# Tinyauth Configuration

# App URL - publicly accessible URL
APP_URL=https://auth.fig.systems

# Timezone
TZ=America/Los_Angeles

# LDAP Configuration - Connect to LLDAP
LDAP_ADDRESS=ldap://lldap:3890
LDAP_BASE_DN=dc=fig,dc=systems
LDAP_BIND_DN=uid=admin,ou=people,dc=fig,dc=systems
LDAP_BIND_PASSWORD=changeme_please_set_secure_password
LDAP_SEARCH_FILTER=(uid=%s)
LDAP_INSECURE=true

# Optional: Local users (if you want fallback auth)
# Format: username:bcrypt_hash:totp_secret (totp_secret is optional)
# Generate hash with: docker run --rm -it ghcr.io/steveiliop56/tinyauth:latest hash <password>
# USERS=

# Session configuration
SESSION_SECRET=changeme_please_set_random_session_secret
SESSION_MAX_AGE=86400

# Database (optional, uses SQLite by default at /data/tinyauth.db)
# DATABASE_URL=sqlite:///data/tinyauth.db