# Kopiere nach terraform.tfvars und fülle die Werte. NICHT committen (steht in .gitignore).

hcloud_token   = "DEIN_HETZNER_API_TOKEN"
ssh_public_key = "ssh-ed25519 AAAA... dein-key"
admin_cidr     = "1.2.3.4/32" # deine IP für SSH

location     = "nbg1"
network_zone = "eu-central"

app_count       = 2
app_server_type = "cx23"
db_server_type  = "cx23"

# Anwendung
repo_url    = "https://github.com/DEIN-USER/vcard4reseller.git" # privat: Token in URL
repo_branch = "main"
domain      = "test.example.com" # Portal-Domain (ins Portal einloggen)
acme_email  = "admin@example.com" # Let's Encrypt
app_secret  = "GENERIERE_32_HEX"  # z. B. openssl rand -hex 16

# DNS optional über Hetzner DNS API (sonst A-Record manuell auf caddy_ip setzen)
manage_dns        = false
hetzner_dns_token = "" # separater DNS-API-Token
dns_zone_name     = "" # z. B. example.com

# Datenbank
db_password      = "STARKES_PASSWORT"
db_root_password = "STARKES_ROOT_PASSWORT"

# JWT (einmal erzeugen, identisch für alle Nodes – siehe README)
jwt_passphrase  = "DEINE_PASSPHRASE"
jwt_private_key = <<-EOT
-----BEGIN ENCRYPTED PRIVATE KEY-----
...
-----END ENCRYPTED PRIVATE KEY-----
EOT
jwt_public_key  = <<-EOT
-----BEGIN PUBLIC KEY-----
...
-----END PUBLIC KEY-----
EOT

# Hetzner Object Storage (Bucket + Keys vorab in der Console anlegen)
s3_endpoint = "https://nbg1.your-objectstorage.com"
s3_region   = "nbg1"
s3_bucket   = "vcard4-card-assets"
s3_key      = "OBJECT_STORAGE_ACCESS_KEY"
s3_secret   = "OBJECT_STORAGE_SECRET_KEY"

# Code-Rollout (optional): Standard-Key ~/.ssh/vcard4_deploy. Zum Ausrollen:
#   tofu apply -var deploy_version=$(git rev-parse --short HEAD)
# ssh_private_key_path = "~/.ssh/vcard4_deploy"