# config.yaml — single source of truth for honeyDue K3s DEV deployment
# Copy to config.yaml, fill in all empty values, then run scripts in order.
# This file is gitignored — never commit it with real values.

# --- Server ---
server:
  host: ""                              # Server IP or SSH config alias
  user: root                            # SSH user
  ssh_key: ~/.ssh/id_ed25519

# --- Domains ---
domains:
  api: devapi.myhoneydue.com
  admin: devadmin.myhoneydue.com
  base: dev.myhoneydue.com

# --- Container Registry (GHCR) ---
registry:
  server: ghcr.io
  namespace: ""                         # GitHub username or org
  username: ""                          # GitHub username
  token: ""                             # PAT with read:packages, write:packages

# --- Database (in-cluster PostgreSQL) ---
database:
  name: honeydue_dev
  user: honeydue
  # password goes in secrets/postgres_password.txt
  max_open_conns: 10
  max_idle_conns: 5
  max_lifetime: "600s"

# --- Email (Fastmail) ---
email:
  host: smtp.fastmail.com
  port: 587
  user: ""                              # Fastmail email address
  from: "honeyDue DEV <noreply@myhoneydue.com>"
  use_tls: true

# --- Push Notifications ---
push:
  apns_key_id: ""
  apns_team_id: ""
  apns_topic: com.tt.honeyDue
  apns_production: false
  apns_use_sandbox: true                # Sandbox for dev

# --- Object Storage (in-cluster MinIO — S3-compatible, replaces B2) ---
storage:
  minio_root_user: honeydue             # MinIO access key
  # minio_root_password goes in secrets/minio_root_password.txt
  bucket: honeydue-dev
  max_file_size: 10485760
  allowed_types: "image/jpeg,image/png,image/gif,image/webp,application/pdf"

# --- Worker Schedules (UTC hours) ---
worker:
  task_reminder_hour: 14
  overdue_reminder_hour: 15
  daily_digest_hour: 3

# --- Feature Flags ---
features:
  push_enabled: true
  email_enabled: false                  # Disabled for dev by default
  webhooks_enabled: false
  onboarding_emails_enabled: false
  pdf_reports_enabled: true
  worker_enabled: true

# --- Redis ---
redis:
  password: ""                          # Set a strong password

# --- Admin Panel ---
admin:
  basic_auth_user: ""                   # HTTP basic auth username
  basic_auth_password: ""               # HTTP basic auth password

# --- TLS ---
tls:
  mode: letsencrypt                     # "letsencrypt" or "cloudflare"
  letsencrypt_email: ""                 # Required if mode=letsencrypt
  # If mode=cloudflare, create secrets/cloudflare-origin.crt and .key

# --- Apple Auth / IAP (optional) ---
apple_auth:
  client_id: ""
  team_id: ""
  iap_key_id: ""
  iap_issuer_id: ""
  iap_bundle_id: ""
  iap_key_path: ""
  iap_sandbox: true

# --- Google Auth / IAP (optional) ---
google_auth:
  client_id: ""
  android_client_id: ""
  ios_client_id: ""
  iap_package_name: ""
  iap_service_account_path: ""