# AIDA EAP-TLS Provisioning System - Production Environment Variables
# Copy this file to .env and update with your values

# =============================================================================
# Database Configuration
# =============================================================================
POSTGRES_USER=provisioning
POSTGRES_PASSWORD=provisioning_password
POSTGRES_DB=provisioning_db
POSTGRES_PORT=5433

# =============================================================================
# Application Version (for Docker images)
# =============================================================================
# Use 'latest' or specific version like '0.25.0'
VERSION=latest

# =============================================================================
# Backend Configuration
# =============================================================================
NODE_ENV=production
PORT=3000
BACKEND_PORT=3000

# =============================================================================
# Frontend Configuration
# =============================================================================
FRONTEND_PORT=3001
# Update this to match your server's IP or domain
REACT_APP_API_URL=http://localhost:3000/api

# =============================================================================
# RADIUS Configuration (fallback - settings stored in database)
# =============================================================================
RADIUS_SERVER_IP=192.168.1.65
RADIUS_SECRET=testing123
RADIUS_AUTH_PORT=1812
RADIUS_ACCT_PORT=1813

# =============================================================================
# Certificate Configuration
# =============================================================================
# CA paths (fallback - CA stored in database)
CA_KEY_PATH=/app/freeradius/ca/ca.key
CA_CERT_PATH=/app/freeradius/ca/ca.crt
CA_VALIDITY_DAYS=3650
DEVICE_CERT_VALIDITY_DAYS=365
CERT_KEY_SIZE=2048

# FreeRADIUS certificate directories
FREERADIUS_CERTS_DIR=/etc/freeradius/certs
FREERADIUS_CA_DIR=/etc/freeradius/ca

# =============================================================================
# Security Configuration
# =============================================================================
# IMPORTANT: Generate strong random strings for production!
# Use: openssl rand -base64 32
ENCRYPTION_KEY=uS9KzZTdT6WrnOGSZfNdsjBTKcrumxOQQH74CPmp8tY=
JWT_SECRET=change-me-in-production-generate-random-string
SESSION_SECRET=change-me-in-production-generate-random-string

# Authentication (set to true to disable authentication - NOT recommended for production)
DISABLE_AUTH=false
API_KEY_HEADER=X-API-Key

# =============================================================================
# Device API Configuration
# =============================================================================
DEVICE_API_TIMEOUT=30000
DEVICE_API_REJECT_UNAUTHORIZED=false

# =============================================================================
# Device Discovery Configuration
# =============================================================================
PROVISIONING_VLAN_SUBNET=192.168.1.0/24
PROVISIONING_VLAN_START_IP=192.168.1.1
PROVISIONING_VLAN_END_IP=192.168.1.254
MAX_SCAN_IPS=255
SKIP_SUBNET_SCAN=false
DEVICE_QUERY_TIMEOUT=10000
MAX_CONCURRENT_QUERIES=100
PING_TIMEOUT=1000
MAX_CONCURRENT_PINGS=200
