# Rails Configuration
SECRET_KEY_BASE=generate-with-bin-rails-secret
RAILS_ENV=development

# Database
# SQLite database files are stored in the storage/ directory
# In production with Docker, mount this as a persistent volume

# SMTP Configuration (for sending emails)
SMTP_ADDRESS=smtp.example.com
SMTP_PORT=587
SMTP_DOMAIN=example.com
SMTP_USERNAME=your-username
SMTP_PASSWORD=your-password
SMTP_AUTHENTICATION=plain
SMTP_ENABLE_STARTTLS=true

# Application Configuration
CLINCH_HOST=http://localhost:3000
CLINCH_FROM_EMAIL=noreply@example.com

# DNS Rebinding Protection Configuration
# Set to service name (e.g., 'clinch') if running in same Docker compose as Caddy
CLINCH_DOCKER_SERVICE_NAME=

# Allow internal IP access for cross-compose deployments (true/false)
CLINCH_ALLOW_INTERNAL_IPS=true

# Allow localhost access for development (true/false)
CLINCH_ALLOW_LOCALHOST=true

# OIDC Configuration
# RSA private key for signing ID tokens (JWT)
# Generate with: openssl genrsa 2048
# Important: Generate once and keep the same key across deployments
# If you change this key, all existing OIDC sessions will be invalidated
# OIDC_PRIVATE_KEY="-----BEGIN RSA PRIVATE KEY-----
# MIIEpAIBAAKCAQEAyZ0qaICMiLVWSFs+ef9Xok3fzy0p6k/7D5TQzmxf...
# ...your key content here...
# -----END RSA PRIVATE KEY-----"

# Optional: Force SSL in production
# FORCE_SSL=true

# Optional: Set custom port
# PORT=9000