# Local dev / container runtime values
NEAR_INTENTS_API_KEY=replace_me
NEAR_INTENTS_WS_URL=wss://solver-relay-v2.chaindefuser.com/ws
KAFKA_BROKERS=redpanda:9092
KAFKA_CLIENT_ID=unrip
KAFKA_TOPIC_RAW_NEAR_INTENTS_QUOTE=raw.near_intents.quote
KAFKA_TOPIC_NORM_SWAP_DEMAND=norm.swap_demand
KAFKA_TOPIC_CMD_EXECUTE_TRADE=cmd.execute_trade
KAFKA_TOPIC_EXEC_TRADE_RESULT=exec.trade_result
KAFKA_CONSUMER_GROUP_DUMMY=dummy-reactor-v1
KAFKA_CONSUMER_GROUP_EXECUTOR=dummy-executor-v1
EXECUTOR_STATE_DIR=/var/lib/unrip/executor-state

# Repo-driven Hetzner bootstrap values live separately from the app .env.
# Copy scripts/hetzner/bootstrap-secrets.env.example to
# scripts/hetzner/bootstrap-secrets.env, configure non-secret values plus *_PASS
# mappings to your pass store, then:
#   source scripts/hetzner/bootstrap-secrets.env
#   bash scripts/hetzner/bootstrap.sh
#
# Canonical operator flow uses `pass` for sensitive values; explicit env vars still
# override pass-backed lookups for CI/testing.
#
# Expected bootstrap inputs now include:
# - HCLOUD_TOKEN_PASS or HCLOUD_TOKEN
# - SSH_PUBLIC_KEY_PATH
# - PUBLIC_DOMAIN
# - BASE_DOMAIN
# - LETSENCRYPT_EMAIL
# - REGISTRY_USERNAME
# - REGISTRY_PASSWORD_PASS or REGISTRY_PASSWORD
# - NEAR_INTENTS_API_KEY_PASS or NEAR_INTENTS_API_KEY
# - FORGEJO_ADMIN_USERNAME
# - FORGEJO_ADMIN_EMAIL
# - FORGEJO_ADMIN_PASSWORD_PASS or FORGEJO_ADMIN_PASSWORD
# - optional DNS provider creds via *_PASS or direct env vars
#
# Future k3s deployment should source the app values from Kubernetes Secret/ConfigMap.
# Hetzner provisioning is workstation-driven after Terraform; cloud-init no longer clones this repo onto the node.