# domains
AUTH_DOMAIN=auth.local.nodedc
LAUNCHER_DOMAIN=launcher.local.nodedc
TASK_DOMAIN=task.local.nodedc

# proxy
PLATFORM_HTTP_PORT=80
LOCAL_LAUNCHER_UPSTREAM=host.docker.internal:5173
LOCAL_TASK_MANAGER_UPSTREAM=host.docker.internal:8090

# authentik image
AUTHENTIK_IMAGE=ghcr.io/goauthentik/server
AUTHENTIK_TAG=2026.2.2

# authentik database
PG_DB=authentik
PG_USER=authentik
PG_PASS=change-me-generate-with-infra-scripts-init-dev-env

# authentik
AUTHENTIK_SECRET_KEY=change-me-generate-with-infra-scripts-init-dev-env
AUTHENTIK_ERROR_REPORTING__ENABLED=false

# optional first-start bootstrap
# AUTHENTIK_BOOTSTRAP_EMAIL=admin@nodedc.local
# AUTHENTIK_BOOTSTRAP_PASSWORD=
# AUTHENTIK_BOOTSTRAP_TOKEN=

# launcher oidc
LAUNCHER_OIDC_ISSUER=http://auth.local.nodedc/application/o/launcher/
LAUNCHER_OIDC_CLIENT_ID=
LAUNCHER_OIDC_CLIENT_SECRET=
LAUNCHER_OIDC_REDIRECT_URI=http://launcher.local.nodedc/auth/callback

# plane oidc
PLANE_OIDC_ISSUER=http://auth.local.nodedc/application/o/task-manager/
PLANE_OIDC_CLIENT_ID=
PLANE_OIDC_CLIENT_SECRET=
PLANE_OIDC_REDIRECT_URI=http://task.local.nodedc/auth/oidc/callback

# security
SESSION_SECRET=change-me-generate-with-infra-scripts-init-dev-env
COOKIE_DOMAIN=.local.nodedc
COOKIE_SECURE=false