# Frontend (React/Vite, static SPA served by nginx) component vars.
# Different shape from backend/stream: no custom binary, no env file,
# no systemd unit owned by Veza — just a tarball of static files
# extracted under nginx's docroot.
---
veza_app_kind: static
veza_app_listen_port: "{{ veza_web_port }}"
veza_app_health_path: "{{ veza_healthcheck_paths.web }}"

# Where the SPA's `dist/` lands. Per-SHA dir is symlinked-to by
# /var/www/veza-web/current; nginx points at the symlink so a switch
# is one symlink + one nginx -s reload (out of scope for this role —
# the role recreates the container so nginx starts fresh anyway).
veza_app_install_dir: /var/www/veza-web
veza_app_release_dir: "{{ veza_app_install_dir }}/{{ veza_release_sha }}"
veza_app_current_link: "{{ veza_app_install_dir }}/current"

# nginx site config — render and drop into sites-enabled/.
veza_app_nginx_site: /etc/nginx/sites-enabled/veza-web.conf
veza_app_nginx_template: veza-web-nginx.conf.j2

# nginx is THE service for this component. We don't ship a custom
# systemd unit; we ensure nginx is enabled+started + has a clean
# config.
veza_app_service_name: nginx

veza_app_extra_packages:
  - nginx

# Frontend has no Vault secrets at runtime — every value bakes into
# the bundle at build time via VITE_* env vars. Empty list means the
# secret-file install task is a no-op.
veza_app_secret_files: []