# JMP Server Production Configuration Template
# Copy this to .env and fill in all values before deploying to server

# ===== DOMAIN & NETWORKING =====
DOMAIN=example.com
PUID=1000
PGID=1000

# ===== TRAEFIK =====
# Generate htpasswd hash: openssl passwd -apr1 admin
# Then set it as: TRAEFIK_BASICAUTH_USERS=admin:$apr1$...
TRAEFIK_BASICAUTH_USERS=admin:CHANGE_ME

# ===== GITEA =====
POSTGRES_USER_GITEA=gitea
POSTGRES_PASSWORD_GITEA=CHANGE_ME_STRONG_PASSWORD
POSTGRES_NAME_GITEA=gitea
POSTGRES_HOST_GITEA=gitea-db

GITEA_INSTANCE_URL=https://gitea.example.com
GITEA_RUNNER_REGISTRATION_TOKEN=CHANGE_ME
GITEA_RUNNER_NAME=runner-1
GITEA_RUNNER_LABELS=docker:docker

# ===== BOOKSTACK =====
MYSQL_USER_BOOKSTACK=bookstack
MYSQL_PASSWORD_BOOKSTACK=CHANGE_ME_STRONG_PASSWORD
MYSQL_NAME_BOOKSTACK=bookstack
MYSQL_HOST_BOOKSTACK=bookstack-db
MYSQL_PORT_BOOKSTACK=3306
MYSQL_TZ_BOOKSTACK=UTC

BOOKSTACK_APP_URL=https://bookstack.example.com
BOOKSTACK_APP_KEY=CHANGE_ME_32_CHAR_KEY_________________

# ===== VIKUNJA =====
POSTGRES_USER_VIKUNJA=vikunja
POSTGRES_PASSWORD_VIKUNJA=CHANGE_ME_STRONG_PASSWORD
POSTGRES_NAME_VIKUNJA=vikunja
VIKUNJA_JWT_SECRET=CHANGE_ME_SECURE_JWT_SECRET

# ===== VAULTWARDEN =====
VAULTWARDEN_ADMIN_TOKEN=CHANGE_ME_ADMIN_TOKEN
VAULTWARDEN_SIGNUPS_ALLOWED=false

# ===== OPENCLOUD =====
OC_DOMAIN=cloud.example.com
OC_DOCKER_IMAGE=opencloudeu/opencloud-rolling
OC_DOCKER_TAG=latest
OC_CONTAINER_UID_GID=1000:1000
OC_CONFIG_DIR=./opencloud-compose/config
OC_DATA_DIR=./opencloud-compose/data

INITIAL_ADMIN_PASSWORD=CHANGE_ME_STRONG_PASSWORD
DEMO_USERS=false
CHECK_FOR_UPDATES=true
INSECURE=false

# OpenCloud SMTP (optional)
SMTP_HOST=
SMTP_PORT=587
SMTP_SENDER=
SMTP_USERNAME=
SMTP_PASSWORD=
SMTP_INSECURE=false
SMTP_AUTHENTICATION=PLAIN
SMTP_TRANSPORT_ENCRYPTION=tls

# OpenCloud Sharing Policies
OC_SHARING_PUBLIC_SHARE_MUST_HAVE_PASSWORD=true
OC_SHARING_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD=true
OC_PASSWORD_POLICY_DISABLED=false
OC_PASSWORD_POLICY_MIN_CHARACTERS=8
OC_PASSWORD_POLICY_MIN_LOWERCASE_CHARACTERS=1
OC_PASSWORD_POLICY_MIN_UPPERCASE_CHARACTERS=1
OC_PASSWORD_POLICY_MIN_DIGITS=1
OC_PASSWORD_POLICY_MIN_SPECIAL_CHARACTERS=1

# ===== BACKUP =====
# See backup.env for backup-specific configuration

# ===== LOGGING =====
# Default: json-file (recommended for production)
LOG_DRIVER=json-file
LOG_LEVEL=info
START_ADDITIONAL_SERVICES=