--- # Example vault values for Proxmox app projects. # # Copy required keys into your encrypted vault: # make edit-group-vault # # Never commit real secrets unencrypted. # Proxmox API vault_proxmox_host: "10.0.10.201" vault_proxmox_user: "root@pam" vault_proxmox_node: "pve" vault_proxmox_password: "CHANGE_ME" # Optional token auth (recommended if you use it) # vault_proxmox_token_id: "root@pam!ansible" # vault_proxmox_token: "CHANGE_ME" # SSH public key for appuser (workstation key) vault_ssh_public_key: "ssh-ed25519 AAAA... you@example" # LXC create bootstrap password (often required by Proxmox) vault_lxc_root_password: "CHANGE_ME" # ----------------------------------------------------------------------------- # POTE (python/venv + cron) secrets # ----------------------------------------------------------------------------- # Private key used for cloning from Gitea (deploy key). Store as a multi-line block. vault_pote_git_ssh_key: | -----BEGIN OPENSSH PRIVATE KEY----- CHANGE_ME -----END OPENSSH PRIVATE KEY----- # Environment-specific DB passwords (used by roles/pote) vault_pote_db_password_dev: "CHANGE_ME" vault_pote_db_password_qa: "CHANGE_ME" vault_pote_db_password_prod: "CHANGE_ME" # SMTP password for reports vault_pote_smtp_password: "CHANGE_ME" # ----------------------------------------------------------------------------- # Mirrormatch (Prisma/Node backend) secrets # ----------------------------------------------------------------------------- # Optional deploy key for private repo access vault_mirrormatch_git_ssh_key: | -----BEGIN OPENSSH PRIVATE KEY----- CHANGE_ME -----END OPENSSH PRIVATE KEY----- # Per-environment database URLs (use external Postgres VM/cluster) vault_mirrormatch_database_url_dev: "postgresql://mm_dev_user:CHANGE_ME@10.0.10.181:5432/mirrormatch_dev" vault_mirrormatch_database_url_qa: "postgresql://mm_qa_user:CHANGE_ME@10.0.10.181:5432/mirrormatch_qa" vault_mirrormatch_database_url_prod: "postgresql://mm_prod_user:CHANGE_ME@10.0.10.181:5432/mirrormatch_prod" # Optional shadow DB URLs if your Prisma workflow needs them vault_mirrormatch_shadow_database_url_dev: "postgresql://mm_dev_shadow:CHANGE_ME@10.0.10.181:5432/mirrormatch_dev_shadow" vault_mirrormatch_shadow_database_url_qa: "postgresql://mm_qa_shadow:CHANGE_ME@10.0.10.181:5432/mirrormatch_qa_shadow" vault_mirrormatch_shadow_database_url_prod: "postgresql://mm_prod_shadow:CHANGE_ME@10.0.10.181:5432/mirrormatch_prod_shadow" # NEXTAUTH secrets per env vault_mirrormatch_nextauth_secret_dev: "CHANGE_ME" vault_mirrormatch_nextauth_secret_qa: "CHANGE_ME" vault_mirrormatch_nextauth_secret_prod: "CHANGE_ME" # SMTP (prod) vault_mirrormatch_smtp_host: "smtp.example.com" vault_mirrormatch_smtp_port: "587" vault_mirrormatch_smtp_user: "smtp-user" vault_mirrormatch_smtp_password: "CHANGE_ME" vault_mirrormatch_smtp_from: "MirrorMatch "