# SaaS Platform Environment Configuration Template
# Copy this file to .env and update the values

# ============================================
# DEPLOYMENT MODE
# ============================================
NODE_ENV=production

# ============================================
# PORT CONFIGURATION
# ============================================
# Nginx Gateway
HTTP_PORT=80
HTTPS_PORT=443

# Database
POSTGRES_PORT=5432

# Redis
REDIS_PORT=6379

# ============================================
# DATABASE CONFIGURATION
# ============================================
POSTGRES_DB=saas_platform
POSTGRES_USER=saas_user
POSTGRES_PASSWORD=CHANGE_ME_RANDOM_PASSWORD_HERE

# ============================================
# REDIS CONFIGURATION
# ============================================
REDIS_PASSWORD=CHANGE_ME_RANDOM_PASSWORD_HERE

# ============================================
# JWT CONFIGURATION
# ============================================
JWT_SECRET=CHANGE_ME_RANDOM_SECRET_HERE
JWT_EXPIRES_IN=15m
REFRESH_TOKEN_EXPIRES_IN=7d

# ============================================
# DOMAIN CONFIGURATION
# ============================================
# Production domain (set by deploy.sh)
DOMAIN=example.com
CONSOLE_DOMAIN=console.example.com

# ============================================
# MINIO CONFIGURATION (S3-compatible storage)
# ============================================
MINIO_ROOT_USER=CHANGE_ME_RANDOM_ACCESS_KEY
MINIO_ROOT_PASSWORD=CHANGE_ME_RANDOM_SECRET_KEY
MINIO_ENDPOINT=minio
MINIO_PORT=9000
MINIO_USE_SSL=false

# ============================================
# SMTP CONFIGURATION (Email sending)
# ============================================
SMTP_HOST=smtp.example.com
SMTP_PORT=587
SMTP_SECURE=false
SMTP_USER=noreply@example.com
SMTP_PASSWORD=CHANGE_ME_SMTP_PASSWORD
SMTP_FROM_EMAIL=noreply@example.com
SMTP_FROM_NAME=SaaS Platform

# ============================================
# LET'S ENCRYPT CONFIGURATION
# ============================================
# Email for Let's Encrypt notifications (set by deploy.sh)
LETSENCRYPT_EMAIL=admin@example.com

# ============================================
# MONITORING CONFIGURATION
# ============================================
GRAFANA_ADMIN_PASSWORD=CHANGE_ME_RANDOM_PASSWORD
PGADMIN_DEFAULT_EMAIL=admin@example.com
PGADMIN_DEFAULT_PASSWORD=CHANGE_ME_RANDOM_PASSWORD

# ============================================
# MCP SERVER CONFIGURATION
# ============================================
SAAS_API_URL=https://console.${DOMAIN:-example.com}
SAAS_AUTH_URL=https://console.${DOMAIN:-example.com}/auth
SAAS_STORAGE_URL=https://console.${DOMAIN:-example.com}/storage

# ============================================
# SECURITY NOTES
# ============================================
# 1. Generate random passwords using: openssl rand -base64 32
# 2. Keep this file secure: chmod 600 .env
# 3. Never commit .env to version control
# 4. Backup this file in a secure location