# ── F2B Control Center — environment configuration ───────────────────────────
# cp .env.example .env  then fill in your values.
# ─────────────────────────────────────────────────────────────────────────────

# ── Data directory ────────────────────────────────────────────────────────────
# Host path where NPM data, logs, and certs are stored.
# NPM logs will be at: ${DATA_DIR}/npm/logs/proxy-host-*_access.log
DATA_DIR=./data

# ── Dashboard ─────────────────────────────────────────────────────────────────
# Port the dashboard listens on (direct host port — network_mode: host)
DASHBOARD_PORT=4000

# ── Network ───────────────────────────────────────────────────────────────────
# Comma-separated CIDRs to skip during log scanning and banning.
# Include your LAN, Docker bridge, and any other trusted networks.
SUBNETS_TO_IGNORE=10.0.0.0/8,172.16.0.0/12,192.168.0.0/16

# ── AbuseIPDB (optional but recommended) ─────────────────────────────────────
# Enables IP reputation lookups and the AUTO-BAN feature.
# Free API keys: https://www.abuseipdb.com/
ABUSEIPDB_API_KEY=

# ── Telegram notifications (optional) ────────────────────────────────────────
# Sends a message on ban/unban/start/stop events.
# 1. Create a bot via @BotFather → copy the token
# 2. Get your chat ID (send a message to the bot, then:
#    curl https://api.telegram.org/bot<TOKEN>/getUpdates)
TELEGRAM_BOT_TOKEN=
TELEGRAM_CHAT_ID=

# ── Cloudflare (docker-compose.cloudflare.yml only) ───────────────────────────
# Required when using docker-compose.cloudflare.yml.
# Global API Key from: https://dash.cloudflare.com/profile/api-tokens
CF_EMAIL=
CF_APIKEY=

# ── Webhook (optional) ────────────────────────────────────────────────────────
# POST to this URL on every manual ban from the dashboard.
# Payload: { "action": "ban", "ip": "...", "jail": "manual-bans", "ts": "..." }
WEBHOOK_URL=

# ── Cloudflare whitelist sync (optional) ──────────────────────────────────────
# Path (inside the container) to a script run after any whitelist change.
# Mount your script into the container and set this path.
# CF_SYNC=/usr/local/bin/cloudflare-whitelist-sync.sh