# Environment Strategy

## Environments

| Environment | Infrastructure | Config Source | Swagger |
|-------------|---------------|---------------|---------|
| Development | Local machine | appsettings.json / env vars | Enabled |
| Production | Linux server (self-hosted) | Environment variables | Disabled |

## Configuration

### appsettings.json Defaults
- `ResourcesConfig`: ResourcesFolder=`"Content"`, SuiteInstallerFolder=`"suite"`, SuiteStageInstallerFolder=`"suite-stage"`
- `JwtConfig`: Issuer=`"AzaionApi"`, Audience=`"Annotators/OrangePi/Admins"`, TokenLifetimeHours=`4`
- `ConnectionStrings` and `JwtConfig.Secret` are NOT in appsettings — must be provided via environment variables

Configuration is loaded via ASP.NET Core's `IConfiguration` with the following sections:

| Section | Purpose | Example Env Var |
|---------|---------|----------------|
| `ConnectionStrings.AzaionDb` | Reader DB connection | `ASPNETCORE_ConnectionStrings__AzaionDb` |
| `ConnectionStrings.AzaionDbAdmin` | Admin DB connection | `ASPNETCORE_ConnectionStrings__AzaionDbAdmin` |
| `JwtConfig.Secret` | JWT signing key | `ASPNETCORE_JwtConfig__Secret` |
| `JwtConfig.Issuer` | Token issuer | — |
| `JwtConfig.Audience` | Token audience | — |
| `JwtConfig.TokenLifetimeHours` | Token TTL | — |
| `ResourcesConfig.ResourcesFolder` | File storage root | — |
| `ResourcesConfig.SuiteInstallerFolder` | Prod installer dir | — |
| `ResourcesConfig.SuiteStageInstallerFolder` | Stage installer dir | — |

## Infrastructure Scripts (`env/`)

| Directory | Purpose |
|-----------|---------|
| `env/db/` | PostgreSQL install, role creation, schema DDL, migrations |
| `env/api/` | API server setup (Nginx reverse proxy, container management) |
| `env/rabbit/` | RabbitMQ install + config (not used by this API) |
| `env/cdn/` | MinIO object storage setup (not used by this API) |

## Database

- PostgreSQL on custom port 4312 (security through obscurity)
- Three DB roles: `azaion_superadmin` (owner), `azaion_admin` (read/write), `azaion_reader` (read-only)
- Schema managed via SQL scripts, no ORM migrations