---
# Global Variables for Container-based PHP Framework Infrastructure
# These variables are shared across all environments

# Project Information
project_name: "michaelschiemer"
container_image: "{{ container_registry | default('docker.io') }}/{{ image_repository | default('michaelschiemer/php-framework') }}"
maintainer_email: "kontakt@michaelschiemer.de"

# Framework Configuration
framework:
  name: "custom-php-framework"
  version: "1.0.0"
  php_version: "8.4"
  environment: "{{ environment }}"
  debug_mode: "{{ debug_mode | default(false) }}"
  container_based: true
  build_on_server: false

# Common Package Lists
common_packages:
  - curl
  - wget
  - unzip
  - git
  - htop
  - vim
  - nano
  - rsync
  - screen
  - tmux

security_packages:
  - fail2ban
  - ufw
  - rkhunter
  - chkrootkit
  - lynis
  - unattended-upgrades
  - apt-listchanges

# Timezone and Locale
timezone: "Europe/Berlin"
locale: "en_US.UTF-8"

# User Management
system_users:
  - name: deploy
    groups:
      - sudo
      - docker
    shell: /bin/bash
    home: /home/deploy
    create_home: true

# Directory Structure
app_directories:
  - /var/www/html
  - /var/www/backups
  - /var/log/applications
  - /home/deploy/.docker
  - /home/deploy/scripts

# File Permissions
default_file_permissions:
  web_root: "0755"
  config_files: "0644"
  scripts: "0755"
  logs: "0755"
  private_keys: "0600"
  public_keys: "0644"

# Backup Configuration
backup_settings:
  enabled: "{{ BACKUP_ENABLED | default(true) | bool }}"
  retention_days: "{{ BACKUP_RETENTION_DAYS | default(30) }}"
  schedule: "0 2 * * *"  # Daily at 2 AM
  compression: true
  encryption: true
  remote_storage: "{{ S3_BACKUP_ENABLED | default(false) | bool }}"

# Log Rotation
log_rotation:
  rotate_count: 52  # Keep 52 weeks
  rotate_when: weekly
  compress: true
  compress_delay: 1
  missing_ok: true
  not_if_empty: true

# Network Configuration
network:
  ipv6_enabled: false
  firewall_default_policy: deny
  allowed_ssh_networks:
    - "0.0.0.0/0"  # Restrict this in production
  
# Docker Defaults
docker_defaults:
  restart_policy: "always"
  log_driver: "json-file"
  log_options:
    max-size: "10m"
    max-file: "3"
  networks:
    - framework-network
  security_opts:
    - no-new-privileges:true
  pull_policy: "always"
  build_policy: "never"

# Performance Tuning
performance:
  swappiness: 10
  max_open_files: 65536
  max_processes: 4096
  
# Monitoring Defaults
monitoring_defaults:
  check_interval: 300  # 5 minutes
  alert_threshold_cpu: 80
  alert_threshold_memory: 85
  alert_threshold_disk: 90
  log_retention_days: 30

# SSL Defaults
ssl_defaults:
  key_size: 2048
  protocols:
    - "TLSv1.2"
    - "TLSv1.3"
  cipher_suite: "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384"
  
# Container Runtime Defaults
container_defaults:
  php_version: "8.4"
  pull_timeout: 300
  deploy_timeout: 600
  health_check_timeout: 30
  health_check_interval: 10
  health_check_retries: 15
  
# Database Defaults  
database_defaults:
  engine: mysql
  version: "8.0"
  charset: utf8mb4
  collation: utf8mb4_unicode_ci
  max_connections: 100
  innodb_buffer_pool_size: "128M"

# Application Defaults
app_defaults:
  session_lifetime: 7200  # 2 hours
  cache_driver: redis
  queue_driver: redis
  mail_driver: smtp