meezi/.env.example

# ─────────────────────────────────────────────────────────────────────────────
# Meezi — environment template
# Copy to .env and fill in values.  NEVER commit .env to git.
#
# For production: put the full contents in Gitea → Settings → Secrets → ENV_FILE
# ─────────────────────────────────────────────────────────────────────────────

# ── Environment ───────────────────────────────────────────────────────────────
ASPNETCORE_ENVIRONMENT=Production

# ── Database ──────────────────────────────────────────────────────────────────
DB_PASSWORD=change-me-strong-password
DB_CONNECTION_STRING=Host=postgres;Port=5432;Database=meezi;Username=meezi;Password=change-me-strong-password

# ── JWT ───────────────────────────────────────────────────────────────────────
# openssl rand -hex 32
JWT_KEY=change-me-64-char-random-string-use-openssl-rand-hex-32-output

# ── TODAY: IP-based access (no domain yet) ───────────────────────────────────
# Replace 171.22.25.73 with your actual server IP.
# Note: NEXT_PUBLIC_* are baked into Next.js images at build time.
# When you switch to a domain tomorrow, update these AND re-run CI (to rebuild).

NEXT_PUBLIC_API_URL=http://171.22.25.73:5080
NEXT_PUBLIC_ADMIN_API_URL=http://171.22.25.73:5081
NEXT_PUBLIC_SITE_URL=http://171.22.25.73:3010
NEXT_PUBLIC_KOJA_URL=http://171.22.25.73:3103

APP_QR_BASE_URL=http://171.22.25.73:3101
BILLING_DASHBOARD_URL=http://171.22.25.73:3101

CORS_ORIGIN_0=http://171.22.25.73:3101
CORS_ORIGIN_1=http://171.22.25.73:3010
CORS_ORIGIN_2=http://171.22.25.73:3103
CORS_ADMIN_ORIGIN_0=http://171.22.25.73:3102

# Host ports (what gets exposed on the server)
API_PORT=5080
ADMIN_API_PORT=5081
WEB_PORT=3101
ADMIN_WEB_PORT=3102
WEBSITE_PORT=3010
KOJA_PORT=3103
POSTGRES_PORT=5434
REDIS_PORT=6381

# ── TOMORROW: domain + Caddy (comment out IP section above, use this) ─────────
# DOMAIN=meezi.ir
# ACME_EMAIL=you@example.com
#
# NEXT_PUBLIC_API_URL=https://api.meezi.ir
# NEXT_PUBLIC_ADMIN_API_URL=https://admin-api.meezi.ir
# NEXT_PUBLIC_SITE_URL=https://meezi.ir
# NEXT_PUBLIC_KOJA_URL=https://koja.meezi.ir
#
# APP_QR_BASE_URL=https://app.meezi.ir
# BILLING_DASHBOARD_URL=https://app.meezi.ir
#
# CORS_ORIGIN_0=https://app.meezi.ir
# CORS_ORIGIN_1=https://meezi.ir
# CORS_ORIGIN_2=https://koja.meezi.ir
# CORS_ADMIN_ORIGIN_0=https://admin.meezi.ir
#
# Then run CI once to rebuild images with the new URLs baked in.
# DNS required: meezi.ir, app.meezi.ir, api.meezi.ir,
#               koja.meezi.ir, admin.meezi.ir, admin-api.meezi.ir → server IP

# ── Migrations ────────────────────────────────────────────────────────────────
RUN_MIGRATIONS=true

# ── Payment: ZarinPal ─────────────────────────────────────────────────────────
# Get your merchant ID from: https://panel.zarinpal.com → API → MerchantID
ZARINPAL_MERCHANT_ID=
ZARINPAL_SANDBOX=false

# ── SMS: Kavenegar ────────────────────────────────────────────────────────────
# Empty = OTP is logged to API console (fine for dev, not for production)
KAVENEGAR_API_KEY=4C30786935496261332B41685870444E47657A5367453369374F6E2F43334672576B526F5A4B4B795665493D

# ── Snappfood webhook ─────────────────────────────────────────────────────────
SNAPPFOOD_WEBHOOK_SECRET=change-me-snappfood-secret

# ── Docker image overrides (if direct MCR pull fails) ────────────────────────
# DOTNET_SDK_IMAGE=mirror.soroushasadi.com/dotnet/sdk:10.0
# DOTNET_ASPNET_IMAGE=mirror.soroushasadi.com/dotnet/aspnet:10.0