#############################################
# SuiteCRM Docker Environment (.env)
# Built for Infinito.Nexus Roles
#############################################

# ------------------------------------------------
# Core Symfony / SuiteCRM 8 settings
# ------------------------------------------------
APP_ENV={{ 'dev' if (ENVIRONMENT | lower) == 'development' else 'prod' }}
APP_DEBUG="{{ MODE_DEBUG | bool | ternary(1, 0) }}"

# Use correct HTTPS Scheme
SERVER_SCHEME="{{ WEB_PROTOCOL }}"
TRUSTED_PROXIES="127.0.0.1,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16"
TRUSTED_HOSTS="^{{ domain | replace('.', '\\\\.') }}$"

# ------------------------------------------------
# Database (Symfony-style)
# ------------------------------------------------
DATABASE_URL=mysql://{{ database_username }}:{{ database_password | urlencode }}@{{ database_host }}:{{ database_port }}/{{ database_name }}
DATABASE_DRIVER=pdo_mysql
DATABASE_SERVER_VERSION=10.11

# Keep legacy-style vars for external tools or debugging
SUITECRM_DB_HOST={{ database_host }}
SUITECRM_DB_PORT={{ database_port }}
SUITECRM_DB_NAME={{ database_name }}
SUITECRM_DB_USER={{ database_username }}
SUITECRM_DB_PASSWORD={{ database_password }}

# ------------------------------------------------
# Initial admin account (for your own tooling)
# ------------------------------------------------
SUITECRM_ADMIN_USERNAME={{ applications | get_app_conf(application_id, 'users.administrator.username') }}
SUITECRM_ADMIN_PASSWORD={{ applications | get_app_conf(application_id, 'credentials.administrator_password') }}
SUITECRM_ADMIN_EMAIL={{ users['administrator'].email }}

# Public base URL of the SuiteCRM instance
SUITECRM_URL={{ SUITECRM_URL }}

# ------------------------------------------------
# LDAP settings (legacy + SuiteCRM 8 / Symfony)
# ------------------------------------------------
{% if SUITECRM_LDAP_ENABLED | bool %}
AUTH_TYPE=ldap

# Autocreate
LDAP_AUTO_CREATE=enabled
LDAP_PROVIDER_BASE_DN='{{ LDAP.DN.OU.USERS }}'
LDAP_PROVIDER_SEARCH_DN='{{ LDAP.DN.ADMINISTRATOR.DATA }}'
LDAP_PROVIDER_SEARCH_PASSWORD='{{ LDAP.BIND_CREDENTIAL }}'
LDAP_PROVIDER_DEFAULT_ROLES=ROLE_USER
LDAP_PROVIDER_UID_KEY='{{ LDAP.USER.ATTRIBUTES.ID }}'
LDAP_PROVIDER_FILTER='{{ LDAP.USER.ATTRIBUTES.ID }}={username}'

# Debug
LDAP_CONNECTION_OPTION_DEBUG_LEVEL="{{ MODE_DEBUG | bool | ternary(7, 0) }}"

# ---- Common (for your tooling / consistency) ----
LDAP_HOST={{ LDAP.SERVER.DOMAIN }}
LDAP_PORT={{ LDAP.SERVER.PORT }}
LDAP_ENCRYPTION={{ (LDAP.SERVER.SECURITY | default('none', true) ) | lower }}

# ---- SuiteCRM 8 / Symfony LDAP (per official docs) ----
#LDAP_CONNECTION_STRING=
LDAP_PROTOCOL_VERSION=3
LDAP_REFERRALS=false

# Base DN under which users are searched
LDAP_DN_STRING="{{ LDAP.DN.OU.USERS }}"

# Search filter with {username} placeholder
LDAP_QUERY_STRING="{{ LDAP.USER.ATTRIBUTES.ID }}={username}"

# Bind DN used to perform the search
LDAP_SEARCH_DN="{{ LDAP.DN.ADMINISTRATOR.DATA }}"
LDAP_SEARCH_PASSWORD="{{ LDAP.BIND_CREDENTIAL }}"

{% else %}
AUTH_TYPE=native
{% endif %}

# ------------------------------------------------
# Maintenance mode toggle
# ------------------------------------------------
SUITECRM_MAINTENANCE={{ SUITECRM_INIT_MAINTENANCE_MODE | lower }}

NODE_OPTIONS=--max-old-space-size={{ SUITECRM_MAX_OLD_SPACE_SIZE }}