# =============================================================================
# BD FHIR National — Environment Variables
#
# INSTRUCTIONS:
#   cp .env.example .env
#   Fill in all values marked <CHANGE_ME>
#   chmod 600 .env
#   NEVER commit .env to version control
#   Store the filled .env in your secrets vault
#
# PASSWORD REQUIREMENTS:
#   All passwords minimum 32 characters.
#   Generate with: openssl rand -base64 32
#   Each password must be unique — never reuse across services.
#   Rotate every 90 days per DGHS security policy.
# =============================================================================

# -----------------------------------------------------------------------------
# HAPI Docker Image
# Format: your-registry.dghs.gov.bd/bd-fhir-hapi:{version}
# Update this value to deploy a new image version.
# -----------------------------------------------------------------------------
HAPI_IMAGE=your-registry.dghs.gov.bd/bd-fhir-hapi:1.0.0

# -----------------------------------------------------------------------------
# FHIR Database (postgres-fhir)
#
# SUPERUSER: used by Flyway migrations only.
#   Connects directly to postgres-fhir (bypasses pgBouncer).
#   Must have CREATE TABLE, CREATE INDEX, CREATE SEQUENCE privileges.
#
# APP USER: used by HAPI JPA at runtime.
#   Connects via pgBouncer (session mode).
#   Granted SELECT, INSERT, UPDATE, DELETE on all HAPI JPA tables.
#   Created by postgres/fhir/init.sh on first container start.
# -----------------------------------------------------------------------------
FHIR_DB_NAME=fhirdb
FHIR_DB_SUPERUSER=postgres
FHIR_DB_SUPERUSER_PASSWORD=<CHANGE_ME>

FHIR_DB_APP_USER=hapi_app
FHIR_DB_APP_PASSWORD=<CHANGE_ME>

# -----------------------------------------------------------------------------
# Audit Database (postgres-audit)
#
# SUPERUSER: used by Flyway audit migrations only.
#   Connects directly to postgres-audit (bypasses pgBouncer).
#   Must have CREATE TABLE, CREATE SCHEMA, CREATE FUNCTION privileges.
#
# WRITER: used by HAPI audit datasource at runtime.
#   Connects via pgBouncer (session mode).
#   INSERT only on audit schema — no SELECT, UPDATE, DELETE, TRUNCATE.
#   Created by postgres/audit/init.sh on first container start.
#
# MAINTAINER: used by monthly partition maintenance cron job only.
#   EXECUTE on audit.create_next_month_partitions() function only.
#   Never used by the HAPI JVM.
#   Created by postgres/audit/init.sh on first container start.
# -----------------------------------------------------------------------------
AUDIT_DB_NAME=auditdb
AUDIT_DB_SUPERUSER=postgres
AUDIT_DB_SUPERUSER_PASSWORD=<CHANGE_ME>

AUDIT_DB_WRITER_USER=audit_writer_login
AUDIT_DB_WRITER_PASSWORD=<CHANGE_ME>

AUDIT_DB_MAINTAINER_USER=audit_maintainer_login
AUDIT_DB_MAINTAINER_PASSWORD=<CHANGE_ME>

# -----------------------------------------------------------------------------
# Flyway — FHIR schema migrations
# Connects DIRECTLY to postgres-fhir (not pgBouncer) using superuser.
# URL must point to the postgres-fhir container, not pgbouncer-fhir.
# -----------------------------------------------------------------------------
SPRING_FLYWAY_URL=jdbc:postgresql://postgres-fhir:5432/fhirdb
SPRING_FLYWAY_USER=<CHANGE_ME_same_as_FHIR_DB_SUPERUSER>
SPRING_FLYWAY_PASSWORD=<CHANGE_ME_same_as_FHIR_DB_SUPERUSER_PASSWORD>

# -----------------------------------------------------------------------------
# Flyway — Audit schema migrations
# Connects DIRECTLY to postgres-audit (not pgBouncer) using superuser.
# -----------------------------------------------------------------------------
AUDIT_FLYWAY_URL=jdbc:postgresql://postgres-audit:5432/auditdb
AUDIT_FLYWAY_USER=<CHANGE_ME_same_as_AUDIT_DB_SUPERUSER>
AUDIT_FLYWAY_PASSWORD=<CHANGE_ME_same_as_AUDIT_DB_SUPERUSER_PASSWORD>

# -----------------------------------------------------------------------------
# HAPI FHIR datasource — runtime connection via pgBouncer
# -----------------------------------------------------------------------------
SPRING_DATASOURCE_URL=jdbc:postgresql://pgbouncer-fhir:5432/fhirdb
SPRING_DATASOURCE_USERNAME=<CHANGE_ME_same_as_FHIR_DB_APP_USER>
SPRING_DATASOURCE_PASSWORD=<CHANGE_ME_same_as_FHIR_DB_APP_PASSWORD>

# HikariCP pool — FHIR datasource
# 5 connections per replica. At 3 replicas: 15 total PostgreSQL connections.
# pgBouncer pool_size=20 — 5 headroom. Do not exceed without updating pgBouncer.
SPRING_DATASOURCE_HIKARI_MAXIMUM_POOL_SIZE=5
SPRING_DATASOURCE_HIKARI_MINIMUM_IDLE=2
SPRING_DATASOURCE_HIKARI_POOL_NAME=fhir-pool

# -----------------------------------------------------------------------------
# Audit datasource — runtime connection via pgBouncer (INSERT-only)
# -----------------------------------------------------------------------------
AUDIT_DATASOURCE_URL=jdbc:postgresql://pgbouncer-audit:5432/auditdb
AUDIT_DATASOURCE_USERNAME=<CHANGE_ME_same_as_AUDIT_DB_WRITER_USER>
AUDIT_DATASOURCE_PASSWORD=<CHANGE_ME_same_as_AUDIT_DB_WRITER_PASSWORD>

# HikariCP pool — audit datasource
# Small pool — audit writes are async and low-volume.
AUDIT_DATASOURCE_HIKARI_MAXIMUM_POOL_SIZE=2
AUDIT_DATASOURCE_HIKARI_MINIMUM_IDLE=1
AUDIT_DATASOURCE_HIKARI_POOL_NAME=audit-pool

# -----------------------------------------------------------------------------
# HAPI FHIR server
# -----------------------------------------------------------------------------
HAPI_FHIR_SERVER_ADDRESS=https://fhir.dghs.gov.bd/fhir
HAPI_FHIR_FHIR_VERSION=R4

# BD Core IG — must match the .tgz filename in src/main/resources/packages/
HAPI_IG_PACKAGE_CLASSPATH=classpath:packages/bd.gov.dghs.core-0.2.1.tgz
HAPI_IG_VERSION=0.2.1

# Terminology cache TTL — 24 hours in seconds.
# Flush via DELETE /admin/terminology/cache after ICD-11 version upgrade.
HAPI_TERMINOLOGY_CACHE_TTL_SECONDS=86400

# -----------------------------------------------------------------------------
# OCL — national terminology server
# -----------------------------------------------------------------------------
HAPI_OCL_BASE_URL=https://tr.ocl.dghs.gov.bd/api/fhir
HAPI_OCL_TIMEOUT_SECONDS=10
HAPI_OCL_RETRY_ATTEMPTS=2

# -----------------------------------------------------------------------------
# Cluster validator middleware
# -----------------------------------------------------------------------------
HAPI_CLUSTER_VALIDATOR_URL=https://icd11.dghs.gov.bd/cluster/validate
HAPI_CLUSTER_VALIDATOR_TIMEOUT_SECONDS=10

# -----------------------------------------------------------------------------
# Keycloak — national identity provider
# Realm: hris
# Do not change these URLs unless the Keycloak deployment changes.
# -----------------------------------------------------------------------------
KEYCLOAK_ISSUER=https://auth.dghs.gov.bd/realms/hris
KEYCLOAK_JWKS_URL=https://auth.dghs.gov.bd/realms/hris/protocol/openid-connect/certs
KEYCLOAK_REQUIRED_ROLE=mci-api
KEYCLOAK_ADMIN_ROLE=fhir-admin

# JWKS cache TTL in seconds (1 hour).
# Keys are re-fetched immediately on unknown kid regardless of TTL.
KEYCLOAK_JWKS_CACHE_TTL_SECONDS=3600

# -----------------------------------------------------------------------------
# Spring Boot
# -----------------------------------------------------------------------------
SPRING_PROFILES_ACTIVE=prod

# -----------------------------------------------------------------------------
# Logging
# Set individual levels to DEBUG temporarily during initial deployment only.
# Never leave DEBUG enabled in production — FHIR resources contain patient data.
# -----------------------------------------------------------------------------
LOGGING_LEVEL_ROOT=WARN
LOGGING_LEVEL_BD_GOV_DGHS=INFO
LOGGING_LEVEL_BD_GOV_DGHS_FHIR_INTERCEPTOR=INFO
LOGGING_LEVEL_BD_GOV_DGHS_FHIR_TERMINOLOGY=INFO
LOGGING_LEVEL_BD_GOV_DGHS_FHIR_VALIDATOR=INFO
LOGGING_LEVEL_CA_UHN_HAPI=WARN
LOGGING_LEVEL_ORG_SPRINGFRAMEWORK=WARN