# Copy to .env and fill in. NEVER commit the real .env.

# Strong random token the n8n workflow (and you) use for admin endpoints.
# Generate e.g. with: openssl rand -hex 32
ADMIN_API_TOKEN=change-me-to-a-long-random-string

# Public port on the host (container always listens on 8080 internally).
PORT=8080

# Comma-separated product slugs to seed on boot ("slug:Display Name").
# Add a new entry here whenever you ship another plugin.
SEED_PRODUCTS=gdpr-content-blocker:GDPR Content Blocker

# Absolute, public base URL of this backend (behind your TLS reverse proxy).
# Used to build the package download links handed to WordPress.
PUBLIC_BASE_URL=https://hub.lucas-orth.de

# Secret for signing time-limited download tokens. Generate with:
#   openssl rand -hex 32
# If left empty, ADMIN_API_TOKEN is used as a fallback.
DOWNLOAD_SECRET=

# Optional: for "release from URL" (POST /api/v1/releases/from-url).
# Restrict which host release ZIPs may be fetched from (recommended):
GITEA_BASE_URL=https://gitea.lucas-orth.de
# Token to download release assets from PRIVATE Gitea repos (leave empty if public):
GITEA_TOKEN=

# Name of the existing Docker network that Nginx Proxy Manager runs on, so NPM
# can reach this container as "license-backend:8080". Find it with:
#   docker network ls
# Typical values: npm_default, nginxproxymanager_default, proxy
NPM_NETWORK=npm_default