---
# Global variables for all nodes

# K3s Configuration
k3s_version: "v1.28.5+k3s1"
k3s_install_url: "https://get.k3s.io"

# K3s Server Configuration
k3s_server_1_ip: "10.100.20.10"
k3s_server_2_ip: "10.100.20.20"
k3s_witness_ip: "10.100.20.30"

# K3s token (shared between servers)
# In production, this should be stored in a vault
k3s_token_file: "/etc/rancher/k3s/token"

# Network Configuration
pod_cidr: "10.42.0.0/16"
service_cidr: "10.43.0.0/16"
cluster_dns: "10.43.0.10"

# System Configuration
timezone: "Europe/Paris"
swap_enabled: false

# Unattended Upgrades Configuration
unattended_upgrades_enabled: true
unattended_upgrades_automatic_reboot: true
unattended_upgrades_automatic_reboot_with_users: false

# Reboot schedule (staggered to maintain availability)
reboot_schedule:
  k3s-server-1: "02:00"
  k3s-server-2: "04:00"
  etcd-witness: "06:00"

# FluxCD Configuration
flux_version: "v2.2.0"
flux_namespace: "flux-system"

# System packages to install on all nodes
common_packages:
  - curl
  - wget
  - git
  - vim
  - htop
  - net-tools
  - ca-certificates
  - gnupg
  - lsb-release
  - python3
  - python3-pip

# Kernel parameters for K3s
sysctl_config:
  net.bridge.bridge-nf-call-iptables: 1
  net.bridge.bridge-nf-call-ip6tables: 1
  net.ipv4.ip_forward: 1
  vm.swappiness: 0
  fs.inotify.max_user_instances: 8192
  fs.inotify.max_user_watches: 524288