# ATCR Hold Service Configuration
# Copy this file to .env and fill in your values

# ==============================================================================
# Required Configuration
# ==============================================================================

# Hold service public URL (REQUIRED)
# The hostname becomes the hold name/record key
# Examples: https://hold1.atcr.io, http://127.0.0.1:8080
HOLD_PUBLIC_URL=http://127.0.0.1:8080

# ==============================================================================
# Storage Configuration
# ==============================================================================

# Storage driver type (s3, filesystem)
# Default: s3
#
# S3 Presigned URLs:
#   When using S3 storage, presigned URLs are automatically enabled for direct
#   client ↔ S3 transfers. This eliminates the hold service as a bandwidth
#   bottleneck, reducing hold bandwidth by ~99% for push/pull operations.
#   Falls back to proxy mode automatically for non-S3 drivers.
STORAGE_DRIVER=filesystem

# S3 Access Credentials
AWS_ACCESS_KEY_ID=your_access_key
AWS_SECRET_ACCESS_KEY=your_secret_key

# S3 Region
# For third-party S3 providers, this is ignored when S3_ENDPOINT is set,
# but must be a valid AWS region (e.g., us-east-1) to pass validation.
# Default: us-east-1
AWS_REGION=us-east-1

# S3 Bucket Name
S3_BUCKET=atcr-blobs

# S3 Endpoint (for S3-compatible services like Storj, Minio, UpCloud)
# Examples:
#   - Storj: https://gateway.storjshare.io
#   - UpCloud: https://[bucket-id].upcloudobjects.com
#   - Minio: http://minio:9000
# Leave empty for AWS S3
# S3_ENDPOINT=https://gateway.storjshare.io

# For filesystem driver:
# STORAGE_DRIVER=filesystem
# STORAGE_ROOT_DIR=/var/lib/atcr/hold

# ==============================================================================
# Server Configuration
# ==============================================================================

# Server listen address (default: :8080)
# HOLD_SERVER_ADDR=:8080

# Allow public blob reads (pulls) without authentication
# Writes (pushes) always require crew membership via PDS
# Default: false
HOLD_PUBLIC=false

# ATProto relay endpoint for requesting crawl on startup
# This makes the hold's embedded PDS discoverable by the relay network
# Default: https://bsky.network (set to empty string to disable)
# HOLD_RELAY_ENDPOINT=https://bsky.network

# ==============================================================================
# Embedded PDS Configuration
# ==============================================================================

# Directory path for embedded PDS carstore (SQLite database)
# Default: /var/lib/atcr-hold
# If empty, embedded PDS is disabled
#
# Note: This should be a directory path, NOT a file path
# Carstore creates db.sqlite3 inside this directory
#
# The embedded PDS makes the hold a proper ATProto user with:
# - did:web identity (derived from HOLD_PUBLIC_URL hostname)
# - DID document at /.well-known/did.json
# - XRPC endpoints for crew management
# - ATProto blob endpoints (wraps existing presigned URL logic)
HOLD_DATABASE_DIR=/var/lib/atcr-hold

# Path to signing key (auto-generated on first run if missing)
# Default: {HOLD_DATABASE_DIR}/signing.key
# HOLD_KEY_PATH=/var/lib/atcr-hold/signing.key

# ==============================================================================
# Bluesky Integration
# ==============================================================================

# Enable Bluesky posts when users push container images (default: false)
# When enabled, the hold's embedded PDS will create posts announcing image pushes
# Synced to captain record's enableBlueskyPosts field on startup
# HOLD_BLUESKY_POSTS_ENABLED=false

# ==============================================================================
# Registration (REQUIRED)
# ==============================================================================

# Your ATProto DID (REQUIRED for registration)
# Get your DID: https://bsky.social/xrpc/com.atproto.identity.resolveHandle?handle=yourhandle.bsky.social
#
# On first run with HOLD_OWNER set:
#   1. Hold service will print an OAuth URL to the logs
#   2. Visit the URL in your browser to authorize
#   3. Hold service creates hold + crew records in your PDS
#   4. Registration complete!
#
# On subsequent runs:
#   - Hold service checks if already registered
#   - Skips OAuth if records exist
#
HOLD_OWNER=did:plc:your-did-here

# ==============================================================================
# Logging Configuration
# ==============================================================================

# Log level: debug, info, warn, error (default: info)
ATCR_LOG_LEVEL=debug

# Log formatter: text, json (default: text)
# ATCR_LOG_FORMATTER=text