You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
All configuration is managed via a .env file at the repository root. Copy .env.example to .env and edit as needed.
Precedence
.env in repo root (authoritative — sourced by all scripts and read by environ)
containerEnv in .devcontainer/devcontainer.json (fallback defaults)
System environment variables
Note:./menu and ./scripts/start.sh source .env automatically (via scripts/common.sh).
Running lein commands directly (e.g., lein repl, lein run) reads dev defaults
from .lein-env (generated by lein-environ from the :dev profile in project.clj).
This includes SIGNATURE so auth works out of the box for local development.
To use your .env values with lein directly:
source .env && lein repl
Variables
Datomic
Variable
Default
Description
DATOMIC_URL
datomic:dev://localhost:4334/orcpub
Database connection URI
DATOMIC_VERSION
1.0.7482
Datomic Pro version for installer
DATOMIC_TYPE
pro
Datomic distribution type
DATOMIC_PASSWORD
—
Transactor password
Application
Variable
Default
Description
PORT
8890
Web server port. Nginx proxy and healthcheck adapt automatically.
SIGNATURE
—
Required. JWT signing secret for authentication. All login and API calls fail without it.
ADMIN_PASSWORD
—
Admin password
Plugins
Variable
Default
Description
LOAD_HOMEBREW_URL
—
URL to fetch server-hosted .orcbrew plugins on first load (e.g. /homebrew.orcbrew). Unset = no fetch.
Security
Variable
Default
Description
CSP_POLICY
strict
Content Security Policy mode: strict, permissive, or none
DEV_MODE
true (in :dev profile)
Enables dev-mode CSP (Report-Only instead of enforcing)
CSP modes:
strict — nonce-based CSP with strict-dynamic. Dev mode uses Report-Only header (logs violations but doesn't block). Prod uses enforcing header.
permissive — allows unsafe-inline and unsafe-eval. Legacy fallback.
none — disables CSP entirely. Not recommended for production.
Docker / Transactor
Variable
Default
Description
ALT_HOST
127.0.0.1
Transactor alt-host for peer fallback connections. Set to service name for Swarm.
ENCRYPT_CHANNEL
true
Encrypt peer-transactor communication. Disable only for debugging.
ADMIN_PASSWORD_OLD
—
Old admin password during rotation. Remove after all peers reconnect.
DATOMIC_PASSWORD_OLD
—
Old datomic password during rotation. Remove after all peers reconnect.
See docker/transactor.properties.template for the full transactor configuration.
Email (SMTP)
Variable
Default
Description
EMAIL_SERVER_URL
—
SMTP server hostname. Leave empty to disable email.
EMAIL_ACCESS_KEY
—
SMTP username
EMAIL_SECRET_KEY
—
SMTP password
EMAIL_SERVER_PORT
587
SMTP port
EMAIL_FROM_ADDRESS
no-reply@dungeonmastersvault.com
Sender email address
EMAIL_ERRORS_TO
—
Error notification recipient
EMAIL_SSL
FALSE
Enable SSL for SMTP
EMAIL_TLS
FALSE
Enable TLS for SMTP
Logging
Variable
Default
Description
LOG_DIR
./logs
Directory for log files
POST_CREATE_VERBOSE
1 (in devcontainer)
Enable verbose post-create logging
Development
Variable
Default
Description
ORCPUB_ENV
—
Set to dev to enable add-test-user in user.clj
Files That Read Environment
File
Variables Used
src/clj/orcpub/config.clj
DATOMIC_URL, CSP_POLICY, DEV_MODE
src/clj/orcpub/system.clj
PORT (via System/getenv)
src/clj/orcpub/routes.clj
SIGNATURE, EMAIL_*, ADMIN_PASSWORD
src/clj/orcpub/index.clj
DEV_MODE, LOAD_HOMEBREW_URL
.devcontainer/post-create.sh
DATOMIC_VERSION, DATOMIC_TYPE
scripts/start.sh
DATOMIC_URL, LOG_DIR
deploy/start.sh
ADMIN_PASSWORD, DATOMIC_PASSWORD, ALT_HOST, ENCRYPT_CHANNEL, *_OLD rotation vars