# Gitea Mirror Configuration
# Copy this to .env and update with your values

# ===========================================
# CORE CONFIGURATION
# ===========================================

# Application Configuration
NODE_ENV=production
HOST=0.0.0.0
PORT=4321

# Database Configuration
# For self-hosted, SQLite is used by default
DATABASE_URL=sqlite://data/gitea-mirror.db

# Security
# Generate with: openssl rand -base64 32
BETTER_AUTH_SECRET=change-this-to-a-secure-random-string-in-production
BETTER_AUTH_URL=http://localhost:4321
# ENCRYPTION_SECRET=optional-encryption-key-for-token-encryption # Generate with: openssl rand -base64 48

# ===========================================
# DOCKER CONFIGURATION (Optional)
# ===========================================

# Docker Registry Configuration
DOCKER_REGISTRY=ghcr.io
DOCKER_IMAGE=arunavo4/gitea-mirror
DOCKER_TAG=latest

# ===========================================
# MIRROR CONFIGURATION (Optional)
# Can also be configured via web UI
# ===========================================

# GitHub Configuration
# GITHUB_USERNAME=your-github-username
# GITHUB_TOKEN=your-github-personal-access-token
# SKIP_FORKS=false
# PRIVATE_REPOSITORIES=false
# MIRROR_ISSUES=false
# MIRROR_WIKI=false
# MIRROR_STARRED=false
# MIRROR_ORGANIZATIONS=false
# PRESERVE_ORG_STRUCTURE=false
# ONLY_MIRROR_ORGS=false
# SKIP_STARRED_ISSUES=false

# Gitea Configuration
# GITEA_URL=http://gitea:3000
# GITEA_TOKEN=your-local-gitea-token
# GITEA_USERNAME=your-local-gitea-username
# GITEA_ORGANIZATION=github-mirrors
# GITEA_ORG_VISIBILITY=public
# DELAY=3600

# ===========================================
# OPTIONAL FEATURES
# ===========================================

# Database Cleanup Configuration
# CLEANUP_ENABLED=false
# CLEANUP_RETENTION_DAYS=7

# TLS/SSL Configuration
# GITEA_SKIP_TLS_VERIFY=false  # WARNING: Only use for testing

# ===========================================
# AUTHENTICATION CONFIGURATION
# ===========================================

# Header Authentication (for Reverse Proxy SSO)
# Enable automatic authentication via reverse proxy headers
# HEADER_AUTH_ENABLED=false
# HEADER_AUTH_USER_HEADER=X-Authentik-Username
# HEADER_AUTH_EMAIL_HEADER=X-Authentik-Email
# HEADER_AUTH_NAME_HEADER=X-Authentik-Name
# HEADER_AUTH_AUTO_PROVISION=false
# HEADER_AUTH_ALLOWED_DOMAINS=example.com,company.org