# --- Server (API) ---
# Shared Postgres. Internal Docker host within Coolify network, or SSH-tunnel locally.
DATABASE_URL=postgres://mika:CHANGEME@l8kogcggsc80sgcgk8kswww4:5432/claudedo

# Zitadel OIDC
ZITADEL_ISSUER=https://auth.kuns.dev
# Comma-separated accepted audiences: web client id, desktop client id, project id
ZITADEL_AUDIENCE=
# Comma-separated owner Zitadel user ids (the single owner's `sub`)
ALLOWED_USER_IDS=
# CORS: the web client origin (the app's own origin)
WEB_ORIGIN=https://claudedo.kuns.dev

# --- Web client (public, exposed to browser) ---
NUXT_PUBLIC_ZITADEL_ISSUER=https://auth.kuns.dev
NUXT_PUBLIC_ZITADEL_CLIENT_ID=

# --- Provisioning script only (not needed at runtime) ---
# Zitadel Management API PAT (from ~/.secrets/coolify-tokens.env: ZITADEL_SERVICE_TOKEN)
ZITADEL_SERVICE_TOKEN=