# Application Configuration
ACKIFY_BASE_URL=https://sign.your-domain.com
ACKIFY_ORGANISATION="Your Organization Name"
ACKIFY_LOG_LEVEL=info
ACKIFY_LOG_FORMAT=classic

# Database Configuration
POSTGRES_USER=ackifyr
POSTGRES_PASSWORD=your_secure_password
POSTGRES_DB=ackify
ACKIFY_DB_DSN=postgres://ackifyr:your_secure_password@localhost:5432/ackify?sslmode=disable

# ============================================================================
# Authentication Configuration
# ============================================================================
# At least ONE authentication method must be enabled (OAuth or MagicLink)
#
# AUTO-DETECTION:
# - OAuth is enabled if ACKIFY_OAUTH_CLIENT_ID and ACKIFY_OAUTH_CLIENT_SECRET are set
# - MagicLink is enabled if ACKIFY_MAIL_HOST is configured
#
# You can override auto-detection with these variables:
# ACKIFY_AUTH_OAUTH_ENABLED=true
# ACKIFY_AUTH_MAGICLINK_ENABLED=true

# OAuth2 Configuration (OPTIONAL - remove if using MagicLink only)
ACKIFY_OAUTH_CLIENT_ID=your_oauth_client_id
ACKIFY_OAUTH_CLIENT_SECRET=your_oauth_client_secret
ACKIFY_OAUTH_ALLOWED_DOMAIN=your-organization.com
ACKIFY_OAUTH_AUTO_LOGIN=false

# OAuth2 Provider Configuration
# Use ACKIFY_OAUTH_PROVIDER to configure popular providers automatically:
# - "google" for Google OAuth2
# - "github" for GitHub OAuth2
# - "gitlab" for GitLab OAuth2 (set ACKIFY_OAUTH_GITLAB_URL if self-hosted)
# - Leave empty for custom provider (requires manual URL configuration)
ACKIFY_OAUTH_PROVIDER=google

# Custom OAuth2 Provider URLs (only needed if ACKIFY_OAUTH_PROVIDER is empty)
# ACKIFY_OAUTH_AUTH_URL=https://your-provider.com/oauth/authorize
# ACKIFY_OAUTH_TOKEN_URL=https://your-provider.com/oauth/token
# ACKIFY_OAUTH_USERINFO_URL=https://your-provider.com/api/user
# ACKIFY_OAUTH_LOGOUT_URL=https://your-provider.com/api/logout
# ACKIFY_OAUTH_SCOPES=openid,email

# GitLab specific (if using gitlab as provider and self-hosted)
# ACKIFY_OAUTH_GITLAB_URL=https://gitlab.your-company.com

# Email Configuration for MagicLink Authentication (OPTIONAL - required for MagicLink)
# If configured, enables passwordless authentication via email
# ACKIFY_MAIL_HOST=smtp.example.com
# ACKIFY_MAIL_PORT=587
# ACKIFY_MAIL_USERNAME=your_smtp_username
# ACKIFY_MAIL_PASSWORD=your_smtp_password
# ACKIFY_MAIL_FROM=noreply@example.com
# ACKIFY_MAIL_FROM_NAME=Ackify
# ACKIFY_MAIL_TLS=true
# ACKIFY_MAIL_STARTTLS=true
# ACKIFY_MAIL_INSECURE_SKIP_VERIFY=false

# Security Configuration
ACKIFY_OAUTH_COOKIE_SECRET=your_base64_encoded_secret_key
ACKIFY_ED25519_PRIVATE_KEY=your_base64_encoded_ed25519_private_key

# Admin Configuration
# ACKIFY_ADMIN_EMAILS=admin@your-domain.com,admin2@your-domain.com

# Document Creation Restriction
# ACKIFY_ONLY_ADMIN_CAN_CREATE=false

# Server Configuration
ACKIFY_LISTEN_ADDR=:8080