From 7339ae000b9ea85e620d0cbb20604cb000895498 Mon Sep 17 00:00:00 2001
From: Thomas Reitz <T.Reitz@xinion.de>
Date: Sun, 15 Mar 2026 15:35:21 +0100
Subject: [PATCH] =?UTF-8?q?feat(infra):=20vault.yml=20mit=20generierten=20?=
 =?UTF-8?q?Passw=C3=B6rtern?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 repos/INSIGHT-Infra/ansible/vault.yml | 32 +++++++++++++++++++++++++++
 1 file changed, 32 insertions(+)
 create mode 100644 repos/INSIGHT-Infra/ansible/vault.yml

diff --git a/repos/INSIGHT-Infra/ansible/vault.yml b/repos/INSIGHT-Infra/ansible/vault.yml
new file mode 100644
index 0000000..74c204d
--- /dev/null
+++ b/repos/INSIGHT-Infra/ansible/vault.yml
@@ -0,0 +1,32 @@
+---
+# vault.yml — INSIGHT Secrets
+# Passwörter für PostgreSQL, PgBouncer und Redis
+# Dieses File liegt nur im lokalen Forgejo — niemals in öffentliche Repos!
+
+# PostgreSQL User
+postgresql_users:
+  - name: insight_app
+    password: "fnVQN*jjyY4F&#9yf*1LY116#bhCeplm"
+    role_attr_flags: "LOGIN NOSUPERUSER NOCREATEDB NOCREATEROLE"
+  - name: pgbouncer
+    password: "vaUIttUg!iR3buSMehN^S7GAH!m!xYq4"
+    role_attr_flags: "LOGIN NOSUPERUSER NOCREATEDB NOCREATEROLE"
+
+# PostgreSQL Grants
+postgresql_grants:
+  - db: insight_core
+    role: insight_app
+    privs: "ALL"
+  - db: insight_crm
+    role: insight_app
+    privs: "ALL"
+
+# PgBouncer Auth
+pgbouncer_users:
+  - name: insight_app
+    password: "fnVQN*jjyY4F&#9yf*1LY116#bhCeplm"
+  - name: pgbouncer
+    password: "vaUIttUg!iR3buSMehN^S7GAH!m!xYq4"
+
+# Redis
+redis_password: "gIIicbZ8T@8gfRVEmYzVEG2sGb24&Hy4"