# Flask settings
SECRET_KEY=your-secret-key-here
FLASK_ENV=production
FLASK_DEBUG=false

# Database settings
DATABASE_URL=postgresql+psycopg2://timetracker:timetracker@db:5432/timetracker
POSTGRES_DB=timetracker
POSTGRES_USER=timetracker
POSTGRES_PASSWORD=timetracker
POSTGRES_HOST=db

# Session settings
SESSION_COOKIE_SECURE=false
SESSION_COOKIE_HTTPONLY=true
PERMANENT_SESSION_LIFETIME=86400

# Application settings
TZ=Europe/Rome
CURRENCY=EUR
ROUNDING_MINUTES=1
SINGLE_ACTIVE_TIMER=true
IDLE_TIMEOUT_MINUTES=30

# User management
ALLOW_SELF_REGISTER=true
ADMIN_USERNAMES=admin

# Authentication
# Options: local | oidc | both
AUTH_METHOD=local

# OIDC (used when AUTH_METHOD=oidc or both)
# OIDC_ISSUER=https://login.microsoftonline.com/<tenant>/v2.0
# OIDC_CLIENT_ID=
# OIDC_CLIENT_SECRET=
# OIDC_REDIRECT_URI=https://yourapp.example.com/auth/oidc/callback
# OIDC_SCOPES=openid profile email
# OIDC_USERNAME_CLAIM=preferred_username
# OIDC_FULL_NAME_CLAIM=name
# OIDC_EMAIL_CLAIM=email
# OIDC_GROUPS_CLAIM=groups
# OIDC_ADMIN_GROUP=
# OIDC_ADMIN_EMAILS=
# OIDC_POST_LOGOUT_REDIRECT_URI=https://yourapp.example.com/

# Backup settings
BACKUP_RETENTION_DAYS=30
BACKUP_TIME=02:00

# File upload settings
MAX_CONTENT_LENGTH=16777216
UPLOAD_FOLDER=/data/uploads

# CSRF protection
WTF_CSRF_ENABLED=false
WTF_CSRF_TIME_LIMIT=3600

# Logging
LOG_LEVEL=INFO
LOG_FILE=/data/logs/timetracker.log