# Dawarich Docker Compose Configuration
# Copy this file to .env and customize for your environment

# =============================================================================
# ENVIRONMENT CONFIGURATION
# =============================================================================

# Rails environment: development, staging, or production
RAILS_ENV=development

# =============================================================================
# DATABASE CONFIGURATION
# =============================================================================

# PostgreSQL credentials
POSTGRES_USER=postgres
POSTGRES_PASSWORD=password

# Database name
POSTGRES_DB=dawarich_development

# Database connection settings (used by Rails app)
DATABASE_HOST=dawarich_db
DATABASE_PORT=5432
DATABASE_USERNAME=postgres
DATABASE_PASSWORD=password
DATABASE_NAME=dawarich_development

# =============================================================================
# REDIS CONFIGURATION
# =============================================================================

# Redis connection URL
REDIS_URL=redis://dawarich_redis:6379

# =============================================================================
# APPLICATION SETTINGS
# =============================================================================

# Port to expose the application on
DAWARICH_APP_PORT=3000

# Application hosts (comma-separated)
# Development: localhost
# Production: your-domain.com,www.your-domain.com
APPLICATION_HOSTS=localhost,::1,127.0.0.1

# Application protocol (http or https)
APPLICATION_PROTOCOL=http

# Time zone
TIME_ZONE=Europe/London

# Minimum minutes spent in city for statistics
MIN_MINUTES_SPENT_IN_CITY=60

# Self-hosted flag (true for docker deployments)
SELF_HOSTED=true

# Store geodata (reverse geocoding results)
STORE_GEODATA=true

# Storage backend (local or s3)
STORAGE_BACKEND=local

# =============================================================================
# SECURITY
# =============================================================================

# Secret key base for production/staging
# Generate with: openssl rand -hex 64
# Leave empty for development
# REQUIRED for production and staging environments
SECRET_KEY_BASE=

# =============================================================================
# BACKGROUND JOBS
# =============================================================================

# Sidekiq concurrency (number of threads)
BACKGROUND_PROCESSING_CONCURRENCY=10

# =============================================================================
# MONITORING & LOGGING
# =============================================================================

# Prometheus exporter settings
PROMETHEUS_EXPORTER_ENABLED=false
PROMETHEUS_EXPORTER_HOST=0.0.0.0
PROMETHEUS_EXPORTER_PORT=9394
PROMETHEUS_EXPORTER_HOST_SIDEKIQ=dawarich_app

# Uncomment to expose Prometheus port
# PROMETHEUS_PORT=9394

# Rails logging
RAILS_LOG_TO_STDOUT=true

# Docker logging settings
LOG_MAX_SIZE=100m
LOG_MAX_FILE=5

# =============================================================================
# RESOURCE LIMITS
# =============================================================================

# CPU and memory limits for the app container
APP_CPU_LIMIT=0.50
APP_MEMORY_LIMIT=4G

# =============================================================================
# EXAMPLE CONFIGURATIONS BY ENVIRONMENT
# =============================================================================

# --- DEVELOPMENT ---
# RAILS_ENV=development
# POSTGRES_DB=dawarich_development
# DATABASE_NAME=dawarich_development
# APPLICATION_HOSTS=localhost,::1,127.0.0.1
# APPLICATION_PROTOCOL=http
# SECRET_KEY_BASE=
# SELF_HOSTED=true

# --- STAGING ---
# RAILS_ENV=staging
# POSTGRES_DB=dawarich_staging
# DATABASE_NAME=dawarich_staging
# APPLICATION_HOSTS=staging.example.com
# APPLICATION_PROTOCOL=https
# SECRET_KEY_BASE=your-generated-secret-key
# SELF_HOSTED=true

# --- PRODUCTION ---
# RAILS_ENV=production
# POSTGRES_DB=dawarich_production
# DATABASE_NAME=dawarich_production
# APPLICATION_HOSTS=dawarich.example.com,www.dawarich.example.com
# APPLICATION_PROTOCOL=https
# SECRET_KEY_BASE=your-generated-secret-key
# SELF_HOSTED=true
# PROMETHEUS_EXPORTER_ENABLED=true

# =============================================================================
# Example of configuration for OpenID Connect (OIDC) authentication
#
# =============================================================================

# Generic OpenID Connect (for Authelia, Authentik, Keycloak, etc.)
# Option 1: Using OIDC Discovery (Recommended)
# Set OIDC_ISSUER to your provider's issuer URL (e.g., https://auth.example.com)
# The provider must support OpenID Connect Discovery (.well-known/openid-configuration)
OIDC_CLIENT_ID=client_id_example
OIDC_CLIENT_SECRET=client_secret_example
OIDC_ISSUER=https://authentik.yourdomain.com/application/o/dawarich/
OIDC_REDIRECT_URI=https://your-dawarich-url.com/users/auth/openid_connect/callback

# OIDC Provider Name
# Custom display name for your OIDC provider shown on the sign-in page
# Default: "Openid Connect" (if not specified)
# Examples: "Authelia", "Authentik", "Keycloak", "Company SSO"
OIDC_PROVIDER_NAME=Authentik

# OIDC Auto-Registration
# Controls whether new users are automatically created when signing in with OIDC
# Set to 'false' to require administrators to pre-create user accounts
# When disabled, OIDC users must have an existing account (matching email) to sign in
# Default: true (automatically create new users)
OIDC_AUTO_REGISTER=true

# Authentication Methods Control
# Control which authentication methods are available in self-hosted mode
#
# ALLOW_EMAIL_PASSWORD_REGISTRATION - Allow users to register with email/password
# Default: false (disabled in self-hosted mode, only family invitations allowed)
# Set to 'true' to allow public email/password registration alongside OIDC
ALLOW_EMAIL_PASSWORD_REGISTRATION=false

# Option 2: Manual Endpoint Configuration (if discovery is not supported)
# Use this if your provider doesn't support OIDC discovery
# OIDC_CLIENT_ID=
# OIDC_CLIENT_SECRET=
# OIDC_HOST=auth.example.com
# OIDC_SCHEME=https
# OIDC_PORT=443
# OIDC_AUTHORIZATION_ENDPOINT=/authorize
# OIDC_TOKEN_ENDPOINT=/token
# OIDC_USERINFO_ENDPOINT=/userinfo
# OIDC_REDIRECT_URI=https://yourdomain.com/users/auth/openid_connect/callback

# Example configurations:
#
# Authelia:
# OIDC_ISSUER=https://auth.example.com
# OIDC_CLIENT_ID=your-client-id
# OIDC_CLIENT_SECRET=your-client-secret
# OIDC_REDIRECT_URI=https://dawarich.example.com/users/auth/openid_connect/callback
#
# Authentik:
# OIDC_ISSUER=https://authentik.example.com/application/o/dawarich/
# OIDC_CLIENT_ID=your-client-id
# OIDC_CLIENT_SECRET=your-client-secret
# OIDC_REDIRECT_URI=https://dawarich.example.com/users/auth/openid_connect/callback
#
# Keycloak:
# OIDC_ISSUER=https://keycloak.example.com/realms/your-realm
# OIDC_CLIENT_ID=dawarich
# OIDC_CLIENT_SECRET=your-client-secret
# OIDC_REDIRECT_URI=https://dawarich.example.com/users/auth/openid_connect/callback