marcel/familienarchiv
1
0
Fork 0
Code Issues 107 Pull Requests 1 Actions Packages Projects Releases Wiki Activity
Files
bcba4dab80610b94b98581a1c4bbae18c1a73d4b
familienarchiv/.env.example
Marcel 4e636b3253 chore(observability): document GRAFANA_DB_PASSWORD in env files 
.env.example: declare GRAFANA_DB_PASSWORD with an openssl rand -hex 32 hint
so a missing value fails loudly (NFR-OPS-02). obs.env: add a comment
explaining that the real value comes from CI's obs-secrets.env, matching
the pattern used for other secrets in that file.

Refs #651.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-05-21 20:21:05 +02:00

84 lines
3.4 KiB
Plaintext
Raw Blame History

# Datenbank (PostgreSQL)
POSTGRES_USER=archive_user
POSTGRES_PASSWORD=change-me
POSTGRES_DB=family_archive_db
# Object Storage (MinIO)
MINIO_ROOT_USER=minio_admin
MINIO_ROOT_PASSWORD=change-me
MINIO_DEFAULT_BUCKETS=archive-documents
# Ports (für Zugriff vom Host/NAS)
PORT_DB=5432
PORT_MINIO_API=9000
PORT_MINIO_CONSOLE=9001
PORT_BACKEND=8080
PORT_FRONTEND=5173
# Mailpit — local mail catcher (dev only, included in docker-compose)
# Web UI: http://localhost:8025
# SMTP: localhost:1025 (used automatically by the backend container)
PORT_MAILPIT_UI=8100
PORT_MAILPIT_SMTP=1025
# OCR Training — secret token required to call /train and /segtrain on the OCR service.
# Also set in the backend so it can pass the token through. Must not be empty in production.
# Generate with: python3 -c "import secrets; print(secrets.token_hex(32))"
OCR_TRAINING_TOKEN=change-me-in-production
# --- Observability ---
# Optional stack — start with: docker compose -f docker-compose.observability.yml up -d
# Requires the main stack to already be running (docker compose up -d creates archiv-net).
# In production the stack is managed from /opt/familienarchiv/ (see docs/DEPLOYMENT.md §4).
# Ports for host access
PORT_GRAFANA=3003
PORT_GLITCHTIP=3002
PORT_PROMETHEUS=9090
# Grafana admin password — change this before exposing Grafana beyond localhost
GRAFANA_ADMIN_PASSWORD=changeme
# Password for the read-only grafana_reader PostgreSQL role used by the PO
# Overview dashboard. Consumed by Flyway V68 (to set the role's password) and
# by Grafana's PostgreSQL datasource (to connect). REQUIRED in production —
# generate with: openssl rand -hex 32
GRAFANA_DB_PASSWORD=changeme-generate-with-openssl-rand-hex-32
# GlitchTip domain — production: use https://glitchtip.archiv.raddatz.cloud (must match Caddy vhost)
GLITCHTIP_DOMAIN=http://localhost:3002
# GlitchTip secret key — Django SECRET_KEY equivalent, used to sign sessions and tokens.
# REQUIRED in production — must not be empty or 'changeme'. Fail-closed: GlitchTip will
# refuse to start with an invalid key.
# Generate with: python3 -c "import secrets; print(secrets.token_hex(50))"
GLITCHTIP_SECRET_KEY=changeme-generate-a-real-secret
# PostgreSQL hostname for GlitchTip's db-init job and workers.
# Override when only the staging stack is running (container name differs from archive-db).
# Default (archive-db) is correct for production with the full stack up.
POSTGRES_HOST=archive-db
# $$ escaping note: passwords in /opt/familienarchiv/.env that contain a literal '$' must
# use '$$' so Docker Compose does not expand them as variable references.
# Example: a password 'p@$$word' should be written as 'p@$$$$word' in the .env file.
# Error reporting DSNs — leave empty to disable the SDK (safe default).
# SENTRY_DSN: backend (Spring Boot) — used by the GlitchTip/Sentry Java SDK
SENTRY_DSN=
SENTRY_TRACES_SAMPLE_RATE=
# VITE_SENTRY_DSN: frontend (SvelteKit) — injected at build time via Vite
VITE_SENTRY_DSN=
# Sentry/GlitchTip auth token for source map upload at build time (optional)
SENTRY_AUTH_TOKEN=
# Production SMTP — uncomment and fill in to send real emails instead of catching them
# APP_BASE_URL=https://your-domain.example.com
# MAIL_HOST=smtp.example.com
# MAIL_PORT=587
# MAIL_USERNAME=your-smtp-user
# MAIL_PASSWORD=your-smtp-password
# MAIL_SMTP_AUTH=true
# MAIL_STARTTLS_ENABLE=true
# APP_MAIL_FROM=noreply@your-domain.example.com
Reference in New Issue View Git Blame Copy Permalink