# Copy to .env (compose picks it up automatically). All values are overridable
# at deploy time; defaults in compose.yaml are sensible for lab use.

# ─── Web exposure ────────────────────────────────────────────────────────────
WEB_PORT=8080
CORS_ALLOW_ORIGIN=http://localhost:8080

# ─── Auth (LAB ONLY) ─────────────────────────────────────────────────────────
# When DEV_AUTH=1 the backend accepts a `dev_subject` in the login body
# instead of requiring the reverse-proxy header. Switch to 0 once mTLS
# termination is wired in front of nginx.
DEV_AUTH=1

# ─── Scheduler ───────────────────────────────────────────────────────────────
# 6-field cron: sec min hour day month weekday
CRON_SCHEDULE=0 0 3 * * *
DAYS_WINDOW=30

# ─── Storage ─────────────────────────────────────────────────────────────────
DATABASE_URL=sqlite:///data/smgw.db?mode=rwc

# ─── Sub-CA (TR-03129-4) ─────────────────────────────────────────────────────
SUB_CA_ENDPOINT=https://test-ca.local/soap

# ─── HSM (SoftHSMv2 inside container) ────────────────────────────────────────
HSM_MODULE=/usr/lib/softhsm/libsofthsm2.so

# ─── Logging ─────────────────────────────────────────────────────────────────
RUST_LOG=info,smgw_pki_automator=debug