# =============================================================================
# Pulse — Self-Hosted Supabase Environment Variables
# =============================================================================
# Copy this file to .env and fill in the values.
# Use with: docker compose -f docker-compose-supabase.yml up -d

# === REQUIRED ===

# PostgreSQL password for the local database (must be URL-safe: no / = + characters)
# Generate with: openssl rand -hex 24
POSTGRES_PASSWORD=

# JWT secret used by GoTrue and PostgreSQL (min 32 chars)
# Generate with: openssl rand -base64 32
JWT_SECRET=

# Supabase API keys (JWTs signed with JWT_SECRET above)
# Generate both keys by running: bun docker/generate-keys.ts
SUPABASE_ANON_KEY=
SUPABASE_SERVICE_ROLE_KEY=

# Public URL where Pulse is accessible (used by GoTrue for redirects)
SITE_URL=

# === OPTIONAL ===

# JWT expiry in seconds (default: 3600 = 1 hour)
# JWT_EXPIRY=3600

# Host port for Pulse (default: 4991)
# PULSE_PORT=4991

# Server's public IP for WebRTC (auto-detected if not set)
# PUBLIC_IP=

# Additional OAuth redirect URLs (comma-separated)
# ADDITIONAL_REDIRECT_URLS=

# OAuth providers (set to "true" to enable, then fill in client ID and secret)
# GOOGLE_OAUTH_ENABLED=false
# GOOGLE_OAUTH_CLIENT_ID=
# GOOGLE_OAUTH_SECRET=
# DISCORD_OAUTH_ENABLED=false
# DISCORD_OAUTH_CLIENT_ID=
# DISCORD_OAUTH_SECRET=
# FACEBOOK_OAUTH_ENABLED=false
# FACEBOOK_OAUTH_CLIENT_ID=
# FACEBOOK_OAUTH_SECRET=
# TWITCH_OAUTH_ENABLED=false
# TWITCH_OAUTH_CLIENT_ID=
# TWITCH_OAUTH_SECRET=

# Disable all new user registration instance-wide (invites still work)
# REGISTRATION_DISABLED=false

# Giphy API key for GIF search
# GIPHY_API_KEY=