# IP Address Configuration — SINGLE SOURCE OF TRUTH
# All scripts and docs should use these values or source this file.
# Gateway for 192.168.11.0/24 (VLAN 11 / MGMT-LAN): 192.168.11.1 (UDM Pro).
# See: docs/11-references/NETWORK_CONFIGURATION_MASTER.md
# Optional: source PROJECT_ROOT/.env first to override (scripts should: source .env 2>/dev/null; source this file)

# Proxmox SSH user for shell access (use root). .env may set PROXMOX_USER=root@pam for API; that is not valid for SSH.
PROXMOX_SSH_USER="${PROXMOX_SSH_USER:-root}"

# Proxmox Hosts (overridable via .env PROXMOX_ML110, PROXMOX_R630_01, PROXMOX_R630_02)
# NOTE: ML110 (192.168.11.10) is being repurposed to OPNsense/pfSense WAN aggregator; after repurpose .10 is the firewall, not Proxmox. Cluster = r630-01 + r630-02 until more R630s join.
PROXMOX_HOST_ML110="${PROXMOX_ML110:-${PROXMOX_HOST_ML110:-192.168.11.10}}"
PROXMOX_HOST_R630_01="${PROXMOX_R630_01:-${PROXMOX_HOST_R630_01:-192.168.11.11}}"
PROXMOX_HOST_R630_02="${PROXMOX_R630_02:-${PROXMOX_HOST_R630_02:-192.168.11.12}}"
PROXMOX_ML110="${PROXMOX_HOST_ML110}"
PROXMOX_R630_01="${PROXMOX_HOST_R630_01}"
PROXMOX_R630_02="${PROXMOX_HOST_R630_02}"
# WAN aggregator (OPNsense/pfSense on ML110); same IP .10 after repurpose
WAN_AGGREGATOR_ML110="${WAN_AGGREGATOR_ML110:-192.168.11.10}"

# R630-03..13: 192.168.11.13–.23 (r630-03 … r630-13). Add when nodes are brought online.
# Extended inventory: R750 (3), Dell 7920 (2), UDM Pro #2 (1). See docs/11-references/HARDWARE_INVENTORY_MASTER.md
PROXMOX_HOST_R750_01="${PROXMOX_HOST_R750_01:-192.168.11.24}"
PROXMOX_HOST_R750_02="${PROXMOX_HOST_R750_02:-192.168.11.25}"
PROXMOX_HOST_R750_03="${PROXMOX_HOST_R750_03:-192.168.11.26}"
UDM_PRO_2_IP="${UDM_PRO_2_IP:-192.168.11.2}"
WORKSTATION_01_IP="${WORKSTATION_01_IP:-192.168.11.30}"
WORKSTATION_02_IP="${WORKSTATION_02_IP:-192.168.11.31}"

# RPC Endpoints — Chain ID 138 two standards
# Core (admin/deploy): RPC_URL_138 — VMID 2101
RPC_CORE_1="192.168.11.211"
RPC_URL_138="http://${RPC_CORE_1}:8545"
# Public (bridge/frontend/monitoring): RPC_URL_138_PUBLIC — VMID 2201, FIXED PERMANENT
RPC_PUBLIC_1="192.168.11.221"
RPC_2201="192.168.11.221"
RPC_URL_138_PUBLIC="http://${RPC_PUBLIC_1}:8545"
WS_URL_138_PUBLIC="ws://${RPC_PUBLIC_1}:8546"

# Other RPC nodes
RPC_CORE_2="192.168.11.212"
RPC_PRIVATE_1="192.168.11.232"
# Fireblocks-dedicated RPC (VMID 2301, same node as RPC_PRIVATE_1 — dedicated for Fireblocks Web3)
RPC_FIREBLOCKS_1="${RPC_PRIVATE_1}"
RPC_URL_138_FIREBLOCKS="http://${RPC_FIREBLOCKS_1}:8545"
WS_URL_138_FIREBLOCKS="ws://${RPC_FIREBLOCKS_1}:8546"
RPC_THIRDWEB_PRIMARY="192.168.11.240"

# Gateway (192.168.11.0/24 — do not change unless network changes)
NETWORK_GATEWAY="${NETWORK_GATEWAY:-192.168.11.1}"

# Proxmox container defaults (recreate-ct-2301, etc.)
TEMPLATE="${TEMPLATE:-local:vztmpl/debian-12-standard_12.12-1_amd64.tar.zst}"
STORAGE="${STORAGE:-local-lvm}"
NETWORK="${NETWORK:-vmbr0}"

# Network prefix for computed IPs (e.g. "${NETWORK_PREFIX}.$((100 + vmid - 1000))")
NETWORK_PREFIX="${NETWORK_PREFIX:-192.168.11}"

# Project paths (override if smom-dbis-138 is elsewhere)
SMOM_DBIS_138_DIR="${SMOM_DBIS_138_DIR:-}"

# DNS Servers (Cloudflare - consistent resolution, avoids carrier/ISP DNS issues)
DNS_PRIMARY="1.1.1.1"
DNS_SECONDARY="1.0.0.1"

# Public IP Block #1 (Spectrum)
PUBLIC_IP_BLOCK_1="76.53.10.32/28"
PUBLIC_IP_GATEWAY="76.53.10.33"
PUBLIC_IP_ER605_WAN1="76.53.10.34"

# Service IPs (commonly referenced)
IP_BLOCKSCOUT="192.168.11.140"
# Blockscout: web 80, API 4000. Forge Verification Proxy: 3080
BLOCKSCOUT_API_PORT="${BLOCKSCOUT_API_PORT:-4000}"
BLOCKSCOUT_API_URL="http://${IP_BLOCKSCOUT}:${BLOCKSCOUT_API_PORT}"
FORGE_VERIFIER_PROXY_PORT="${FORGE_VERIFIER_PROXY_PORT:-3080}"
IP_NPMPLUS="192.168.11.167"
IP_NPMPLUS_SECONDARY="192.168.11.168"
IP_NGINX_LEGACY="192.168.11.26"
IP_ORDER_OPENSEARCH="192.168.11.48"
IP_ORDER_HAPROXY="192.168.11.39"
IP_VAULT_PHOENIX_2="192.168.11.201"

# Order Service IPs
ORDER_POSTGRES_PRIMARY="192.168.11.44"
ORDER_POSTGRES_REPLICA="192.168.11.45"
# Dedicated order-redis LXC (e.g. VMID 10020) not present on cluster as of 2026-03; reserve for scripts / future CT
ORDER_REDIS_IP="192.168.11.38"

# DBIS Service IPs
DBIS_POSTGRES_PRIMARY="192.168.11.105"
DBIS_POSTGRES_REPLICA="192.168.11.106"
DBIS_REDIS_IP="192.168.11.125"

# Load this file in scripts:
# source "$(dirname "$0")/../config/ip-addresses.conf"
IP_OMADA="192.168.11.20"
IP_MIM_WEB="192.168.11.37"
# MIM4U API backend (VMID 7811) — used by nginx on 7810 for /api/ proxy
MIM_API_IP="192.168.11.36"
# MIM4U web root (VMID 7810 nginx); optional override, default /var/www/html
MIM_WEB_ROOT="${MIM_WEB_ROOT:-/var/www/html}"
DB_HOST="192.168.11.53"
IP_NPMPLUS_ETH0="192.168.11.166"
# NPMplus Alltra/HYBX (VMID 10235) - see docs/04-configuration/NPMPLUS_ALLTRA_HYBX_MASTER_PLAN.md
IP_NPMPLUS_ALLTRA_HYBX="192.168.11.169"
PUBLIC_IP_NPMPLUS_ALLTRA_HYBX="76.53.10.42"
RPC_ALLTRA_1="192.168.11.250"
IP_DBIS_FRONTEND="192.168.11.130"
IP_FIREFLY="192.168.11.66"
IP_FIREFLY_2="192.168.11.67"
IP_BESU_SENTRY="192.168.11.154"
IP_DBIS_API="192.168.11.155"
IP_DBIS_API_2="192.168.11.156"

# Additional service/container IPs (for remaining script migration)
IP_VALIDATOR_0="192.168.11.100"
IP_VALIDATOR_1="192.168.11.101"
IP_VALIDATOR_2="192.168.11.102"
IP_VALIDATOR_3="192.168.11.103"
IP_VALIDATOR_4="192.168.11.104"
IP_BESU_RPC_0="192.168.11.150"
IP_BESU_RPC_1="192.168.11.151"
IP_BESU_RPC_2="192.168.11.152"
IP_BESU_RPC_3="192.168.11.153"
RPC_ALI_1="192.168.11.251"
RPC_ALI_2="192.168.11.252"
RPC_THIRDWEB_1="192.168.11.241"
RPC_THIRDWEB_2="192.168.11.242"

# Network and additional container IPs (for remaining migration)
NETWORK_192_168_11_0="192.168.11.0"
IP_INDY="192.168.11.68"
IP_FABRIC="192.168.11.65"
IP_CACTI="192.168.11.64"
# VMID 10200 order-prometheus (NOT Redis). Legacy scripts use ORDER_REDIS_REPLICA for this IP — prefer IP_ORDER_PROMETHEUS.
IP_ORDER_PROMETHEUS="192.168.11.46"
ORDER_REDIS_REPLICA="${IP_ORDER_PROMETHEUS}"
# VMIDs 2506, 2507, 2508 destroyed 2026-02-08; IPs freed for reuse
RPC_PUTU_1="192.168.11.203"
RPC_PUTU_2="192.168.11.204"
RPC_LUIS_1="192.168.11.255"
RPC_LUIS_2="192.168.11.202"

# Additional ALLTRA container IPs
IP_FIREFLY_ALLTRA_1="192.168.11.175"
IP_FIREFLY_ALLTRA_2="192.168.11.176"
IP_CACTI_ALLTRA="192.168.11.177"
IP_FABRIC_ALLTRA="192.168.11.178"
IP_INDY_ALLTRA="192.168.11.179"
IP_OMADA_ALT="192.168.11.8"
IP_MIM4U="192.168.11.19"
IP_SERVICE_23="192.168.11.23"
IP_CCIP_MONITOR="192.168.11.28"
IP_SERVICE_30="192.168.11.30"
IP_KEYCLOAK="192.168.11.52"
IP_RPC_90="192.168.11.90"

# Development VM (VMID 5700) — shared Cursor dev + private GitOps (Gitea). See docs/04-configuration/DEV_VM_GITOPS_PLAN.md
# Changed from .60 to .59 to resolve conflict with VMID 3000 (ML) at .60. Reconfigure CT 5700 on Proxmox to use this IP.
IP_DEV_VM="192.168.11.59"

# Mifos X + Fineract (VMID 5800) on r630-02 — Cloudflare Tunnel + UK egress. See docs/04-configuration/MIFOS_R630_02_DEPLOYMENT.md
MIFOS_IP="192.168.11.85"
# Public IP for Mifos when using direct access (A record + UDM Pro port forward). See docs/04-configuration/UDM_PRO_MIFOS_76_53_10_41_PORT_FORWARD.md
PUBLIC_IP_MIFOS="76.53.10.41"

# DApp LXC (VMID 5801) — frontend-dapp for Chain 138 bridge. See docs/03-deployment/DAPP_LXC_DEPLOYMENT.md; E2E: tunnel + NPMplus dapp.d-bis.org
IP_DAPP_LXC="192.168.11.58"

# Phoenix / Sankofa public edge (NPMplus → CT 7800 API, 7801 portal). Legacy scripts use IP_SERVICE_50 / IP_SERVICE_51.
# SolaceScanScout / Blockscout is IP_BLOCKSCOUT:80 — do NOT point sankofa.nexus or phoenix.sankofa.nexus there.
IP_SERVICE_50="${IP_SERVICE_50:-192.168.11.50}"
IP_SERVICE_51="${IP_SERVICE_51:-192.168.11.51}"
SANKOFA_PHOENIX_API_PORT="${SANKOFA_PHOENIX_API_PORT:-4000}"
SANKOFA_PORTAL_PORT="${SANKOFA_PORTAL_PORT:-3000}"
IP_SANKOFA_PHOENIX_API="${IP_SANKOFA_PHOENIX_API:-$IP_SERVICE_50}"
IP_SANKOFA_PORTAL="${IP_SANKOFA_PORTAL:-$IP_SERVICE_51}"

# Gov Portals dev (VMID 7804) — DBIS, ICCC, OMNL, XOM at *.xom-dev.phoenix.sankofa.nexus
IP_GOV_PORTALS_DEV="192.168.11.54"

# Order legal (VMID 10070) — **not** .54 (that is exclusive to VMID 7804 gov-portals). Fixed duplicate ARP 2026-03-25.
IP_ORDER_LEGAL="192.168.11.87"

# Sankofa Studio (VMID 7805) — FusionAI Creator / Phoenix Marketplace SaaS at studio.sankofa.nexus
# Note: 192.168.11.55 is used by VMID 10230 (order-vault); .72 chosen to avoid conflict.
IP_SANKOFA_STUDIO="192.168.11.72"
SANKOFA_STUDIO_VMID="${SANKOFA_STUDIO_VMID:-7805}"

# Fourth NPMplus (dev/Codespaces) — tunnel + Proxmox admin. Public 76.53.10.40. See docs/04-configuration/DEV_CODESPACES_76_53_10_40.md
IP_NPMPLUS_FOURTH="192.168.11.170"
PUBLIC_IP_NPMPLUS_FOURTH="76.53.10.40"
NPMPLUS_FOURTH_VMID="${NPMPLUS_FOURTH_VMID:-10236}"

# NPMplus Mifos (VMID 10237) on r630-02 — tunnel origin; proxies mifos.d-bis.org to VMID 5800. See docs/04-configuration/MIFOS_NPMPLUS_TUNNEL.md
IP_NPMPLUS_MIFOS="192.168.11.171"
NPMPLUS_MIFOS_VMID="${NPMPLUS_MIFOS_VMID:-10237}"