Sanitize member-manager .env.example: remove all real credentials

Secrets removed: DATABASE_PASSWORD, SMTP_PASSWORD, SLACK_API_TOKEN,
GOOGLE_SHEETS_CREDENTIALS (full service account private key), PAYPAL_CLIENT_ID,
PAYPAL_CLIENT_SECRET, RECHARGE_API_KEY, BACKUP_DATABASE_URLS password.

Also: fix UTHENTIK_GROUP_ID typo; remove mangled markdown comment fragments;
fix VAR = value spacing -> VAR=value; add SECRET_KEY_BASE, REDIS_URL,
IMAGE_VERSION; update SMTP_ADDRESS to postfix; sanitize LOCAL_AUTH_* comments.

Made-with: Cursor

Author: romkey

apps/member-manager/.env.example

@@ -1,21 +1,80 @@
-# Rails environment
+# ── Image versions ────────────────────────────────────────────────────────────
+#IMAGE_VERSION=latest
+#REDIS_IMAGE_VERSION=7-alpine
+
+# ── Rails ─────────────────────────────────────────────────────────────────────
 RAILS_ENV=production
+RAILS_LOG_TO_STDOUT=true
+RAILS_SERVE_STATIC_FILES=true
+RAILS_MAX_THREADS=5
+
+# Generate with: openssl rand -hex 64
 SECRET_KEY_BASE=
 
-# Database (connects via postgres-net)
-DATABASE_URL=postgresql://member_manager:password@postgresql:5432/member_manager_production
+# ── Database (connects via postgres-net) ──────────────────────────────────────
+DATABASE_USER=member-manager_user
+DATABASE_PASSWORD=
+DATABASE_NAME=member-manager_db
+DATABASE_HOST=postgresql
+DATABASE_URL=postgres://${DATABASE_USER}:${DATABASE_PASSWORD}@${DATABASE_HOST}:5432/${DATABASE_NAME}
 
-# Redis (internal member-manager-redis container)
+# Used by db-backup to back up this service's database
+BACKUP_DATABASE_URLS=postgresql://${DATABASE_USER}:${DATABASE_PASSWORD}@${DATABASE_HOST}:5432/${DATABASE_NAME}
+
+# ── Redis (internal member-manager-redis container) ───────────────────────────
 REDIS_URL=redis://member-manager-redis:6379/0
 
-# Outbound email via postfix (connects via postfix-net)
-SMTP_HOST=postfix
-SMTP_PORT=587
-SMTP_FROM=noreply@example.com
+# ── Authentication (Authentik) ────────────────────────────────────────────────
+# UUID of the Authentik group that grants membership access
+AUTHENTIK_GROUP_ID=
 
-# Application URL
-APP_HOST=member-manager.example.com
+# Local auth fallback (for development/emergency use only)
+#LOCAL_AUTH_ENABLED=true
+#LOCAL_AUTH_EMAIL=admin@example.com
+#LOCAL_AUTH_PASSWORD=
+#LOCAL_AUTH_FULL_NAME=
 
-# Image versions (optional, defaults shown)
-#IMAGE_VERSION=latest
-#REDIS_IMAGE_VERSION=7-alpine
+# ── Outbound email (connects via postfix-net) ─────────────────────────────────
+SMTP_ADDRESS=postfix
+SMTP_PORT=25
+SMTP_DOMAIN=pdxhackerspace.org
+SMTP_USERNAME=
+SMTP_PASSWORD=
+SMTP_AUTHENTICATION=plain
+SMTP_ENABLE_STARTTLS=false
+EMAIL_FROM_ADDRESS=info@pdxhackerspace.org
+#EMAIL_SUPPORT_ADDRESS=
+
+# ── Slack ─────────────────────────────────────────────────────────────────────
+# Bot/user OAuth token (xoxp-... or xoxb-...)
+SLACK_API_TOKEN=
+
+# ── Google Sheets integration ─────────────────────────────────────────────────
+GOOGLE_SHEETS_ID=
+# Paste the full service account credentials JSON as a single-line string
+GOOGLE_SHEETS_CREDENTIALS=
+
+# ── PayPal ────────────────────────────────────────────────────────────────────
+PAYPAL_CLIENT_ID=
+PAYPAL_CLIENT_SECRET=
+PAYPAL_API_BASE_URL=https://api-m.paypal.com
+#PAYPAL_API_BASE_URL=https://api-m.sandbox.paypal.com
+PAYPAL_TRANSACTIONS_LOOKBACK_DAYS=1095
+#PAYPAL_TRANSACTIONS_LOOKBACK_DAYS=31
+
+# ── ReCharge ──────────────────────────────────────────────────────────────────
+RECHARGE_API_KEY=
+RECHARGE_API_BASE_URL=https://api.rechargeapps.com
+RECHARGE_TRANSACTIONS_LOOKBACK_DAYS=3650
+
+# ── Access control ────────────────────────────────────────────────────────────
+RFID_WEBHOOK_IP_WHITELIST=192.168.0.0/16
+ACCESS_LOGS_DIRECTORY=/tmp/access
+SYSLOG_SERVER=192.168.13.2
+SYSLOG_PORT=514
+
+# ── Application ───────────────────────────────────────────────────────────────
+MEMBER_MANAGER_BASE_URL=https://members.pdxhackerspace.org
+ORGANIZATION_NAME=PDX Hackerspace
+TZ=America/Los_Angeles
+TIMEZONE=America/Los_Angeles