# annotations service — production environment template.
# Copy to .env (or set via the container orchestrator) and fill in real values.
# All variables marked REQUIRED cause startup to fail fast when missing.
# CHANGE_ME placeholders MUST be replaced before deploying to Production.

# REQUIRED — Postgres connection. Either a Linq2DB connection string or a
# postgresql://user:pass@host:port/db URL.
DATABASE_URL=postgresql://annotations_user:CHANGE_ME@CHANGE_ME_DB_HOST:5432/azaion

# REQUIRED — JWT verifier configuration. Values MUST match admin's JwtConfig
# in the same environment (admin/secrets/production.public.env shows the same
# Issuer/Audience pair).
JWT_ISSUER=AzaionApi
JWT_AUDIENCE=Annotators/OrangePi/Admins
JWT_JWKS_URL=https://admin.azaion.com/.well-known/jwks.json

# REQUIRED in Production — explicit CORS allow-list. Empty origins +
# AllowAnyOrigin=false aborts startup; AllowAnyOrigin=true is an explicit
# operator opt-in and MUST NOT be used in Production.
CorsConfig__AllowedOrigins__0=https://admin.azaion.com
CorsConfig__AllowedOrigins__1=CHANGE_ME_ANNOTATOR_UI_ORIGIN
CorsConfig__AllowAnyOrigin=false

# REQUIRED — RabbitMQ stream sync (suite-level credentials).
RABBITMQ_HOST=CHANGE_ME_RABBITMQ_HOST
RABBITMQ_STREAM_PORT=5552
RABBITMQ_PRODUCER_USER=azaion_producer
RABBITMQ_PRODUCER_PASS=CHANGE_ME
RABBITMQ_STREAM_NAME=azaion-annotations

# ASP.NET Core — set Production explicitly so the CORS validator's strict gate
# engages. Mirrors admin/secrets/production.public.env.
ASPNETCORE_ENVIRONMENT=Production
ASPNETCORE_URLS=http://+:8080