# Tinyauth Configuration

# App URL - publicly accessible URL
APP_URL=https://auth.fig.systems

# Timezone
TZ=America/Los_Angeles

# LDAP Configuration - Connect to LLDAP
LDAP_ADDRESS=ldap://lldap:3890
LDAP_BASE_DN=dc=fig,dc=systems
LDAP_BIND_DN=uid=admin,ou=people,dc=fig,dc=systems
# Must match LLDAP_LDAP_USER_PASS in lldap/.env
# Example format: MyS3cur3P@ssw0rd!2024#HomeL@b
LDAP_BIND_PASSWORD=changeme_please_set_secure_password
LDAP_SEARCH_FILTER=(uid=%s)
LDAP_INSECURE=true

# Optional: Local users (if you want fallback auth)
# Format: username:bcrypt_hash:totp_secret (totp_secret is optional)
# Generate hash with: docker run --rm -it ghcr.io/steveiliop56/tinyauth:latest hash <password>
# USERS=

# Session configuration
# Generate with: openssl rand -hex 32
# Example format: b2c3d4e5f67890abcdef1234567890a1b2c3d4e5f67890abcdef1234567890ab
SESSION_SECRET=changeme_please_set_random_session_secret
SESSION_MAX_AGE=86400

# Database (optional, uses SQLite by default at /data/tinyauth.db)
# DATABASE_URL=sqlite:///data/tinyauth.db