# .env.example -- Copy to .env for development, .env.prod for production
# DO NOT commit .env or .env.prod to git
#
# Quick start:
#   cp .env.example .env
#   docker compose --profile full build api && docker compose --profile full build poller && docker compose --profile full build frontend
#   docker compose --profile full up -d
#   open http://localhost:3000
#   Login: admin@the-other-dude.dev / changeme-in-production

# Environment (dev | staging | production)
ENVIRONMENT=dev
LOG_LEVEL=debug
DEBUG=true

# Database
POSTGRES_DB=mikrotik
POSTGRES_USER=postgres
POSTGRES_PASSWORD=postgres
DATABASE_URL=postgresql+asyncpg://postgres:postgres@postgres:5432/mikrotik
SYNC_DATABASE_URL=postgresql+psycopg2://postgres:postgres@postgres:5432/mikrotik
APP_USER_DATABASE_URL=postgresql+asyncpg://app_user:app_password@postgres:5432/mikrotik

# Poller database (different role, no RLS)
POLLER_DATABASE_URL=postgres://poller_user:poller_password@postgres:5432/mikrotik

# Redis
REDIS_URL=redis://redis:6379/0

# NATS
NATS_URL=nats://nats:4222

# Security — these dev defaults work out of the box.
# For production, generate unique values:
#   JWT:    python3 -c "import secrets; print(secrets.token_urlsafe(64))"
#   Fernet: python3 -c "import secrets, base64; print(base64.b64encode(secrets.token_bytes(32)).decode())"
JWT_SECRET_KEY=dev-jwt-secret-do-not-use-in-production-replace-me
CREDENTIAL_ENCRYPTION_KEY=LLLjnfBZTSycvL2U07HDSxUeTtLxb9cZzryQl0R9E4w=

# OpenBao unseal key (generated on first run - see init.sh output)
BAO_UNSEAL_KEY=
# OpenBao root token (generated on first run - replaces dev-openbao-token)
# OPENBAO_TOKEN=

# First admin bootstrap (dev only)
FIRST_ADMIN_EMAIL=admin@the-other-dude.dev
FIRST_ADMIN_PASSWORD=changeme-in-production

# CORS (comma-separated origins)
# Dev: localhost ports for Vite/React dev server
# Prod: set to your actual domain, e.g., https://mikrotik.yourdomain.com
CORS_ORIGINS=http://localhost:3000,http://localhost:5173,http://localhost:8080

# Git store path
GIT_STORE_PATH=/data/git-store

# Firmware
FIRMWARE_CACHE_DIR=/data/firmware-cache

# SMTP (system emails like password reset)
# For dev: run `docker compose --profile mail-testing up -d` for Mailpit UI at http://localhost:8025
SMTP_HOST=mailpit
SMTP_PORT=1025
SMTP_USER=
SMTP_PASSWORD=
SMTP_USE_TLS=false
SMTP_FROM_ADDRESS=noreply@example.com