# DigiServer v2 Production Environment Configuration
# Copy to .env and update with your production values
# IMPORTANT: Never commit this file to git

# Flask Configuration
FLASK_ENV=production
FLASK_APP=app.app:create_app

# Security - MUST BE SET IN PRODUCTION
# Generate with: python -c "import secrets; print(secrets.token_urlsafe(32))"
SECRET_KEY=change-me-to-a-strong-random-secret-key-at-least-32-characters

# Admin User Configuration
ADMIN_USERNAME=admin
ADMIN_PASSWORD=change-me-to-a-strong-password
ADMIN_EMAIL=admin@your-domain.com

# Database Configuration (optional - defaults to SQLite)
# For PostgreSQL: postgresql://user:pass@host:5432/database
# For SQLite: sqlite:////data/instance/dashboard.db
# DATABASE_URL=

# Server Configuration
# Set BEFORE deployment if host will have static IP after restart
# This IP/domain will be used for SSL certificates and nginx configuration
DOMAIN=your-domain.com
HOST_IP=192.168.0.121
EMAIL=admin@your-domain.com
PREFERRED_URL_SCHEME=https

# SSL/HTTPS (configured in nginx.conf by default)
SSL_CERT_PATH=/etc/nginx/ssl/cert.pem
SSL_KEY_PATH=/etc/nginx/ssl/key.pem

# Logging
LOG_LEVEL=INFO

# Security Headers (configured in nginx.conf)
HSTS_MAX_AGE=31536000
HSTS_INCLUDE_SUBDOMAINS=true

# Features (optional)
ENABLE_LIBREOFFICE=true
MAX_UPLOAD_SIZE=500000000  # 500MB

# Cache Configuration (optional)
CACHE_TYPE=simple
CACHE_DEFAULT_TIMEOUT=300

# Session Configuration
SESSION_COOKIE_SECURE=true
SESSION_COOKIE_HTTPONLY=true
SESSION_COOKIE_SAMESITE=Lax

# Proxy Configuration (configured in app.py)
# IMPORTANT: Set this to your actual network range or specific proxy IP
# Examples:
#   - 192.168.0.0/24 (local network with /24 subnet)
#   - 10.0.0.0/8 (AWS or similar cloud)
#   - 172.16.0.0/12 (Docker networks)
# For multiple IPs: 192.168.0.121,10.0.1.50
TRUSTED_PROXIES=192.168.0.0/24