---
# Docker Runtime Role Default Variables

# Docker Installation
docker_edition: ce
docker_version: "latest"
docker_channel: stable
docker_compose_version: "2.20.0"

# Repository Configuration
docker_apt_arch: amd64
docker_apt_repository: "deb [arch={{ docker_apt_arch }}] https://download.docker.com/linux/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} {{ docker_channel }}"
docker_apt_gpg_key: "https://download.docker.com/linux/{{ ansible_distribution | lower }}/gpg"

# Docker Daemon Configuration
docker_daemon_config:
  # Security settings
  userland-proxy: false
  live-restore: true
  icc: false
  userns-remap: default
  no-new-privileges: true
  seccomp-profile: /etc/docker/seccomp-default.json
  
  # Logging
  log-driver: json-file
  log-opts:
    max-size: 50m
    max-file: "5"
  
  # Storage
  storage-driver: overlay2
  
  # Network security
  bridge: none
  ip-forward: false
  ip-masq: false
  iptables: false
  ipv6: false
  
  # Resource limits
  default-ulimits:
    nproc:
      hard: 65536
      soft: 65536
    nofile:
      hard: 65536
      soft: 65536
  
  # Registry security
  insecure-registries: []
  registry-mirrors: []
  
  # Experimental features
  experimental: false

# Docker Service Configuration
docker_service_state: started
docker_service_enabled: true
docker_restart_handler_state: restarted

# User Management
docker_users: []
docker_group: docker

# PHP 8.4 Specific Configuration
php_version: "8.4"
php_docker_image: "php:8.4-fpm-alpine"
php_extensions:
  - mysqli
  - pdo_mysql
  - opcache
  - redis
  - memcached
  - intl
  - gd
  - zip
  - bcmath
  - soap
  - xml
  - curl
  - json

# Docker Compose Configuration
docker_compose_projects: []
docker_compose_path: /opt/docker-compose

# Security Profiles
docker_security_profiles:
  - name: default-seccomp
    path: /etc/docker/seccomp-default.json
  - name: framework-apparmor
    path: /etc/apparmor.d/docker-framework

# Network Configuration
docker_networks:
  - name: framework-network
    driver: bridge
    ipam:
      config:
        - subnet: 172.20.0.0/16
          gateway: 172.20.0.1
    options:
      com.docker.network.bridge.enable_icc: "false"
      com.docker.network.bridge.enable_ip_masquerade: "false"

# Volume Configuration
docker_volumes:
  - name: framework-app-data
    driver: local
  - name: framework-db-data
    driver: local
  - name: framework-logs
    driver: local

# Health Check Configuration
docker_health_check_interval: 30s
docker_health_check_timeout: 10s
docker_health_check_retries: 3
docker_health_check_start_period: 60s

# Backup Configuration
docker_backup_enabled: "{{ backup_enabled | default(false) }}"
docker_backup_schedule: "0 2 * * *"  # Daily at 2 AM
docker_backup_retention: 7

# Monitoring Configuration
docker_monitoring_enabled: "{{ monitoring_enabled | default(true) }}"
docker_metrics_enabled: true
docker_metrics_address: "0.0.0.0:9323"

# Resource Limits (per environment)
docker_resource_limits:
  production:
    memory: "{{ docker_memory_limit | default('4g') }}"
    cpus: "{{ docker_cpu_limit | default('2.0') }}"
    pids: 1024
  staging:
    memory: "{{ docker_memory_limit | default('2g') }}"
    cpus: "{{ docker_cpu_limit | default('1.0') }}"
    pids: 512
  development:
    memory: "{{ docker_memory_limit | default('1g') }}"
    cpus: "{{ docker_cpu_limit | default('0.5') }}"
    pids: 256

# Container Security Options
docker_security_opts:
  - no-new-privileges:true
  - seccomp:unconfined
  - apparmor:docker-framework