# JupyterHub bootstrap config.
#
# WARNING: this is a STUB. It uses DummyAuthenticator with a single shared
# password and LocalProcessSpawner. It boots, it's password-gated, but it is
# NOT the production setup. Before exposing this to anything beyond the
# cloud-host operator, swap to:
#   - GenericOAuthenticator pointed at Keycloak (wbd realm, jupyterhub client)
#   - DockerSpawner with per-user persistent volumes
# See stacks/jupyterhub/README.md TODO.

import os

c = get_config()  # noqa: F821 — provided by JupyterHub

# --- Authenticator (stub) -----------------------------------------------------
c.JupyterHub.authenticator_class = "dummy"
c.DummyAuthenticator.password = os.environ["JUPYTERHUB_ADMIN_PASSWORD"]

admin_users = os.environ.get("JUPYTERHUB_ADMIN_USERS", "").strip()
if admin_users:
    c.Authenticator.admin_users = {u.strip() for u in admin_users.split(",") if u.strip()}
c.Authenticator.allow_all = True  # stub: any username, single shared password

# --- Spawner (stub) -----------------------------------------------------------
# LocalProcessSpawner runs notebooks as OS processes inside the hub container.
# Fine for a single operator on the stub; production should use DockerSpawner.
c.JupyterHub.spawner_class = "simple"
c.Spawner.default_url = "/lab"

# --- Hub posture --------------------------------------------------------------
c.JupyterHub.bind_url = "http://:8000"
c.JupyterHub.hub_bind_url = "http://0.0.0.0:8081"
c.JupyterHub.cleanup_servers = True