// Load environment variables from .env (production secrets)
try {
  // eslint-disable-next-line global-require
  require('dotenv').config({ path: '/var/www/harheimertc/.env' })
} catch (_e) {
  // If dotenv isn't available or .env missing, continue (process.env may be set elsewhere)
}

// Helper function to create env object
function createEnv(port) {
  return {
    NODE_ENV: 'production',
    PORT: port,
    // Secrets/Config (loaded from .env above, if present)
    ENCRYPTION_KEY: process.env.ENCRYPTION_KEY,
    JWT_SECRET: process.env.JWT_SECRET,
    SMTP_HOST: process.env.SMTP_HOST,
    SMTP_PORT: process.env.SMTP_PORT,
    SMTP_USER: process.env.SMTP_USER,
    SMTP_PASS: process.env.SMTP_PASS,
    SMTP_FROM: process.env.SMTP_FROM,
    SMTP_ADMIN: process.env.SMTP_ADMIN,
    NUXT_PUBLIC_BASE_URL: process.env.NUXT_PUBLIC_BASE_URL,
    COOKIE_SECURE: process.env.COOKIE_SECURE,
    COOKIE_SAMESITE: process.env.COOKIE_SAMESITE,
    CSP_ENABLED: process.env.CSP_ENABLED,
    CSP_REPORT_ONLY: process.env.CSP_REPORT_ONLY,
    CSP_VALUE: process.env.CSP_VALUE,
    HIBP_ENABLED: process.env.HIBP_ENABLED,
    HIBP_USER_AGENT: process.env.HIBP_USER_AGENT,
    HIBP_TIMEOUT_MS: process.env.HIBP_TIMEOUT_MS,
    HIBP_CACHE_TTL_MS: process.env.HIBP_CACHE_TTL_MS,
    HIBP_FAIL_CLOSED: process.env.HIBP_FAIL_CLOSED,
    AUDIT_LOG_ENABLED: process.env.AUDIT_LOG_ENABLED,
    WEBAUTHN_ORIGIN: process.env.WEBAUTHN_ORIGIN,
    WEBAUTHN_RP_ID: process.env.WEBAUTHN_RP_ID,
    WEBAUTHN_RP_NAME: process.env.WEBAUTHN_RP_NAME,
    WEBAUTHN_REQUIRE_UV: process.env.WEBAUTHN_REQUIRE_UV
  }
}

module.exports = {
  apps: [
    {
      name: 'harheimertc',
      // Nuxt 4 production build: direkt den Node-Server starten (kein "preview mode")
      script: 'node',
      args: '.output/server/index.mjs',
      cwd: '/var/www/harheimertc',
      instances: 1,
      autorestart: true,
      watch: false,
      max_memory_restart: '1G',
      env: createEnv(3100),
      error_file: '/var/log/pm2/harheimertc-error.log',
      out_file: '/var/log/pm2/harheimertc-out.log',
      log_file: '/var/log/pm2/harheimertc-combined.log',
      time: true
    },
    {
      name: 'harheimertc-3102',
      // Zweite Instanz auf Port 3102
      script: 'node',
      args: '.output/server/index.mjs',
      cwd: '/var/www/harheimertc',
      instances: 1,
      autorestart: true,
      watch: false,
      max_memory_restart: '1G',
      env: createEnv(3102),
      error_file: '/var/log/pm2/harheimertc-3102-error.log',
      out_file: '/var/log/pm2/harheimertc-3102-out.log',
      log_file: '/var/log/pm2/harheimertc-3102-combined.log',
      time: true
    }
  ]
}