70 lines
2.4 KiB
Plaintext
70 lines
2.4 KiB
Plaintext
# LedgerDock environment template
|
|
# Copy to .env and adjust all secret values before first run.
|
|
|
|
# Development defaults (HTTP local stack)
|
|
APP_ENV=development
|
|
HOST_BIND_IP=127.0.0.1
|
|
# Optional host directory for persistent bind mounts in docker-compose.yml.
|
|
# Defaults to ./data when unset.
|
|
# DCM_DATA_DIR=./data
|
|
|
|
POSTGRES_USER=dcm
|
|
POSTGRES_PASSWORD=ChangeMe-Postgres-Secret
|
|
POSTGRES_DB=dcm
|
|
DATABASE_URL=postgresql+psycopg://dcm:ChangeMe-Postgres-Secret@db:5432/dcm
|
|
|
|
REDIS_PASSWORD=ChangeMe-Redis-Secret
|
|
REDIS_URL=redis://:ChangeMe-Redis-Secret@redis:6379/0
|
|
REDIS_SECURITY_MODE=compat
|
|
REDIS_TLS_MODE=allow_insecure
|
|
|
|
AUTH_BOOTSTRAP_ADMIN_USERNAME=admin
|
|
AUTH_BOOTSTRAP_ADMIN_PASSWORD=ChangeMe-Admin-Password
|
|
AUTH_BOOTSTRAP_USER_USERNAME=user
|
|
AUTH_BOOTSTRAP_USER_PASSWORD=ChangeMe-User-Password
|
|
AUTH_LOGIN_FAILURE_LIMIT=5
|
|
AUTH_LOGIN_FAILURE_WINDOW_SECONDS=900
|
|
AUTH_LOGIN_LOCKOUT_BASE_SECONDS=30
|
|
AUTH_LOGIN_LOCKOUT_MAX_SECONDS=900
|
|
# Optional cookie controls for split frontend/api hosts:
|
|
# Leave AUTH_COOKIE_DOMAIN empty unless you explicitly need a parent-domain CSRF cookie mirror.
|
|
# Host-only auth cookies are issued automatically for the API host.
|
|
# AUTH_COOKIE_DOMAIN=docs.lan
|
|
# AUTH_COOKIE_SAMESITE=auto
|
|
|
|
APP_SETTINGS_ENCRYPTION_KEY=ChangeMe-Settings-Encryption-Key
|
|
TYPESENSE_API_KEY=ChangeMe-Typesense-Key
|
|
|
|
PROCESSING_LOG_STORE_MODEL_IO_TEXT=false
|
|
PROCESSING_LOG_STORE_PAYLOAD_TEXT=false
|
|
CONTENT_EXPORT_MAX_DOCUMENTS=250
|
|
CONTENT_EXPORT_MAX_TOTAL_BYTES=52428800
|
|
CONTENT_EXPORT_RATE_LIMIT_PER_MINUTE=6
|
|
|
|
PROVIDER_BASE_URL_ALLOW_HTTP=true
|
|
PROVIDER_BASE_URL_ALLOW_PRIVATE_NETWORK=true
|
|
PROVIDER_BASE_URL_ALLOWLIST=[]
|
|
|
|
PUBLIC_BASE_URL=http://localhost:8000
|
|
CORS_ORIGINS=["http://localhost:5173","http://localhost:3000"]
|
|
# Used at build time for production frontend image, and at runtime in development.
|
|
VITE_API_BASE=
|
|
# Development-only Vite host allowlist override.
|
|
VITE_ALLOWED_HOSTS=
|
|
|
|
# Production baseline overrides (set explicitly for live deployments):
|
|
# APP_ENV=production
|
|
# HOST_BIND_IP=127.0.0.1
|
|
# REDIS_URL=rediss://:<strong-password>@redis.example.internal:6379/0
|
|
# REDIS_SECURITY_MODE=strict
|
|
# REDIS_TLS_MODE=required
|
|
# AUTH_COOKIE_DOMAIN=example.com
|
|
# AUTH_COOKIE_SAMESITE=none
|
|
# PROVIDER_BASE_URL_ALLOW_HTTP=false
|
|
# PROVIDER_BASE_URL_ALLOW_PRIVATE_NETWORK=false
|
|
# PROVIDER_BASE_URL_ALLOWLIST=["api.openai.com"]
|
|
# PUBLIC_BASE_URL=https://api.example.com
|
|
# CORS_ORIGINS=["https://app.example.com"]
|
|
# VITE_API_BASE=https://api.example.com/api/v1
|
|
# VITE_ALLOWED_HOSTS=app.example.com
|