fix: Remove unnecessary container registry step

2026-03-20 16:17:10 -04:00
parent d31b14cd72
commit 1862f20074
13 changed files with 642 additions and 7 deletions
--- a/roles/vault_setup/defaults/main.yml
+++ b/roles/vault_setup/defaults/main.yml
@@ -0,0 +1,22 @@
+---
+# --- Vault API ---
+vault_url: "http://nas.lan.toal.ca:8200"
+vault_validate_certs: false
+
+# --- Init ---
+vault_init_key_shares: 5
+vault_init_key_threshold: 3
+
+# --- OIDC ---
+vault_oidc_client_id: vault
+vault_oidc_admin_group: vault-admins
+vault_oidc_default_ttl: 1h
+vault_oidc_max_ttl: 8h
+
+# --- Unseal ---
+# vault_unseal_keys: []   # list of 3+ unseal key strings (from 1Password)
+
+# --- Secrets (required, set via vault or host_vars) ---
+# vault_vault_root_token:          # root token from 1Password (required for Play 2)
+# vault_vault_oidc_client_secret:  # OIDC client secret from Keycloak (required for Play 2)
+# vault_oidc_issuer:               # e.g. https://keycloak.apps.openshift.toal.ca/realms/toallab