# .env file for Semaphore with OpenID Connect

# --- Database Configuration ---
# Use a strong password for the database
POSTGRES_HOST=database
POSTGRES_USER=semaphore
POSTGRES_PASSWORD=your_strong_db_password
POSTGRES_DB=semaphore

# --- Semaphore Configuration ---
# Generate a random string for database encryption
# You can use a tool like "openssl rand -base64 32" to generate a string.
SEMAPHORE_DATABASE_ENCRYPTION=CHANGE_THIS_TO_A_RANDOM_STRING

# A user to be created on first start (if the database is empty)
SEMAPHORE_DEFAULT_USER=admin
SEMAPHORE_DEFAULT_EMAIL=admin@example.com
SEMAPHORE_DEFAULT_PASSWORD=your_secure_admin_password

# The port where Semaphore will listen
SEMAPHORE_PORT=3000

# The URL of your Semaphore instance. This is required for OpenID.
# Replace with the actual URL where you will access Semaphore.
SEMAPHORE_URL=http://localhost:3000

# --- OpenID Connect Configuration ---
# Enable OpenID Connect authentication
SEMAPHORE_OIDC_ENABLED=true

# Your OpenID provider's discovery URL.
# Example: https://accounts.google.com/.well-known/openid-configuration
SEMAPHORE_OIDC_DISCOVERY_URL=YOUR_OPENID_DISCOVERY_URL

# The client ID you get from your OpenID provider
SEMAPHORE_OIDC_CLIENT_ID=YOUR_CLIENT_ID

# The client secret you get from your OpenID provider
SEMAPHORE_OIDC_CLIENT_SECRET=YOUR_CLIENT_SECRET

# A list of OpenID users who will have admin privileges in Semaphore.
# The value should be the subject (sub) or email of the user.
# You can list multiple users separated by a comma, e.g., "user1,user2".
SEMAPHORE_OIDC_ADMIN_USERS=admin@example.com

# The scope to request from the OpenID provider.
# "openid" and "email" are standard. You may need more depending on your provider.
SEMAPHORE_OIDC_SCOPE=openid email

# --- Docker Compose Variables ---
# The host port you want to expose. The container's port is fixed at 3000.
SEMAPHORE_PORT_HOST=3000
POSTGRES_VOLUME_NAME=postgres-data