# ------------------------------------------------------------------
#  OpenWebUI – core image / container
# ------------------------------------------------------------------
WEBUI_IMAGE=ghcr.io/open-webui/open-webui:main        # default image
WEBUI_NAME=open-webui                                # container name
WEBUI_PORT=3000                                      # host port to expose
WEBUI_VOLUME=open-webui_data                         # persistent data volume

# ------------------------------------------------------------------
#  OpenAI API key
# ------------------------------------------------------------------
OPENAI_API_KEY=sk-XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

# ------------------------------------------------------------------
#  OIDC / Keycloak configuration
# ------------------------------------------------------------------
OIDC_ENABLED=true                                     # enable OIDC
OIDC_ISSUER=https://keycloak.example.com/realms/myrealm  # Keycloak realm URL
OIDC_CLIENT_ID=openwebui-client                      # client ID created in Keycloak
OIDC_CLIENT_SECRET=your-client-secret                # client secret (if confidential)
OIDC_REDIRECT_URI=https://your-domain.com/auth/callback  # exact redirect URI in Keycloak
OIDC_SCOPE=openid email profile                      # scopes you want to request
OIDC_PKCE=true                                        # PKCE (recommended)