# Database Configuration
# PostgreSQL is recommended (required for OIDC features)
DATABASE_URL=postgres://raggr:changeme@postgres:5432/raggr

# PostgreSQL credentials (if using docker-compose postgres service)
POSTGRES_USER=raggr
POSTGRES_PASSWORD=changeme
POSTGRES_DB=raggr

# JWT Configuration
JWT_SECRET_KEY=your-secret-key-here

# Paperless Configuration
PAPERLESS_TOKEN=your-paperless-token
BASE_URL=192.168.1.5:8000

# llama-server Configuration (OpenAI-compatible API)
# If set, uses llama-server as the primary LLM backend with OpenAI as fallback
LLAMA_SERVER_URL=http://192.168.1.213:8080/v1
LLAMA_MODEL_NAME=llama-3.1-8b-instruct

# ChromaDB Configuration
# For Docker: This is automatically set to /app/data/chromadb
# For local development: Set to a local directory path
CHROMADB_PATH=./data/chromadb

# OpenAI Configuration
OPENAI_API_KEY=your-openai-api-key

# Tavily Configuration (for web search)
TAVILY_API_KEY=your-tavily-api-key

# Immich Configuration
IMMICH_URL=http://192.168.1.5:2283
IMMICH_API_KEY=your-immich-api-key
SEARCH_QUERY=simba cat
DOWNLOAD_DIR=./simba_photos

# OIDC Configuration (Authelia)
OIDC_ISSUER=https://auth.example.com
OIDC_CLIENT_ID=simbarag
OIDC_CLIENT_SECRET=your-client-secret-here
OIDC_REDIRECT_URI=http://localhost:8080/
OIDC_USE_DISCOVERY=true

# Optional: Manual OIDC endpoints (if discovery is disabled)
# OIDC_AUTHORIZATION_ENDPOINT=https://auth.example.com/api/oidc/authorization
# OIDC_TOKEN_ENDPOINT=https://auth.example.com/api/oidc/token
# OIDC_USERINFO_ENDPOINT=https://auth.example.com/api/oidc/userinfo
# OIDC_JWKS_URI=https://auth.example.com/api/oidc/jwks

# YNAB Configuration
# Get your Personal Access Token from https://app.ynab.com/settings/developer
YNAB_ACCESS_TOKEN=your-ynab-personal-access-token
# Optional: Specify a budget ID, or leave empty to use the default/first budget
YNAB_BUDGET_ID=

# Twilio Configuration (WhatsApp)
TWILIO_ACCOUNT_SID=your-twilio-account-sid
TWILIO_AUTH_TOKEN=your-twilio-auth-token
TWILIO_WHATSAPP_NUMBER=whatsapp:+14155238886
# Comma-separated list of WhatsApp numbers allowed to use the service (e.g., whatsapp:+1234567890)
# Use * to allow any number
ALLOWED_WHATSAPP_NUMBERS=
# Set to false to disable Twilio signature validation in development
TWILIO_SIGNATURE_VALIDATION=true
# If behind a reverse proxy, set this to your public webhook URL so signature validation works
# TWILIO_WEBHOOK_URL=https://your-domain.com/api/whatsapp/webhook
# Rate limiting: max messages per window (default: 10 messages per 60 seconds)
# WHATSAPP_RATE_LIMIT_MAX=10
# WHATSAPP_RATE_LIMIT_WINDOW=60

# Mailgun Configuration (Email channel)
MAILGUN_API_KEY=
MAILGUN_DOMAIN=
MAILGUN_WEBHOOK_SIGNING_KEY=
EMAIL_HMAC_SECRET=
# Rate limiting: max emails per window (default: 5 per 300 seconds)
# EMAIL_RATE_LIMIT_MAX=5
# EMAIL_RATE_LIMIT_WINDOW=300
# Set to false to disable Mailgun signature validation in development
MAILGUN_SIGNATURE_VALIDATION=true

# Obsidian Configuration (headless sync)
# Auth token from Obsidian account (Settings → Account → API token)
OBSIDIAN_AUTH_TOKEN=your-obsidian-auth-token
# Vault ID to sync (found in Obsidian sync settings)
OBSIDIAN_VAULT_ID=your-vault-id
# End-to-end encryption password (if vault uses E2E encryption)
OBSIDIAN_E2E_PASSWORD=
# Device name shown in Obsidian sync activity
OBSIDIAN_DEVICE_NAME=simbarag
# Set to true to run continuous sync in the background
OBSIDIAN_CONTINUOUS_SYNC=false
# Local path to Obsidian vault (where files are synced)
OBSIDIAN_VAULT_PATH=/app/data/obsidian