-
-
Notifications
You must be signed in to change notification settings - Fork 16
Expand file tree
/
Copy pathenv.example
More file actions
81 lines (72 loc) · 2.47 KB
/
Copy pathenv.example
File metadata and controls
81 lines (72 loc) · 2.47 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
############################
# Ideon Environment Template
############################
### App
# Host port to expose the app (container listens on 3000)
APP_PORT=3000
# Public base URL of the app (used for invitations and SSO auth)
APP_URL=http://localhost:3000
# Canonical timezone for server logs ONLY
TIMEZONE=UTC
# Server log level. Defaults to `debug` when `NODE_ENV=test`, otherwise `info`.
# Options: debug|info|warn|error|fatal
LOG_LEVEL=info
# Public client log level. Only affects client-side logging and is bundled into the client.
# Options: debug|info|warn|error
NEXT_PUBLIC_LOG_LEVEL=error
# PostgreSQL host or service name (Docker Compose: ideon-db)
DB_HOST=ideon-db
# PostgreSQL port (default 5432)
DB_PORT=5432
# PostgreSQL database name
DB_NAME=ideon
# PostgreSQL username
DB_USER=ideon
# PostgreSQL password
DB_PASS=ideon
### Security
# Primary master key used to derive security secrets.
# USAGE:
# - Signs user session JWTs.
# - Authenticates internal API bypass requests.
# - Derives data encryption keys (if used, data becomes unreadable on rotation).
#
# ROTATION IMPACT: High. Will invalidate all active sessions immediately.
# Use a strong, random string (e.g., openssl rand -hex 32)
SECRET_KEY=
### SMTP
# Sender email address
SMTP_FROM_EMAIL=
# Sender display name
SMTP_FROM_NAME=
# SMTP host
SMTP_HOST=
# SMTP user
SMTP_USER=
# SMTP password
SMTP_PASSWORD=
# SMTP port (e.g., 587 for STARTTLS)
SMTP_PORT=
# Use TLS (true/false)
SMTP_USE_TLS=true
### Git Integration
# Comma-separated list of allowed internal hosts for Git stats fetching (bypasses SSRF protection)
# Example: gitlab.internal,10.0.0.5
GIT_ALLOWED_HOSTS=
### Shell Block
# Maximum concurrent shell sessions per project (default: 2)
SHELL_MAX_SESSIONS=2
### Proxy / Header Authentication
# Automatic sign-in via trusted reverse proxy headers (nginx mTLS, Traefik, Authelia, etc.)
# Only enable when Ideon is reachable exclusively through the proxy; never expose port 3000 publicly.
AUTH_PROXY_ENABLED=false
# Shared secret the proxy MUST send in the X-Proxy-Secret header on every request.
# Generate with: openssl rand -hex 32
# Configure nginx: proxy_set_header X-Proxy-Secret "your-secret-here";
AUTH_PROXY_SECRET=
# Header carrying the username or display name (optional, used for provisioning).
AUTH_PROXY_HEADER_USER=x-remote-user
# Header carrying the email address (required).
AUTH_PROXY_HEADER_EMAIL=x-remote-email
# Create a new account automatically on first proxy-authenticated request.
AUTH_PROXY_AUTO_PROVISION=false