# SECRETS EXAMPLE - Copy to secrets.yml and encrypt with Ansible Vault
# To encrypt: ansible-vault encrypt vars/secrets.yml
# To edit: ansible-vault edit vars/secrets.yml
# To run playbook: ansible-playbook -i inventory/hosts.yml playbook.yml --ask-vault-pass

# Cloudflare (Traefik DNS challenge)
cf_dns_api_token: "your-cloudflare-api-token"

# SMTP
smtp_host: "smtp.example.com"
smtp_port: 587
smtp_username: "your-smtp-username"
smtp_password: "your-smtp-password"
smtp_from: "noreply@example.com"

# TinyAuth (OAuth proxy)
tinyauth_secret: "generate-random-32-char-string"
tinyauth_github_client_id: "your-github-oauth-client-id"
tinyauth_github_client_secret: "your-github-oauth-client-secret"
tinyauth_oauth_whitelist: "your@email.com"

# Vaultwarden
vaultwarden_admin_token: "your-argon2-hashed-admin-token"

# CrowdSec
crowdsec_bouncer_api_key: "your-crowdsec-bouncer-api-key"

# Photoprism
photoprism_admin_user: "admin"
photoprism_admin_password: "your-secure-password"
photoprism_database_password: "your-db-password"

# Vikunja
vikunja_jwt_secret: "generate-128-char-hex-string"

# Mobilizon
mobilizon_postgres_password: "your-db-password"
mobilizon_secret_key_base: "generate-64-char-random-string"
mobilizon_secret_key: "generate-64-char-random-string"

# Etesync
etesync_super_user: "admin"
etesync_super_pass: "your-secure-password"

# Plex
plex_claim: "claim-xxxxxxxxxxxxxxxxxxxxxx"
plex_token: "your-plex-token"

# Yamtrack
yamtrack_secret: "your-random-secret"
yamtrack_igdb_id: "your-igdb-client-id"
yamtrack_igdb_secret: "your-igdb-client-secret"

# Joal
joal_secret_token: "your-secret-token"

# Feedropolis
feedropolis_postgres_password: "your-db-password"

# WebDAV
webdav_user: "your-username"
webdav_pass_hash: "your-bcrypt-hash"

# SearXNG
searxng_secret: "generate-random-string"

# Glance
glance_secret_token: "your-token-for-glance-api"

# Watchtower (notifications Gotify)
watchtower_gotify_url: "https://gotify.example.com"
watchtower_gotify_token: "your-gotify-app-token"