# Keycloak Deployment Configuration
# Copy this file to .env and modify the values as needed

# =============================================================================
# KEYCLOAK CONFIGURATION
# =============================================================================

# Admin credentials for Keycloak
KEYCLOAK_ADMIN=admin
KEYCLOAK_ADMIN_PASSWORD=admin123

# Keycloak server configuration
KEYCLOAK_HOST=localhost
KEYCLOAK_PORT=8080
KEYCLOAK_URL=http://localhost:8080

# Security settings
KC_HOSTNAME_STRICT=false
KC_HOSTNAME_STRICT_HTTPS=false
KC_HTTP_ENABLED=true

# =============================================================================
# DATABASE CONFIGURATION
# =============================================================================

# PostgreSQL database settings
POSTGRES_DB=keycloak
POSTGRES_USER=keycloak
POSTGRES_PASSWORD=secure_password_123
POSTGRES_HOST=postgres
POSTGRES_PORT=5432

# Database connection for Keycloak
KC_DB=postgres
KC_DB_URL=jdbc:postgresql://postgres:5432/keycloak
KC_DB_USERNAME=keycloak
KC_DB_PASSWORD=secure_password_123

# =============================================================================
# LDAP CONFIGURATION
# =============================================================================

LDAP_DOMAIN=exemple.com
LDAP_ORGANISATION=Mon Organisation
LDAP_ADMIN_PASSWORD=ldap-secure-password
LDAP_CONFIG_PASSWORD=ldap-config-password

# =============================================================================
# REALM CONFIGURATION
# =============================================================================

# Main realm settings in case realm creation at first boot
# REALM_NAME=myrealm
# REALM_DISPLAY_NAME="My Organization Realm"
# REALM_ENABLED=true

# =============================================================================
# CLIENT CONFIGURATION
# =============================================================================

# Main application client
CLIENT_ID=my-app
# CLIENT_SECRET=my-app-secret-123  # Leave empty for auto-generation
CLIENT_SECRET=
CLIENT_NAME="My Application"
CLIENT_ENABLED=true
CLIENT_PUBLIC=false

# Backend API client
BACKEND_API_CLIENT_ID=backend-api
# BACKEND_API_CLIENT_SECRET=backend-api-secret-123  # Leave empty for auto-generation
BACKEND_API_CLIENT_SECRET=
BACKEND_API_CLIENT_NAME="Backend API Client"

# Token exchange client
TOKEN_EXCHANGE_CLIENT_ID=token-exchange-client
# TOKEN_EXCHANGE_CLIENT_SECRET=token-exchange-secret-123  # Leave empty for auto-generation
TOKEN_EXCHANGE_CLIENT_SECRET=
TOKEN_EXCHANGE_CLIENT_NAME="Token Exchange Client"

# =============================================================================
# USER CONFIGURATION
# =============================================================================

# Test user credentials
TEST_USERNAME=testuser
TEST_PASSWORD=testpass123
TEST_EMAIL=test@example.com
TEST_FIRST_NAME=Test
TEST_LAST_NAME=User

# =============================================================================
# DOCKER CONFIGURATION
# =============================================================================

# Docker network settings
DOCKER_NETWORK=keycloak-network

# Container names
KEYCLOAK_CONTAINER_NAME=local-keycloak
POSTGRES_CONTAINER_NAME=keycloak-postgres

# =============================================================================
# DEVELOPMENT SETTINGS
# =============================================================================

# Debug and logging
DEBUG=false
LOG_LEVEL=INFO

# Development features
KC_HEALTH_ENABLED=true
KC_METRICS_ENABLED=true

# =============================================================================
# SECURITY SETTINGS
# =============================================================================

# Token settings
ACCESS_TOKEN_LIFESPAN=300
REFRESH_TOKEN_LIFESPAN=1800
SSO_SESSION_IDLE_TIMEOUT=1800
SSO_SESSION_MAX_LIFESPAN=36000

# Password policy
PASSWORD_POLICY="length(8) and digits(1) and lowerCase(1) and upperCase(1)"

# =============================================================================
# OPTIONAL FEATURES
# =============================================================================

# Email configuration (optional)
# SMTP_HOST=smtp.example.com
# SMTP_PORT=587
# SMTP_FROM=noreply@example.com
# SMTP_USERNAME=smtp_user
# SMTP_PASSWORD=smtp_password
# SMTP_SSL=false
# SMTP_STARTTLS=true

# Theme configuration (optional)
# LOGIN_THEME=keycloak
# ADMIN_THEME=keycloak
# ACCOUNT_THEME=keycloak
# EMAIL_THEME=keycloak

# =============================================================================
# PRODUCTION OVERRIDES
# =============================================================================
# Uncomment and modify these for production deployments

# KEYCLOAK_URL=https://auth.yourdomain.com
# KC_HOSTNAME_STRICT=true
# KC_HOSTNAME_STRICT_HTTPS=true
# KC_HTTP_ENABLED=false
# KC_HTTPS_PORT=8443
# KC_HTTPS_CERTIFICATE_FILE=/path/to/certificate.pem
# KC_HTTPS_CERTIFICATE_KEY_FILE=/path/to/private-key.pem