# Copy this file to .env and fill in your values
# .env is never committed (see .gitignore)

# --- Dev mode (set to true to skip Authentik login entirely) ---
AUTH_DISABLED=false

# --- Omada Controller ---
OMADA_BASE_URL=https://sdn.qwe.stranto.com:8043/
OMADA_USERNAME=api-user
OMADA_PASSWORD=secret
OMADA_VERIFY_SSL=false
# OpenAPI client credentials — required for reboot on Omada Controller v5.9+/v6+
# Create in Omada Controller: Settings → OpenAPI → Add Role → Add Client
OMADA_CLIENT_ID=
OMADA_CLIENT_SECRET=

# --- Authentik OIDC ---
AUTHENTIK_ISSUER=https://auth.stranto.com/application/o/qwe-salus/
AUTHENTIK_CLIENT_ID=
AUTHENTIK_CLIENT_SECRET=
# For local dev, use localhost; for production use the public URL
AUTHENTIK_REDIRECT_URI=http://localhost:8080/auth/callback

# --- Session ---
# Generate with: python -c "import secrets; print(secrets.token_hex(32))"
SESSION_SECRET_KEY=changeme_replace_with_random_string

# --- Database ---
# Defaults to /data/audit.db (Docker).  Override for local dev:
DB_PATH=./audit.db