# === [1] 프로젝트 식별 (중요: 인스턴스마다 다르게 설정) ===
INSTANCE_NAME={{INSTANCE_NAME}}
COMPOSE_PROJECT_NAME=baron-sso-{{INSTANCE_NAME}}
APP_ENV=production
SOURCE_ROOT=../..

# === [2] 포트 Prefix 설정 (예: 23 입력 시 23000, 23432 등 생성) ===
P={{PORT_PREFIX}}

# 인프라 포트
DB_PORT=${P}432
REDIS_PORT=${P}399
CLICKHOUSE_PORT_HTTP=${P}123
CLICKHOUSE_PORT_NATIVE=${P}000

# 서비스 포트
BACKEND_PORT=${P}000
USERFRONT_PORT=${P}500
ADMINFRONT_PORT=${P}173
DEVFRONT_PORT=${P}174
ORGFRONT_PORT=${P}175
OATHKEEPER_PROXY_PORT=${P}467

# === [3] 도메인 설정 (별도 도메인 구조) ===
# {{INSTANCE_NAME}}이 stg면 sso-stg.hmac.kr 형식이 되도록 가이드
DOMAIN_SUFFIX=hmac.kr
USERFRONT_URL=https://{{INSTANCE_NAME}}-sso.${DOMAIN_SUFFIX}
ADMINFRONT_URL=https://{{INSTANCE_NAME}}-admin.${DOMAIN_SUFFIX}
DEVFRONT_URL=https://{{INSTANCE_NAME}}-dev.${DOMAIN_SUFFIX}
ORGFRONT_URL=https://{{INSTANCE_NAME}}-org.${DOMAIN_SUFFIX}
PUBLIC_HOST={{INSTANCE_NAME}}-sso.${DOMAIN_SUFFIX}
ADMINFRONT_HOST={{INSTANCE_NAME}}-admin.${DOMAIN_SUFFIX}
DEVFRONT_HOST={{INSTANCE_NAME}}-dev.${DOMAIN_SUFFIX}
ORGFRONT_HOST={{INSTANCE_NAME}}-org.${DOMAIN_SUFFIX}
TRAEFIK_PUBLIC_NETWORK=traefik-public
TRAEFIK_ENTRYPOINT=websecure
TRAEFIK_CERT_RESOLVER=myresolver

# OIDC/Auth URL
VITE_OIDC_AUTHORITY=${USERFRONT_URL}/oidc
ADMINFRONT_CALLBACK_URLS=${ADMINFRONT_URL}/auth/callback
DEVFRONT_CALLBACK_URLS=${DEVFRONT_URL}/auth/callback
ORGFRONT_CALLBACK_URLS=${ORGFRONT_URL}/auth/callback

# Ory URL
KRATOS_UI_URL=${USERFRONT_URL}/auth
KRATOS_BROWSER_URL=${USERFRONT_URL}/auth
KRATOS_ADMIN_URL=http://kratos:4434
HYDRA_PUBLIC_URL=${USERFRONT_URL}/oidc
HYDRA_ADMIN_URL=http://hydra:4445
OATHKEEPER_PUBLIC_URL=${USERFRONT_URL}
KETO_READ_URL=http://keto:4466
KETO_WRITE_URL=http://keto:4467

# Ory versions
KRATOS_VERSION=v26.2.0
HYDRA_VERSION=v26.2.0
KETO_VERSION=v26.2.0
OATHKEEPER_VERSION=v26.2.0
ORY_POSTGRES_TAG=17-alpine

# === [4] IDP 및 DB Config ===
IDP_PROVIDER=ory
DB_PASSWORD=password
ORY_POSTGRES_USER=ory
ORY_POSTGRES_PASSWORD=generated_secret_here
ORY_POSTGRES_DB=ory
KRATOS_DB=ory_kratos
HYDRA_DB=ory_hydra
KETO_DB=ory_keto
OATHKEEPER_UID=1001
OATHKEEPER_GID=1001
OATHKEEPER_INTROSPECT_CLIENT_ID=oathkeeper-introspect
OATHKEEPER_INTROSPECT_CLIENT_SECRET=oathkeeper-secret
CLICKHOUSE_PASSWORD=password
REDIS_ADDR=redis:6379

# Secrets (At least 32 chars)
COOKIE_SECRET=at_least_32_characters_long_secret_12345
JWT_SECRET=at_least_32_characters_long_secret_12345
CSRF_COOKIE_SECRET=at_least_32_characters_long_secret_12345

# Admin 초기 계정
ADMIN_EMAIL=admin@baron.co.kr
ADMIN_PASSWORD=adminPasswordIsNotSimple