# MuseHub environment configuration template
# Copy to .env and fill in real values for local development.
# NEVER commit .env, .env.staging, .env.production, or .env.prod to version control.
#
# Secret generation:
#   openssl rand -hex 32   → for WEBHOOK_SECRET_KEY, RUNNER_TOKEN
#   openssl rand -hex 16   → for DB_PASSWORD
#
# Environments: local | staging | production
# NEVER set DEBUG=true in staging or production — it exposes internals.

# ── Core ─────────────────────────────────────────────────────────────────────

MUSE_ENV=local
DEBUG=true

# ── Database ──────────────────────────────────────────────────────────────────

DATABASE_URL=postgresql+asyncpg://musehub:musehub@postgres:5432/musehub
DB_PASSWORD=changeme

# ── Auth & secrets ────────────────────────────────────────────────────────────
# Generate with: openssl rand -hex 32

WEBHOOK_SECRET_KEY=changeme
RUNNER_TOKEN=changeme

# ── CORS ──────────────────────────────────────────────────────────────────────

CORS_ORIGINS=http://localhost:3000,https://localhost:1337

# ── Object storage ────────────────────────────────────────────────────────────
# Works with any S3-compatible backend: Cloudflare R2, MinIO, AWS S3.
# In Docker dev these are set via docker-compose.override.yml (MinIO).

# BLOB_STORAGE_BUCKET=muse-objects
# BLOB_STORAGE_ENDPOINT=http://localhost:9000
# BLOB_STORAGE_PUBLIC_ENDPOINT=http://localhost:9000
# BLOB_STORAGE_ACCESS_KEY_ID=minioadmin
# BLOB_STORAGE_SECRET_ACCESS_KEY=minioadmin
# BLOB_STORAGE_REGION=us-east-1

MUSEHUB_RELEASES_DIR=/data/releases

# ── Staging / production guidance ─────────────────────────────────────────────
# For staging and production deployments, values are injected into .env by
# deploy/secrets.sh from AWS SSM Parameter Store — do not edit .env manually.
# Run: MUSEHUB_ENV=staging bash deploy/secrets.sh
#
# secrets.sh sets all of the following automatically based on MUSEHUB_ENV:
#
# MUSE_ENV=staging                          # or 'production'
# DEBUG=false
# PUBLIC_URL=https://staging.musehub.ai     # prod: https://musehub.ai
# CORS_ORIGINS=["https://staging.musehub.ai"]
# DB_PASSWORD=<from SSM /musehub/staging/DB_PASSWORD>
# WEBHOOK_SECRET_KEY=<from SSM /musehub/staging/WEBHOOK_SECRET_KEY>
# RUNNER_TOKEN=<from SSM /musehub/staging/RUNNER_TOKEN>
# BLOB_STORAGE_BUCKET=musehub-staging       # prod: musehub-prod
# BLOB_STORAGE_ENDPOINT=https://<account>.r2.cloudflarestorage.com
# BLOB_STORAGE_REGION=auto
# BLOB_STORAGE_ACCESS_KEY_ID=<from SSM>
# BLOB_STORAGE_SECRET_ACCESS_KEY=<from SSM>
#
# SSM parameters managed at: /musehub/{staging,production}/<NAME>
# EC2 IAM role requires: ssm:GetParameter on /musehub/<env>/*