# ── Server B (port 3001) ─────────────────────────────────────────────────────
# Copy this file to tests/docker/sipher-b.env, then run:
#   bun run docker:generate-keys
# That will write unique federation keypairs into each tests/docker/sipher-*.env file.

NODE_ENV=development
PORT=3001

# Signals to auth.ts that this is the federation test cluster — disables the
# real EmailService construction without affecting Next.js dev/prod heuristics
# (Next.js statically rewrites process.env.NODE_ENV, which would otherwise
# defeat any NODE_ENV-based check at runtime).
SIPHER_TEST_MODE=true

# Public base URL as seen by OTHER federation peers inside the Docker network.
# Integration test scripts also run inside Docker on the same network, so this
# is always the right value; no host.docker.internal tricks needed.
BETTER_AUTH_URL=http://sipher-b:3001

# Must be unique per instance and kept secret in production.
BETTER_AUTH_SECRET=CHANGE_ME_SECRET_B

# Each instance gets its own Postgres database.
DATABASE_URL=postgresql://sipher:sipher_test@postgres:5432/sipher_b

# Each instance gets its own Redis logical DB so BullMQ queues don't cross-contaminate.
REDIS_URL=redis://redis:6379/1

# Allow federation fetches to other sipher-* service names (Docker internal DNS).
# The url-guard checks these by hostname before doing IP resolution, so this
# safely bypasses the private-IP block for intra-cluster traffic only.
DEV_ALLOWED_HOSTNAMES=sipher-a,sipher-b,sipher-c

# Needed because Docker container IPs are in the 172.x private range.
FEDERATION_ALLOW_PRIVATE_URLS=true

DEBUG=app:*,test:*

# ── Email (not required for federation tests — leave empty to disable) ────────
EMAIL_HOST=
EMAIL_PORT=
EMAIL_SECURE=
EMAIL_USER=
EMAIL_PASSWORD=

# ── MinIO (not exercised by the federation tests, but minio.client.ts throws
#    at import time if any of these are unset, so dummy values keep auth loadable)
MINIO_BUCKET=sipher-test
MINIO_ENDPOINT=minio.local
MINIO_PORT=9000
MINIO_USE_SSL=false
MINIO_ACCESS_KEY=test-access-key
MINIO_SECRET_KEY=test-secret-key

# ── Federation keys — filled in by: bun run docker:generate-keys ─────────────
FEDERATION_PUBLIC_KEY=
FEDERATION_PRIVATE_KEY=
FEDERATION_ENCRYPTION_PUBLIC_KEY=
FEDERATION_ENCRYPTION_PRIVATE_KEY=