# Production Environment Configuration
# Auto-generated from template - DO NOT EDIT DIRECTLY
# Generated on: {{ ansible_date_time.date }} {{ ansible_date_time.time }}
# Image Tag: {{ IMAGE_TAG }}
# Environment: {{ environment }}

# Project Configuration
COMPOSE_PROJECT_NAME={{ project_name | default('michaelschiemer') }}
DOMAIN_NAME={{ DOMAIN_NAME }}
IMAGE_TAG={{ IMAGE_TAG }}

# Environment
APP_ENV=production
APP_DEBUG=false
APP_TIMEZONE={{ timezone | default('Europe/Berlin') }}
APP_LOCALE={{ locale | default('de') }}

# SSL/HTTPS Configuration
APP_SSL_ENABLED=true
SSL_CERT_PATH=/etc/letsencrypt/live/{{ DOMAIN_NAME }}
FORCE_HTTPS=true

# Database Configuration (Production)
DB_DRIVER={{ DB_DRIVER | default('mysql') }}
DB_HOST={{ DB_HOST | default('db') }}
DB_PORT={{ DB_PORT | default(3306) }}
DB_DATABASE={{ DB_DATABASE }}
DB_USERNAME={{ DB_USERNAME }}
DB_PASSWORD={{ DB_PASSWORD }}
DB_ROOT_PASSWORD={{ DB_ROOT_PASSWORD }}
DB_CHARSET=utf8mb4
DB_COLLATION=utf8mb4_unicode_ci

# Redis Configuration
REDIS_HOST={{ REDIS_HOST | default('redis') }}
REDIS_PORT={{ REDIS_PORT | default(6379) }}
REDIS_PASSWORD={{ REDIS_PASSWORD }}
REDIS_DATABASE=0
REDIS_PREFIX={{ project_name | default('michaelschiemer') }}_prod_

# Session Configuration (Production Security)
SESSION_DRIVER=redis
SESSION_LIFETIME=120
SESSION_ENCRYPT=true
SESSION_SECURE_COOKIE=true
SESSION_HTTP_ONLY=true
SESSION_SAME_SITE=strict

# Session Fingerprinting (Production Security)
SESSION_FINGERPRINT_STRICT=true
SESSION_FINGERPRINT_USER_AGENT=true
SESSION_FINGERPRINT_ACCEPT_LANGUAGE=true
SESSION_FINGERPRINT_IP_PREFIX=true
SESSION_FINGERPRINT_THRESHOLD=0.8

# Cache Configuration
CACHE_DRIVER=redis
CACHE_TTL=3600
CACHE_PREFIX={{ project_name | default('michaelschiemer') }}_cache_prod_

# Queue Configuration
QUEUE_DRIVER=redis
QUEUE_CONNECTION=redis
QUEUE_PREFIX={{ project_name | default('michaelschiemer') }}_queue_prod_
WORKER_QUEUE=production
WORKER_TIMEOUT=300
WORKER_MEMORY_LIMIT=512
WORKER_SLEEP=1
WORKER_TRIES=5
WORKER_BATCH_SIZE=10

# Mail Configuration (Production)
MAIL_DRIVER={{ MAIL_DRIVER }}
MAIL_HOST={{ MAIL_HOST }}
MAIL_PORT={{ MAIL_PORT }}
MAIL_USERNAME={{ MAIL_USERNAME }}
MAIL_PASSWORD={{ MAIL_PASSWORD }}
MAIL_ENCRYPTION={{ MAIL_ENCRYPTION | default('tls') }}
MAIL_FROM_ADDRESS={{ MAIL_FROM_ADDRESS | default('kontakt@michaelschiemer.de') }}
MAIL_FROM_NAME="{{ MAIL_FROM_NAME | default('Michael Schiemer') }}"

# Logging Configuration (Production)
LOG_CHANNEL=stack
LOG_LEVEL=warning
LOG_STACK_CHANNELS=single,syslog
LOG_ROTATE_DAYS=30
LOG_MAX_FILES=10

# External APIs (Production)
SHOPIFY_WEBHOOK_SECRET={{ SHOPIFY_WEBHOOK_SECRET }}
RAPIDMAIL_USERNAME={{ RAPIDMAIL_USERNAME }}
RAPIDMAIL_PASSWORD={{ RAPIDMAIL_PASSWORD }}
RAPIDMAIL_TEST_MODE=false

# Analytics Configuration (Production)
ANALYTICS_ENABLED=true
ANALYTICS_TRACK_PAGE_VIEWS=true
ANALYTICS_TRACK_API_CALLS=true
ANALYTICS_TRACK_USER_ACTIONS=true
ANALYTICS_TRACK_ERRORS=true
ANALYTICS_TRACK_PERFORMANCE=true

# Monitoring & Health Checks
PROMETHEUS_ENABLED={{ PROMETHEUS_ENABLED | default(true) }}
PROMETHEUS_PORT={{ PROMETHEUS_PORT | default(9090) }}
GRAFANA_ADMIN_PASSWORD={{ GRAFANA_ADMIN_PASSWORD }}

# Security Configuration
APP_KEY={{ APP_KEY }}
CSRF_TOKEN_LIFETIME=7200
RATE_LIMIT_PER_MINUTE=60
MAX_LOGIN_ATTEMPTS=5
LOGIN_LOCKOUT_DURATION=900

# Performance Configuration (Production)
PHP_MEMORY_LIMIT={{ PHP_MEMORY_LIMIT | default('512M') }}
PHP_MAX_EXECUTION_TIME={{ PHP_MAX_EXECUTION_TIME | default(30) }}
PHP_OPCACHE_ENABLE=1
PHP_OPCACHE_MEMORY_CONSUMPTION={{ PHP_OPCACHE_MEMORY_CONSUMPTION | default(256) }}
PHP_OPCACHE_MAX_ACCELERATED_FILES=20000
PHP_OPCACHE_REVALIDATE_FREQ=0
PHP_OPCACHE_VALIDATE_TIMESTAMPS=0
PHP_REALPATH_CACHE_SIZE=4M
PHP_REALPATH_CACHE_TTL=3600

# Nginx Configuration (Production)
NGINX_WORKER_PROCESSES={{ ansible_processor_vcpus | default(4) }}
NGINX_WORKER_CONNECTIONS=2048
NGINX_KEEPALIVE_TIMEOUT=65
NGINX_CLIENT_MAX_BODY_SIZE=50m

# Database Performance (Production)
MYSQL_INNODB_BUFFER_POOL_SIZE=1G
MYSQL_INNODB_LOG_FILE_SIZE=256M
MYSQL_MAX_CONNECTIONS=100
MYSQL_QUERY_CACHE_SIZE=0

# Backup Configuration
BACKUP_ENABLED={{ BACKUP_ENABLED | default(true) }}
BACKUP_SCHEDULE={{ BACKUP_SCHEDULE | default('0 2 * * *') }}
BACKUP_RETENTION_DAYS={{ BACKUP_RETENTION_DAYS | default(30) }}
{% if S3_BACKUP_ENABLED | default(false) %}
BACKUP_S3_BUCKET={{ BACKUP_S3_BUCKET }}
BACKUP_S3_ACCESS_KEY={{ BACKUP_S3_ACCESS_KEY }}
BACKUP_S3_SECRET_KEY={{ BACKUP_S3_SECRET_KEY }}
{% endif %}

# SSL/TLS Configuration
SSL_PROTOCOLS=TLSv1.2 TLSv1.3
SSL_CIPHERS=ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384
SSL_PREFER_SERVER_CIPHERS=off
SSL_SESSION_CACHE_SIZE=10m
SSL_SESSION_TIMEOUT=10m

# Container User IDs (Production)
UID=33
GID=33

# Restart Policy
RESTART_POLICY=always

# Resource Limits (Production)
PHP_MEMORY_LIMIT_DOCKER={{ PHP_MEMORY_LIMIT_DOCKER | default('2G') }}
PHP_CPU_LIMIT={{ PHP_CPU_LIMIT | default('2.0') }}
NGINX_MEMORY_LIMIT_DOCKER={{ NGINX_MEMORY_LIMIT_DOCKER | default('256M') }}
NGINX_CPU_LIMIT={{ NGINX_CPU_LIMIT | default('0.5') }}
DB_MEMORY_LIMIT_DOCKER={{ DB_MEMORY_LIMIT_DOCKER | default('2G') }}
DB_CPU_LIMIT={{ DB_CPU_LIMIT | default('2.0') }}
REDIS_MEMORY_LIMIT_DOCKER={{ REDIS_MEMORY_LIMIT_DOCKER | default('1G') }}
REDIS_CPU_LIMIT={{ REDIS_CPU_LIMIT | default('0.5') }}