new-site/infra/ansible/inventory/group_vars/all.yml

---
# Performance West — Global Ansible Variables

# ── Domains ───────────────────────────────────────────────────────────────────
domain: performancewest.net
api_domain: api.performancewest.net
portal_domain: portal.performancewest.net
crm_domain: crm.performancewest.net
analytics_domain: analytics.performancewest.net
listmonk_domain: lists.performancewest.net
dev_domain: dev.performancewest.net
dev_api_domain: api.dev.performancewest.net
shkeeper_domain: pay.performancewest.net
shkeeper_admin_domain: crypto.performancewest.net
minio_domain: minio.performancewest.net
minio_console_domain: minio-console.performancewest.net
monitoring_domain: monitoring.performancewest.net
# Windows DocServer VM (connects to MinIO externally for DOCX→PDF conversion)
docserver_ip: 108.181.102.34

# mautic retired — replaced by Listmonk; kept so old templates don't break
mautic_domain: mail.performancewest.net

deploy_user: deploy
ssh_port: 22022
project_dir: /opt/performancewest
dev_project_dir: /opt/performancewest-dev

# ── Ports (internal — host-bound by Docker or k3s) ───────────────────────────
site_port: 4322
api_port: 3001
erpnext_port: 8080
listmonk_port: 9100           # Docker maps 9100→9000 inside container
umami_port: 3100
minio_port: 9000
minio_console_port: 9001
shkeeper_port: 5000           # SHKeeper web UI (k3s NodePort)
dev_site_port: 4323
dev_api_port: 3002

# ── Let's Encrypt ─────────────────────────────────────────────────────────────
certbot_email: info@performancewest.net
certbot_webroot: /var/www/certbot

# ── PostgreSQL (API DB) ───────────────────────────────────────────────────────
pg_database: performancewest
pg_user: pw
pg_password: "{{ vault_db_password }}"
pg_backup_dir: /opt/backups/postgresql
pg_backup_retention_days: 30

# Backwards-compat aliases used by some roles
db_name: "{{ pg_database }}"
db_user: "{{ pg_user }}"
db_password: "{{ pg_password }}"

# ── ERPNext ───────────────────────────────────────────────────────────────────
erpnext_db_password: "{{ vault_erpnext_db_password }}"
erpnext_admin_password: "{{ vault_erpnext_admin_password }}"

# ── Umami ─────────────────────────────────────────────────────────────────────
umami_db_password: "{{ vault_umami_db_password }}"
umami_app_secret: "{{ vault_umami_app_secret }}"

# ── MinIO ─────────────────────────────────────────────────────────────────────
minio_access_key: "{{ vault_minio_access_key }}"
minio_secret_key: "{{ vault_minio_secret_key }}"
minio_bucket: performancewest

# ── Ollama ────────────────────────────────────────────────────────────────────
ollama_model: "{{ vault_ollama_model | default('qwen2.5:7b') }}"

# ── Transactional email (Carbonio — co.carrierone.com) ────────────────────────
# Used by: API (nodemailer), Python workers (smtplib), ERPNext notifications
# NOT used by Listmonk — Listmonk has its own SMTP configured in its admin UI
smtp_host: co.carrierone.com
smtp_port: 587
smtp_user: noreply@performancewest.net
smtp_pass: "{{ vault_smtp_pass }}"
smtp_from: "Performance West <noreply@performancewest.net>"
smtp_admin_email: ops@performancewest.net

# ── Listmonk (mass-mail via the LOCAL MTA) ───────────────────────────────────
# Listmonk SMTP is configured via its web admin UI, not env vars. Listmonk relays
# through the host Postfix (172.18.0.1:25 from inside the Docker network), which
# DKIM-signs and delivers direct-to-recipient-MX. We no longer use any external
# relay (SMTP2GO was decommissioned). These vars are kept here for documentation
# and manual reference.
listmonk_smtp_host: 172.18.0.1
listmonk_smtp_port: 25
# The local Postfix relay requires no auth (auth_protocol: none, tls_type: none).
listmonk_smtp_user: ""
listmonk_smtp_pass: ""
listmonk_admin_user: "{{ vault_listmonk_admin_user }}"
listmonk_admin_password: "{{ vault_listmonk_admin_password }}"

# Listmonk draft source campaigns cloned by scripts.build_trucking_campaigns
# for daily trucking deficiency-flag sends.
trucking_campaign_for_hire_id: 309
trucking_campaign_irp_ifta_id: 310
trucking_campaign_intrastate_id: 271
trucking_campaign_weight_tax_id: 272
trucking_campaign_emissions_id: 273
trucking_campaign_hazmat_id: 274

# ── Common packages ───────────────────────────────────────────────────────────
common_packages:
  - curl
  - wget
  - git
  - htop
  - unzip
  - jq
  - rsync
  - ufw
  - fail2ban
  - chrony
  - unattended-upgrades
  - apt-transport-https
  - ca-certificates
  - gnupg
  - python3
  - python3-pip