4e636b3253
.env.example: declare GRAFANA_DB_PASSWORD with an openssl rand -hex 32 hint so a missing value fails loudly (NFR-OPS-02). obs.env: add a comment explaining that the real value comes from CI's obs-secrets.env, matching the pattern used for other secrets in that file. Refs #651. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
30 lines
1.3 KiB
Bash
30 lines
1.3 KiB
Bash
# Non-secret observability stack configuration — tracked in git.
|
|
# Secret values (passwords, keys) are injected by CI from Gitea secrets
|
|
# into /opt/familienarchiv/obs-secrets.env at deploy time.
|
|
#
|
|
# For local dev the main .env file supplies these values instead;
|
|
# this file is only used in the CI/production path.
|
|
|
|
# Host ports (all bound to 127.0.0.1 — Caddy is the external entry point)
|
|
PORT_GRAFANA=3003
|
|
PORT_GLITCHTIP=3002
|
|
PORT_PROMETHEUS=9090
|
|
|
|
# Public URLs — used for internal redirects, alert email links, OAuth callbacks
|
|
GF_SERVER_ROOT_URL=https://grafana.archiv.raddatz.cloud
|
|
GLITCHTIP_DOMAIN=https://glitchtip.archiv.raddatz.cloud
|
|
|
|
POSTGRES_USER=archiv
|
|
|
|
# Note: GRAFANA_DB_PASSWORD is a secret and is injected by CI from
|
|
# obs-secrets.env (see .env.example for the local-dev declaration).
|
|
# It is consumed by both archive-backend (Flyway V68 placeholder) and
|
|
# obs-grafana (PostgreSQL datasource).
|
|
|
|
# PostgreSQL hostname for GlitchTip db-init and workers.
|
|
# The actual value depends on the Compose project name — it is not a fixed string.
|
|
# CI sets POSTGRES_HOST in obs-secrets.env per environment:
|
|
# staging: archiv-staging-db-1 (project archiv-staging + service db)
|
|
# production: archiv-production-db-1 (project archiv-production + service db)
|
|
# For local dev, set POSTGRES_HOST in your .env file (defaults to archive-db there).
|