ba80784ae7
- Removed privileged: true from docker-compose.yml - Removed SYS_MODULE cap_add (kept NET_ADMIN for WireGuard) - Removed source code bind mounts (./src, package.json) - Removed wg0.conf and resolv.conf bind mounts (now generated from env) - Added resource limits: mem_limit 512m, cpus 1.0 - Added healthcheck with curl - Added non-root user appuser:appgroup in Dockerfile - wg0.conf now generated from env vars at container startup (WG_PRIVATE_KEY, etc.) - resolv.conf generated from WG_DNS env var - Rotated wg0.conf — private key removed from file - Added WG_ALLOWED_IPS to .env.example SECURITY: Rotate WireGuard keys on server if previously used in production
43 lines
1.3 KiB
Plaintext
43 lines
1.3 KiB
Plaintext
# ============================================================
|
||
# Telegram Shop - Environment Configuration (TEMPLATE)
|
||
# ============================================================
|
||
# Копируй этот файл в .env и заполни реальными значениями.
|
||
# ВНИМАНИЕ: .env файлы НЕ коммитятся — они в .gitignore.
|
||
# ============================================================
|
||
|
||
# --- Telegram Bot ---
|
||
BOT_TOKEN=your_bot_token_here
|
||
ADMIN_IDS=123456789,987654321
|
||
SUPPORT_LINK=https://t.me/your_support
|
||
|
||
# --- Catalog ---
|
||
CATALOG_PATH=./catalog
|
||
|
||
# --- Encryption (ОБЯЗАТЕЛЬНО! Без этого приложение упадёт) ---
|
||
# Сгенерируй надёжный ключ: node -e "console.log(require('crypto').randomBytes(32).toString('hex'))"
|
||
ENCRYPTION_KEY=
|
||
|
||
# --- Commission ---
|
||
COMMISSION_ENABLED=true
|
||
COMMISSION_PERCENT=5
|
||
|
||
# --- Commission Wallets ---
|
||
COMMISSION_WALLET_BTC=
|
||
COMMISSION_WALLET_LTC=
|
||
COMMISSION_WALLET_USDT=
|
||
COMMISSION_WALLET_USDC=
|
||
COMMISSION_WALLET_ETH=
|
||
|
||
# --- WireGuard ---
|
||
WG_ENABLED=false
|
||
WG_PRIVATE_KEY=
|
||
WG_PUBLIC_KEY=
|
||
WG_PRESHARED_KEY=
|
||
WG_ENDPOINT=
|
||
WG_ADDRESS=
|
||
WG_DNS=
|
||
WG_ALLOWED_IPS=0.0.0.0/0,::/0
|
||
|
||
# --- Gitea API (для CI/CD и пайплайна) ---
|
||
GITEA_API_URL=https://git.softuniq.eu/api/v1
|
||
GITEA_TOKEN= |