From 32d509fe9d489054b01b1f30d6c42d915626be51 Mon Sep 17 00:00:00 2001
From: Alexander Schmidt <alexander.schmidt1@mgb.ch>
Date: Thu, 26 Mar 2026 14:07:07 +0100
Subject: [PATCH] Harden deploy script config handling

---
 scripts/deploy.sh | 26 ++++++++++++++++++++++++--
 1 file changed, 24 insertions(+), 2 deletions(-)

diff --git a/scripts/deploy.sh b/scripts/deploy.sh
index 618c4cc..35afe1c 100755
--- a/scripts/deploy.sh
+++ b/scripts/deploy.sh
@@ -2,8 +2,30 @@
 set -euo pipefail
 
 # Safe deploy: never delete server-side runtime data/ files.
-HOST="root@REDACTED"
-TARGET="/home/REDACTED/public_html"
+#
+# Configuration (required):
+#   DEPLOY_HOST   e.g. root@example.com or deploy@example.com
+#   DEPLOY_TARGET e.g. /home/user/web/xmrpay.link/public_html
+#
+# Optional local config file (not committed):
+#   scripts/.deploy.env
+
+SCRIPT_DIR="$(cd -- "$(dirname -- "${BASH_SOURCE[0]}")" && pwd)"
+ENV_FILE="$SCRIPT_DIR/.deploy.env"
+
+if [[ -f "$ENV_FILE" ]]; then
+  # shellcheck disable=SC1090
+  source "$ENV_FILE"
+fi
+
+HOST="${DEPLOY_HOST:-}"
+TARGET="${DEPLOY_TARGET:-}"
+
+if [[ -z "$HOST" || -z "$TARGET" ]]; then
+  echo "Missing deploy configuration." >&2
+  echo "Set DEPLOY_HOST and DEPLOY_TARGET (env vars or scripts/.deploy.env)." >&2
+  exit 1
+fi
 
 rsync -avz --delete \
   --exclude '.git' \