ld-sysinfo-frontend/ENV_FILES.md

# Environment Files Setup

## Overview
Environment variables are stored securely in `/etc/frontend/` and accessed via symlinks in this directory.

## File Structure
```
/etc/frontend/
├── dev.env   (systemd environment for dev)
└── prod.env  (systemd environment for prod)

/home/sonder/ld-sysinfo-react-frontend/
├── .env.dev  -> /etc/frontend/dev.env  (symlink)
└── .env.prod -> /etc/frontend/prod.env (symlink)
```

## Editing Environment Variables

You can edit these files directly from VSCode:
- `.env.dev` - Development environment (port 3002)
- `.env.prod` - Production environment (port 3001)

**Note:** You need to be in the `frontend-devs` group to edit these files. Both `sonder` and `deploy` users are members.

## After Editing

After making changes to environment files, restart the relevant service:

```bash
# For development
sudo systemctl restart frontend@dev

# For production
sudo systemctl restart frontend@prod
```

## Environment Variables

Both files contain:
- `PORT` - Server port (3002 for dev, 3001 for prod)
- `API_BASE_URL` - Server-side API endpoint
- `NEXT_PUBLIC_API_BASE_URL` - Client-side API endpoint
- `DB_HOST`, `DB_USER`, `DB_PASSWORD`, `DB_NAME` - Database credentials
- `NVD_API_KEY` - API key for CVE data

## Security Notes

- Files are stored in `/etc/frontend/` with `660` permissions (owner: root, group: frontend-devs)
- Only root and members of `frontend-devs` group can read/write
- Files are **not** committed to git (listed in `.gitignore`)
- Symlinks are safe to commit as they don't contain sensitive data