Loading configuration from {{FIXTURES_DIR}}/type_mismatch_config/config.yaml...

============================================================
Avatar Deployment Configuration
============================================================

Executing configuration steps...


--- Collect required deployment settings (PUBLIC_URL, ENV_NAME, etc.) ---

--- Resolve shared runtime URLs ---

--- Configure Nginx TLS and HTTP settings ---

--- Nginx / TLS Configuration ---
This section defines how users will reach the deployment through the Nginx reverse proxy.

Here you decide whether Nginx serves plain HTTP or terminates HTTPS/TLS directly. If you enable TLS, you will need to provide the certificate and private key files used by Nginx.

If you plan to enable TLS here, the public URL you entered earlier should be an HTTPS URL and should match the DNS name covered by your certificate.

--- Configure PostgreSQL database credentials ---

--- Configure Authentik SSO authentication credentials ---

--- Authentik Configuration ---
This section configures Authentik, the identity and access management service bundled with the Avatar deployment.

Authentik is used to:
  - store and manage users
  - handle authentication and permissions
  - provide the login flow for Avatar
  - optionally connect to an existing identity provider or directory service

Depending on your setup, Authentik can also be integrated with existing user management and SSO systems such as Microsoft Entra ID, Active Directory, and other external identity providers.

Authentik documentation:
https://docs.goauthentik.io/

--- Configure Authentik SSO blueprint settings ---

--- Configure S3-compatible storage (SeaweedFS) credentials ---

--- Configure SMTP email settings and credentials ---
This section configures how the deployment sends outbound emails, mainly for Authentik account and password workflows.

The deployment needs an SMTP server to send emails such as account setup, password reset, and other authentication-related messages.

You can use:
  - your own SMTP provider or mail server
  - an SMTP service provided by Octopize, based on AWS

If Octopize provides the SMTP service, we will give you the SMTP credentials. In that case, the tool could eventually prefill the standard connection settings and only ask you for the username and password we provide.

--- Configure user authentication settings ---

--- Configure telemetry and monitoring (Sentry, usage analytics) ---

--- Telemetry Configuration ---
This section configures optional observability features for the deployment.

Avatar can send:
  - error reports to Sentry, to help diagnose application failures
  - limited usage telemetry to Octopize licensing/support services

According to the observability documentation, these flows send metadata only, not user data or personal data.

Documentation:
https://docs.octopize.io/docs/deploying/observability

--- Configure application logging settings ---

============================================================
Generating Configuration Files
============================================================
✓ Generated: {{OUTPUT_DIR}}/.env
✓ Generated: {{OUTPUT_DIR}}/nginx/nginx.conf
✓ Generated: {{OUTPUT_DIR}}/docker-compose.yml
✓ Generated: {{OUTPUT_DIR}}/authentik/octopize-avatar-blueprint.yaml
✓ Generated: {{OUTPUT_DIR}}/authentik/translations.json
✓ Generated: {{OUTPUT_DIR}}/authentik/custom-templates/email_account_confirmation.html
✓ Generated: {{OUTPUT_DIR}}/authentik/custom-templates/email_account_exists.html
✓ Generated: {{OUTPUT_DIR}}/authentik/custom-templates/email_account_invitation.html
✓ Generated: {{OUTPUT_DIR}}/authentik/custom-templates/email_forgotten_password.html
✓ Generated: {{OUTPUT_DIR}}/authentik/custom-templates/email_password_changed.html
✓ Generated: {{OUTPUT_DIR}}/authentik/custom-templates/email_password_reset.html
✓ Generated: {{OUTPUT_DIR}}/authentik/branding/favicon.ico
✓ Generated: {{OUTPUT_DIR}}/authentik/branding/logo.png
✓ Generated: {{OUTPUT_DIR}}/.secrets/pepper
✓ Generated: {{OUTPUT_DIR}}/.secrets/authjwt_secret_key
✓ Generated: {{OUTPUT_DIR}}/.secrets/organization_name
✓ Generated: {{OUTPUT_DIR}}/.secrets/clevercloud_sso_salt
✓ Generated: {{OUTPUT_DIR}}/.secrets/db_password
✓ Generated: {{OUTPUT_DIR}}/.secrets/db_admin_password
✓ Generated: {{OUTPUT_DIR}}/.secrets/db_admin_user
✓ Generated: {{OUTPUT_DIR}}/.secrets/db_user
✓ Generated: {{OUTPUT_DIR}}/.secrets/db_name
✓ Generated: {{OUTPUT_DIR}}/.secrets/authentik_database_name
✓ Generated: {{OUTPUT_DIR}}/.secrets/authentik_database_user
✓ Generated: {{OUTPUT_DIR}}/.secrets/authentik_database_password
✓ Generated: {{OUTPUT_DIR}}/.secrets/authentik_secret_key
✓ Generated: {{OUTPUT_DIR}}/.secrets/file_encryption_key
✓ Generated: {{OUTPUT_DIR}}/.secrets/storage_admin_access_key_id
✓ Generated: {{OUTPUT_DIR}}/.secrets/storage_admin_secret_access_key
✓ Generated: {{OUTPUT_DIR}}/.secrets/storage_encryption_key
✓ Generated: {{OUTPUT_DIR}}/.secrets/admin_emails
✓ Generated: {{OUTPUT_DIR}}/.secrets/telemetry_s3_access_key_id
✓ Generated: {{OUTPUT_DIR}}/.secrets/telemetry_s3_secret_access_key

✓ Configuration files generated successfully!

============================================================
Configuration Complete!
============================================================

Configuration files generated in: {{OUTPUT_DIR}}

Next steps:
1. Review and edit the generated .env file
2. Fill in any remaining secrets in .secrets/ directory
3. Configure TLS certificates in the tls/ directory
4. Run: docker compose up -d
