
============================================================
Avatar Deployment Configuration
============================================================

Executing configuration steps...


--- Collect required deployment settings (PUBLIC_URL, ENV_NAME, etc.) ---

--- Help ---
The public URL that end users will use to access your Avatar deployment.

Accepted formats:
  avatar.example.com          (bare hostname — https:// is added)
  https://avatar.example.com  (full URL)

Use the externally reachable DNS name for this deployment:
  - the hostname that users will type in their browser
  - the DNS name pointing to your deployment
  - the hostname covered by your TLS certificate

Do not use:
  - an internal hostname
  - a private IP address
  - a public IP address

Even if Avatar runs on a single machine, this value should usually be the public hostname exposed through Nginx, not the machine name itself. Nginx acts as the reverse proxy in front of the application services.

This value is used to build the public service URLs and Authentik redirect URLs.


--- Help ---
A short technical name for this deployment environment.

Examples:
  - mycompany-prod
  - acme-staging
  - demo

Use a stable, machine-friendly identifier that helps operators distinguish this deployment from others. This is not a user-facing label.

It is written into the generated deployment configuration and passed to the services as an environment identifier.

Recommended format:
  - lowercase letters
  - numbers
  - hyphens

Avoid:
  - spaces
  - special characters

Typical patterns:
  - customer-prod
  - customer-staging
  - internal-demo


--- Resolve shared runtime URLs ---

--- Configure Nginx TLS and HTTP settings ---

--- Nginx / TLS Configuration ---
This section defines how users will reach the deployment through the Nginx reverse proxy.

Here you decide whether Nginx serves plain HTTP or terminates HTTPS/TLS directly. If you enable TLS, you will need to provide the certificate and private key files used by Nginx.

If you plan to enable TLS here, the public URL you entered earlier should be an HTTPS URL and should match the DNS name covered by your certificate.

--- Configure PostgreSQL database credentials ---

--- Configure Authentik SSO authentication credentials ---

--- Authentik Configuration ---
This section configures Authentik, the identity and access management service bundled with the Avatar deployment.

Authentik is used to:
  - store and manage users
  - handle authentication and permissions
  - provide the login flow for Avatar
  - optionally connect to an existing identity provider or directory service

Depending on your setup, Authentik can also be integrated with existing user management and SSO systems such as Microsoft Entra ID, Active Directory, and other external identity providers.

Authentik documentation:
https://docs.goauthentik.io/

--- Configure Authentik SSO blueprint settings ---

--- Configure S3-compatible storage (SeaweedFS) credentials ---

--- Configure SMTP email settings and credentials ---
This section configures how the deployment sends outbound emails, mainly for Authentik account and password workflows.

The deployment needs an SMTP server to send emails such as account setup, password reset, and other authentication-related messages.

You can use:
  - your own SMTP provider or mail server
  - an SMTP service provided by Octopize, based on AWS

If Octopize provides the SMTP service, we will give you the SMTP credentials. In that case, the tool could eventually prefill the standard connection settings and only ask you for the username and password we provide.

--- Help ---
Hostname of the outbound SMTP server used to send emails from the deployment.

Use a mail server hostname or domain name, for example:
  - smtp.gmail.com
  - smtp.sendgrid.net
  - mail.example.com

Do not use an IP address here.

This SMTP server is used by Authentik to send emails such as account setup and password reset messages.


--- Help ---
Password for SMTP authentication.

Leave blank if your SMTP server does not require a password.


--- Configure user authentication settings ---

--- Configure telemetry and monitoring (Sentry, usage analytics) ---

--- Telemetry Configuration ---
This section configures optional observability features for the deployment.

Avatar can send:
  - error reports to Sentry, to help diagnose application failures
  - limited usage telemetry to Octopize licensing/support services

According to the observability documentation, these flows send metadata only, not user data or personal data.

Documentation:
https://docs.octopize.io/docs/deploying/observability

--- Configure application logging settings ---

============================================================
Generating Configuration Files
============================================================
✓ Generated: {{OUTPUT_DIR}}/.env
✓ Generated: {{OUTPUT_DIR}}/nginx/nginx.conf
✓ Generated: {{OUTPUT_DIR}}/docker-compose.yml
✓ Generated: {{OUTPUT_DIR}}/authentik/octopize-avatar-blueprint.yaml
✓ Generated: {{OUTPUT_DIR}}/authentik/translations.json
✓ Generated: {{OUTPUT_DIR}}/authentik/custom-templates/email_account_confirmation.html
✓ Generated: {{OUTPUT_DIR}}/authentik/custom-templates/email_account_exists.html
✓ Generated: {{OUTPUT_DIR}}/authentik/custom-templates/email_account_invitation.html
✓ Generated: {{OUTPUT_DIR}}/authentik/custom-templates/email_forgotten_password.html
✓ Generated: {{OUTPUT_DIR}}/authentik/custom-templates/email_password_changed.html
✓ Generated: {{OUTPUT_DIR}}/authentik/custom-templates/email_password_reset.html
✓ Generated: {{OUTPUT_DIR}}/authentik/branding/favicon.ico
✓ Generated: {{OUTPUT_DIR}}/authentik/branding/logo.png
✓ Generated: {{OUTPUT_DIR}}/.secrets/pepper
✓ Generated: {{OUTPUT_DIR}}/.secrets/authjwt_secret_key
✓ Generated: {{OUTPUT_DIR}}/.secrets/organization_name
✓ Generated: {{OUTPUT_DIR}}/.secrets/clevercloud_sso_salt
✓ Generated: {{OUTPUT_DIR}}/.secrets/db_password
✓ Generated: {{OUTPUT_DIR}}/.secrets/db_admin_password
✓ Generated: {{OUTPUT_DIR}}/.secrets/db_admin_user
✓ Generated: {{OUTPUT_DIR}}/.secrets/db_user
✓ Generated: {{OUTPUT_DIR}}/.secrets/db_name
✓ Generated: {{OUTPUT_DIR}}/.secrets/authentik_database_name
✓ Generated: {{OUTPUT_DIR}}/.secrets/authentik_database_user
✓ Generated: {{OUTPUT_DIR}}/.secrets/authentik_database_password
✓ Generated: {{OUTPUT_DIR}}/.secrets/authentik_secret_key
✓ Generated: {{OUTPUT_DIR}}/.secrets/file_encryption_key
✓ Generated: {{OUTPUT_DIR}}/.secrets/storage_admin_access_key_id
✓ Generated: {{OUTPUT_DIR}}/.secrets/storage_admin_secret_access_key
✓ Generated: {{OUTPUT_DIR}}/.secrets/storage_encryption_key
✓ Generated: {{OUTPUT_DIR}}/.secrets/admin_emails
✓ Generated: {{OUTPUT_DIR}}/.secrets/telemetry_s3_access_key_id
✓ Generated: {{OUTPUT_DIR}}/.secrets/telemetry_s3_secret_access_key

✓ Configuration files generated successfully!

============================================================
Configuration Complete!
============================================================

Configuration files generated in: {{OUTPUT_DIR}}

Next steps:
1. Review and edit the generated .env file
2. Fill in any remaining secrets in .secrets/ directory
3. Configure TLS certificates in the tls/ directory
4. Run: docker compose up -d
