# tohka 生产部署主配置源（config.yaml）
# 使用方式：
# 1. cp deploy/docker/config.yaml.example deploy/docker/config.yaml
# 2. 按实际环境填写下面参数
# 3. python deploy/scripts/render_compose_env.py --input deploy/docker/config.yaml --output deploy/docker/.env
# 4. docker compose -f deploy/docker/compose.package.yml -f deploy/docker/compose.tohka.override.yml --env-file deploy/docker/.env up -d

project:
  name: termi-astro
  host: tohka
  compose_files:
    - deploy/docker/compose.package.yml
    - deploy/docker/compose.tohka.override.yml
  env_output: deploy/docker/.env

# 仅做文档/运维留档；docker compose 实际读取 compose_env
meta:
  blog_origin: https://blog.init.cool
  admin_origin: https://admin.blog.init.cool
  api_origin: https://api.blog.init.cool
  pocket_id_issuer: https://id.example.com
  pocket_id_client: admin.blog.init.cool

compose_env:
  BACKEND_PORT: 5150
  FRONTEND_PORT: 4321
  ADMIN_PORT: 4322
  BACKEND_MEMORY_LIMIT: 768m
  BACKEND_MEMORY_SWAP_LIMIT: 768m
  BACKEND_WORKER_MEMORY_LIMIT: 512m
  BACKEND_WORKER_MEMORY_SWAP_LIMIT: 512m
  FRONTEND_MEMORY_LIMIT: 256m
  FRONTEND_MEMORY_SWAP_LIMIT: 256m
  ADMIN_MEMORY_LIMIT: 128m
  ADMIN_MEMORY_SWAP_LIMIT: 128m

  APP_BASE_URL: https://admin.blog.init.cool
  INTERNAL_API_BASE_URL: http://backend:5150/api
  PUBLIC_API_BASE_URL: https://api.blog.init.cool
  PUBLIC_COMMENT_TURNSTILE_SITE_KEY: 1x00000000000000000000AA
  PUBLIC_WEB_PUSH_VAPID_PUBLIC_KEY: replace-with-web-push-vapid-public-key
  ADMIN_API_BASE_URL: https://admin.blog.init.cool
  ADMIN_FRONTEND_BASE_URL: https://blog.init.cool
  PUBLIC_IMAGE_ALLOWED_HOSTS: cdn.example.com,pub-xxxx.r2.dev

  DATABASE_URL: postgres://termi:replace-me@postgres.internal:5432/termi_api
  REDIS_URL: redis://redis.internal:6379
  JWT_SECRET: replace-with-a-long-random-secret
  JWT_EXPIRATION_SECONDS: 604800
  RUST_LOG: info

  SMTP_ENABLE: true
  SMTP_HOST: smtp.resend.com
  SMTP_PORT: 587
  SMTP_SECURE: false
  SMTP_USER: resend
  SMTP_PASSWORD: replace-with-smtp-password
  SMTP_HELLO_NAME: admin.blog.init.cool

  TERMI_ADMIN_TRUST_PROXY_AUTH: true
  TERMI_ADMIN_LOCAL_LOGIN_ENABLED: false
  TERMI_ADMIN_PROXY_SHARED_SECRET: replace-with-another-long-random-secret
  TERMI_TURNSTILE_SECRET_KEY: replace-with-turnstile-secret-key
  TERMI_WEB_PUSH_VAPID_PRIVATE_KEY: replace-with-web-push-vapid-private-key
  TERMI_WEB_PUSH_VAPID_SUBJECT: mailto:noreply@blog.init.cool

  BACKEND_IMAGE: git.init.cool/cool/termi-astro-backend:latest
  FRONTEND_IMAGE: git.init.cool/cool/termi-astro-frontend:latest
  ADMIN_IMAGE: git.init.cool/cool/termi-astro-admin:latest

notifications:
  ntfy:
    enabled: true
    base_url: https://ntfy.sh
    example_topic: your-team-topic
  timers:
    retry_deliveries: termi-retry-deliveries.timer
    weekly_digest: termi-weekly-digest.timer
    monthly_digest: termi-monthly-digest.timer

backups:
  offsite_target: /mnt/offsite/termi-astro-backups
  local_retention_days:
    postgres: 14
    markdown: 14
    media: 14
  timers:
    backup_all: termi-backup-all.timer
    backup_prune: termi-backup-prune.timer
    backup_offsite_sync: termi-backup-offsite-sync.timer

systemd:
  repo_path: /opt/termi-astro
  install_path: /etc/systemd/system
  enable_timers:
    - termi-retry-deliveries.timer
    - termi-weekly-digest.timer
    - termi-monthly-digest.timer
    - termi-backup-all.timer
    - termi-backup-prune.timer
    - termi-backup-offsite-sync.timer