Switch to terraform

ansible/netbird/group_vars/vault.yml.example

@@ -0,0 +1,42 @@
+---
+# =============================================================================
+# NetBird v1.6 Vault Secrets
+# =============================================================================
+# Copy to vault.yml, edit values, then encrypt:
+#   cp vault.yml.example vault.yml
+#   # Edit vault.yml with your values
+#   ansible-vault encrypt vault.yml
+#
+# Or use: ./generate-vault.sh to auto-generate all secrets
+
+# =============================================================================
+# TURN/Relay Configuration
+# =============================================================================
+
+# TURN server password (alphanumeric only)
+# Generate: openssl rand -base64 32 | tr -d '/+=\n'
+vault_turn_password: "YourTurnPassword2024"
+
+# Relay secret (alphanumeric only)
+# Generate: openssl rand -base64 32 | tr -d '/+=\n'
+vault_relay_secret: "YourRelaySecret2024"
+
+# =============================================================================
+# Embedded IdP Encryption Key
+# =============================================================================
+# CRITICAL: Back this up! Loss prevents recovery of user data.
+# Generate: openssl rand -base64 32
+vault_encryption_key: "YourBase64EncryptionKey=="
+
+# =============================================================================
+# User Provisioning (for setup-bootstrap.yml and setup-users.yml)
+# =============================================================================
+
+# Initial admin password (for setup-bootstrap.yml)
+# Generate: openssl rand -base64 16 | tr -d '/+=\n'
+vault_admin_password: "YourAdminPassword2024"
+
+# Service user PAT for API automation
+# LEAVE EMPTY UNTIL AFTER BOOTSTRAP!
+# Create manually in dashboard: Team → Service Users → Create Token
+vault_netbird_service_pat: ""