-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy path.env.example
114 lines (95 loc) · 4.27 KB
/
.env.example
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
# .env.example
# Environment Configuration
# - Copy this file to /opt/arkfile/etc/[env]/secrets.env for each environment
# - Replace [env] with either 'prod' or 'test'
# - Each environment should have its own configuration file with appropriate values
# Application Environment
# This determines which environment configuration to use
ENV=prod # or 'test'
# Domain Configuration
DOMAIN=arkfile.net # for prod
# DOMAIN=test.arkfile.net # for test
# Service Configuration
PORT=8080 # Use 8080 for prod, 8081 for test
BASE_DIR=/opt/arkfile
SERVICE_USER=arkprod # Use 'arkprod' for prod, 'arktest' for test
# Database Configuration
DB_PATH=/opt/arkfile/var/lib/${ENV}/arkfile.db
# Security Configuration
# Generate new secrets for each environment using:
# JWT secret: openssl rand -hex 32
# DB encryption: openssl rand -hex 32
JWT_SECRET=your_very_secure_jwt_secret_key_here
DB_ENCRYPTION_KEY=your_32_byte_hex_encoded_key_here # Must be exactly 32 bytes when hex decoded
# Admin Configuration
# Comma-separated list of admin email addresses
# These users will:
# - Be automatically approved upon registration
# - Have admin privileges to approve other users
# - Be able to modify user storage limits
ADMIN_EMAILS=admin@domain.com,admin2@domain.com
# Storage Configuration
# Default storage limit is 10GB per user
# Admins can modify individual user limits through the API
# Storage size is tracked in bytes for all uploaded files
# S3-Compatible Storage Configuration
# Supported providers: backblaze, wasabi, vultr
STORAGE_PROVIDER=backblaze # Provider to use (backblaze, wasabi, vultr)
S3_ENDPOINT=s3.something.backblazeb2.com # Required for Backblaze
S3_REGION=us-west-1 # Required for Wasabi/Vultr (e.g., us-west-1 for Wasabi, ewr for Vultr)
S3_ACCESS_KEY_ID=your_key_id
S3_SECRET_KEY=your_secret_key
S3_BUCKET_NAME=your_bucket_name # e.g., arkfile-prod or arkfile-test
# Provider-specific notes:
# Backblaze: Only S3_ENDPOINT needs to be set manually
# Wasabi: Requires S3_REGION, endpoint auto-generated as s3.[region].wasabi.com
# Vultr: Requires S3_REGION, endpoint auto-generated as [region].vultrobjects.com
# Vultr Configuration (for Caddy DNS challenges)
VULTR_API_KEY=your_vultr_api_key
# Caddy Configuration
CADDY_EMAIL=admin@domain.com
# Logging Configuration
LOG_LEVEL=info # Available levels: debug, info, warn, error
LOG_FORMAT=json # Available formats: json, text
# TLS Configuration (for local development only)
TLS_ENABLED=false # Set to true in production
TLS_CERT_FILE= # Only used if TLS_ENABLED=true
TLS_KEY_FILE= # Only used if TLS_ENABLED=true
# Service Dependencies
# These settings are used by systemd service templates
WANTS_SERVICES=caddy.service # Additional services to wait for
# Release Management
KEEP_RELEASES=5 # Number of previous releases to maintain
# Example Environment-Specific Values:
#
# Production (/opt/arkfile/etc/prod/secrets.env):
# ENV=prod
# DOMAIN=arkfile.net
# PORT=8080
# SERVICE_USER=arkprod
# DB_PATH=/opt/arkfile/var/lib/prod/arkfile.db
# DB_ENCRYPTION_KEY=<unique-prod-key> # Generate unique key for production
# JWT_SECRET=<unique-prod-jwt> # Generate unique JWT secret for production
# S3_BUCKET_NAME=arkfile-prod
# ADMIN_EMAILS=admin@domain.com # Production admin list
#
# Test (/opt/arkfile/etc/test/secrets.env):
# ENV=test
# DOMAIN=test.arkfile.net
# PORT=8081
# SERVICE_USER=arktest
# DB_PATH=/opt/arkfile/var/lib/test/arkfile.db
# DB_ENCRYPTION_KEY=<unique-test-key> # Generate unique key for test
# JWT_SECRET=<unique-test-jwt> # Generate unique JWT secret for test
# S3_BUCKET_NAME=arkfile-test
# ADMIN_EMAILS=testadmin@domain.com # Test environment admin list
# Security Note:
# - All encryption keys and secrets should be unique per environment
# - Generate encryption keys and secrets using: openssl rand -hex 32
# - Never reuse keys between environments
# - Store keys securely and never commit to version control
# - Admin email addresses should be carefully controlled and reviewed
# - Consider using separate admin accounts for prod and test environments
# Note: This file serves as a template and documentation.
# Never commit actual secrets or credentials to version control.
# Each environment should have its own secrets.env file with real values.