config: make domain configurable via DOMAIN env var

Replace hardcoded evosync.ru with a DOMAIN variable read from .env.
nginx.conf is now generated from nginx.conf.template via envsubst;
init-letsencrypt.sh reads DOMAIN from .env and fails loudly if unset.
README documents the new variable and first-deploy TLS workflow.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

scripts/init-letsencrypt.sh

@@ -1,12 +1,25 @@
 #!/bin/bash
-# Obtain TLS certificates from Let's Encrypt for evosync.ru
+# Obtain TLS certificates from Let's Encrypt.
 # Run once on first deploy: sudo ./scripts/init-letsencrypt.sh
-# Requires nginx running on the host with acme-challenge location configured
+# Requires nginx running on the host with acme-challenge location configured.
+# Set DOMAIN in .env or export it before running:
+#   DOMAIN=example.com sudo -E ./scripts/init-letsencrypt.sh
 
 set -euo pipefail
 
-DOMAIN="evosync.ru"
-EMAIL="${LETSENCRYPT_EMAIL:-admin@evosync.ru}"
+# Load DOMAIN from .env if not already set in environment
+if [ -f .env ]; then
+  # Extract DOMAIN line, strip quotes and export
+  DOMAIN_FROM_ENV=$(grep -E '^DOMAIN=' .env | cut -d= -f2- | tr -d '"'"'" | head -1)
+  DOMAIN="${DOMAIN:-$DOMAIN_FROM_ENV}"
+fi
+
+if [ -z "${DOMAIN:-}" ]; then
+  echo "ERROR: DOMAIN is not set. Add DOMAIN=yourdomain.com to .env or export it." >&2
+  exit 1
+fi
+
+EMAIL="${LETSENCRYPT_EMAIL:-admin@$DOMAIN}"
 CERTBOT_DIR="./certbot"
 ACME_DIR="/var/www/certbot"
 
@@ -34,6 +47,9 @@ sudo chown "$(whoami):$(whoami)" "$CERTBOT_DIR/conf"/*.pem
 
 echo "==> Done! TLS certificate installed for $DOMAIN"
 echo ""
+echo "Regenerate nginx config from template:"
+echo "  DOMAIN=$DOMAIN envsubst '\$DOMAIN' < nginx/nginx.conf.template > nginx/nginx.conf"
+echo ""
 echo "Certificate files:"
 echo "  - $CERTBOT_DIR/conf/fullchain.pem"
 echo "  - $CERTBOT_DIR/conf/privkey.pem"