# Datenbank (PostgreSQL)
POSTGRES_USER=archive_user
POSTGRES_PASSWORD=change-me
POSTGRES_DB=family_archive_db

# Object Storage (MinIO)
MINIO_ROOT_USER=minio_admin
MINIO_ROOT_PASSWORD=change-me
MINIO_DEFAULT_BUCKETS=archive-documents

# Ports (für Zugriff vom Host/NAS)
PORT_DB=5432
PORT_MINIO_API=9000
PORT_MINIO_CONSOLE=9001
PORT_BACKEND=8080
PORT_FRONTEND=5173

# Mailpit — local mail catcher (dev only, included in docker-compose)
# Web UI:  http://localhost:8025
# SMTP:    localhost:1025  (used automatically by the backend container)
PORT_MAILPIT_UI=8100
PORT_MAILPIT_SMTP=1025

# OCR Training — secret token required to call /train and /segtrain on the OCR service.
# Also set in the backend so it can pass the token through. Must not be empty in production.
# Generate with: python3 -c "import secrets; print(secrets.token_hex(32))"
OCR_TRAINING_TOKEN=change-me-in-production

# --- Observability ---
# Optional stack — start with: docker compose -f docker-compose.observability.yml up -d
# Requires the main stack to already be running (docker compose up -d creates archiv-net).

# Ports for host access
PORT_GRAFANA=3001
PORT_GLITCHTIP=3002
PORT_PROMETHEUS=9090

# Grafana admin password — change this before exposing Grafana beyond localhost
GRAFANA_ADMIN_PASSWORD=changeme

# GlitchTip domain — production: use https://grafana.raddatz.cloud (must match Caddy vhost)
GLITCHTIP_DOMAIN=http://localhost:3002

# GlitchTip secret key — Django SECRET_KEY equivalent, used to sign sessions and tokens.
# REQUIRED in production — must not be empty or 'changeme'. Fail-closed: GlitchTip will
# refuse to start with an invalid key.
# Generate with: python3 -c "import secrets; print(secrets.token_hex(50))"
GLITCHTIP_SECRET_KEY=changeme-generate-a-real-secret

# Error reporting DSNs — leave empty to disable the SDK (safe default).
# SENTRY_DSN: backend (Spring Boot) — used by the GlitchTip/Sentry Java SDK
SENTRY_DSN=
# VITE_SENTRY_DSN: frontend (SvelteKit) — injected at build time via Vite
VITE_SENTRY_DSN=
# Sentry/GlitchTip auth token for source map upload at build time (optional)
SENTRY_AUTH_TOKEN=

# Production SMTP — uncomment and fill in to send real emails instead of catching them
# APP_BASE_URL=https://your-domain.example.com
# MAIL_HOST=smtp.example.com
# MAIL_PORT=587
# MAIL_USERNAME=your-smtp-user
# MAIL_PASSWORD=your-smtp-password
# MAIL_SMTP_AUTH=true
# MAIL_STARTTLS_ENABLE=true
# APP_MAIL_FROM=noreply@your-domain.example.com