# Production environment for bifrost-portal.fenja.ai
# Copy to the EnvironmentFile path referenced by the systemd unit
# (default: /etc/bifrost-portal.env) and fill in real values. Keep it
# chmod 600, owned by the service user. NEVER commit the real file.

# Long random string used to sign sessions and invite tokens.
# Generate with:  openssl rand -hex 32
BIFROST_SECRET=change-me-openssl-rand-hex-32

# Absolute path to the SQLite database. Lives OUTSIDE the deploy dir so
# redeploys never touch it. Honored by src/lib/db.ts and scripts/migrate.js.
BIFROST_DB_PATH=/var/lib/bifrost-portal/bifrost.db

# Absolute path to the runtime uploads dir (event photos). Also outside the
# deploy dir. Honored by src/lib/uploads.ts.
BIFROST_UPLOAD_DIR=/var/lib/bifrost-portal/uploads

# Bind address + port for the Node standalone server. Loopback only — nginx
# is the only thing that should reach it. 4321 is the dev port; 4322 keeps
# us clear of it. Verify nothing else on the box uses 4322 (see DEPLOY.md).
HOST=127.0.0.1
PORT=4322

NODE_ENV=production