# Environment Variables Template
# Copy this file to .env and fill in your values
# NEVER commit .env to git!

# User and Group IDs (get with: id -u and id -g)
PUID=1000
PGID=1000

# Timezone (list: timedatectl list-timezones)
TZ=America/New_York

# Server IP address
SERVER_IP=192.168.1.100

# Domain Configuration
DOMAIN=yourdomain.duckdns.org  # Your DuckDNS domain

# Directory Paths
USERDIR=/opt/stacks
MEDIADIR=/mnt/media           # Large media files on separate drive
DOWNLOADDIR=/mnt/downloads    # Downloads on separate drive
PROJECTDIR=/home/username/projects

# DuckDNS Configuration
DUCKDNS_TOKEN=your-duckdns-token
DUCKDNS_SUBDOMAINS=yourdomain  # Without .duckdns.org

# Let's Encrypt / ACME
ACME_EMAIL=your-email@example.com

# Authelia Secrets (generate with: openssl rand -hex 64)
AUTHELIA_JWT_SECRET=your-jwt-secret-here-64-chars
AUTHELIA_SESSION_SECRET=your-session-secret-here-64-chars
AUTHELIA_STORAGE_ENCRYPTION_KEY=your-encryption-key-here-64-chars

# SMTP for Authelia Notifications (optional)
SMTP_USERNAME=your-email@example.com
SMTP_PASSWORD=your-smtp-password

# Authentik SSO (optional - alternative to Authelia with web UI)
# Generate secrets with: openssl rand -hex 50
AUTHENTIK_SECRET_KEY=your-authentik-secret-key-here-100-chars
AUTHENTIK_DB_USER=authentik
AUTHENTIK_DB_PASSWORD=changeme-authentik-db-password
AUTHENTIK_DB_NAME=authentik

# VPN Configuration (Surfshark)
# Get WireGuard details from Surfshark dashboard
SURFSHARK_PRIVATE_KEY=your-wireguard-private-key
SURFSHARK_ADDRESSES=10.14.0.2/16
VPN_COUNTRY=Netherlands  # Preferred VPN server location

# Alternative: OpenVPN credentials (if not using WireGuard)
# SURFSHARK_USERNAME=your-surfshark-username
# SURFSHARK_PASSWORD=your-surfshark-password

# Media Services
PLEX_CLAIM=claim-xxxxxxxxxx

# Monitoring & Dashboards
GRAFANA_ADMIN_PASSWORD=changeme

# Development Tools
CODE_SERVER_PASSWORD=changeme
CODE_SERVER_SUDO_PASSWORD=changeme

# Databases - General
POSTGRES_USER=postgres
POSTGRES_PASSWORD=changeme
POSTGRES_DB=homelab

PGADMIN_EMAIL=admin@example.com
PGADMIN_PASSWORD=changeme

# Infrastructure
PIHOLE_PASSWORD=changeme
WATCHTOWER_NOTIFICATION_URL=

# Productivity Services - Nextcloud
NEXTCLOUD_ADMIN_USER=admin
NEXTCLOUD_ADMIN_PASSWORD=changeme
NEXTCLOUD_DB_PASSWORD=changeme
NEXTCLOUD_DB_ROOT_PASSWORD=changeme

# Productivity Services - Gitea
GITEA_DB_PASSWORD=changeme

# Productivity Services - WordPress
WORDPRESS_DB_PASSWORD=changeme
WORDPRESS_DB_ROOT_PASSWORD=changeme

# Productivity Services - BookStack
BOOKSTACK_DB_PASSWORD=changeme
BOOKSTACK_DB_ROOT_PASSWORD=changeme

# Productivity Services - MediaWiki
MEDIAWIKI_DB_PASSWORD=changeme
MEDIAWIKI_DB_ROOT_PASSWORD=changeme

# Utilities - Form.io
FORMIO_JWT_SECRET=changeme
FORMIO_DB_SECRET=changeme

# Development - Jupyter
JUPYTER_TOKEN=changeme

# Cloudflare API (optional, for DNS challenge)
# CF_DNS_API_TOKEN=your-cloudflare-api-token

# qBittorrent
QBITTORRENT_USER=admin
QBITTORRENT_PASS=changeme

# Homepage Dashboard - API Keys and Tokens
# Generate these from each service's settings page
HOMEPAGE_VAR_DOMAIN=${DOMAIN}
HOMEPAGE_VAR_SERVER_IP=${SERVER_IP}
HOMEPAGE_VAR_PORTAINER_KEY=your-portainer-api-key
HOMEPAGE_VAR_PIHOLE_KEY=your-pihole-api-key
HOMEPAGE_VAR_PLEX_KEY=your-plex-token
HOMEPAGE_VAR_JELLYFIN_KEY=your-jellyfin-api-key
HOMEPAGE_VAR_SONARR_KEY=your-sonarr-api-key
HOMEPAGE_VAR_RADARR_KEY=your-radarr-api-key
HOMEPAGE_VAR_LIDARR_KEY=your-lidarr-api-key
HOMEPAGE_VAR_READARR_KEY=your-readarr-api-key
HOMEPAGE_VAR_PROWLARR_KEY=your-prowlarr-api-key
HOMEPAGE_VAR_JELLYSEERR_KEY=your-jellyseerr-api-key
HOMEPAGE_VAR_QBITTORRENT_USER=${QBITTORRENT_USER}
HOMEPAGE_VAR_QBITTORRENT_PASS=${QBITTORRENT_PASS}
HOMEPAGE_VAR_HA_KEY=your-home-assistant-long-lived-token
HOMEPAGE_VAR_NEXTCLOUD_USER=${NEXTCLOUD_ADMIN_USER}
HOMEPAGE_VAR_NEXTCLOUD_PASS=${NEXTCLOUD_ADMIN_PASSWORD}
HOMEPAGE_VAR_GRAFANA_USER=admin
HOMEPAGE_VAR_GRAFANA_PASS=${GRAFANA_ADMIN_PASSWORD}
HOMEPAGE_VAR_BOOKSTACK_KEY=your-bookstack-api-token
HOMEPAGE_VAR_UPTIMEKUMA_SLUG=your-uptime-kuma-slug
HOMEPAGE_VAR_OPENWEATHER_KEY=your-openweather-api-key
HOMEPAGE_VAR_WEATHERAPI_KEY=your-weatherapi-key
HOMEPAGE_VAR_UNIFI_USER=your-unifi-username
HOMEPAGE_VAR_UNIFI_PASS=your-unifi-password

# Add your own variables below

# Get WireGuard details from Surfshark dashboard
SURFSHARK_PRIVATE_KEY=your-wireguard-private-key
SURFSHARK_ADDRESSES=10.14.0.2/16
VPN_COUNTRY=Netherlands  # Preferred VPN server location

# Alternative: OpenVPN credentials (if not using WireGuard)
# SURFSHARK_USERNAME=your-surfshark-username
# SURFSHARK_PASSWORD=your-surfshark-password

# Plex Configuration
PLEX_CLAIM=claim-xxxxxxxxxx

# Monitoring Passwords
GRAFANA_ADMIN_PASSWORD=changeme

# Code Server Passwords
CODE_SERVER_PASSWORD=changeme
CODE_SERVER_SUDO_PASSWORD=changeme

# Database Credentials
POSTGRES_USER=postgres
POSTGRES_PASSWORD=changeme
POSTGRES_DB=homelab

PGADMIN_EMAIL=admin@example.com
PGADMIN_PASSWORD=changeme

# Jupyter Token
JUPYTER_TOKEN=changeme

# Pi-hole
PIHOLE_PASSWORD=changeme

# Bitwarden (Vaultwarden) Password Manager
# Admin token: openssl rand -base64 48
BITWARDEN_ADMIN_TOKEN=changeme-bitwarden-admin-token
BITWARDEN_SIGNUPS_ALLOWED=true  # Set to false after creating accounts
BITWARDEN_INVITATIONS_ALLOWED=true
SMTP_HOST=smtp.gmail.com
SMTP_FROM=bitwarden@yourdomain.com
SMTP_PORT=587
SMTP_SECURITY=starttls
# SMTP_USERNAME and SMTP_PASSWORD defined above

# Watchtower Notifications (optional)
# WATCHTOWER_NOTIFICATION_URL=

# Cloudflare API (optional, for DNS challenge)
# CF_DNS_API_TOKEN=your-cloudflare-api-token

# Add your own variables below