#############################################
# SuiteCRM Docker Environment (.env)
# Built for Infinito.Nexus Roles
#############################################

# ------------------------------------------------
# Database
# ------------------------------------------------
SUITECRM_DB_HOST={{ database_host }}
SUITECRM_DB_PORT={{ database_port }}
SUITECRM_DB_NAME={{ database_name }}
SUITECRM_DB_USER={{ database_username }}
SUITECRM_DB_PASSWORD={{ database_password }}

# ------------------------------------------------
# Initial admin account
# (SuiteCRM installer will use this; can also be set in config_override.php)
# ------------------------------------------------
SUITECRM_ADMIN_USERNAME={{ applications | get_app_conf(application_id, 'users.administrator.username') }}
SUITECRM_ADMIN_PASSWORD={{ applications | get_app_conf(application_id, 'credentials.administrator_password') }}
SUITECRM_ADMIN_EMAIL={{ users['contact'].email }}

# Public base URL of the SuiteCRM instance
SUITECRM_URL={{ SUITECRM_URL }}

# ------------------------------------------------
# SMTP (Mailu)
# ------------------------------------------------
SUITECRM_SMTP_HOST={{ SYSTEM_EMAIL.HOST }}
SUITECRM_SMTP_PORT={{ SYSTEM_EMAIL.PORT }}
SUITECRM_SMTP_USER={{ users['contact'].email }}
SUITECRM_SMTP_PASSWORD={{ users['contact'].mailu_token }}
SUITECRM_SMTP_PROTOCOL={{ "TLS" if SYSTEM_EMAIL.START_TLS else "SSL" }}
SUITECRM_EMAIL_FROM_NAME={{ applications | get_app_conf(application_id, 'email.from_name') }}

# ------------------------------------------------
# LDAP settings (optional)
# ------------------------------------------------
{% if SUITECRM_LDAP_ENABLED | bool %}
SUITECRM_LDAP_ENABLED=true
SUITECRM_LDAP_HOST={{ LDAP.SERVER.DOMAIN }}
SUITECRM_LDAP_PORT={{ LDAP.SERVER.PORT }}
SUITECRM_LDAP_ENCRYPTION={{ LDAP.SERVER.SECURITY | lower if LDAP.SERVER.SECURITY else "none" }}
SUITECRM_LDAP_BASE_DN={{ LDAP.DN.OU.USERS }}
SUITECRM_LDAP_BIND_DN={{ LDAP.DN.ADMINISTRATOR.DATA }}
SUITECRM_LDAP_BIND_PASSWORD={{ LDAP.BIND_CREDENTIAL }}
SUITECRM_LDAP_UID_ATTR={{ LDAP.USER.ATTRIBUTES.ID }}
{% else %}
SUITECRM_LDAP_ENABLED=false
{% endif %}

# ------------------------------------------------
# OpenID Connect settings (optional)
# ------------------------------------------------
{% if SUITECRM_OIDC_ENABLED | bool %}
SUITECRM_OIDC_ENABLED=true
SUITECRM_OIDC_CLIENT_ID={{ OIDC.CLIENT.ID }}
SUITECRM_OIDC_CLIENT_SECRET={{ OIDC.CLIENT.SECRET }}
SUITECRM_OIDC_ISSUER_URL={{ OIDC.CLIENT.ISSUER_URL }}
SUITECRM_OIDC_AUTHORIZATION_URL={{ OIDC.CLIENT.AUTHORIZE_URL }}
SUITECRM_OIDC_TOKEN_URL={{ OIDC.CLIENT.TOKEN_URL }}
SUITECRM_OIDC_USERINFO_URL={{ OIDC.CLIENT.USER_INFO_URL }}
SUITECRM_OIDC_JWKS_URL={{ OIDC.CLIENT.CERTS }}
SUITECRM_OIDC_REDIRECT_URI={{ SUITECRM_URL }}/oidc/callback
SUITECRM_OIDC_SCOPES=openid,profile,email
{% else %}
SUITECRM_OIDC_ENABLED=false
{% endif %}

# ------------------------------------------------
# Maintenance mode toggle
# ------------------------------------------------
SUITECRM_MAINTENANCE={{ SUITECRM_INIT_MAINTENANCE_MODE | lower }}