soroushdes/HokmPlay
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
cd5742d623ca8e2334c60d15f3c1cc6e3d987e10
HokmPlay/deploy/ENV_FILE.example
T
soroush.asadi 5d38312ef0
CI/CD / CI - API (dotnet build + engine sim) (push) Successful in 4m40s
Details
CI/CD / CI - Web (tsc + next build) (push) Successful in 1m7s
Details
CI/CD / Deploy - local stack (db + server + web) (push) Failing after 41s
Details
Marketing site (bargevasat.ir) + admin-editable store links + subdomain split 
- New standalone Next.js marketing site under site/ (static export, SEO):
  landing, download/install guide (Bazaar/Myket/iOS-PWA/web), FAQ (JSON-LD),
  privacy, terms, support, /admin link editor. fa RTL, sitemap/robots/manifest.
- Backend: SiteLinksService (JSON-file persisted) + GET /api/site/links (public)
  + POST /api/admin/site/links (X-Admin-Token). ADMIN_TOKEN + Site__DataDir via env.
- compose: hokm-site service (:1520) + hokm_data volume for links JSON.
- CI deploy job builds + deploys the site container.
- deploy/SUBDOMAIN_SPLIT.md: nginx blocks, cert reissue, DNS, ENV split.
- Exclude site/ from root tsc + web docker context.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-08 07:19:43 +03:30

94 lines
5.2 KiB
Plaintext
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
# ──────────────────────────────────────────────────────────────────────────
# Barg-e Vasat — ENV_FILE
# Paste the contents of this file (filled in) into the Gitea repo secret:
# https://git.soroushasadi.com/soroushdes/HokmPlay/settings/secrets → ENV_FILE
# The deploy job writes it verbatim to `.env`, which docker compose reads.
#
# NOTE: NEXT_PUBLIC_SERVER_URL is baked into the web bundle at BUILD time —
# changing it requires a new CI run (push a commit) to take effect.
# ──────────────────────────────────────────────────────────────────────────
# Host ports (15001600 range so the stack coexists with manual dev on 3000/5005)
WEB_PORT=1500
API_PORT=1505
DB_PORT=1510
# Database (postgres container)
POSTGRES_PASSWORD=change-me-strong-password
# JWT — generate with: openssl rand -hex 32
JWT_KEY=CHANGE-ME-to-a-32+char-random-secret
JWT_ISSUER=hokm
JWT_AUDIENCE=hokm-clients
# Browser-facing API origin (host-mapped api port).
# If the browser is NOT on the deploy host, use the host LAN IP instead of
# localhost, e.g. http://172.28.144.1:1505 (localhost can be VPN-hijacked).
NEXT_PUBLIC_SERVER_URL=http://localhost:1505
# Origins allowed by the API's CORS (comma-separated). Must include the web URL.
CORS_ORIGINS=http://localhost:1500
# Package mirrors used during Docker builds. Default to the plain-HTTP Nexus
# (no SSL) because the HTTPS mirror serves a partial cert chain that fresh
# container trust stores reject. Override only if your Nexus moves.
# NUGET_INDEX=http://171.22.25.73:8081/repository/nuget-group/index.json
# NPM_REGISTRY=http://171.22.25.73:8081/repository/npm-group/
# ZarinPal (sandbox for now — switch in admin/panel later)
ZARINPAL_MERCHANT_ID=299685fb-cadf-4dfc-98e2-d4af5d81528d
ZARINPAL_SANDBOX=true
ZARINPAL_CALLBACK_URL=http://localhost:1505/api/coins/pay/callback
ZARINPAL_CLIENT_RETURN_URL=http://localhost:1500
# Store in-app billing (Cafe Bazaar / Myket) — fill from the developer panels.
# SKU == coin-pack id (p1/p2/…). Coins are credited only after the purchase
# token verifies server-to-server.
IAB_PACKAGE_NAME=com.bargevasat.app
# Cafe Bazaar (pardakht dev API): create an OAuth client, do the one-time consent
# to obtain a refresh_token. https://pardakht.cafebazaar.ir/
IAB_BAZAAR_CLIENT_ID=
IAB_BAZAAR_CLIENT_SECRET=
IAB_BAZAAR_REFRESH_TOKEN=
# Myket developer panel → API access token.
IAB_MYKET_ACCESS_TOKEN=
# DEV ONLY: credit purchases WITHOUT verifying (set true to test before you have
# store creds). NEVER true in production.
IAB_ALLOW_UNVERIFIED=false
# ──────────────────────────────────────────────────────────────────────────
# Marketing site (bargevasat.ir) + subdomain split
# Game → app.bargevasat.ir ; marketing site → bargevasat.ir
# ──────────────────────────────────────────────────────────────────────────
SITE_PORT=1520
# Browser-facing URLs baked into the marketing site at BUILD time:
NEXT_PUBLIC_APP_URL=https://app.bargevasat.ir # the game (CTA buttons)
NEXT_PUBLIC_SITE_URL=https://bargevasat.ir # canonical/SEO base
# (NEXT_PUBLIC_SERVER_URL above is reused by the site to read store links.)
# Admin panel (edit Bazaar/Myket/iOS links at /admin). Shared-token auth.
# Generate with: openssl rand -hex 24
ADMIN_TOKEN=7ec8b2b242695de7d2692185acb4f1d345a589866ddd2de6
# With the split, set these too (game bundle + CORS for all 3 hosts):
# NEXT_PUBLIC_SERVER_URL=https://api.bargevasat.ir
# CORS_ORIGINS=https://bargevasat.ir,https://www.bargevasat.ir,https://app.bargevasat.ir
# ──────────────────────────────────────────────────────────────────────────
# PRODUCTION (bargevasat.ir) — use these values instead of the local ones above,
# and deploy with the Caddy overlay (see PRODUCTION.md). DNS: bargevasat.ir,
# www, api → server IP; open 80/443. Caddy fronts TLS, so host ports are internal.
# ──────────────────────────────────────────────────────────────────────────
# WEB_PORT=1500
# API_PORT=1505
# DB_PORT=1510
# POSTGRES_PASSWORD=<strong>
# JWT_KEY=<openssl rand -hex 32>
# NEXT_PUBLIC_SERVER_URL=https://api.bargevasat.ir # baked at web build time
# CORS_ORIGINS=https://bargevasat.ir,https://www.bargevasat.ir
# ZARINPAL_MERCHANT_ID=<live-merchant-id>
# ZARINPAL_SANDBOX=false
# ZARINPAL_CALLBACK_URL=https://api.bargevasat.ir/api/coins/pay/callback
# ZARINPAL_CLIENT_RETURN_URL=https://bargevasat.ir
# IAB_ALLOW_UNVERIFIED=false # fill the IAB_* creds from the Bazaar panel post-publish
Reference in New Issue View Git Blame Copy Permalink