# Copy this file to .env and fill in the values
# .env is gitignored and must never be committed

SECRET_KEY=change-me-to-a-long-random-string

# Set to True only for development
DEBUG=False

# Comma-separated list of additional allowed hosts (beyond 127.0.0.1 and localhost)
EXTRA_HOSTS=photos.crans.org,photos-dev.crans.org

# Comma-separated list of admins in "Name:email" format
ADMINS=admin:photos-admin@lists.crans.org

# Email address used as sender for server emails
SERVER_EMAIL=photos@crans.org

# Email verification: 'mandatory', 'optional', or 'none'
EMAIL_VERIFICATION=mandatory

# Mail server settings
SMTP_HOST=localhost
SMTP_PORT=25
#SMTP_USER=
#SMTP_PASSWORD=
SMTP_USE_TLS=False

# OAuth2 settings
# Enable OAuth2 login
OAUTH_ENABLED=False
# Disable normal username/password login (requires OAUTH_ENABLED=True)
OAUTH_ONLY=False
# OAuth2 server base URL (e.g. auth.example.com)
#OAUTH_SERVER_URL=
# OAuth2 app credentials
#OAUTH_CLIENT_ID=
#OAUTH_CLIENT_SECRET=
# Button appearance on the login page
#OAUTH_BUTTON_TEXT=Login with OAuth
#OAUTH_BUTTON_IMAGE=
# Space-separated OAuth2 scopes
#OAUTH_SCOPE=openid profile email groups
# Comma-separated OAuth groups that grant Django staff (admin) access
#OAUTH_STAFF_GROUPS=admins moderators
# Map OAuth groups to Django groups: space-separated oauth_group:django_group pairs
#OAUTH_GROUP_MAP=editors:Editors photographers:Photographers
# Override OAuth2 endpoint URLs (default: authentik-style /application/o/...)
#OAUTH_AUTHORIZE_URL=https://auth.example.com/application/o/authorize/
#OAUTH_TOKEN_URL=https://auth.example.com/application/o/token/
#OAUTH_PROFILE_URL=https://auth.example.com/application/o/userinfo/

# Database engine: 'sqlite' or 'postgres'
DB_ENGINE=sqlite

# PostgreSQL settings (only used when DB_ENGINE=postgres)
#DB_NAME=photo21
#DB_USER=photo21
#DB_PASSWORD=
#DB_HOST=db
#DB_PORT=5432

# SQLite settings (only used when DB_ENGINE=sqlite)
#DB_PATH=/app/data/db.sqlite3