################################################################
# Base Configuration
################################################################
DOCKERDIR=/CHAMGEME/Homelab-docker-server
PUID=root
PGID=root
TZ=Europe/Paris
DOMAINNAME=CHANGE_ME
################################################################
# SMTP  Configuration base conf wit google smtp
# https://support.google.com/accounts/answer/185833?hl=fr
################################################################
SMPT_EMAIL_HOST=smtp.gmail.com
SMPT_EMAIL_PORT=25
SMPT_EMAIL_USERNAME=gmail_smtp_username # secrets name
SMPT_EMAIL_PASSWORD=gmail_smtp_password # secrets name
SMPT_EMAIL_USE_TLS=true
SMPT_EMAIL_USE_SSL=false
SMPT_EMAIL_TIMEOUT=10
SMPT_EMAIL_FROM=gmail_smtp_username # secrets name

################################################################
#################### Traefik 3 - June 2024 #####################
# Cloudflare IPs (IPv4 and/or IPv6): https://www.cloudflare.com/ips/
################################################################

CF_EMAIL=CHANGEME
CLOUDFLARE_IPS=173.245.48.0/20,103.21.244.0/22,103.22.200.0/22,103.31.4.0/22,141.101.64.0/18,108.162.192.0/18,190.93.240.0/20,188.114.96.0/20,197.234.240.0/22,198.41.128.0/17,162.158.0.0/15,104.16.0.0/13,104.24.0.0/14,172.64.0.0/13,131.0.72.0/22
LOCAL_IPS=127.0.0.1/32,10.0.0.0/8,192.168.0.0/16,172.16.0.0/12

################################################################
# Secrets command
################################################################
SECRETS_RUN=/run/secrets/
SECRETS_FILE=file://${SECRETS_RUN}

################################################################
# Proxy services
################################################################

DOCKER_HOST=tcp://socket-proxy:2375

################################################################
# Traefik Configuration
# generate TRAEFIK_DASHBOARD_CREDENTIALS here :  https://www.web2generators.com/apache-tools/htpasswd-generator
################################################################

TRAEFIK_DASHBOARD_CREDENTIALS=CHANGE_ME
TRAEFIK_DASHBOARD_NAME=traefik-dashboard
TRAEFIK_DASHBOARD_HOST=${TRAEFIK_DASHBOARD_NAME}.${DOMAINNAME}

# Traefik load balancing
# https://gethomepage.dev/latest/widgets/services/traefik/
HOMEPAGE_VAR_TRAEFIK_URL_EXTERNAL=https://${TRAEFIK_DASHBOARD_HOST}
HOMEPAGE_VAR_TRAEFIK_USERNAME=admin
HOMEPAGE_VAR_TRAEFIK_PASSWORD=CHANGE_ME

################################################################
# Portainer Configuration
################################################################
PORTAINER_SERVICE_NAME=portainer
PORTAINER_HOST=${PORTAINER_SERVICE_NAME}.${DOMAINNAME}
PORTAINER_URL=http://${PORTAINER_SERVICE_NAME}:9000

# Homepage configuration for Portainer
# https://gethomepage.dev/latest/widgets/services/portainer/
HOMEPAGE_VAR_PORTAINER_URL_EXTERNAL=https://${PORTAINER_HOST}
HOMEPAGE_VAR_PORTAINER_URL_INTERNAL=${PORTAINER_URL}
HOMEPAGE_VAR_PORTAINER_KEY=CHANGE_ME

################################################################
# Authentik Configuration
################################################################

AUTHENTIK_SERVICE_NAME=authentik_server
AUTHENTIK_SERVICE_PORT=9000
AUTHENTIK_COOKIE_DOMAIN=${DOMAINNAME}
AUTHENTIK_HOST=authentik.${DOMAINNAME}
AUTHENTIK_URL=http://${AUTHENTIK_SERVICE_NAME}:${AUTHENTIK_SERVICE_PORT}
AUTHENTIK_OUTPOST_PATH_PREFIX=/outpost.goauthentik.io/

POSTGRES_PASSWORD_FILE=${SECRETS_RUN}authentik_postgresql_password
#POSTGRES_USER_FILE=${SECRETS_RUN}authentik_postgresql_user
POSTGRES_USER_FILE=${SECRETS_RUN}authentik_postgresql_db
POSTGRES_DB_FILE=${SECRETS_RUN}authentik_postgresql_db
AUTHENTIK_REDIS__HOST=authentik_redis
AUTHENTIK_POSTGRESQL__HOST=authentik_postgresql
AUTHENTIK_POSTGRESQL__NAME=${SECRETS_FILE}authentik_postgresql_db
#AUTHENTIK_POSTGRESQL__USER=${SECRETS_FILE}authentik_postgresql_user
AUTHENTIK_POSTGRESQL__USER=${SECRETS_FILE}authentik_postgresql_db
AUTHENTIK_POSTGRESQL__PASSWORD=${SECRETS_FILE}authentik_postgresql_password
AUTHENTIK_DISABLE_STARTUP_ANALYTICS=true
AUTHENTIK_DISABLE_UPDATE_CHECK=false
AUTHENTIK_ERROR_REPORTING__ENABLED=false
AUTHENTIK_LOG_LEVEL=info # debug, info, warning, error, trace
AUTHENTIK_SECRET_KEY=${SECRETS_FILE}authentik_secret_key # openssl rand 60 | base64 -w 0
AUTHENTIK_COOKIE_DOMAIN=${DOMAINNAME}
# AUTHENTIK_LISTEN__TRUSTED_PROXY_CIDRS: CHANGEME_IFAPPLICABLE # Defaults to all of: 127.0.0.0/8, 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, fe80::/10, ::1/128
DOCKER_HOST=tcp://socket-proxy:2375 # Use this if you have Socket Proxy enabled.

# SMPT authentik configuration
AUTHENTIK_EMAIL__HOST=${SMPT_EMAIL_HOST}
AUTHENTIK_EMAIL__PORT=${SMPT_EMAIL_PORT}
AUTHENTIK_EMAIL__USERNAME=${SECRETS_FILE}${SMPT_EMAIL_USERNAME}
AUTHENTIK_EMAIL__PASSWORD=${SECRETS_FILE}${SMPT_EMAIL_PASSWORD}
AUTHENTIK_EMAIL__USE_TLS=${SMPT_EMAIL_USE_TLS}
AUTHENTIK_EMAIL__USE_SSL=${SMPT_EMAIL_USE_SSL}
AUTHENTIK_EMAIL__TIMEOUT=${SMPT_EMAIL_TIMEOUT}
AUTHENTIK_EMAIL__FROM=${SECRETS_FILE}${SMPT_EMAIL_FROM}

# Homepage configuration for Authentik
# https://gethomepage.dev/latest/widgets/services/authentik/
HOMEPAGE_VAR_AUTHENTIK_URL_EXTERNAL=https://${AUTHENTIK_HOST}
HOMEPAGE_VAR_AUTHENTIK_URL_INTERNAL=${AUTHENTIK_URL}
HOMEPAGE_VAR_AUTHENTIK_API_KEY=CHANGE_ME

################################################################
# GeoIP Configuration
# Go to https://dev.maxmind.com/geoip/geolite2-free-geolocation-data in order to generate a free license key 
# https://www.maxmind.com/en/accounts/current/license-key for use.
################################################################
GEOIPUPDATE_EDITION_IDS="GeoLite2-City GeoLite2-ASN"
GEOIPUPDATE_FREQUENCY=8
GEOIPUPDATE_ACCOUNT_ID_FILE=${SECRETS_RUN}geoip_acccount_id
GEOIPUPDATE_LICENSE_KEY_FILE=${SECRETS_RUN}geoip_license_key

################################################################
# Crowdsec Configuration
################################################################
CROWDSEC_TRAEFIK_BOUNCER_LAPI_KEY=CHANGE_ME #to get api key : docker exec crowdsec cscli bouncers add traefik-bouncer

# Homepage configuration for Crowdsec
# got to /appdata/crowdsec/config/local_api_credentials.yaml and past HOMEPAGE_VAR_CROWDSEC_PASSWORD value
HOMEPAGE_VAR_CROWDSEC_WEBSITE=https://app.crowdsec.net
HOMEPAGE_VAR_CROWDSEC_URL_INTERNAL=http://crowdsec:8080
HOMEPAGE_VAR_CROWDSEC_USERNAME=localhost
HOMEPAGE_VAR_CROWDSEC_PASSWORD=CHANGE_ME

################################################################
# Homepage Configuration
################################################################
HOMEPAGE_SERVICE_NAME=homepage
HOMEPAGE_PORT=3000
HOMEPAGE_HOST=${HOMEPAGE_SERVICE_NAME}.${DOMAINNAME}
HOMEPAGE_URL=http://${HOMEPAGE_SERVICE_NAME}:${HOMEPAGE_PORT}

################################################################
# Cloudflare Configuration (not a docker)
################################################################
HOMEPAGE_VAR_CLOUDFLARE_URL=https://dash.cloudflare.com/login/?lang=fr-fr

################################################################
# qBittorrent Configuration
################################################################
TORRENT_SERVICE_NAME=torrent
TORRENT_PORT=8090
TORRENT_HOST=${TORRENT_SERVICE_NAME}.${DOMAINNAME}
TORRENT_URL=http://CHANGE_ME:${TORRENT_PORT} # service name host not work actually, just add docker host ip

# Homepage configuration for qBittorrent
# See Homepage tutorial: https://gethomepage.dev/latest/widgets/services/qbittorrent/
HOMEPAGE_VAR_QBITTORRENT_URL_EXTERNAL=https://${TORRENT_HOST}
HOMEPAGE_VAR_QBITTORRENT_URL_INTERNAL=${TORRENT_URL}
HOMEPAGE_VAR_QBITTORRENT_USERNAME=admin
HOMEPAGE_VAR_QBITTORRENT_PASSWORD=CHANGE_ME

################################################################
# Servarr Configuration
# See Homepage tutorial: 
# https://gethomepage.dev/latest/widgets/services/prowlarr/
# https://gethomepage.dev/latest/widgets/services/lidarr/
# https://gethomepage.dev/latest/widgets/services/readarr/
# https://gethomepage.dev/latest/widgets/services/sonarr/
# https://gethomepage.dev/latest/widgets/services/radarr/
################################################################
BASE_PATH_MEDIA=CHANGEME

PROWLARR_SERVICE_NAME=prowlarr
SONARR_SERVICE_NAME=sonarr
RADARR_SERVICE_NAME=radarr
LIDARR_SERVICE_NAME=lidarr
READARR_SERVICE_NAME=readarr

PROWLARR_SERVICE_PORT=9696
SONARR_SERVICE_PORT=8989
RADARR_SERVICE_PORT=7878
LIDARR_SERVICE_PORT=8686
READARR_SERVICE_PORT=8787


PROWLARR_HOST=${PROWLARR_SERVICE_NAME}.${DOMAINNAME}
SONARR_HOST=${SONARR_SERVICE_NAME}.${DOMAINNAME}
RADARR_HOST=${RADARR_SERVICE_NAME}.${DOMAINNAME}
LIDARR_HOST=${LIDARR_SERVICE_NAME}.${DOMAINNAME}
READARR_HOST=${READARR_SERVICE_NAME}.${DOMAINNAME}

PROWLARR_URL=http://${PROWLARR_SERVICE_NAME}:${PROWLARR_SERVICE_PORT}
SONARR_URL=http://${SONARR_SERVICE_NAME}:${SONARR_SERVICE_PORT}
RADARR_URL=http://${RADARR_SERVICE_NAME}:${RADARR_SERVICE_PORT}
LIDARR_URL=http://${LIDARR_SERVICE_NAME}:${LIDARR_SERVICE_PORT}
READARR_URL=http://${READARR_SERVICE_NAME}:${READARR_SERVICE_PORT}

# Homepage configuration for Servarr Services
HOMEPAGE_VAR_PROWLARR_URL_EXTERNAL=https://${PROWLARR_HOST}
HOMEPAGE_VAR_PROWLARR_URL_INTERNAL=${PROWLARR_URL}
HOMEPAGE_VAR_PROWLARR_KEY=CHANGE_ME

HOMEPAGE_VAR_SONARR_URL_EXTERNAL=https://${SONARR_HOST}
HOMEPAGE_VAR_SONARR_URL_INTERNAL=${SONARR_URL}
HOMEPAGE_VAR_SONARR_KEY=CHANGE_ME

HOMEPAGE_VAR_RADARR_URL_EXTERNAL=https://${RADARR_HOST}
HOMEPAGE_VAR_RADARR_URL_INTERNAL=${RADARR_URL}
HOMEPAGE_VAR_RADARR_KEY=CHANGE_ME

HOMEPAGE_VAR_LIDARR_URL_EXTERNAL=https://${LIDARR_HOST}
HOMEPAGE_VAR_LIDARR_URL_INTERNAL=${LIDARR_URL}
HOMEPAGE_VAR_LIDARR_KEY=CHANGE_ME

HOMEPAGE_VAR_READARR_URL_EXTERNAL=https://${READARR_HOST}
HOMEPAGE_VAR_READARR_URL_INTERNAL=${READARR_URL}
HOMEPAGE_VAR_READARR_KEY=CHANGE_ME