# Application log and cert. files
# Example: data/nervatura.log, data/x509/server_cert.pem, data/x509/server_key.pem
NT_APP_LOG_FILE=
NT_TLS_CERT_FILE=
NT_TLS_KEY_FILE=
# Server settings:
# host.ip:port
NT_HTTP_ENABLED=true
NT_HTTP_PORT=5000
# Default snapcrafts value: /var/snap/nervatura/common/http.log
NT_HTTP_LOG_FILE=
# SSL/TLS authentication
NT_HTTP_TLS_ENABLED=false
# Seconds
NT_HTTP_WRITE_TIMEOUT=30
NT_HTTP_READ_TIMEOUT=30
# http root redirect
# valid values: 
# /admin - Admin GUI 
# /client - Nervatura Client
# /docs - Nervatura Docs
# other valid url
NT_HTTP_HOME=/admin
# GUI session
# database session store. if value is empty then file or memory store.
# example: sqlite://file:data/session.db?cache=shared&mode=rwc
NT_SESSION_DB=
NT_SESSION_TABLE=session
# file session store. if value is empty then memory store.
# example: data/session 
NT_SESSION_DIR=

NT_GRPC_ENABLED=true
NT_GRPC_PORT=9200
# SSL/TLS authentication
NT_GRPC_TLS_ENABLED=false

# Nervatura Client custom config file 
# example: PATH/YOUR_CLIENT_CONFIG.json
# see more -> https://nervatura.github.io/nervatura/docs/start/customization
# default: data/client_config.json
NT_CLIENT_CONFIG=

# Report font. Default: empty (built-in Cabin font)
NT_FONT_FAMILY=
# Default empty. Example: data/fonts 
# Report font files format: 
# FAMILY-Regular.ttf, FAMILY-Italic.ttf, FAMILY-Bold.ttf, FAMILY-BoldItalic.ttf
# e.g. Roboto-Regular.ttf ...
NT_FONT_DIR=
# Nervatura Report JSON def. files. Example: data/templates
# Default value: empty (built-in templates files)
NT_REPORT_DIR=

NT_API_KEY=
# Enabled/disabled API password login
NT_PASSWORD_LOGIN=true
#  Bearer authentication
NT_TOKEN_ISS=nervatura
NT_TOKEN_PRIVATE_KID=
# Token signing method algorithm
NT_TOKEN_ALG=HS256
# Private key or file path
NT_TOKEN_PRIVATE_KEY=
# JWT expiration time (hours)
NT_TOKEN_EXP=6
# External token validation public key or file path. Default: empty (disabled).
NT_TOKEN_PUBLIC_KEY=
# External token kid
NT_TOKEN_PUBLIC_KID=
# External token validation public keys. Default: empty (disabled).
NT_TOKEN_PUBLIC_KEY_URL=
# JWK_X509 certificates endpoint (Firebase)
#NT_TOKEN_PUBLIC_KEY_URL=https://www.googleapis.com/robot/v1/metadata/x509/securetoken@system.gserviceaccount.com
# Google OAuth2 public keys
#NT_TOKEN_PUBLIC_KEY_URL=https://www.googleapis.com/oauth2/v1/certs

NT_HASHTABLE=

# EMAIL SMTP SETTINGS:
NT_SMTP_HOST=
NT_SMTP_PORT=465
NT_SMTP_USER=
NT_SMTP_PASSWORD=
# Valid values: 769, 770, 771, 772 (TLS 1.0,1.1,1.2,1.3)
NT_SMTP_TLS_MIN_VERSION=769

# SQLDriver settings
# Sets the maximum number of open connections to the database.
# If n <= 0, then there is no limit on the number of open connections.
# If this value is set, new queries will be blocked until a connection becomes available.
# You’ll always want to set this value in production!
# The maximum number of connections is based on database memory.
SQL_MAX_OPEN_CONNS=10
# Sets the maximum number of connections in the idle connection pool
# If n <= 0, no idle connections are retained.
# You’ll want to set this value to be a fraction of the MaxConnections. 
# Whether it’s 25%, 50% or 75% (or sometimes even 100%) will depend on your expected load patterns
SQL_MAX_IDLE_CONNS=3
# Sets the maximum amount of time a connection may be reused.
# Configuration values are in minutes!
# Expired connections may be closed lazily before reuse. If d <= 0, connections are reused forever.
# You’ll want to set this if you’re also setting the max idle connections.
SQL_CONN_MAX_LIFETIME=15

# Default value: single (permanent data connection) or multiple database usage (data connection on request)
# Value: a valid database alias name (e.q. demo) or empty (multiple database)
NT_ALIAS_DEFAULT=
# Database alias list
NT_ALIAS_DEMO=sqlite://file:data/demo.db?cache=shared&mode=rwc
NT_ALIAS_PGDEMO=postgres://postgres:password@172.18.0.1:5432/nervatura?sslmode=disable
NT_ALIAS_MYDEMO=mysql://root:password@tcp(localhost:3306)/nervatura
NT_ALIAS_MSDEMO=mssql://sa:Password1234_1@localhost:1433?database=nervatura

# Set default server CORS middleware configuration
NT_CORS_ENABLED=true
# Defines a list of origins that may access the resource.
NT_CORS_ALLOW_ORIGINS=*
# Defines a list methods allowed when accessing the resource.
NT_CORS_ALLOW_METHODS=GET,POST,DELETE,OPTIONS
# Defines a list of request headers that can be used when making the actual request.
NT_CORS_ALLOW_HEADERS=Accept,Authorization,Content-Type,X-CSRF-Token,X-Api-Key
# Indicates whether or not the response to the request can be exposed when the credentials flag is true.
NT_CORS_ALLOW_CREDENTIALS=false
# ExposeHeaders defines a whitelist headers that clients are allowed to access.
NT_CORS_EXPOSE_HEADERS=
# Indicates how long (in seconds) the results of a preflight request can be cached
NT_CORS_MAX_AGE=0

# HTTP Server security settings
# See more: github.com/unrolled/secure (default options)
NT_SECURITY_ENABLED=false
NT_SECURITY_ALLOWED_HOSTS=
NT_SECURITY_ALLOWED_HOSTS_ARE_REGEX=false
NT_SECURITY_SSL_REDIRECT=false
NT_SECURITY_SSL_TEMPORARY_REDIRECT=false
NT_SECURITY_SSL_HOST=
NT_SECURITY_PROXY_HEADERS=
NT_SECURITY_STS_SECONDS=0
NT_SECURITY_STS_INCLUDE_SUBDOMAINS=false
NT_SECURITY_STS_PRELOAD=false
NT_SECURITY_FORCE_STS_HEADER=false
NT_SECURITY_FRAME_DENY=false
NT_SECURITY_CUSTOM_FRAME_OPTIONS_VALUE=
NT_SECURITY_CONTENT_TYPE_NOSNIFF=false
NT_SECURITY_BROWSER_XSS_FILTER=false
NT_SECURITY_CONTENT_SECURITY_POLICY=
NT_SECURITY_PUBLIC_KEY=
NT_SECURITY_REFERRER_POLICY=
NT_SECURITY_FEATURE_POLICY=
NT_SECURITY_EXPECT_CT_HEADER=
NT_SECURITY_DEVELOPMENT=false