# Copy this file to .env, then update it with your own settings


######################################################
# Instance configuration                             #
######################################################

# The name for your instance
MOBILIZON_INSTANCE_NAME={{ applications[application_id].titel }}

# Your domain
MOBILIZON_INSTANCE_HOST={{ domains | get_domain(application_id) }}

# The IP to listen on (defaults to 0.0.0.0)
# MOBILIZON_INSTANCE_LISTEN_IP

# The port to listen on (defaults to 4000). Point your reverse proxy on this port.
MOBILIZON_INSTANCE_PORT={{ mobilizon_exposed_docker_port }}

# Whether registrations are opened or closed. Can be changed in the admin settings UI as well.
# Make sure to moderate actively your instance if registrations are opened.
MOBILIZON_INSTANCE_REGISTRATIONS_OPEN=false

# From which email will the emails be sent
MOBILIZON_INSTANCE_EMAIL={{ users["no-reply"].email }}

# To which email with the replies be sent
MOBILIZON_REPLY_EMAIL={{ users["administrator"].email }}

# The loglevel setting.
# You can find accepted values here: https://hexdocs.pm/logger/Logger.html#module-levels
# Defaults to error
MOBILIZON_LOGLEVEL={% if enable_debug | bool %}debug{% else %}error{% endif %}

######################################################
# Database settings                                  #
######################################################

# The values below will be given to both the PostGIS (PostgreSQL) and Mobilizon containers
# Use the next settings if you plan to use an existing external database

# The Mobilizon Database username. Defaults to $POSTGRES_USER.
# Change if using an external database.
MOBILIZON_DATABASE_USERNAME={{ database_username }}

# The Mobilizon Database password. Defaults to $POSTGRES_PASSWORD.
# Change if using an external database.
MOBILIZON_DATABASE_PASSWORD={{ database_password }}

# The Mobilizon Database name. Defaults to $POSTGRES_DB.
# Change if using an external database.
MOBILIZON_DATABASE_DBNAME={{ database_name }}

# The Mobilizon database host. Useful if using an external database.
MOBILIZON_DATABASE_HOST={{ database_host }}

# The Mobilizon database port. Useful if using an external database.
MOBILIZON_DATABASE_PORT={{ database_port }}

# Whether to use SSL to connect to the Mobilizon database. Useful if using an external database.
# MOBILIZON_DATABASE_SSL=false

######################################################
# Secrets                                            #
######################################################

# A secret key used as a base to generate secrets for encrypting and signing data.
# Make sure it's long enough (~64 characters should be fine)
# You can run `openssl rand -base64 48` to generate such a secret
MOBILIZON_INSTANCE_SECRET_KEY_BASE={{ applications[application_id].secret_key_base }}

# A secret key used as a base to generate JWT tokens
# Make sure it's long enough (~64 characters should be fine)
# You can run `openssl rand -base64 48` to generate such a secret
MOBILIZON_INSTANCE_SECRET_KEY={{ applications[application_id].secret_key }}


######################################################
# Email settings                                     #
######################################################

# The SMTP server
# Defaults to localhost
MOBILIZON_SMTP_SERVER={{system_email.host}}
MOBILIZON_SMTP_PORT={{system_email.port}}
MOBILIZON_SMTP_USERNAME={{ users['no-reply'].email }}
MOBILIZON_SMTP_PASSWORD={{ users['no-reply'].mailu_token }}

# Whether to use SSL for SMTP.
# Boolean
# Defaults to false
MOBILIZON_SMTP_SSL=false

# Whether to use TLS for SMTP.
# Allowed values: always (TLS), never (Clear) and if_available (STARTTLS)
# Make sure to match the port value as well
# Defaults to "if_available"
MOBILIZON_SMTP_TLS={% if system_email.tls %}TLS{% elif system_email.start_tls %}STARTTLS{% else %}Clear{% endif %}

{% if applications | is_feature_enabled('oidc',application_id) %}
####################################
# ▶️ Mobilizon OIDC Configuration
####################################

AUTHENTICATION_STRATEGIES=open_id_connect

# Display name of the OIDC login button
UEBERAUTH_OPENID_CONNECT_DISPLAY_NAME="{{ oidc.button_text }}"

# Use discovery to automatically fetch OIDC provider settings
UEBERAUTH_OPENID_CONNECT_DISCOVERY_DOCUMENT={{ oidc.client.discovery_document }}

# OIDC OAuth2 client credentials
UEBERAUTH_OPENID_CONNECT_CLIENT_ID={{ oidc.client.id }}
UEBERAUTH_OPENID_CONNECT_CLIENT_SECRET={{ oidc.client.secret }}

# Redirect URI for the OIDC callback
UEBERAUTH_OPENID_CONNECT_REDIRECT_URI={{ mobilizon_oidc_callback_url }}

# Scope and response type for OIDC
UEBERAUTH_OPENID_CONNECT_SCOPE=openid email profile
UEBERAUTH_OPENID_CONNECT_RESPONSE_TYPE=code

# Claim/field used to uniquely identify the user
UEBERAUTH_OPENID_CONNECT_UID_FIELD={{ oidc.attributes.username }}

# Optional email verification behavior
UEBERAUTH_OPENID_CONNECT_ASSUME_EMAIL_IS_VERIFIED=true
{% endif %}