# Production configuration.
#
# Loaded when LOCO_ENV=production (set in the Dockerfile). This file is
# committed and contains NO secrets — the JWT secret and admin credentials
# come from environment variables (see .env.production.example / DEPLOY.md).

logger:
  enable: true
  pretty_backtrace: false
  level: info
  format: compact

server:
  port: 5150
  # Bind on all interfaces so the Caddy container can reach the app over the
  # shared Docker network. Do NOT use `localhost` here — it would be
  # unreachable from outside this container.
  binding: 0.0.0.0
  # Public URL of the site (used by mailers for absolute links).
  host: https://tenisrajec.sk
  middlewares:
    static:
      enable: true
      must_exist: true
      precompressed: false
      folder:
        uri: "/static"
        path: "assets/static"
      fallback: "assets/static/404.html"

# In-process async workers — no Redis required.
workers:
  mode: BackgroundAsync

# The site has no SMTP server and admin login is password-based, so no mail is
# ever sent. `stub` guarantees a stray mail call can never block on a network.
mailer:
  stub: true

database:
  # SQLite file on the mounted Docker volume (see docker-compose.prod.yml),
  # so the data survives rebuilds and restarts.
  uri: {{ get_env(name="DATABASE_URL", default="sqlite://data/production.sqlite?mode=rwc") }}
  enable_logging: false
  connect_timeout: 500
  idle_timeout: 500
  min_connections: 1
  max_connections: 1
  # Create the DB and run migrations automatically on first boot.
  auto_migrate: true
  # Never wipe data in production.
  dangerously_truncate: false
  dangerously_recreate: false

auth:
  jwt:
    # REQUIRED. Generate once with `openssl rand -hex 32` and set JWT_SECRET in
    # .env.production. The app will not start without it.
    secret: {{ get_env(name="JWT_SECRET") }}
    expiration: 604800 # 7 days