# Copy to .env and adjust. Never commit real secrets.

# runtime
ENVIRONMENT=dev          # dev | test | prod
LOG_LEVEL=INFO
LOG_JSON=false           # true in prod

# database (async driver required)
DATABASE_URL=postgresql+asyncpg://mcma:mcma@localhost:5432/mcma
DB_ECHO=false

# redis (cache + arq broker)
REDIS_URL=redis://localhost:6379/0

# auth — GENERATE a strong secret for prod: `openssl rand -hex 32`
JWT_SECRET=change-me-in-prod
ACCESS_TOKEN_TTL_SECONDS=900
REFRESH_TOKEN_TTL_SECONDS=2592000

# subsonic — key that encrypts per-user Subsonic app-passwords at rest.
# GENERATE a strong secret for prod (`openssl rand -hex 32`); rotating it
# invalidates all stored app-passwords. NOTE: /rest must be served over HTTPS.
SUBSONIC_SECRET_KEY=change-me-subsonic-key

# media / storage
MEDIA_PATH=/data/media
TRANSCODE_CACHE_PATH=/data/transcode-cache
MAX_PARALLEL_DOWNLOADS=2

# external services (all optional — backend degrades gracefully if unset)
# ML_SERVICE_URL=http://ml:9000
# ACOUSTID_API_KEY=
MUSICBRAINZ_USER_AGENT=mcma-backend/0.1.0 ( https://github.com/your/repo )
# YOUTUBE_COOKIES_PATH=/data/cookies.txt