# Django
SECRET_KEY=change-me-to-a-long-random-string
DEBUG=True
ALLOWED_HOSTS=localhost,127.0.0.1

# Database (PostGIS)
POSTGRES_DB=splatmap
POSTGRES_USER=splatmap
POSTGRES_PASSWORD=splatmap
DATABASE_URL=postgis://splatmap:splatmap@db:5432/splatmap

# Redis / Celery
REDIS_URL=redis://redis:6379/0
CELERY_BROKER_URL=redis://redis:6379/0
CELERY_RESULT_BACKEND=django-db

# Authentik OIDC
OIDC_RP_CLIENT_ID=splatmap-backend
OIDC_RP_CLIENT_SECRET=
OIDC_OP_BASE_URL=https://auth.yourdomain.com/application/o/splatmap

# Wasabi S3
AWS_ACCESS_KEY_ID=
AWS_SECRET_ACCESS_KEY=
AWS_STORAGE_BUCKET_NAME=splatmap
AWS_S3_ENDPOINT_URL=https://s3.wasabisys.com
AWS_S3_REGION_NAME=us-east-1

# Firebase (FCM)
FIREBASE_CREDENTIALS_FILE=/app/secrets/firebase-credentials.json

# RunPod
RUNPOD_API_KEY=
RUNPOD_ENDPOINT_ID=

# Webhook secret — must match what is configured in RunPod endpoint settings
WEBHOOK_SECRET=change-me-to-a-random-secret

# Public URL of this API (used in RunPod callback payload)
API_BASE_URL=http://localhost:8000

# Cloudflare CDN prefix in front of Wasabi bucket (leave empty in dev)
CDN_BASE_URL=

# Sentry (production only)
SENTRY_DSN=

# Frontend (Vite) — VITE_ prefix exposes these to the browser bundle
VITE_OIDC_AUTHORITY=http://localhost:9000/application/o/splatmap
VITE_OIDC_CLIENT_ID=splatmap-web
VITE_API_BASE_URL=/api/v1
VITE_CESIUM_ION_TOKEN=