# AppView configuration
PORT=3000
FORUM_DID=did:plc:your-forum-did-here
PDS_URL=https://your-pds.example.com
JETSTREAM_URL=wss://jetstream2.us-east.bsky.network/subscribe

# Logging
LOG_LEVEL=info  # debug | info | warn | error | fatal

# Database
# PostgreSQL (default, used with devenv):
DATABASE_URL=postgres://atbb:atbb@localhost:5432/atbb

# SQLite alternative (no devenv postgres needed):
# DATABASE_URL=file:./data/atbb.db
# DATABASE_URL=file::memory:?cache=shared   # in-memory, for tests only

# Web UI configuration
# WEB_PORT=3001  # set in web package, or override here
APPVIEW_URL=http://localhost:3000

# Forum Service Account credentials (for AppView writes)
FORUM_HANDLE=your-forum-handle
FORUM_PASSWORD=your-forum-password

# OAuth Configuration
OAUTH_PUBLIC_URL=http://localhost:8080
# The public URL where the forum is accessible (used as OAuth client_id and redirect_uri base).
# AT Protocol fetches {OAUTH_PUBLIC_URL}/.well-known/oauth-client-metadata — nginx routes
# this to AppView, so OAUTH_PUBLIC_URL must be the nginx address (not AppView directly).
# For local dev with devenv: http://localhost:8080  (devenv nginx runs on port 8080)
# For production: https://your-forum-domain.com

SESSION_SECRET=CHANGE_ME_SEE_COMMENT_BELOW
# Used for signing session tokens (prevent tampering)
# Generate with: openssl rand -hex 32

SESSION_TTL_DAYS=7
# How long sessions last before requiring re-authentication (default: 7 days)

# Optional: Redis session storage (leave blank to use in-memory)
# REDIS_URL=redis://localhost:6379
# If set, uses Redis for session storage (supports multi-instance deployment)
# If blank, uses in-memory storage (single-instance only)

# Role seeding
SEED_DEFAULT_ROLES=true  # Set to "false" to disable auto-seeding on startup
DEFAULT_MEMBER_ROLE=Member  # Role name to auto-assign to new memberships (empty for manual assignment)