# config.yaml — single source of truth for honeyDue K3s deployment
# Copy to config.yaml, fill in all empty values, then run scripts in order.
# This file is gitignored — never commit it with real values.

# --- Hetzner Cloud ---
cluster:
  hcloud_token: ""                          # Hetzner API token (Read/Write)
  ssh_public_key: ~/.ssh/id_ed25519.pub
  ssh_private_key: ~/.ssh/id_ed25519
  k3s_version: v1.31.4+k3s1
  location: fsn1                            # Hetzner datacenter
  instance_type: cx33                       # 4 vCPU, 16GB RAM

# Filled by 01-provision-cluster.sh, or manually after creating servers
nodes:
  - name: honeydue-master1
    ip: ""
    roles: [master, redis]                  # 'redis' = pin Redis PVC here
  - name: honeydue-master2
    ip: ""
    roles: [master]
  - name: honeydue-master3
    ip: ""
    roles: [master]

# Hetzner Load Balancer IP (created in console after provisioning)
load_balancer_ip: ""

# --- Domains ---
domains:
  api: api.myhoneydue.com
  admin: admin.myhoneydue.com
  base: myhoneydue.com

# --- Container Registry (GHCR) ---
registry:
  server: ghcr.io
  namespace: ""                             # GitHub username or org
  username: ""                              # GitHub username
  token: ""                                 # PAT with read:packages, write:packages

# --- Database (Neon PostgreSQL) ---
database:
  host: ""                                  # e.g. ep-xxx.us-east-2.aws.neon.tech
  port: 5432
  user: ""
  name: honeydue
  sslmode: require
  max_open_conns: 25
  max_idle_conns: 10
  max_lifetime: "600s"

# --- Email (Fastmail) ---
email:
  host: smtp.fastmail.com
  port: 587
  user: ""                                  # Fastmail email address
  from: "honeyDue <noreply@myhoneydue.com>"
  use_tls: true

# --- Push Notifications ---
push:
  apns_key_id: ""
  apns_team_id: ""
  apns_topic: com.tt.honeyDue
  apns_production: true
  apns_use_sandbox: false

# --- B2 Object Storage ---
storage:
  b2_key_id: ""
  b2_app_key: ""
  b2_bucket: ""
  b2_endpoint: ""                           # e.g. s3.us-west-004.backblazeb2.com
  max_file_size: 10485760
  allowed_types: "image/jpeg,image/png,image/gif,image/webp,application/pdf"

# --- Worker Schedules (UTC hours) ---
worker:
  task_reminder_hour: 14
  overdue_reminder_hour: 15
  daily_digest_hour: 3

# --- Feature Flags ---
features:
  push_enabled: true
  email_enabled: true
  webhooks_enabled: true
  onboarding_emails_enabled: true
  pdf_reports_enabled: true
  worker_enabled: true

# --- Redis ---
redis:
  password: ""                              # Set a strong password; leave empty for no auth (NOT recommended for production)

# --- Admin Panel ---
admin:
  basic_auth_user: ""                       # HTTP basic auth username for admin panel
  basic_auth_password: ""                   # HTTP basic auth password for admin panel

# --- Apple Auth / IAP (optional, leave empty if unused) ---
apple_auth:
  client_id: ""
  team_id: ""
  iap_key_id: ""
  iap_issuer_id: ""
  iap_bundle_id: ""
  iap_key_path: ""
  iap_sandbox: false

# --- Google Auth / IAP (optional, leave empty if unused) ---
google_auth:
  client_id: ""
  android_client_id: ""
  ios_client_id: ""
  iap_package_name: ""
  iap_service_account_path: ""