# Barazo Environment Configuration
#
# Copy this file to .env (production) or .env.dev (development) and edit values.
# Lines starting with # are comments. Uncomment to override defaults.
#
# SECURITY: Never commit .env files containing real secrets.

# ==============================================================================
# Community Identity
# ==============================================================================

# Display name for your forum community
COMMUNITY_NAME="My Community"

# Domain where your forum is hosted (used by Caddy for SSL)
# COMMUNITY_DOMAIN="forum.example.com"

# AT Protocol DID for your community (created during setup)
# COMMUNITY_DID="did:plc:xxxx"

# Deployment mode: "single" for one community, "global" for aggregator
COMMUNITY_MODE="single"

# Hosting mode: "selfhosted" (full admin control) or "saas" (platform fields immutable)
HOSTING_MODE="selfhosted"

# ==============================================================================
# Database (PostgreSQL 16 + pgvector)
# ==============================================================================

# PostgreSQL superuser credentials (used to create the database)
POSTGRES_USER="barazo"
POSTGRES_PASSWORD="CHANGE_ME"
POSTGRES_DB="barazo"

# Host port mapping (change if 5432 is already in use)
# POSTGRES_PORT="5432"

# Application database URL (used by barazo-api)
# Uses the application role with INSERT/UPDATE/DELETE/SELECT privileges
DATABASE_URL="postgresql://${POSTGRES_USER}:${POSTGRES_PASSWORD}@postgres:5432/${POSTGRES_DB}"

# Migration database URL (reserved for beta -- not used in alpha)
# Will use a migration role with DDL privileges when proper migrations are needed
# MIGRATION_DATABASE_URL="postgresql://barazo_migrator:CHANGE_ME@postgres:5432/${POSTGRES_DB}"

# ==============================================================================
# Cache (Valkey -- Redis-compatible)
# ==============================================================================

# Valkey password (optional in dev, required in production)
# VALKEY_PASSWORD="CHANGE_ME"

# Host port mapping (change if 6379 is already in use)
# VALKEY_PORT="6379"

# Cache URL (used by barazo-api)
VALKEY_URL="redis://valkey:6379"

# ==============================================================================
# AT Protocol (Firehose via Tap)
# ==============================================================================

# Relay URL for the AT Protocol firehose
TAP_RELAY_URL="https://bsky.network"

# Host port mapping for Tap admin API (change if 2480 is already in use)
# TAP_PORT="2480"

# Tap admin password (for dev/debug access to Tap admin API)
TAP_ADMIN_PASSWORD="tap_dev_secret"

# ==============================================================================
# AT Protocol (OAuth)
# ==============================================================================

# OAuth client ID (your forum's public URL)
# OAUTH_CLIENT_ID="https://forum.example.com"

# OAuth callback URL
# OAUTH_REDIRECT_URI="https://forum.example.com/api/auth/callback"

# ==============================================================================
# Frontend (Next.js)
# ==============================================================================

# Internal API URL for server-side rendering (Docker service name)
# Only needed if the default (http://localhost:3000) doesn't work in your setup
# API_INTERNAL_URL="http://barazo-api:3000"

# Public site URL
# NEXT_PUBLIC_SITE_URL="https://forum.example.com"

# ==============================================================================
# Search (Optional Semantic Search)
# ==============================================================================

# When set, enables hybrid semantic search alongside full-text search.
# Example: "http://ollama:11434/api/embeddings" for local Ollama
# EMBEDDING_URL=""

# Embedding vector dimensions (must match your model; default matches nomic-embed-text)
# AI_EMBEDDING_DIMENSIONS="768"

# ==============================================================================
# Encryption
# ==============================================================================

# AES-256-GCM master key for encrypting BYOK API keys at rest.
# Required if users will store their own AI provider keys.
# Generate with: openssl rand -base64 32
# AI_ENCRYPTION_KEY=""

# ==============================================================================
# Cross-Posting
# ==============================================================================

# Enable Frontpage cross-posting (Bluesky cross-posting is always available)
# FEATURE_CROSSPOST_FRONTPAGE="false"

# ==============================================================================
# Plugins
# ==============================================================================

# Set to "false" to disable all plugins
# PLUGINS_ENABLED="true"

# npm registry URL for plugin installation (default: public npm registry)
# PLUGIN_REGISTRY_URL="https://registry.npmjs.org"

# ==============================================================================
# Monitoring
# ==============================================================================

# GlitchTip/Sentry DSN for error reporting (optional)
# GLITCHTIP_DSN=""

# Log level: trace, debug, info, warn, error, fatal
LOG_LEVEL="info"

# ==============================================================================
# Backups (Production only)
# ==============================================================================

# Public key for encrypting backups with age (recommended over GPG)
# Generate a keypair with: age-keygen -o key.txt
# BACKUP_PUBLIC_KEY=""