# Authentik Environment Configuration
# Generated by rick-infra Ansible role

# Database Configuration
AUTHENTIK_POSTGRESQL__HOST={{ authentik_db_host }}
AUTHENTIK_POSTGRESQL__PORT={{ authentik_db_port }}
AUTHENTIK_POSTGRESQL__NAME={{ authentik_db_name }}
AUTHENTIK_POSTGRESQL__USER={{ authentik_db_user }}
AUTHENTIK_POSTGRESQL__PASSWORD={{ authentik_db_password }}

# Cache Configuration (Valkey/Redis)
AUTHENTIK_REDIS__HOST={{ authentik_redis_host }}
AUTHENTIK_REDIS__PORT={{ authentik_redis_port }}
AUTHENTIK_REDIS__DB={{ authentik_redis_db }}
{% if authentik_redis_password %}
AUTHENTIK_REDIS__PASSWORD={{ authentik_redis_password }}
{% endif %}

# Core Configuration
AUTHENTIK_SECRET_KEY={{ authentik_secret_key }}
AUTHENTIK_ERROR_REPORTING__ENABLED={{ authentik_error_reporting_enabled | lower }}
AUTHENTIK_DISABLE_UPDATE_CHECK={{ authentik_disable_update_check | lower }}
AUTHENTIK_DISABLE_STARTUP_ANALYTICS={{ authentik_disable_startup_analytics | lower }}

# Worker Configuration
AUTHENTIK_WORKER__CONCURRENCY={{ authentik_worker_concurrency }}

# Email Configuration
{% if authentik_email_host %}
AUTHENTIK_EMAIL__HOST={{ authentik_email_host }}
AUTHENTIK_EMAIL__PORT={{ authentik_email_port }}
AUTHENTIK_EMAIL__USERNAME={{ authentik_email_username }}
AUTHENTIK_EMAIL__PASSWORD={{ authentik_email_password }}
AUTHENTIK_EMAIL__USE_TLS={{ authentik_email_use_tls | lower }}
AUTHENTIK_EMAIL__FROM={{ authentik_email_from }}
{% endif %}

# Trust reverse proxy headers
AUTHENTIK_LISTEN__TRUSTED_PROXY_CIDRS=127.0.0.1/32,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16