logger:
  enable: true
  pretty_backtrace: false
  level: "{{ get_env(name="LOG_LEVEL", default="info") }}"
  format: "{{ get_env(name="LOG_FORMAT", default="compact") }}"

server:
  port: {{ get_env(name="PORT", default="5150") }}
  binding: "{{ get_env(name="SERVER_BINDING", default="0.0.0.0") }}"
  host: "{{ get_env(name="APP_HOST") }}"
  middlewares:
    static:
      enable: true
      must_exist: true
      precompressed: false
      folder:
        uri: "/static"
        path: "assets/static"
      fallback: "assets/static/404.html"

workers:
  mode: "{{ get_env(name="WORKER_MODE", default="BackgroundAsync") }}"

mailer:
  stub: {{ get_env(name="MAILER_STUB", default="true") }}
  smtp:
    enable: {{ get_env(name="SMTP_ENABLE", default="false") }}
    host: "{{ get_env(name="SMTP_HOST", default="localhost") }}"
    port: {{ get_env(name="SMTP_PORT", default="1025") }}
    secure: {{ get_env(name="SMTP_SECURE", default="false") }}
    auth:
      user: "{{ get_env(name="SMTP_USER", default="") }}"
      password: "{{ get_env(name="SMTP_PASSWORD", default="") }}"

database:
  uri: "{{ get_env(name="DATABASE_URL") }}"
  enable_logging: {{ get_env(name="DB_ENABLE_LOGGING", default="false") }}
  connect_timeout: {{ get_env(name="DB_CONNECT_TIMEOUT", default="500") }}
  idle_timeout: {{ get_env(name="DB_IDLE_TIMEOUT", default="500") }}
  min_connections: {{ get_env(name="DB_MIN_CONNECTIONS", default="1") }}
  max_connections: {{ get_env(name="DB_MAX_CONNECTIONS", default="5") }}
  auto_migrate: {{ get_env(name="DB_AUTO_MIGRATE", default="true") }}
  dangerously_truncate: false
  dangerously_recreate: false

auth:
  jwt:
    location:
      - from: Cookie
        name: auth_token
      - from: Bearer
    secret: "{{ get_env(name="JWT_SECRET") }}"
    expiration: {{ get_env(name="JWT_EXPIRATION", default="604800") }}

settings:
  admin_email: "{{ get_env(name="ADMIN_EMAIL", default="") }}"
  uploads_root: "{{ get_env(name="UPLOADS_ROOT", default="data/uploads") }}"

# loco-oauth2 social login. All values must come from the environment in prod;
# OAUTH_REDIRECT_URL / OAUTH_PROTECTED_URL must use the real public origin.
initializers:
  oauth2:
    secret_key: "{{ get_env(name="OAUTH_PRIVATE_KEY") }}"
    authorization_code:
      - client_identifier: google
        client_credentials:
          client_id: "{{ get_env(name="OAUTH_CLIENT_ID") }}"
          client_secret: "{{ get_env(name="OAUTH_CLIENT_SECRET") }}"
        url_config:
          auth_url: "{{ get_env(name="OAUTH_AUTH_URL", default="https://accounts.google.com/o/oauth2/auth") }}"
          token_url: "{{ get_env(name="OAUTH_TOKEN_URL", default="https://www.googleapis.com/oauth2/v3/token") }}"
          redirect_url: "{{ get_env(name="OAUTH_REDIRECT_URL") }}"
          profile_url: "{{ get_env(name="OAUTH_PROFILE_URL", default="https://openidconnect.googleapis.com/v1/userinfo") }}"
          scopes:
            - "https://www.googleapis.com/auth/userinfo.email"
            - "https://www.googleapis.com/auth/userinfo.profile"
        cookie_config:
          protected_url: "{{ get_env(name="OAUTH_PROTECTED_URL") }}"
        timeout_seconds: 600