# Prod-specific overrides. Same R720 host as staging in v1.0; separate
# Incus network + container prefix prevents staging/prod from sharing
# any state. Phase-2 (post v1.1) is expected to move prod to a
# dedicated host, at which point only `veza_incus_host` flips.
---
veza_env: prod
veza_release_channel: prod

veza_incus_host: veza-prod
veza_incus_network: veza-net
veza_incus_subnet: 10.0.20.0/24

veza_container_prefix: "veza-"  # production uses unprefixed names — the established convention

veza_incus_dns_suffix: lxd

haproxy_topology: blue-green

veza_public_host: veza.fr
veza_public_url: "https://veza.fr"
veza_cors_allowed_origins:
  - "https://veza.fr"
  - "https://app.veza.fr"

# Prod is INFO so 99th-percentile log volume stays manageable. Bump to
# DEBUG for a window via `ansible-playbook -e veza_log_level=DEBUG` if
# triaging an incident.
veza_log_level: INFO
veza_otel_sample_rate: "0.05"

veza_feature_flags:
  HYPERSWITCH_ENABLED: "true"
  STRIPE_CONNECT_ENABLED: "true"
  WEBAUTHN_ENABLED: "true"

# Larger retention than staging — prod rollback may need to reach a
# release from up to a month ago when the cause was latent.
veza_release_retention: 60

postgres_password: "{{ vault_postgres_password }}"
redis_password: "{{ vault_redis_password }}"
rabbitmq_password: "{{ vault_rabbitmq_password }}"