deploy/ENV_FILE.example

# ──────────────────────────────────────────────────────────────────────────
# Barg-e Vasat — ENV_FILE TEMPLATE (placeholders only — NO real secrets here)
# Copy to deploy/ENV_FILE.local (git-ignored), fill real values, and paste the
# WHOLE thing into the Gitea repo secret ENV_FILE. Saving the secret REPLACES
# the entire file — always paste the complete contents.
# ──────────────────────────────────────────────────────────────────────────

# Ports
WEB_PORT=1500
API_PORT=1505
DB_PORT=1510
SITE_PORT=1520

# Database — MUST match the existing postgres volume's password
POSTGRES_PASSWORD=<strong-password>

# JWT — generate with:  openssl rand -hex 32
JWT_KEY=<32+char-random-secret>
JWT_ISSUER=hokm
JWT_AUDIENCE=hokm-clients

# URLs / CORS
NEXT_PUBLIC_SERVER_URL=https://api.bargevasat.ir
NEXT_PUBLIC_APP_URL=https://app.bargevasat.ir
NEXT_PUBLIC_SITE_URL=https://bargevasat.ir
CORS_ORIGINS=https://bargevasat.ir,https://www.bargevasat.ir,https://app.bargevasat.ir

# ZarinPal
ZARINPAL_MERCHANT_ID=<your-merchant-id>
ZARINPAL_SANDBOX=false
ZARINPAL_CALLBACK_URL=https://api.bargevasat.ir/api/coins/pay/callback
ZARINPAL_CLIENT_RETURN_URL=https://app.bargevasat.ir

# Admin panel token (openssl rand -hex 24)
ADMIN_TOKEN=<admin-token>

# In-app billing (Cafe Bazaar / Myket) — fill from the developer panels.
IAB_PACKAGE_NAME=com.bargevasat.app
IAB_BAZAAR_CLIENT_ID=<bazaar-client-id>
IAB_BAZAAR_CLIENT_SECRET=<bazaar-client-secret>
IAB_BAZAAR_REFRESH_TOKEN=<bazaar-refresh-token>
IAB_MYKET_ACCESS_TOKEN=<myket-access-token>
IAB_ALLOW_UNVERIFIED=false

# SMS OTP (Kavenegar). Template "hokmotp" has a %token placeholder we fill with
# the code. Leave SMS_API_KEY empty for dev mode (no SMS sent, code = 1234).
SMS_PROVIDER=kavenegar
SMS_API_KEY=<kavenegar-api-key>
SMS_TEMPLATE=hokmotp
Add Soroush CI/CD (Gitea + Nexus) + self-host fonts for offline build 2026-06-04 19:09:31 +03:30			`# ──────────────────────────────────────────────────────────────────────────`
feat(auth): real SMS OTP via Kavenegar (replaces the mock 1234 code) 2026-06-12 23:50:33 +03:30			`# Barg-e Vasat — ENV_FILE TEMPLATE (placeholders only — NO real secrets here)`
			`# Copy to deploy/ENV_FILE.local (git-ignored), fill real values, and paste the`
			`# WHOLE thing into the Gitea repo secret ENV_FILE. Saving the secret REPLACES`
			`# the entire file — always paste the complete contents.`
Add Soroush CI/CD (Gitea + Nexus) + self-host fonts for offline build 2026-06-04 19:09:31 +03:30			`# ──────────────────────────────────────────────────────────────────────────`

feat(auth): real SMS OTP via Kavenegar (replaces the mock 1234 code) 2026-06-12 23:50:33 +03:30			`# Ports`
Add Soroush CI/CD (Gitea + Nexus) + self-host fonts for offline build 2026-06-04 19:09:31 +03:30			`WEB_PORT=1500`
			`API_PORT=1505`
			`DB_PORT=1510`
feat(auth): real SMS OTP via Kavenegar (replaces the mock 1234 code) 2026-06-12 23:50:33 +03:30			`SITE_PORT=1520`
Add Soroush CI/CD (Gitea + Nexus) + self-host fonts for offline build 2026-06-04 19:09:31 +03:30
feat(auth): real SMS OTP via Kavenegar (replaces the mock 1234 code) 2026-06-12 23:50:33 +03:30			`# Database — MUST match the existing postgres volume's password`
			`POSTGRES_PASSWORD=<strong-password>`
Add Soroush CI/CD (Gitea + Nexus) + self-host fonts for offline build 2026-06-04 19:09:31 +03:30
			`# JWT — generate with: openssl rand -hex 32`
feat(auth): real SMS OTP via Kavenegar (replaces the mock 1234 code) 2026-06-12 23:50:33 +03:30			`JWT_KEY=<32+char-random-secret>`
Add Soroush CI/CD (Gitea + Nexus) + self-host fonts for offline build 2026-06-04 19:09:31 +03:30			`JWT_ISSUER=hokm`
			`JWT_AUDIENCE=hokm-clients`

feat(auth): real SMS OTP via Kavenegar (replaces the mock 1234 code) 2026-06-12 23:50:33 +03:30			`# URLs / CORS`
			`NEXT_PUBLIC_SERVER_URL=https://api.bargevasat.ir`
			`NEXT_PUBLIC_APP_URL=https://app.bargevasat.ir`
			`NEXT_PUBLIC_SITE_URL=https://bargevasat.ir`
			`CORS_ORIGINS=https://bargevasat.ir,https://www.bargevasat.ir,https://app.bargevasat.ir`
Add Soroush CI/CD (Gitea + Nexus) + self-host fonts for offline build 2026-06-04 19:09:31 +03:30
feat(auth): real SMS OTP via Kavenegar (replaces the mock 1234 code) 2026-06-12 23:50:33 +03:30			`# ZarinPal`
			`ZARINPAL_MERCHANT_ID=<your-merchant-id>`
			`ZARINPAL_SANDBOX=false`
			`ZARINPAL_CALLBACK_URL=https://api.bargevasat.ir/api/coins/pay/callback`
			`ZARINPAL_CLIENT_RETURN_URL=https://app.bargevasat.ir`
CI/Docker: use SSL-free Nexus endpoints (mirror serves partial chain) 2026-06-05 08:53:46 +03:30
feat(auth): real SMS OTP via Kavenegar (replaces the mock 1234 code) 2026-06-12 23:50:33 +03:30			`# Admin panel token (openssl rand -hex 24)`
			`ADMIN_TOKEN=<admin-token>`
feat: UNO-style table, social hub, cosmetics, speed mode, store IAB 2026-06-06 18:39:24 +03:30
feat(auth): real SMS OTP via Kavenegar (replaces the mock 1234 code) 2026-06-12 23:50:33 +03:30			`# In-app billing (Cafe Bazaar / Myket) — fill from the developer panels.`
Prod hardening: one-game-per-player, selectable music, bargevasat.ir config 2026-06-06 23:05:52 +03:30			`IAB_PACKAGE_NAME=com.bargevasat.app`
feat(auth): real SMS OTP via Kavenegar (replaces the mock 1234 code) 2026-06-12 23:50:33 +03:30			`IAB_BAZAAR_CLIENT_ID=<bazaar-client-id>`
			`IAB_BAZAAR_CLIENT_SECRET=<bazaar-client-secret>`
			`IAB_BAZAAR_REFRESH_TOKEN=<bazaar-refresh-token>`
			`IAB_MYKET_ACCESS_TOKEN=<myket-access-token>`
feat: UNO-style table, social hub, cosmetics, speed mode, store IAB 2026-06-06 18:39:24 +03:30			`IAB_ALLOW_UNVERIFIED=false`
Prod hardening: one-game-per-player, selectable music, bargevasat.ir config 2026-06-06 23:05:52 +03:30
feat(auth): real SMS OTP via Kavenegar (replaces the mock 1234 code) 2026-06-12 23:50:33 +03:30			`# SMS OTP (Kavenegar). Template "hokmotp" has a %token placeholder we fill with`
			`# the code. Leave SMS_API_KEY empty for dev mode (no SMS sent, code = 1234).`
			`SMS_PROVIDER=kavenegar`
			`SMS_API_KEY=<kavenegar-api-key>`
			`SMS_TEMPLATE=hokmotp`