# Versity S3 Gateway — root credentials for the flat-file IAM backend.
# https://github.com/versity/versitygw/wiki/Quickstart
#
# Local: copy to `.env` next to compose.yaml (or set `run_directory` to this folder
# in Komodo) so `docker compose` can interpolate `${ROOT_ACCESS_KEY}` etc.
#
# Komodo: Stack Environment is written to `<run_directory>/.env` and passed as
# `--env-file` — that drives `${VAR}` in compose.yaml. Set **one** pair using exact
# names (leave the other pair unset / empty):
#   ROOT_ACCESS_KEY + ROOT_SECRET_KEY
#   ROOT_ACCESS_KEY_ID + ROOT_SECRET_ACCESS_KEY (Helm-style)

ROOT_ACCESS_KEY=
ROOT_SECRET_KEY=
# ROOT_ACCESS_KEY_ID=
# ROOT_SECRET_ACCESS_KEY=

# Host port mapped to the gateway (container listens on 10000).
VERSITYGW_PORT=10000

# WebUI (container listens on 8080). In Pangolin, create a *second* HTTP resource for this
# port — do not point the UI hostname at :10000 (that is S3 API only; `/` is not the SPA).
VERSITYGW_WEBUI_PORT=8080
# HTTPS URL of the *S3 API* (Pangolin resource → host :10000). **Not** the WebUI URL.
# No trailing slash. Wrong value → WebUI calls the wrong host and bucket create can 404.
# VGW_WEBUI_GATEWAYS=https://s3.example.com
VGW_WEBUI_GATEWAYS=

# Public origin of the **WebUI** page (Pangolin → :8080), e.g. https://s3-ui.example.com
# Required when UI and API are on different hosts so the browser can call the API (CORS).
# VGW_CORS_ALLOW_ORIGIN=https://s3-ui.example.com
VGW_CORS_ALLOW_ORIGIN=

# NFS: object metadata defaults to xattrs; most NFS mounts need sidecar mode
# (compose.yaml uses --sidecar /data/sidecar). Create the host path, e.g.
#   mkdir -p /mnt/nfs/versity/sidecar
# Or use NFSv4.2 with xattr support and remove --sidecar from compose if you prefer.