// Load environment variables from .env (production secrets)
try {
  // eslint-disable-next-line global-require
  require('dotenv').config({ path: '/var/www/harheimertc/.env' })
} catch (_e) {
  // If dotenv isn't available or .env missing, continue (process.env may be set elsewhere)
}

module.exports = {
  apps: [{
    name: 'harheimertc',
    script: 'npm',
    args: 'run start',
    cwd: '/var/www/harheimertc',
    instances: 1,
    autorestart: true,
    watch: false,
    max_memory_restart: '1G',
    env: {
      NODE_ENV: 'production',
      PORT: 3100,
      // Secrets/Config (loaded from .env above, if present)
      ENCRYPTION_KEY: process.env.ENCRYPTION_KEY,
      JWT_SECRET: process.env.JWT_SECRET,
      SMTP_HOST: process.env.SMTP_HOST,
      SMTP_PORT: process.env.SMTP_PORT,
      SMTP_USER: process.env.SMTP_USER,
      SMTP_PASS: process.env.SMTP_PASS,
      SMTP_FROM: process.env.SMTP_FROM,
      SMTP_ADMIN: process.env.SMTP_ADMIN,
      NUXT_PUBLIC_BASE_URL: process.env.NUXT_PUBLIC_BASE_URL,
      COOKIE_SECURE: process.env.COOKIE_SECURE,
      COOKIE_SAMESITE: process.env.COOKIE_SAMESITE,
      CSP_ENABLED: process.env.CSP_ENABLED,
      CSP_REPORT_ONLY: process.env.CSP_REPORT_ONLY,
      CSP_VALUE: process.env.CSP_VALUE,
      HIBP_ENABLED: process.env.HIBP_ENABLED,
      HIBP_USER_AGENT: process.env.HIBP_USER_AGENT,
      HIBP_TIMEOUT_MS: process.env.HIBP_TIMEOUT_MS,
      HIBP_CACHE_TTL_MS: process.env.HIBP_CACHE_TTL_MS,
      HIBP_FAIL_CLOSED: process.env.HIBP_FAIL_CLOSED,
      AUDIT_LOG_ENABLED: process.env.AUDIT_LOG_ENABLED,
      WEBAUTHN_ORIGIN: process.env.WEBAUTHN_ORIGIN,
      WEBAUTHN_RP_ID: process.env.WEBAUTHN_RP_ID,
      WEBAUTHN_RP_NAME: process.env.WEBAUTHN_RP_NAME,
      WEBAUTHN_REQUIRE_UV: process.env.WEBAUTHN_REQUIRE_UV
    },
    error_file: '/var/log/pm2/harheimertc-error.log',
    out_file: '/var/log/pm2/harheimertc-out.log',
    log_file: '/var/log/pm2/harheimertc-combined.log',
    time: true
  }]
}