-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy path.env.example
More file actions
49 lines (41 loc) · 2.25 KB
/
.env.example
File metadata and controls
49 lines (41 loc) · 2.25 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
# Root .env — committed template for host-local secrets.
# Copy to `.env` on each deploy host (prod, staging, dev laptop) and fill in
# values. This file is auto-loaded by `docker compose` for `${VAR}`
# interpolation.
#
# Non-secret per-environment config (APP_ENV, URLs, worker counts, …) lives
# in the committed `.env.prod.compose` / `.env.staging.compose` files at repo
# root — do not duplicate them here. The justfile `prod_compose` /
# `staging_compose` recipes pick the right one per environment.
COMPOSE_BAKE=true
# --- Cloudflare tunnel -----------------------------------------------
TUNNEL_TOKEN=your_token # 🔀 prod or staging token depending on this host
# --- Central monitoring stack (optional) ----------------------------
# All three vars below are OPTIONAL. Setting an endpoint enables the
# corresponding exporter; leaving it unset disables it. There is no separate
# on/off flag — the endpoint IS the switch.
#
# Auth pattern (when the central ingress is public-but-protected, e.g. behind a
# Cloudflare WAF rule requiring Authorization: Basic …):
# printf '%s:%s' relab "$SECRET" | base64 # → <base64>
# Loki driver has no custom-header config → auth goes in the URL.
# OTEL SDK reads OTEL_EXPORTER_OTLP_HEADERS → pass it there (URL-encode the space).
#
# One-time, per host, before enabling Loki shipping:
# docker plugin install grafana/loki-docker-driver:latest \
# --alias loki --grant-all-permissions
# Logs → Loki push endpoint (auth embedded in URL)
# LOKI_URL=https://relab:<secret>@logs.cml-relab.org/loki/api/v1/push
# Traces/metrics → OTLP HTTP collector (+ matching auth header)
# OTEL_EXPORTER_OTLP_ENDPOINT=https://otlp.cml-relab.org
# OTEL_EXPORTER_OTLP_HEADERS=Authorization=Basic%20<base64>
# --- Backup destinations ---------------------------------------------
BACKUP_DIR=./backups
# Remote rsync backup config (for use of backend/scripts/backup/rsync_backup.sh script)
BACKUP_RSYNC_REMOTE_HOST=user@host # 🔀
BACKUP_RSYNC_REMOTE_PATH=/path/to/remote/backup # 🔀
# Remote rclone backup config (for use of backend/scripts/backup/rclone_backup.sh script)
BACKUP_RCLONE_REMOTE=myremote:/path/to/remote/backup # 🔀
BACKUP_RCLONE_MULTI_THREAD_STREAMS=16
BACKUP_RCLONE_TIMEOUT=5m
BACKUP_RCLONE_USE_COOKIES=false