diff --git a/setup.sh b/setup.sh
index ac17acb..7c51c32 100644
--- a/setup.sh
+++ b/setup.sh
@@ -1,53 +1,59 @@
 #!/usr/bin/env bash
 set -euo pipefail
 
-REPO_DIR="."
-SECRETS_DIR="$REPO_DIR/data/secrets"
-RUNTIME_ENV="$SECRETS_DIR/runtime.env"
+REPO_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+ENV_FILE="$REPO_DIR/.env"
 
-# 1️⃣ Ensure secrets folder
-mkdir -p "$SECRETS_DIR"
-
-# 2️⃣ If runtime.env already exists, source it
-if [ -f "$RUNTIME_ENV" ]; then
-  echo "♻️  Found existing secrets in $RUNTIME_ENV — reusing."
-  # shellcheck disable=SC1091
-  source "$RUNTIME_ENV"
+if [ -f "$ENV_FILE" ]; then
+  echo "♻️  Found existing $ENV_FILE — reusing."
 else
-  echo "🔐 No existing secrets found. Generating new ones…"
+  echo "🔐 Generating new $ENV_FILE…"
 
-  # generate defaults
+  # ── Database defaults
   DB_USER="postgres"
   DB_PASS="$(openssl rand -hex 16)"
   DB_NAME="lnbitsdb"
-  FLASK_SECRET="$(openssl rand -hex 32)"
   DATABASE_URL="postgresql://${DB_USER}:${DB_PASS}@db:5432/${DB_NAME}"
 
-  cat > "$RUNTIME_ENV" <<EOF
+  # ── Flask UI secret
+  FLASK_SECRET="$(openssl rand -hex 32)"
+
+  # ── Blank placeholders for the Web UI to fill later
+  cat > "$ENV_FILE" <<EOF
+# ── Database
 DB_USER=${DB_USER}
 DB_PASS=${DB_PASS}
 DB_NAME=${DB_NAME}
 DATABASE_URL=${DATABASE_URL}
+
+# ── Flask UI
 FLASK_SECRET=${FLASK_SECRET}
+
+# ── Discord Bot (edit via Web UI or manually here)
+DISCORD_TOKEN=
+GUILD_ID=
+ROLE_ID=
+CHANNEL_ID=
+LNBITS_URL=
+LNBITS_API_KEY=
+PRICE=1000
+COMMAND_NAME=support
+INVOICE_MESSAGE=Thank you for supporting us!
 EOF
 
-  echo "✅ Generated new secrets in $RUNTIME_ENV"
+  echo "✅ Wrote defaults to $ENV_FILE"
 fi
 
-# 3️⃣ Build & run
-cd "$REPO_DIR"
+echo
+echo "🚀 Bringing up all services…"
 docker-compose up -d --build
 
-# 4️⃣ Show the values back to the user
 echo
-echo "🚀 Services are up!"
+echo "🔐 Your DB credentials (in .env):"
+echo "   DB_USER: $DB_USER"
+echo "   DB_PASS: $DB_PASS"
+echo "   DB_NAME: $DB_NAME"
 echo
-echo "🔐 Database credentials (from $RUNTIME_ENV):"
-echo "   DB_USER:     ${DB_USER:-<missing>}"
-echo "   DB_PASS:     ${DB_PASS:-<missing>}"
-echo "   DB_NAME:     ${DB_NAME:-<missing>}"
+echo "🔑 Your Flask secret: $FLASK_SECRET"
 echo
-echo "🔑 Flask session secret:"
-echo "   ${FLASK_SECRET:-<missing>}"
-echo
-echo "🌐 Open the web UI: http://localhost:3000"
+echo "🌐 Web UI available at http://localhost:3000"