623138643063333561636532
      66653139663830353632326639393835343137336235626261353130656336653962303665646664
      63303735393638336137666234383363383764313533323031303533343562336230613434316432
      383632343762373735633664313431613064
    encrypted: true

postgresql_privs:
  - db: forgejo_db
    roles: forgejo
    privs: ALL
    type: database

postgres_users_no_log: false



fluentbit_settings:
  service:
    flush: 1
    daemon: false
    log_level: info
    http_server: false
  pipeline:
    inputs:
      - name: systemd
        tag: systemd_input
    filters:
      - name: rewrite_tag
        match: systemd_input
        rule: $_SYSTEMD_UNIT ^(postgresql.service)$ postgresql false
      - name: rewrite_tag
        match: systemd_input
        rule: $_SYSTEMD_UNIT ^(postgresql.service.+|(?!postgresql.service).*)$ systemd false
      - name: record_modifier
        match: postgresql
        allowlist_key:
          - MESSAGE
      # - name: record_modifier
      #   match: systemd_tag
      #   allowlist_key:
      #     - _SYSTEMD_UNIT
      #     - MESSAGE
    outputs:
      - name: loki
        host: 192.168.0.252
        labels: "env=dev,hostname=postgresql,service_name=postgresql"
        match: postgresql
      - name: loki
        host: 192.168.0.252
        labels: "env=dev,hostname=postgresql,service_name=systemd"
        match: systemd