# Kopiere nach terraform.tfvars und fülle die Werte. NICHT committen (steht in .gitignore).

hcloud_token   = "DEIN_HETZNER_API_TOKEN"
ssh_public_key = "ssh-ed25519 AAAA... dein-key"
admin_cidr     = "1.2.3.4/32" # deine IP für SSH

location     = "nbg1"
network_zone = "eu-central"

app_count       = 2
app_server_type = "cx22"
db_server_type  = "cx22"

# Anwendung
repo_url    = "https://github.com/DEIN-USER/vcard4reseller.git" # privat: Token in URL
repo_branch = "main"
domain      = "test.example.com"
app_secret  = "GENERIERE_32_HEX" # z. B. openssl rand -hex 16

# Datenbank
db_password      = "STARKES_PASSWORT"
db_root_password = "STARKES_ROOT_PASSWORT"

# JWT (einmal erzeugen, identisch für alle Nodes – siehe README)
jwt_passphrase  = "DEINE_PASSPHRASE"
jwt_private_key = <<-EOT
-----BEGIN ENCRYPTED PRIVATE KEY-----
...
-----END ENCRYPTED PRIVATE KEY-----
EOT
jwt_public_key  = <<-EOT
-----BEGIN PUBLIC KEY-----
...
-----END PUBLIC KEY-----
EOT

# Hetzner Object Storage (Bucket + Keys vorab in der Console anlegen)
s3_endpoint = "https://nbg1.your-objectstorage.com"
s3_region   = "nbg1"
s3_bucket   = "vcard4-card-assets"
s3_key      = "OBJECT_STORAGE_ACCESS_KEY"
s3_secret   = "OBJECT_STORAGE_SECRET_KEY"