#Copyright (c) Vaughn Nugent
#Licensed under the GNU AGPLv3

version: '3.6'

services:
  cmnext:
    build:
      context: .
    image: vnuge/cmnext
    container_name: cmnext
    restart: unless-stopped
    volumes:
      - ./data:/app/data
      - ./assets:/app/usr/assets:ro
      #uncomment to use your own ssl certs, otherwise a build-time cert will be used
      #- ./ssl/cert.pem:/app/ssl/cert.pem:ro
      #- ./ssl/key.pem:/app/ssl/key.pem:ro
    ports:
      - 8080:8080
    environment:
      CHANNEL_INDEX_FILE: "channels.json"   #required, should leave default unless you know what you are doing
      MAX_CONTENT_LENGTH: 204800000         #200MB max upload size
      MAX_LOGIN_ATTEMPS: "10"               #max login attempts before user account is locked out

      #SQL Config
      SQL_LIB_PATH: "VNLib.Plugins.Extensions.Sql.SQLite.dll"
      SQL_CONNECTION_STRING: "Data Source=data/cmnext.db;"    #when using a password, simply leave the password field blank

      #storage backend setup
      STORAGE_TYPE: "s3"              #s3 | ftp
      STORAGE_CUSTOM_ASSEMBLY: ""     #optional path to a custom storage assembly
      STORAGE_SERVER_ADDRESS: ""      #s3 or ftp server address
      STORAGE_USERNAME: ""            #s3 client id or ftp username
      STORAGE_BUCKET: ""              #s3 bucket or ftp root directory
      STORAGE_USE_SSL: "true"         #force ssl for connections
      S3_REGION: ""                   #optional s3 region when using s3 storage

      #HC Vault client config
      #HC_VAULT_ADDR: ""
      #HC_VAULT_TOKEN: ""
      #HC_VAULT_TRUST_CERT: "false"

      #VNCACHE (default to memory only)
      CACHE_ASM_PATH: "VNLib.Data.Caching.Providers.VNCache.dll"
      MEMCACHE_ONLY: "true"
      REDIS_CONNECTION_STRING: ""
      #at least one node required if MEMCACHE_ONLY is false
      VNCACHE_INITIAL_NODES: "[]"

      #SECRETS
      # All secrets may be a raw value, read from a file, 
      # an environment variable, or a vault path
      # file://mysecret.txt     reads the secret from a file (case sensitive)
      # env://MY_SECRET         reads the secret from an environment variable (case sensitive)
      # vault://kv/data/secret?secret=value   reads the value of the mysecret key in the secret/data path

      PASSWORD_PEPPER: ""     #Must be a base64 encoded value, of realtivley any size
      DATABASE_PASSWORD: ""   #overrides the 'Password' field in the SQL connection string
      REDIS_PASSWORD: ""      #only required if using a password protected redis server
      #if MEMCACHE_ONLY is false, then the following keys are required to connect to a VNCACHE cluster
      VNCACHE_CLIENT_PRIVATE_KEY: ""
      VNCACHE_CACHE_PUBLIC_KEY: ""
      #REQUIRED s3 or ftp secret key
      STORAGE_SECRET: ""

      #HTTP
      HTTP_DOWNSTREAM_SERVERS: '[]'   #a comma separated list of downstream (proxy) server ip addresses
      HTTP_TRACE_ON: "false"          #enable http trace logging, requires you to set --debug to SERVER_ARGS variable below

      #Very Verbose plugin logging, required --debug CLI flag, prints literally everything to the logger (it's annoying)
      DEBUG_PLUGINS: "false"

      SERVER_ARGS: ""