# vault-cortex — remote quickstart (Obsidian Sync)
# Copy to .env and fill in values, then: docker compose up -d

# Required ──────────────────────────────────────────────────

# Bearer token for MCP authentication.
# Generate one: openssl rand -hex 32
MCP_AUTH_TOKEN=

# Public URL that MCP clients use to reach this server.
# Used as the OAuth issuer URL in discovery metadata.
# Examples: https://vault.example.com, http://203.0.113.10:8000
PUBLIC_URL=

# Obsidian Sync auth token. Generate once with:
#   docker run --rm -it --entrypoint get-token \
#     ghcr.io/belphemur/obsidian-headless-sync-docker:latest
OBSIDIAN_AUTH_TOKEN=

# Exact name of your Obsidian vault (case-sensitive).
VAULT_NAME=

# Optional ──────────────────────────────────────────────────

# Only if your vault has end-to-end encryption enabled.
# VAULT_PASSWORD=

# Your IANA timezone — affects daily note resolution and memory timestamps.
# TZ=America/New_York

# Memory folder name in your vault (default: About Me).
# MEMORY_DIR=About Me

# Host port to expose (default: 8000).
# PORT=8000

# Log verbosity: debug | info | warn | error (default: info).
# LOG_LEVEL=info

# Directory for persistent log files inside the container (default: /data/logs).
# Set to empty to disable file logging (logs still go to stdout either way).
# LOG_DIR=/data/logs

# Days to retain persistent log files before cleanup (default: 30).
# LOG_RETENTION_DAYS=30

# User/group IDs for obsidian-sync (default: 1000).
# PUID=1000
# PGID=1000

# Device name shown in Obsidian Sync settings.
# DEVICE_NAME=vault-cortex

# Obsidian Sync conflict resolution: merge | ours | theirs (default: merge).
# CONFLICT_STRATEGY=merge

# Sync direction: bidirectional | pull-only | push-only (default: bidirectional).
# SYNC_MODE=bidirectional