# ------------------------------------
# (c) cavaliba.com - env.template
# ------------------------------------

# ---------------
# version
# ---------------
CAVALIBA_DOCKER_IMAGE=cavaliba/cavaliba:latest

# -----------------------
# passwords and secrets
# -----------------------
CAVALIBA_ADMIN_PASSWORD=change_this_admin_password
CAVALIBA_ADMIN_EMAIL=admin@mydomain.com

# cookie protection
CAVALIBA_SECRET_KEY=changeme_with_a_longlong_random_string

# sensitive fields encryption in DB
CAVALIBA_CIPHER_KEY="Change me. Please..."

# ----------------------------------------
# Internationalization
# ----------------------------------------
CAVALIBA_LANGUAGE_CODE="en-us"
CAVALIBA_TIME_ZONE="Europe/Paris"

# ---------------
# Authentication
# ---------------
# local, basic, oauth2, forced
CAVALIBA_AUTH_MODE=local
CAVALIBA_FORCE_LOGIN=admin


# -------------------
# network / security
# -------------------
# if mulitple instance on same host
CAVALIBA_TENANT=cavaliba

# exposed HTTP port
CAVALIBA_PORT=8000

# CSRF protection : use your hostname / cavaliba FQDN
CAVALIBA_CSRF_TRUSTED_ORIGINS="http://localhost:8000"
#CAVALIBA_CSRF_TRUSTED_ORIGINS="http://cavaliba.mydomain.com"
CAVALIBA_ALLOWED_HOSTS="localhost 127.0.0.1 *"

# UI session duration max (seconds) ; default 3600 (1 hour)
CAVALIBA_SESSION_DURATION=3600


# ---------------
# Database
# ---------------

# sqlite
#CAVALIBA_DB_ENGINE=django.db.backends.sqlite3
#CAVALIBA_DB_DATABASE=db.sqlite3

# postgresql
#CAVALIBA_DB_ENGINE=django.db.backends.postgresql
#CAVALIBA_DB_PORT=5432
#CAVALIBA_DB_DATABASE=cavaliba

# mariadb
CAVALIBA_DB_ENGINE=django.db.backends.mysql
CAVALIBA_DB_PORT=3306
CAVALIBA_DB_DATABASE=cavaliba

# common
CAVALIBA_DB_HOST=cavaliba_db
CAVALIBA_DB_USER=cavaliba
CAVALIBA_DB_PASSWORD=changeme_please
CAVALIBA_DB_ROOT_PASSWORD=changeme_also_please

# initial builtin, content at DB creation
# init / demo
CAVALIBA_INIT_CONTENT=init


# ------------------
# files / filestore
# ------------------
# global shared filer
CAVALIBA_FILES="./files/"

# cavaliba attachment folder
# default: CAVALIBA_FILES/filestore/
# uncomment / map in docker-compose for different path
# CAVALIBA_FILESTORE="./files/filestore/"

# cavaliba export folder
# default: CAVALIBA_FILES/export/
# uncomment / map in docker-compose for different path
# CAVALIBA_EXPORT_FOLDER="./files/export/"

# cavaliba mail folder (mail to file)
# default: CAVALIBA_FILES/mail/
# uncomment / map in docker-compose for different path
# CAVALIBA_MAIL_FOLDER="./files/mail/"

# cavaliba sms folder (sms to file)
# default: CAVALIBA_FILES/sms/
# uncomment / map in docker-compose for different path
# CAVALIBA_SMS_FOLDER="./files/SMS/"


# ---------------
# DAILY HOUSEKEEPING SCHEDULE
# ---------------
CAVALIBA_HOUSEKEEPING_SCHEDULE="21:34"


# ---------------
# cache
# ---------------
# if none (e.g. for dev), will use Database
# if defined, must be a redis/valkey server

# cache timeouts (seconds)
#CAVALIBA_CACHE_CONFIGURATION_TIMEOUT=60
#CAVALIBA_CACHE_SCHEMA_TIMEOUT=60
#CAVALIBA_CACHE_INSTANCE_TIMEOUT=60
#CAVALIBA_CACHE_ENUMERATE_TIMEOUT=120
#CAVALIBA_CACHE_DATAPOINT_TIMEOUT=60
#CAVALIBA_CACHE_IAM_USER_TIMEOUT=120


# provided in docker-compose redis/valkey:
CAVALIBA_CACHE_DEFAULT_URL="redis://cavaliba_redis:6379"
CAVALIBA_CACHE_SESSION_URL="redis://cavaliba_redis:6379"
CAVALIBA_CELERY_BROKER_URL="redis://cavaliba_redis:6379"
CAVALIBA_CELERY_RESULT_BACKEND="redis://cavaliba_redis:6379"


# external redis/valkey (e.g. cloud service):
#CAVALIBA_CACHE_DEFAULT_URL="redis://my-redis.company.com:6379/0"
#CAVALIBA_CACHE_SESSION_URL="redis://my-redis.company.com:6379/0"
#CAVALIBA_CELERY_BROKER_URL="redis://my-redis.company.com:6379"
#CAVALIBA_CELERY_RESULT_BACKEND="redis://my-redis.company.com:6379"

# external redis/valkey with authentication (user:password):
#CAVALIBA_CACHE_DEFAULT_URL="redis://user:password@my-redis.company.com:6379/0"
#CAVALIBA_CACHE_SESSION_URL="redis://user:password@my-redis.company.com:6379/0"
#CAVALIBA_CELERY_BROKER_URL="redis://user:password@my-redis.company.com:6379"
#CAVALIBA_CELERY_RESULT_BACKEND="redis://user:password@my-redis.company.com:6379"


# ---------------
# async tasks
# ---------------
# celery or direct
CAVALIBA_TASK_MODE: celery
# async or sync
CAVALIBA_TASK_CELERY: async


# -------------------------
# EMAIL relay
# -------------------------
CAVALIBA_EMAIL_HOST=localhost
CAVALIBA_EMAIL_PORT=25
CAVALIBA_EMAIL_USER=noreply
CAVALIBA_EMAIL_PASSWORD=changeme

# -------------------------
# SMS relay
# -------------------------
CAVALIBA_SMS_URL="https://my.sms.provider.com/api/"
CAVALIBA_SMS_LOGIN="my_sms_account"
CAVALIBA_SMS_PASSWORD="changeme"

# ---------------------------------
# OAUTH2 SAML/OIDC Authentication
# --------------------------------
# activate oa2p container in docker-compose.yaml
# uncomment oauth2 config in nginx.conf
# configure specific IdP here 

OAUTH2_PROXY_PROVIDER="oidc"
OAUTH2_PROXY_PROVIDER_DISPLAY_NAME=""
OAUTH2_PROXY_OIDC_ISSUER_URL=""
OAUTH2_PROXY_CLIENT_ID=""
OAUTH2_PROXY_CLIENT_SECRET=""
OAUTH2_PROXY_COOKIE_SECRET=""
OAUTH2_PROXY_REDIRECT_URL=""

# common

OAUTH2_PROXY_COOKIE_EXPIRE=0h45m0s

OAUTH2_PROXY_HTTP_ADDRESS="0.0.0.0:4180"
OAUTH2_PROXY_SKIP_PROVIDER_BUTTON="true"

OAUTH2_PROXY_AUTH_LOGGING=true
OAUTH2_PROXY_STANDARD_LOGGING=true
OAUTH2_PROXY_REQUEST_LOGGING=false
OAUTH2_PROXY_SHOW_DEBUG_ON_ERROR=false
#OAUTH2_PROXY_LOGGING_FILENAME="/var/log/oauth2-proxy.log"

OAUTH2_PROXY_SESSION_STORE_TYPE="redis"
OAUTH2_PROXY_REDIS_CONNECTION_URL="redis://cavaliba_redis"
OAUTH2_PROXY_COOKIE_HTTPONLY=false
OAUTH2_PROXY_COOKIE_SECURE=true
OAUTH2_PROXY_COOKIE_REFRESDH=true
OAUTH2_PROXY_COOKIE_SAMESITE="lax"
OAUTH2_PROXY_COOKIE_CSRF_EXPIRE="7m"
OAUTH2_PROXY_EMAIL_DOMAINS="*"

OAUTH2_PROXY_SET_XAUTHREQUEST=true
OAUTH2_PROXY_SET_AUTHORIZATION_HEADER=true
OAUTH2_PROXY_PASS_AUTHORIZATION_HEADER=true
OAUTH2_PROXY_PASS_ACCESS_TOKEN=true



# OKTA Example
#  OAUTH2_PROXY_PROVIDER="oidc"
#  OAUTH2_PROXY_PROVIDER_DISPLAY_NAME="MyOkta"
#  OAUTH2_PROXY_OIDC_ISSUER_URL="https://dev-myaccount#.okta.com"
#  OAUTH2_PROXY_CLIENT_SECRET="xxxxxxxxxxxxxxxxxxxxxxxxxx"
#  OAUTH2_PROXY_CLIENT_ID="xxxxxxxxxxxxxxxxxx"
#  OAUTH2_PROXY_COOKIE_SECRET="xxxxxxxxxxxxxxxxxx"
#  OAUTH2_PROXY_REDIRECT_URL="https://my.cavaliba.fqdn/oauth2/callback"


# Keycloak Example
# OAUTH2_PROXY_PROVIDER="keycloak-oidc"
#  OAUTH2_PROXY_PROVIDER_DISPLAY_NAME="MyKeycloak"
#  OAUTH2_PROXY_OIDC_ISSUER_URL="http://keycloak_fqdn:8080/realms/myrealm"
#  OAUTH2_PROXY_CLIENT_SECRET="xxxxxxxxxxxxxxxxxxxxxxxxxx"
#  OAUTH2_PROXY_CLIENT_ID="xxxxxxxxxxxxxxxxxx"
#  OAUTH2_PROXY_COOKIE_SECRET="xxxxxxxxxxxxxxxxxx"
#  OAUTH2_PROXY_REDIRECT_URL="https://my.cavaliba.fqdn/oauth2/callback"

# ----------------------------------------
# GUNICORN perfs
# ----------------------------------------
GUNICORN_CMD_ARGS="--workers=4 --worker-tmp-dir /dev/shm --log-level info --max-requests 20000 --access-logfile '-' --error-logfile '-' --graceful-timeout 2"


# ----------------------------------------
# MISC
# ----------------------------------------
# refresh user last_login if idle more than this amount of minutes
# CAVALIBA_LAST_LOGIN_MINUTES=30

# ----------------------------------------
# DEBUG mode 0/1 - keep 0 in PRODUCTION
# ----------------------------------------
CAVALIBA_DEBUG=0
CAVALIBA_DEBUG_AAA="no"

