# ============================================================
# REQUIRED — copy this file to .env.production and fill in all values
# Generate random secrets with: openssl rand -base64 32
# ============================================================

# Database
# For self-hosted docker-compose: use the internal service name "db"
# Example: postgresql://postgres:STRONG_PASSWORD@db:5432/teressa
# (no ?sslmode=require needed for local docker network)
DATABASE_URL=postgresql://postgres:CHANGE_ME@db:5432/teressa

# Authentication secrets (generate with: openssl rand -base64 32)
SIGNING_JWT_SECRET=CHANGE_ME
AUTH_SECRET=CHANGE_ME
AUTH_TRUST_HOST=true

# Agent login credentials (what you use to log in to the portal)
AGENT_EMAIL=your@email.com
AGENT_PASSWORD=CHANGE_ME

# SMTP — email delivery for contact form and document notifications
# Resend (recommended): host=smtp.resend.com, port=465, user=resend, pass=re_xxxxxxx
# Gmail: host=smtp.gmail.com, port=587, user=your@gmail.com, pass=app-password
CONTACT_EMAIL_USER=your-smtp-username
CONTACT_EMAIL_PASS=your-smtp-password
CONTACT_SMTP_HOST=smtp.example.com
CONTACT_SMTP_PORT=587

# OpenAI — required for AI-assisted PDF field placement
OPENAI_API_KEY=sk-your-openai-key

# Application public URL (no trailing slash)
APP_BASE_URL=https://yourdomain.com

# Internal postgres password — must match DATABASE_URL above
# Only used by the db: service in docker-compose.yml
POSTGRES_PASSWORD=CHANGE_ME