# Operator secrets — never commit. Copy .env.example -> .env and fill in.
.env
caddy/.env

# Local-only overrides
*.local.toml
*.local.json

# Built Caddy binary (rebuild from caddy/Dockerfile instead of committing 50MB)
caddy/caddy
caddy/*.bin

# Local operational artifacts — DB dumps, store exports, validation runs.
# These contain REAL secrets + account/mail data. Never commit.
_backup/
_validate/
*.dump
# Stalwart store export/import dirs (stalwart --export/--import)
export/
*.export

# NB: config/config.json IS committed on purpose — it's the v0.16 bootstrap
# config and is secret-free (DB password comes from $STALWART_DB_PASSWORD via
# the EnvironmentVariable secret type). Don't add it here.

# Editor swap / backup files
*.swp
*.swo
*~