# Copy this file to .env and fill in your values before starting the stack.
#   cp .env.example .env

# ── MySQL ─────────────────────────────────────────────────────────────────────
# Use strong random passwords — generate with: openssl rand -hex 16
MYSQL_ROOT_PASSWORD=change_me
MYSQL_DATABASE=eggtracker
MYSQL_USER=eggtracker
MYSQL_PASSWORD=change_me

# ── Super admin ───────────────────────────────────────────────────────────────
# This account is created (and its password synced) automatically on every startup.
# Use a strong password of at least 10 characters.
ADMIN_USERNAME=admin
ADMIN_PASSWORD=change_me

# ── JWT signing secret ────────────────────────────────────────────────────────
# Generate a strong random value before deploying:
#   openssl rand -hex 32
JWT_SECRET=change_me

# ── CORS ─────────────────────────────────────────────────────────────────────
# Comma-separated list of external origins that may call the API.
# Leave empty if the API is only accessed via the bundled nginx frontend (same-origin).
# Example: ALLOWED_ORIGINS=https://myapp.example.com,https://admin.example.com
ALLOWED_ORIGINS=

# ── Cookies ───────────────────────────────────────────────────────────────────
# Set to false only when testing locally over plain HTTP (no HTTPS/NRP)
SECURE_COOKIES=true

# ── Ntfy push notifications (optional) ───────────────────────────────────────
# Sends alerts for: new registrations, admin logins, user disable/delete, impersonation.
# Use https://ntfy.sh/your-secret-topic or a self-hosted ntfy URL.
# Leave blank to disable notifications entirely.
NTFY_URL=
NTFY_TOKEN=