NODE_ENV=production

# =============================================================================
# Domain configuration
# Replace with your actual domain
# =============================================================================
FLUXER_API_PUBLIC_ENDPOINT=https://your-domain.example.com/api
FLUXER_API_CLIENT_ENDPOINT=
FLUXER_APP_ENDPOINT=https://your-domain.example.com
FLUXER_GATEWAY_ENDPOINT=wss://your-domain.example.com/gateway
FLUXER_MEDIA_ENDPOINT=https://your-domain.example.com/media
FLUXER_CDN_ENDPOINT=https://fluxerstatic.com
FLUXER_MARKETING_ENDPOINT=https://your-domain.example.com
FLUXER_ADMIN_ENDPOINT=https://your-domain.example.com/admin
FLUXER_INVITE_ENDPOINT=https://your-domain.example.com
FLUXER_GIFT_ENDPOINT=https://your-domain.example.com
FLUXER_API_HOST=api:8080

FLUXER_API_PORT=8080
FLUXER_GATEWAY_WS_PORT=8080
FLUXER_GATEWAY_RPC_PORT=8081
FLUXER_MEDIA_PROXY_PORT=8080
FLUXER_ADMIN_PORT=8080
FLUXER_MARKETING_PORT=8080

FLUXER_PATH_GATEWAY=/gateway
FLUXER_PATH_ADMIN=/
FLUXER_PATH_MARKETING=/marketing

API_HOST=api:8080
FLUXER_GATEWAY_RPC_HOST=
FLUXER_GATEWAY_PUSH_ENABLED=false
FLUXER_GATEWAY_PUSH_USER_GUILD_SETTINGS_CACHE_MB=1024
FLUXER_GATEWAY_PUSH_SUBSCRIPTIONS_CACHE_MB=1024
FLUXER_GATEWAY_PUSH_BLOCKED_IDS_CACHE_MB=1024
FLUXER_GATEWAY_IDENTIFY_RATE_LIMIT_ENABLED=false

FLUXER_MEDIA_PROXY_HOST=
MEDIA_PROXY_ENDPOINT=

# =============================================================================
# VAPID keys (Web Push notifications)
# Generate with: npx web-push generate-vapid-keys
# =============================================================================
VAPID_PUBLIC_KEY=GENERATE_WITH_web-push_generate-vapid-keys
VAPID_PRIVATE_KEY=GENERATE_WITH_web-push_generate-vapid-keys
VAPID_EMAIL=noreply@your-domain.example.com

# =============================================================================
# Secrets
# Generate each with: openssl rand -hex 64 (or 32 for shorter ones)
# =============================================================================
SECRET_KEY_BASE=GENERATE_openssl_rand_hex_64
GATEWAY_RPC_SECRET=GENERATE_openssl_rand_hex_32
GATEWAY_ADMIN_SECRET=GENERATE_openssl_rand_hex_32
ERLANG_COOKIE=GENERATE_openssl_rand_hex_32
MEDIA_PROXY_SECRET_KEY=GENERATE_openssl_rand_hex_32
SUDO_MODE_SECRET=GENERATE_openssl_rand_hex_32

# =============================================================================
# Passkeys / WebAuthn
# =============================================================================
PASSKEYS_ENABLED=true
PASSKEY_RP_NAME=Fluxer
PASSKEY_RP_ID=your-domain.example.com
PASSKEY_ALLOWED_ORIGINS=https://your-domain.example.com

# =============================================================================
# Admin OAuth2
# Set after first boot — create an OAuth2 app in the Fluxer admin panel
# =============================================================================
ADMIN_OAUTH2_CLIENT_ID=
ADMIN_OAUTH2_CLIENT_SECRET=
ADMIN_OAUTH2_AUTO_CREATE=false
ADMIN_OAUTH2_REDIRECT_URI=https://your-domain.example.com/admin/oauth2_callback

RELEASE_CHANNEL=stable

# =============================================================================
# Databases
# =============================================================================
DATABASE_URL=postgresql://postgres:postgres@postgres:5432/fluxer

REDIS_URL=redis://redis:6379

CASSANDRA_HOSTS=cassandra
CASSANDRA_KEYSPACE=fluxer
CASSANDRA_LOCAL_DC=datacenter1
CASSANDRA_USERNAME=cassandra
CASSANDRA_PASSWORD=cassandra

# =============================================================================
# S3 / MinIO (object storage)
# Defaults use local MinIO container — replace with real S3/R2 for production
# =============================================================================
AWS_S3_ENDPOINT=http://minio:9000
AWS_ACCESS_KEY_ID=minioadmin
AWS_SECRET_ACCESS_KEY=minioadmin

AWS_S3_BUCKET_CDN=fluxer
AWS_S3_BUCKET_UPLOADS=fluxer-uploads
AWS_S3_BUCKET_DOWNLOADS=fluxer-downloads
AWS_S3_BUCKET_REPORTS=fluxer-reports
AWS_S3_BUCKET_HARVESTS=fluxer-harvests

R2_S3_ENDPOINT=http://minio:9000
R2_ACCESS_KEY_ID=minioadmin
R2_SECRET_ACCESS_KEY=minioadmin

# =============================================================================
# Metrics
# =============================================================================
METRICS_MODE=noop

CLICKHOUSE_URL=http://clickhouse:8123
CLICKHOUSE_DATABASE=fluxer_metrics
CLICKHOUSE_USER=fluxer
CLICKHOUSE_PASSWORD=fluxer_dev

ANOMALY_DETECTION_ENABLED=true
ANOMALY_WINDOW_SIZE=100
ANOMALY_ZSCORE_THRESHOLD=3.0
ANOMALY_CHECK_INTERVAL_SECS=60
ANOMALY_COOLDOWN_SECS=300
ANOMALY_ERROR_RATE_THRESHOLD=0.05
ALERT_WEBHOOK_URL=

# =============================================================================
# Email (disabled by default)
# =============================================================================
EMAIL_ENABLED=false
SENDGRID_FROM_EMAIL=noreply@your-domain.example.com
SENDGRID_FROM_NAME=Fluxer
SENDGRID_API_KEY=
SENDGRID_WEBHOOK_PUBLIC_KEY=

# =============================================================================
# SMS (disabled by default)
# =============================================================================
SMS_ENABLED=false
TWILIO_ACCOUNT_SID=
TWILIO_AUTH_TOKEN=
TWILIO_VERIFY_SERVICE_SID=

# =============================================================================
# CAPTCHA (disabled by default)
# =============================================================================
CAPTCHA_ENABLED=false
CAPTCHA_PRIMARY_PROVIDER=none
HCAPTCHA_SITE_KEY=
HCAPTCHA_PUBLIC_SITE_KEY=
HCAPTCHA_SECRET_KEY=
TURNSTILE_SITE_KEY=
TURNSTILE_PUBLIC_SITE_KEY=
TURNSTILE_SECRET_KEY=

# =============================================================================
# Search (meilisearch)
# =============================================================================
SEARCH_ENABLED=true
MEILISEARCH_URL=http://meilisearch:7700
MEILISEARCH_API_KEY=masterKey

# =============================================================================
# Stripe / payments (disabled by default)
# =============================================================================
STRIPE_ENABLED=false
STRIPE_SECRET_KEY=
STRIPE_WEBHOOK_SECRET=
STRIPE_PRICE_ID_MONTHLY_USD=
STRIPE_PRICE_ID_MONTHLY_EUR=
STRIPE_PRICE_ID_YEARLY_USD=
STRIPE_PRICE_ID_YEARLY_EUR=
STRIPE_PRICE_ID_VISIONARY_USD=
STRIPE_PRICE_ID_VISIONARY_EUR=
STRIPE_PRICE_ID_GIFT_VISIONARY_USD=
STRIPE_PRICE_ID_GIFT_VISIONARY_EUR=
STRIPE_PRICE_ID_GIFT_1_MONTH_USD=
STRIPE_PRICE_ID_GIFT_1_MONTH_EUR=
STRIPE_PRICE_ID_GIFT_1_YEAR_USD=
STRIPE_PRICE_ID_GIFT_1_YEAR_EUR=

# =============================================================================
# Cloudflare (tunnel + optional purge)
# =============================================================================
CLOUDFLARE_PURGE_ENABLED=false
CLOUDFLARE_ZONE_ID=
CLOUDFLARE_API_TOKEN=
# Get from Cloudflare Zero Trust → Networks → Tunnels → your tunnel → token
CLOUDFLARE_TUNNEL_TOKEN=YOUR_CLOUDFLARE_TUNNEL_TOKEN

# =============================================================================
# Voice & Video (LiveKit)
# Generate: LIVEKIT_API_KEY with openssl rand -hex 16
#           LIVEKIT_API_SECRET with openssl rand -hex 32
# Must match keys in dev/livekit.yaml
# =============================================================================
VOICE_ENABLED=true
LIVEKIT_API_KEY=GENERATE_openssl_rand_hex_16
LIVEKIT_API_SECRET=GENERATE_openssl_rand_hex_32
LIVEKIT_WEBHOOK_URL=http://api:8080/webhooks/livekit
LIVEKIT_AUTO_CREATE_DUMMY_DATA=true

# =============================================================================
# ClamAV (virus scanning)
# Can be disabled — api/worker don't depend on it
# =============================================================================
CLAMAV_ENABLED=false
CLAMAV_HOST=clamav
CLAMAV_PORT=3310

# =============================================================================
# Third-party integrations (optional)
# =============================================================================
TENOR_API_KEY=
YOUTUBE_API_KEY=

# =============================================================================
# Self-hosting config
# =============================================================================
SELF_HOSTED=true
# Invite code to auto-join a community on registration (leave blank to disable)
AUTO_JOIN_INVITE_CODE=
FLUXER_VISIONARIES_GUILD_ID=
FLUXER_OPERATORS_GUILD_ID=

GIT_SHA=production
BUILD_TIMESTAMP=