meldestelle/.env.example

# ==========================================
#  Meldestelle – Docker Compose Environment
#  Single Source of Truth (SSoT)
# ==========================================
# ANLEITUNG:
#   1. Diese Datei nach ".env" kopieren: cp .env.example .env
#   2. Alle Werte mit <PLACEHOLDER> durch echte Werte ersetzen
#   3. Für lokale Entwicklung: KC_COMMAND=start-dev --import-realm
#      Für Server/Produktion:  KC_COMMAND=start --optimized --import-realm
# WARNING: Die .env-Datei enthält Secrets – NIEMALS in Git committen!

# --- PROJECT ---
PROJECT_NAME=meldestelle

# --- BACKUP ---
# SERVER: Pfad zum Backup-Verzeichnis (z.B. /home/<USER>/backups/meldestelle)
BACKUP_DIR=/home/<USER>/backups/meldestelle
BACKUP_RETENTION_DAYS=7

# Docker build versions (optional overrides)
DOCKER_VERSION=1.0.0-SNAPSHOT
DOCKER_BUILD_DATE=2026-02-02T15:00:00Z
DOCKER_GRADLE_VERSION=9.3.1
# Check if 25 is intended (Early Access) or if LTS 21 was meant
DOCKER_JAVA_VERSION=25
DOCKER_NODE_VERSION=24.12.0
DOCKER_NGINX_VERSION=1.28.0-alpine

# Postgres
POSTGRES_IMAGE=postgres:16-alpine
POSTGRES_USER=pg-user
POSTGRES_PASSWORD=pg-password
POSTGRES_DB=pg-meldestelle-db
POSTGRES_PORT=5432:5432
POSTGRES_DB_URL=jdbc:postgresql://postgres:5432/pg-meldestelle-db

# --- VALKEY (formerly Redis) ---
VALKEY_IMAGE=valkey/valkey:9-alpine
VALKEY_PASSWORD=
VALKEY_PORT=6379:6379
VALKEY_SERVER_HOSTNAME=valkey
VALKEY_SERVER_PORT=6379
VALKEY_SERVER_CONNECT_TIMEOUT=5s
VALKEY_POLICY=allkeys-lru
VALKEY_MAXMEMORY=256mb

# --- KEYCLOAK ---
KEYCLOAK_IMAGE_TAG=26.4
KC_HEAP_MIN=512M
KC_HEAP_MAX=1024M
# LOKAL:  start-dev --import-realm
# SERVER: start --optimized --import-realm  ← pre-built Registry-Image, kein start-dev!
KC_COMMAND=start --optimized --import-realm
KC_ADMIN_USERNAME=kc-admin
KC_ADMIN_PASSWORD=<SICHERES_PASSWORT>
KC_DB=postgres
KC_DB_SCHEMA=keycloak
KC_DB_PASSWORD=<SICHERES_PASSWORT>
# SERVER: Public Domain (z.B. auth.mo-code.at) - ohne http/https Prefix!
# LOKAL:  localhost
KC_HOSTNAME=<SERVER_IP_ODER_DOMAIN>
# false = Zugriff über beliebige Hostnamen erlaubt (nötig ohne TLS / für HTTP-Betrieb)
KC_HOSTNAME_STRICT=false
KC_HOSTNAME_STRICT_HTTPS=false
KC_PORT=8180:8080
KC_MANAGEMENT_PORT=9000:9000

# --- KEYCLOAK TOKEN VALIDATION ---
# Public Issuer URI: muss mit dem Hostname übereinstimmen, den Browser/App sieht
# LOKAL:  http://localhost:8180/realms/meldestelle
# SERVER: https://auth.mo-code.at/realms/meldestelle (via Pangolin)
SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_ISSUER_URI=http://<SERVER_IP_ODER_DOMAIN>:8180/realms/meldestelle
# Internal JWK Set URI: Service-zu-Service innerhalb Docker (immer keycloak:8080)
SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_JWK_SET_URI=http://keycloak:8080/realms/meldestelle/protocol/openid-connect/certs

# --- CONSUL ---
CONSUL_IMAGE=hashicorp/consul:1.22.1
CONSUL_PORT=8500:8500
CONSUL_UDP_PORT=8600:8600/udp
CONSUL_HOST=consul

# --- Zipkin ---
ZIPKIN_IMAGE=openzipkin/zipkin:3
ZIPKIN_HEAP=256m
ZIPKIN_PORT=9411:9411

# --- Mailpit ---
MAILPIT_IMAGE=axllent/mailpit:v1.29
MAILPIT_WEB_PORT=8025:8025
MAILPIT_SMTP_PORT=1025:1025

# --- PGADMIN ---
PGADMIN_IMAGE=dpage/pgadmin4:8
PGADMIN_EMAIL=meldestelle@mo-code.at
PGADMIN_PASSWORD=pgadmin
PGADMIN_PORT=8888:80

# --- POSTGRES-EXPORTER ---
POSTGRES_EXPORTER_IMAGE=prometheuscommunity/postgres-exporter:v0.18.0

# --- ALERTMANAGER ---
ALERTMANAGER_IMAGE=prom/alertmanager:v0.29.0
ALERTMANAGER_PORT=9093:9093

# --- PROMETHEUS ---
PROMETHEUS_IMAGE=prom/prometheus:v3.7.3
PROMETHEUS_PORT=9090:9090

# --- GRAFANA ---
GF_IMAGE=grafana/grafana:12.3
GF_ADMIN_USER=gf-admin
GF_ADMIN_PASSWORD=gf-password
GF_PORT=3000:3000

# --- API-GATEWAY ---
GATEWAY_PORT=8081:8081
GATEWAY_DEBUG_PORT=5005:5005
GATEWAY_SERVER_PORT=8081
GATEWAY_SPRING_PROFILES_ACTIVE=docker
GATEWAY_DEBUG=true
GATEWAY_SERVICE_NAME=api-gateway
GATEWAY_CONSUL_HOSTNAME=api-gateway
GATEWAY_CONSUL_PREFER_IP=true

# --- PING-SERVICE ---
PING_SPRING_PROFILES_ACTIVE=docker
PING_PORT=8082:8082
PING_DEBUG_PORT=5006:5006
PING_SERVER_PORT=8082
PING_DEBUG=true
PING_SERVICE_NAME=ping-service
PING_CONSUL_HOSTNAME=ping-service
PING_CONSUL_PREFER_IP=true

# --- WEB-APP ---
CADDY_VERSION=2.11-alpine
WEB_APP_PORT=4000:4000
WEB_BUILD_PROFILE=dev
# URL für API-Zugriffe vom Browser (Public URL via Pangolin)
# LOKAL:  http://localhost:8081
# SERVER: https://api.mo-code.at
WEB_APP_API_URL=http://localhost:8081
# URL für Keycloak-Zugriffe vom Browser (Public URL via Pangolin)
# LOKAL:  http://localhost:8180
# SERVER: https://auth.mo-code.at
WEB_APP_KEYCLOAK_URL=http://localhost:8180

# --- DESKTOP-APP ---
DESKTOP_APP_VNC_PORT=5901:5901
DESKTOP_APP_NOVNC_PORT=6080:6080