# Nextcloud
NEXTCLOUD_PORT=8080
NEXTCLOUD_ADMIN_USER=admin
NEXTCLOUD_ADMIN_PASSWORD=admin123
NEXTCLOUD_TRUSTED_DOMAINS=localhost 127.0.0.1 app

# PostgreSQL
POSTGRES_DB=nextcloud
POSTGRES_USER=nextcloud
POSTGRES_PASSWORD=nextcloudpass

# Redis
REDIS_PORT=6379

# Broker PostgreSQL
BROKER_DB_NAME=qortal_broker
BROKER_DB_USER=qortal_broker
BROKER_DB_PASSWORD=qortal_brokerpass

# Broker service
BROKER_PORT=3000
NEXTCLOUD_BASE_URL=http://app
# Optional: public URL reachable by the browser (used for logo assets on the broker login page).
NEXTCLOUD_PUBLIC_URL=http://localhost:8080
NEXTCLOUD_SERVICE_USER=admin
NEXTCLOUD_SERVICE_PASSWORD=admin123
BROKER_DATABASE_URL=postgresql://qortal_broker:qortal_brokerpass@broker_db:5432/qortal_broker
BROKER_INTERNAL_API_TOKEN=
# Optional comma-separated browser origins allowed for broker CORS (internal server-to-server calls do not use CORS).
BROKER_CORS_ALLOWED_ORIGINS=
# If using bundled External Auth (profile external-auth), set to http://external_auth:3191
QORTAL_EXTERNAL_AUTH_BASE_URL=http://gateway.docker.internal:3191
QORTAL_EXTERNAL_AUTH_APP_ID=
QORTAL_EXTERNAL_AUTH_APP_SECRET=
OIDC_ISSUER=http://broker:3000
OIDC_CLIENT_ID=nextcloud-local
OIDC_CLIENT_SECRET=dev-secret
OIDC_REDIRECT_URI_ALLOWLIST=http://localhost:8080/apps/user_oidc/code
OIDC_POLICY_MODE=link_only
OIDC_AUTO_PROVISION_GUARD=invite_or_allowlist
OIDC_INVITE_TTL_SECONDS=604800
OIDC_AUTH_REQUEST_TTL_SECONDS=600
OIDC_AUTH_CODE_TTL_SECONDS=120
OIDC_ACCESS_TOKEN_TTL_SECONDS=600
OIDC_ID_TOKEN_TTL_SECONDS=600
# Optional: override the logo shown on the OIDC login page.
# Defaults to ${NEXTCLOUD_BASE_URL}/apps/qortal_integration/img/QORT-logo-512.png
# OIDC_LOGIN_LOGO_URL=
# Optional: provide a persistent PEM key to avoid rotating signing keys on broker restarts.
# OIDC_PRIVATE_KEY_PEM=
# Optional: set a stable key ID if you provide your own key.
# OIDC_KEY_ID=

# External Auth container (optional)
EXTERNAL_AUTH_CONTEXT=../Qortal-External-Auth
EXTERNAL_AUTH_DOCKERFILE=Dockerfile
EXTERNAL_AUTH_PORT=3191

# Bundled Qortal node container (default)
QORTAL_NODE_CONTEXT=../qortal
QORTAL_NODE_DOCKERFILE=Dockerfile
QORTAL_NODE_GATEWAY_BIND_HOST=127.0.0.1
# Keep gateway as API-1 (e.g. 22391 -> 22390).
QORTAL_NODE_GATEWAY_HOST_PORT=12390
QORTAL_NODE_API_BIND_HOST=127.0.0.1
# Auto-selection script chooses API host port first.
QORTAL_NODE_API_HOST_PORT=12391
QORTAL_NODE_P2P_BIND_HOST=0.0.0.0
# Keep P2P as API+1 (e.g. 22391 -> 22392).
QORTAL_NODE_P2P_HOST_PORT=12392
QORTAL_NODE_QDN_BIND_HOST=0.0.0.0
# Keep QDN data as API+3 (e.g. 22391 -> 22394).
QORTAL_NODE_QDN_HOST_PORT=12394

# External Auth -> Qortal node URL (internal Docker network by default)
QORTAL_AUTH_NODE_URL=http://qortal_node:12391
# Optional Qortal node API key for external-auth when node restricts endpoints.
QORTAL_AUTH_NODE_API_KEY=
# auto: external-auth decides when header is required, paths: enforce for configured paths.
QORTAL_AUTH_NODE_API_KEY_MODE=auto
# If auto misses key-protected routes on your node, set mode=paths.
# Recommended path list when mode=paths (includes list endpoints used by Q-Apps).
QORTAL_AUTH_NODE_API_KEY_PATHS=/admin/,/transactions/process,/arbitrary/,/lists/