variable "hcloud_token" {
  description = "Hetzner Cloud API Token (Projekt → Security → API Tokens, Read&Write)"
  type        = string
  sensitive   = true
}

variable "location" {
  description = "Hetzner Standort"
  type        = string
  default     = "nbg1"
}

variable "network_zone" {
  description = "Netzwerk-Zone passend zum Standort (eu-central für nbg1/fsn1/hel1)"
  type        = string
  default     = "eu-central"
}

variable "ssh_public_key" {
  description = "Öffentlicher SSH-Schlüssel für Server-Zugang"
  type        = string
}

variable "admin_cidr" {
  description = "CIDR, das per SSH auf die Server darf (z. B. deine IP/32)"
  type        = string
}

variable "app_count" {
  description = "Anzahl App-Nodes (für den Skalierungstest >= 2)"
  type        = number
  default     = 2
}

variable "app_server_type" {
  description = "Servertyp App-Nodes"
  type        = string
  default     = "cx22"
}

variable "db_server_type" {
  description = "Servertyp DB-Node"
  type        = string
  default     = "cx22"
}

# --- Anwendung / Deploy ---
variable "repo_url" {
  description = "Git-URL des Repos (per cloud-init geklont; bei privat: Deploy-Token in der URL)"
  type        = string
}

variable "repo_branch" {
  description = "Zu deployender Branch"
  type        = string
  default     = "main"
}

variable "domain" {
  description = "Öffentliche Domain (für CORS, Profil-URLs, später TLS)"
  type        = string
}

variable "app_secret" {
  description = "Symfony APP_SECRET"
  type        = string
  sensitive   = true
}

variable "db_name" {
  type    = string
  default = "vcard4reseller"
}

variable "db_user" {
  type    = string
  default = "app"
}

variable "db_password" {
  type      = string
  sensitive = true
}

variable "db_root_password" {
  type      = string
  sensitive = true
}

variable "jwt_passphrase" {
  description = "Passphrase der JWT-Schlüssel (identisch zu den erzeugten Keys)"
  type        = string
  sensitive   = true
}

variable "jwt_private_key" {
  description = "Inhalt von config/jwt/private.pem (auf ALLEN Nodes identisch)"
  type        = string
  sensitive   = true
}

variable "jwt_public_key" {
  description = "Inhalt von config/jwt/public.pem"
  type        = string
  sensitive   = true
}

# --- Hetzner Object Storage (S3) ---
variable "s3_endpoint" {
  description = "z. B. https://nbg1.your-objectstorage.com"
  type        = string
}

variable "s3_region" {
  type    = string
  default = "nbg1"
}

variable "s3_bucket" {
  type = string
}

variable "s3_key" {
  type      = string
  sensitive = true
}

variable "s3_secret" {
  type      = string
  sensitive = true
}