---
# vault.yml.example — VORLAGE für ansible/vault.yml
# NIEMALS echte Passwörter committen!
# vault.yml mit Ansible Vault verschlüsseln:
#   ansible-vault create ansible/vault.yml
#   ansible-vault edit ansible/vault.yml

# PostgreSQL Passwörter
postgresql_users:
  - name: insight_app
    password: "CHANGE_ME_STRONG_PASSWORD"
    role_attr_flags: "LOGIN NOSUPERUSER NOCREATEDB NOCREATEROLE"
  - name: pgbouncer
    password: "CHANGE_ME_PGBOUNCER_PASSWORD"
    role_attr_flags: "LOGIN NOSUPERUSER NOCREATEDB NOCREATEROLE"

postgresql_grants:
  - db: insight_core
    role: insight_app
    privs: "ALL"
  - db: insight_crm
    role: insight_app
    privs: "ALL"

# PgBouncer Auth
pgbouncer_users:
  - name: insight_app
    password: "CHANGE_ME_STRONG_PASSWORD"
  - name: pgbouncer
    password: "CHANGE_ME_PGBOUNCER_PASSWORD"

# Redis
redis_password: "CHANGE_ME_REDIS_PASSWORD"

# Zabbix (falls PSK verwendet)
# zabbix_psk_key: "CHANGE_ME_PSK"