-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy path.env.example
More file actions
107 lines (87 loc) · 4 KB
/
Copy path.env.example
File metadata and controls
107 lines (87 loc) · 4 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
# =============================================================================
# REQUIRED SECRETS - Application will not start without these
# =============================================================================
# Database (REQUIRED)
# For local dev: postgres://oppskrift:oppskrift@localhost:5432/oppskrift
# For docker compose: postgres://oppskrift:oppskrift@db:5432/oppskrift
DATABASE_URL=postgres://oppskrift:oppskrift@localhost:5432/oppskrift
# Docker Compose database credentials (used by docker-compose.yml)
POSTGRES_USER=oppskrift
POSTGRES_PASSWORD=oppskrift
POSTGRES_DB=oppskrift
# JWT Secret (REQUIRED - minimum 32 characters)
# Generate with: openssl rand -base64 48
JWT_SECRET=change-me-in-production-min-32-chars
# CSRF Secret (optional in dev: a random one is generated if unset).
# REQUIRED in multi-node/clustered production so all nodes share one. Min 32 bytes.
# Generate with: openssl rand -base64 48
# CSRF_SECRET=change-me-min-32-bytes
# TOTP Encryption Key (REQUIRED in production - 64 hex chars = 32 bytes)
# Generate with: openssl rand -hex 32
# Used to encrypt TOTP secrets stored in database
TOTP_ENCRYPTION_KEY=0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef
# S3 Bucket (REQUIRED)
S3_BUCKET=oppskrift
# =============================================================================
# OPTIONAL - Have sensible defaults
# =============================================================================
# S3-compatible storage
S3_ENDPOINT=http://localhost:9000
S3_ACCESS_KEY_ID=minioadmin
S3_SECRET_ACCESS_KEY=minioadmin
S3_REGION=us-east-1
# Public URL prefix for serving uploaded files
# (defaults to the AWS virtual-host URL: https://<bucket>.s3.<region>.amazonaws.com)
# S3_PUBLIC_URL=http://localhost:9000/oppskrift
# Docker Compose MinIO credentials (used by docker-compose.yml)
MINIO_ROOT_USER=minioadmin
MINIO_ROOT_PASSWORD=minioadmin
# Application
RUST_LOG=info,oppskrift=debug
HOST=0.0.0.0
PORT=3000
# LISTEN_HOST / LISTEN_PORT override HOST / PORT (e.g. when HOST is reserved by the OS)
# LISTEN_HOST=0.0.0.0
# LISTEN_PORT=3000
BASE_URL=http://localhost:3000
# Display name, also used as the TOTP issuer
APP_NAME=Oppskrift Dev
# Environment toggles. Set to "production" to enforce strict validation / secure
# defaults. RUST_ENV gates secret validation (JWT/TOTP); APP_ENV gates service
# behavior (e.g. breached-password checks). The federation domain is derived
# from BASE_URL.
# RUST_ENV=production
# APP_ENV=production
# Have I Been Pwned breached-password check (default: true)
HIBP_ENABLED=true
# =============================================================================
# AUTHENTICATION (Optional - have sensible defaults)
# =============================================================================
# Session settings
SESSION_EXPIRY_DAYS=7
# Rate limiting (max requests per sliding window; values shown are the defaults)
RATE_LIMIT_AUTH_FAILED=5 # failed logins per IP
RATE_LIMIT_AUTH_ACCOUNT=10 # auth attempts per account
RATE_LIMIT_API_UNAUTHENTICATED=30 # unauthenticated API requests
RATE_LIMIT_UPLOAD=20 # image uploads
RATE_LIMIT_SEARCH=10 # search requests
RATE_LIMIT_EXPORT=1 # recipe/book exports
LOCKOUT_DURATION_MINUTES=15
# Comma-separated trusted proxy IPs for client-IP extraction behind a reverse proxy
# TRUSTED_PROXIES=127.0.0.1,::1
# =============================================================================
# EMAIL / SMTP (Optional - email features disabled if not configured)
# =============================================================================
# For local development with Mailpit (docker-compose up mailpit)
# View emails at http://localhost:8025
SMTP_HOST=localhost
SMTP_PORT=1025
EMAIL_FROM_ADDRESS=noreply@localhost
EMAIL_FROM_NAME=Oppskrift Dev
# For production, use a real SMTP provider:
# SMTP_HOST=smtp.example.com
# SMTP_PORT=587
# SMTP_USER=noreply@oppskrift.example.com
# SMTP_PASSWORD=your-smtp-password
# EMAIL_FROM_ADDRESS=noreply@oppskrift.example.com
# EMAIL_FROM_NAME=Oppskrift