---
# ansible default variables - most variables live here
koji_hub_packages:
  - koji
  - koji-hub
  - koji-hub-plugins
  - koji-web
  - koji-utils
  - git
  - gnupg2
  - python3-paho-mqtt
  - nfs-utils
  - mod_ssl
  - mod_auth_gssapi
  - sigul

koji_default_directories:
  - packages
  - repos
  - work
  - scratch
  - repos-dist
  - compose

koji_db_name: koji
koji_db_user: koji
koji_db_pass: ThisIsNotThePassword!
koji_db_host: localhost

# Web
koji_sitename: Rocky Linux Build Service
koji_theme: false
koji_theme_name: rocky
koji_theme_file: rocky.tar.gz
koji_web_url: https://koji.rockylinux.org/koji
koji_hub_url: https://koji.rockylinux.org/kojihub
koji_files_url: https://koji.rockylinux.org/kojifiles
koji_web_keytab: /etc/keytabs/koji-web.keytab

# This should be changed before deployment
koji_hub_secret: cK5XCuzMSXJfgA7yFvXkGwFu
koji_web_cacert: /etc/pki/tls/certs/ca-bundle.crt
koji_web_tls_cert: /etc/pki/tls/certs/koji.rockylinux.org.crt
koji_web_tls_key: /etc/pki/tls/private/koji.rockylinux.org.key

# Kojira
koji_kojira: true
koji_kojira_user: kojira
koji_kojira_user_kerb: kojira/koji.rockylinux.org
koji_kojira_principal: kojira/koji.rockylinux.org@ROCKYLINUX.ORG
koji_kojira_keytab: /etc/keytabs/kojira.keytab

# MBS
koji_mbs: true
koji_mbs_user: mbs
koji_mbs_user_kerb: mbs/mbs.rockylinux.org
koji_mbs_principal: mbs/mbs.rockylinux.org@ROCKYLINUX.ORG
koji_mbs_keytab: /etc/keytabs/mbs.keytab

# GC
koji_gc_name: garbageman
koji_gc_keytab: /etc/keytabs/koji-gc.keytab
koji_gc_principal: koji-gc/koji.rockylinux.org@ROCKYLINUX.ORG

# Sigul
koji_sigul: true
koji_sigul_user: sigul
koji_sigul_user_kerb: sigul/sigul.rockylinux.org
koji_sigul_principal: sigul/sigul.rockylinux.org@ROCKYLINUX.ORG

# Storage
koji_nfs: true
koji_mount: /mnt/koji
koji_nfs_path: nfs.rockylinux.org:/export/koji

# Koji Admin
koji_admin_client: true
koji_admin_user: rockykoji
koji_admin_principal: rockykoji@ROCKYLINUX.ORG
koji_admin_localuser: true
koji_admin_localuser_name: koji

# Hub Settings
koji_hub_principal: "host/kojihub@ROCKYLINUX.ORG"
koji_hub_proxy_principals: "HTTP/{{ inventory_hostname }}@ROCKYLINUX.ORG"
koji_hub_keytab: /etc/keytabs/host.keytab
koji_hub_principal_format: compile/%s@ROCKYLINUX.ORG
# This should be sufficient even for LE
koji_hub_ca: "{{ koji_web_cacert }}"

# Koji FAS Syncing
# This isn't implemented yet
koji_fas_sync: false
koji_fas_url: https://accounts.rockylinux.org

# Koji Plugins
koji_hub_plugins: false
koji_hub_plugins_list:
  - key_signing

koji_hub_plugin_key_gpg_keyphrase: lol
koji_hub_plugin_key_gpg_name: testing-signing
koji_hub_plugin_key_gpg_id: bbe2c108
koji_hub_plugin_key_build_target: "dist-rocky8 dist-rocky9"
koji_hub_plugin_key_testing_tag: dist-rocky8-testing
koji_hub_plugin_key_testing: "True"
koji_hub_plugin_key_sigul_config: "/etc/koji-hub/sigul.conf"

# Not implemented
koji_hub_plugin_mqtt_host: mqtt.rockylinux.org
koji_hub_plugin_mqtt_topic: koji
koji_hub_plugin_mqtt_ca: "{{ koji_hub_ca }}"
koji_hub_plugin_mqtt_tls_cert: /etc/pki/tls/certs/mqtt.pem
koji_hub_plugin_mqtt_tls_key: /etc/pki/tls/certs/mqtt.pem
koji_hub_plugin_mqtt_excluded_tags:
  - testing-tag