.env.example

# ─────────────────────────────────────────────────────────────────────────────
# Meezi — environment template
# Copy to .env and fill in values.  NEVER commit .env to git.
#
# For production: put the full contents in Gitea → Settings → Secrets → ENV_FILE
# ─────────────────────────────────────────────────────────────────────────────

# ── Environment ───────────────────────────────────────────────────────────────
ASPNETCORE_ENVIRONMENT=Production

# ── Database ──────────────────────────────────────────────────────────────────
DB_PASSWORD=change-me-strong-password
DB_CONNECTION_STRING=Host=postgres;Port=5432;Database=meezi;Username=meezi;Password=change-me-strong-password

# ── JWT ───────────────────────────────────────────────────────────────────────
# openssl rand -hex 32
JWT_KEY=change-me-64-char-random-string-use-openssl-rand-hex-32-output

# ── TODAY: IP-based access (no domain yet) ───────────────────────────────────
# Replace 171.22.25.73 with your actual server IP.
# Note: NEXT_PUBLIC_* are baked into Next.js images at build time.
# When you switch to a domain tomorrow, update these AND re-run CI (to rebuild).

NEXT_PUBLIC_API_URL=http://171.22.25.73:5080
NEXT_PUBLIC_ADMIN_API_URL=http://171.22.25.73:5081
# Public site origin — MUST be the real domain in prod (used for canonical URLs,
# sitemap, robots, OG tags). A wrong value here de-indexes the whole site in GSC.
NEXT_PUBLIC_SITE_URL=https://meezi.ir
NEXT_PUBLIC_KOJA_URL=https://koja.meezi.ir

APP_QR_BASE_URL=http://171.22.25.73:3101
BILLING_DASHBOARD_URL=http://171.22.25.73:3101

CORS_ORIGIN_0=http://171.22.25.73:3101
CORS_ORIGIN_1=http://171.22.25.73:3010
CORS_ORIGIN_2=http://171.22.25.73:3103
CORS_ADMIN_ORIGIN_0=http://171.22.25.73:3102

# Host ports (what gets exposed on the server)
API_PORT=5080
ADMIN_API_PORT=5081
WEB_PORT=3101
ADMIN_WEB_PORT=3102
WEBSITE_PORT=3010
KOJA_PORT=3103
POSTGRES_PORT=5434
REDIS_PORT=6381

# ── TOMORROW: domain + Caddy (comment out IP section above, use this) ─────────
# DOMAIN=meezi.ir
# ACME_EMAIL=you@example.com
#
# NEXT_PUBLIC_API_URL=https://api.meezi.ir
# NEXT_PUBLIC_ADMIN_API_URL=https://admin-api.meezi.ir
# NEXT_PUBLIC_SITE_URL=https://meezi.ir
# NEXT_PUBLIC_KOJA_URL=https://koja.meezi.ir
#
# APP_QR_BASE_URL=https://app.meezi.ir
# BILLING_DASHBOARD_URL=https://app.meezi.ir
#
# CORS_ORIGIN_0=https://app.meezi.ir
# CORS_ORIGIN_1=https://meezi.ir
# CORS_ORIGIN_2=https://koja.meezi.ir
# CORS_ADMIN_ORIGIN_0=https://admin.meezi.ir
#
# Then run CI once to rebuild images with the new URLs baked in.
# DNS required: meezi.ir, app.meezi.ir, api.meezi.ir,
#               koja.meezi.ir, admin.meezi.ir, admin-api.meezi.ir → server IP

# ── Migrations ────────────────────────────────────────────────────────────────
RUN_MIGRATIONS=true

# ── System admin seed (admin panel login) ─────────────────────────────────────
# On every boot the seeder ensures this admin exists with these credentials.
# Username defaults to "admin" if not set. Password is required to enable
# password login — leave blank to force OTP-only login.
SEED_ADMIN_PHONE=09190345606
SEED_ADMIN_USERNAME=admin
SEED_ADMIN_PASSWORD=change-me-strong-admin-password

# ── Payment: ZarinPal ─────────────────────────────────────────────────────────
# Get your merchant ID from: https://panel.zarinpal.com → API → MerchantID
ZARINPAL_MERCHANT_ID=
ZARINPAL_SANDBOX=false

# ── Payment: FlatRender Pay (ZarinPal broker) ─────────────────────────────────
# Broker keys from the FlatRender dashboard. Webhook is registered at the broker as
# https://api.meezi.ir/api/payment/webhook. Keep the live secret OUT of git.
FLATPAY_API_KEY=
FLATPAY_SECRET=
FLATPAY_BASE_URL=https://pay.flatrender.ir
FLATPAY_RETURN_URL=https://meezi.ir/payment/return

# ── SMS: Kavenegar ────────────────────────────────────────────────────────────
# Empty = OTP is logged to API console (fine for dev, not for production)
KAVENEGAR_API_KEY=4C30786935496261332B41685870444E47657A5367453369374F6E2F43334672576B526F5A4B4B795665493D

# ── Snappfood webhook ─────────────────────────────────────────────────────────
SNAPPFOOD_WEBHOOK_SECRET=change-me-snappfood-secret

# ── Docker image overrides (if direct MCR pull fails) ────────────────────────
# DOTNET_SDK_IMAGE=mirror.soroushasadi.com/dotnet/sdk:10.0
# DOTNET_ASPNET_IMAGE=mirror.soroushasadi.com/dotnet/aspnet:10.0
feat(infra): parameterize secrets, add Caddy reverse proxy for domain 2026-05-28 18:54:55 +03:30			`# ─────────────────────────────────────────────────────────────────────────────`
			`# Meezi — environment template`
			`# Copy to .env and fill in values. NEVER commit .env to git.`
			`#`
			`# For production: put the full contents in Gitea → Settings → Secrets → ENV_FILE`
			`# ─────────────────────────────────────────────────────────────────────────────`
chore: initial project structure and root configuration 2026-05-27 21:33:10 +03:30
feat(infra): parameterize secrets, add Caddy reverse proxy for domain 2026-05-28 18:54:55 +03:30			`# ── Environment ───────────────────────────────────────────────────────────────`
			`ASPNETCORE_ENVIRONMENT=Production`
chore: initial project structure and root configuration 2026-05-27 21:33:10 +03:30
feat(infra): parameterize secrets, add Caddy reverse proxy for domain 2026-05-28 18:54:55 +03:30			`# ── Database ──────────────────────────────────────────────────────────────────`
			`DB_PASSWORD=change-me-strong-password`
			`DB_CONNECTION_STRING=Host=postgres;Port=5432;Database=meezi;Username=meezi;Password=change-me-strong-password`

			`# ── JWT ───────────────────────────────────────────────────────────────────────`
			`# openssl rand -hex 32`
			`JWT_KEY=change-me-64-char-random-string-use-openssl-rand-hex-32-output`
chore: initial project structure and root configuration 2026-05-27 21:33:10 +03:30
feat(infra): parameterize secrets, add Caddy reverse proxy for domain 2026-05-28 18:54:55 +03:30			`# ── TODAY: IP-based access (no domain yet) ───────────────────────────────────`
			`# Replace 171.22.25.73 with your actual server IP.`
			`# Note: NEXT_PUBLIC_* are baked into Next.js images at build time.`
			`# When you switch to a domain tomorrow, update these AND re-run CI (to rebuild).`
chore: initial project structure and root configuration 2026-05-27 21:33:10 +03:30
feat(infra): parameterize secrets, add Caddy reverse proxy for domain 2026-05-28 18:54:55 +03:30			`NEXT_PUBLIC_API_URL=http://171.22.25.73:5080`
			`NEXT_PUBLIC_ADMIN_API_URL=http://171.22.25.73:5081`
fix(seo): website/koja base URL defaulted to localhost → de-indexed in GSC 2026-06-22 18:58:38 +03:30			`# Public site origin — MUST be the real domain in prod (used for canonical URLs,`
			`# sitemap, robots, OG tags). A wrong value here de-indexes the whole site in GSC.`
			`NEXT_PUBLIC_SITE_URL=https://meezi.ir`
			`NEXT_PUBLIC_KOJA_URL=https://koja.meezi.ir`
chore: initial project structure and root configuration 2026-05-27 21:33:10 +03:30
feat(infra): parameterize secrets, add Caddy reverse proxy for domain 2026-05-28 18:54:55 +03:30			`APP_QR_BASE_URL=http://171.22.25.73:3101`
			`BILLING_DASHBOARD_URL=http://171.22.25.73:3101`
chore: initial project structure and root configuration 2026-05-27 21:33:10 +03:30
feat(infra): parameterize secrets, add Caddy reverse proxy for domain 2026-05-28 18:54:55 +03:30			`CORS_ORIGIN_0=http://171.22.25.73:3101`
			`CORS_ORIGIN_1=http://171.22.25.73:3010`
			`CORS_ORIGIN_2=http://171.22.25.73:3103`
			`CORS_ADMIN_ORIGIN_0=http://171.22.25.73:3102`
chore: initial project structure and root configuration 2026-05-27 21:33:10 +03:30
feat(infra): parameterize secrets, add Caddy reverse proxy for domain 2026-05-28 18:54:55 +03:30			`# Host ports (what gets exposed on the server)`
			`API_PORT=5080`
			`ADMIN_API_PORT=5081`
			`WEB_PORT=3101`
			`ADMIN_WEB_PORT=3102`
			`WEBSITE_PORT=3010`
Rename public discovery app from "finder" to "koja" 2026-05-29 17:02:22 +03:30			`KOJA_PORT=3103`
feat(infra): parameterize secrets, add Caddy reverse proxy for domain 2026-05-28 18:54:55 +03:30			`POSTGRES_PORT=5434`
			`REDIS_PORT=6381`

			`# ── TOMORROW: domain + Caddy (comment out IP section above, use this) ─────────`
			`# DOMAIN=meezi.ir`
			`# ACME_EMAIL=you@example.com`
			`#`
			`# NEXT_PUBLIC_API_URL=https://api.meezi.ir`
			`# NEXT_PUBLIC_ADMIN_API_URL=https://admin-api.meezi.ir`
			`# NEXT_PUBLIC_SITE_URL=https://meezi.ir`
Rename public discovery app from "finder" to "koja" 2026-05-29 17:02:22 +03:30			`# NEXT_PUBLIC_KOJA_URL=https://koja.meezi.ir`
feat(infra): parameterize secrets, add Caddy reverse proxy for domain 2026-05-28 18:54:55 +03:30			`#`
			`# APP_QR_BASE_URL=https://app.meezi.ir`
			`# BILLING_DASHBOARD_URL=https://app.meezi.ir`
			`#`
			`# CORS_ORIGIN_0=https://app.meezi.ir`
			`# CORS_ORIGIN_1=https://meezi.ir`
Rename public discovery app from "finder" to "koja" 2026-05-29 17:02:22 +03:30			`# CORS_ORIGIN_2=https://koja.meezi.ir`
feat(infra): parameterize secrets, add Caddy reverse proxy for domain 2026-05-28 18:54:55 +03:30			`# CORS_ADMIN_ORIGIN_0=https://admin.meezi.ir`
			`#`
			`# Then run CI once to rebuild images with the new URLs baked in.`
			`# DNS required: meezi.ir, app.meezi.ir, api.meezi.ir,`
Rename public discovery app from "finder" to "koja" 2026-05-29 17:02:22 +03:30			`# koja.meezi.ir, admin.meezi.ir, admin-api.meezi.ir → server IP`
feat(infra): parameterize secrets, add Caddy reverse proxy for domain 2026-05-28 18:54:55 +03:30
			`# ── Migrations ────────────────────────────────────────────────────────────────`
			`RUN_MIGRATIONS=true`

fix(deploy): auto-migrate on boot + seed admin credentials from env 2026-05-31 20:10:56 +03:30			`# ── System admin seed (admin panel login) ─────────────────────────────────────`
			`# On every boot the seeder ensures this admin exists with these credentials.`
			`# Username defaults to "admin" if not set. Password is required to enable`
			`# password login — leave blank to force OTP-only login.`
			`SEED_ADMIN_PHONE=09190345606`
			`SEED_ADMIN_USERNAME=admin`
			`SEED_ADMIN_PASSWORD=change-me-strong-admin-password`

feat(infra): parameterize secrets, add Caddy reverse proxy for domain 2026-05-28 18:54:55 +03:30			`# ── Payment: ZarinPal ─────────────────────────────────────────────────────────`
chore: initial project structure and root configuration 2026-05-27 21:33:10 +03:30			`# Get your merchant ID from: https://panel.zarinpal.com → API → MerchantID`
			`ZARINPAL_MERCHANT_ID=`
feat(infra): parameterize secrets, add Caddy reverse proxy for domain 2026-05-28 18:54:55 +03:30			`ZARINPAL_SANDBOX=false`
chore: initial project structure and root configuration 2026-05-27 21:33:10 +03:30
feat(payment): FlatRender Pay (ZarinPal broker) checkout + webhook 2026-06-26 04:20:02 +03:30			`# ── Payment: FlatRender Pay (ZarinPal broker) ─────────────────────────────────`
			`# Broker keys from the FlatRender dashboard. Webhook is registered at the broker as`
			`# https://api.meezi.ir/api/payment/webhook. Keep the live secret OUT of git.`
			`FLATPAY_API_KEY=`
			`FLATPAY_SECRET=`
			`FLATPAY_BASE_URL=https://pay.flatrender.ir`
			`FLATPAY_RETURN_URL=https://meezi.ir/payment/return`

feat(infra): parameterize secrets, add Caddy reverse proxy for domain 2026-05-28 18:54:55 +03:30			`# ── SMS: Kavenegar ────────────────────────────────────────────────────────────`
			`# Empty = OTP is logged to API console (fine for dev, not for production)`
feat : kavenegar otp added 2026-05-29 10:18:47 +03:30			`KAVENEGAR_API_KEY=4C30786935496261332B41685870444E47657A5367453369374F6E2F43334672576B526F5A4B4B795665493D`
chore: initial project structure and root configuration 2026-05-27 21:33:10 +03:30
feat(infra): parameterize secrets, add Caddy reverse proxy for domain 2026-05-28 18:54:55 +03:30			`# ── Snappfood webhook ─────────────────────────────────────────────────────────`
			`SNAPPFOOD_WEBHOOK_SECRET=change-me-snappfood-secret`
chore: initial project structure and root configuration 2026-05-27 21:33:10 +03:30
feat(infra): parameterize secrets, add Caddy reverse proxy for domain 2026-05-28 18:54:55 +03:30			`# ── Docker image overrides (if direct MCR pull fails) ────────────────────────`
first commit 2026-05-31 11:06:24 +03:30			`# DOTNET_SDK_IMAGE=mirror.soroushasadi.com/dotnet/sdk:10.0`
			`# DOTNET_ASPNET_IMAGE=mirror.soroushasadi.com/dotnet/aspnet:10.0`