OpenWeatherMapAPIKey= # OpenRouter API (AI travel day summaries — server-side proxy) OpenRouterAPIKey= # Optional model override (default: anthropic/claude-3.5-haiku) # Valid examples: anthropic/claude-3.5-haiku, anthropic/claude-3-haiku, anthropic/claude-haiku-4.5 # OpenRouterModel=anthropic/claude-3.5-haiku # DeepL API (for scripts/translate-locales.mjs and scripts/translate-flyer.mjs) # Free plan keys use api-free.deepl.com automatically (suffix :fx) DeepLAPIKey= # Passkey configuration (WebAuthn Relying Party ID and Origin) # For local dev: use localhost (NOT 127.0.0.1 — browsers reject IP addresses for Passkeys) # Production (kapteins-daagbok.eu): # RP_ID=kapteins-daagbok.eu # ORIGIN=https://kapteins-daagbok.eu RP_ID=localhost # Must match the frontend URL exactly (Vite dev: http://localhost:5173; Docker: http://localhost) ORIGIN=http://localhost:5173 # Behind reverse proxy — see docs/deployment/npm-security.md # Docker Compose (NPM → frontend nginx → backend): TRUST_PROXY=1 # TRUST_PROXY=1 # Docker Compose database (required for production deploy) # Generate: openssl rand -hex 24 # Rotate on running server: ./scripts/rotate-postgres-password.sh (see docs/deployment/postgres-password.md) # POSTGRES_USER=postgres # POSTGRES_PASSWORD= # POSTGRES_DB=daagbox # Optional: comma-separated CORS origins (defaults to ORIGIN; 127.0.0.1 may be allowed for CORS but not for login) # CORS_ORIGINS=http://localhost:5173 # API session signing (min. 32 chars; required in production) # Generate: openssl rand -base64 48 SESSION_SECRET= # Web Push (VAPID) — generate with: npx web-push generate-vapid-keys # Public key may also be set on the client as VITE_VAPID_PUBLIC_KEY VAPID_PUBLIC_KEY= VAPID_PRIVATE_KEY= VAPID_SUBJECT=mailto:support@kapteins-daagbok.eu # Feedback via Ntfy (https://ntfy.sh or self-hosted) # NTFY_TOPIC: topic name only (not the full URL) NTFY_SERVER=https://ntfy.sh NTFY_TOPIC=kapteins-daagbok-feedback NTFY_TOKEN=tk_example_ntfy_access_token