syntaxis/config/database-surrealdb.toml

# Database Configuration - SurrealDB 2.3
# syntaxis
#
# Use this configuration for SurrealDB deployments.
# For setup instructions, see SURREALDB_SETUP_GUIDE.md

[database]
engine = "surrealdb"
description = "SurrealDB 2.3 multi-backend database (production-ready)"

# ============================================================================
# SURREALDB CONFIGURATION
# ============================================================================

[surrealdb]
# Connection URL - Choose deployment mode:

# --- Option 1: Embedded In-Memory (No server, fast for testing) ---
# url = "mem://"

# --- Option 2: Embedded File-Based (No server, persistent RocksDB) ---
# url = "file:///tmp/surrealdb.db"

# --- Option 3: Remote Server via WebSocket (Recommended for production) ---
# Requires: surreal start --bind 0.0.0.0:8000 file:///data/surrealdb.db
url = "ws://localhost:8000"

# --- Option 4: Remote Server via HTTP ---
# url = "http://localhost:8000"

# --- Option 5: Docker Container ---
# url = "ws://surrealdb:8000"  # Uses container hostname

# --- Option 6: Kubernetes Cluster ---
# url = "ws://surrealdb.workspace:8000"  # Uses k8s service DNS

# Namespace and database selection
namespace = "syntaxis"
database = "projects"

# Authentication credentials
# In development: Use environment variables to avoid hardcoding passwords
username = "admin"
password = "${SURREALDB_PASSWORD}"  # Set environment variable SURREALDB_PASSWORD

# Or hardcode for development (NOT RECOMMENDED FOR PRODUCTION):
# password = "dev_password_123"

# Connection pool configuration
max_connections = 10       # Number of concurrent connections
timeout_secs = 60          # Query timeout in seconds

# ============================================================================
# TLS CONFIGURATION (For production)
# ============================================================================

# Enable TLS/SSL for secure connections
# tls_enabled = true

# Certificate authority (CA) bundle
# tls_ca_cert = "/etc/surrealdb/ca.pem"

# Client certificate and key (mutual TLS)
# tls_client_cert = "/etc/surrealdb/client.pem"
# tls_client_key = "/etc/surrealdb/client.key"

# Verify certificate hostname
# tls_verify = true

# ============================================================================
# DEPLOYMENT-SPECIFIC CONFIGURATIONS
# ============================================================================

# --- LOCAL DEVELOPMENT ---
# [surrealdb]
# url = "mem://"  # Fast, no server needed
# max_connections = 5

# --- DOCKER COMPOSE ---
# [surrealdb]
# url = "ws://surrealdb:8000"  # Container hostname
# username = "admin"
# password = "workspace_password_123"

# --- KUBERNETES ---
# [surrealdb]
# url = "ws://surrealdb.workspace:8000"  # Service DNS
# username = "admin"
# password = "${SURREALDB_PASSWORD}"  # From k8s secret

# --- PRODUCTION CLOUD ---
# [surrealdb]
# url = "wss://surrealdb.example.com:8000"  # Secure WebSocket
# username = "app-user"
# password = "${SURREALDB_PASSWORD}"  # From secrets manager
# tls_enabled = true
# tls_ca_cert = "/etc/surrealdb/ca.pem"

# ============================================================================
# NOTES FOR DIFFERENT DEPLOYMENT CONTEXTS
# ============================================================================
#
# LOCAL DEVELOPMENT:
# - Start server: surreal start --bind 127.0.0.1:8000 memory
# - Config: url = "ws://localhost:8000"
# - Or use embedded: url = "mem://" (no server needed)
#
# DOCKER COMPOSE:
# - Service name: surrealdb (hostname in container network)
# - Config: url = "ws://surrealdb:8000"
# - See: docker-compose.surrealdb.yml
#
# KUBERNETES:
# - Service DNS: surrealdb.workspace.svc.cluster.local
# - Config: url = "ws://surrealdb.workspace:8000"
# - StatefulSet with persistent volumes
# - See: k8s/surrealdb-statefulset.yaml
#
# PRODUCTION:
# - Use TLS/SSL (wss://)
# - Use environment variables for passwords
# - Configure resource limits
# - Enable backup/recovery
# - See: SURREALDB_SETUP_GUIDE.md
#
# ENVIRONMENT VARIABLES:
# Set these before running the application:
#
#   export SURREALDB_PASSWORD="your-secure-password-here"
#   export SURREALDB_USER="admin"
#
# For Docker Compose:
#
#   docker-compose -f docker-compose.surrealdb.yml up -d
#   docker-compose -f docker-compose.surrealdb.yml exec surrealdb \
#     surreal sql --endpoint ws://localhost:8000 \
#     --username admin --password ${SURREALDB_PASSWORD}
#
# For Kubernetes:
#
#   kubectl set env statefulset/surrealdb \
#     SURREALDB_PASSWORD=$(echo -n "new-password" | base64)