Lumen
28 lines
1.2 KiB
Bash
28 lines
1.2 KiB
Bash
# Copy to .env for local dev. In production these come from Gitea Actions secrets
|
|
# (Settings → Actions → Secrets), NOT from a committed file.
|
|
#
|
|
# Generate strong values:
|
|
# for s in AUTH_SECRET JWT_SECRET DB_PASSWORD; do echo "$s=$(openssl rand -base64 32)"; done
|
|
|
|
# NextAuth v5 (Auth.js) session secret. Rotating invalidates all sessions.
|
|
AUTH_SECRET=changeme-base64-32
|
|
|
|
# Backend HMAC signing key (base64; JwtService base64-decodes it).
|
|
# Rotating invalidates all previously issued access/refresh tokens.
|
|
JWT_SECRET=changeme-base64-32
|
|
|
|
# Postgres role password for the live DB role.
|
|
# NOTE: only applies on FIRST volume init; the deploy reconciles existing
|
|
# volumes via ALTER USER (see .gitea/workflows/deploy.yml).
|
|
DB_PASSWORD=changeme-base64-24
|
|
|
|
# ── Local-only frontend origin (override in compose for public phase) ──
|
|
# For LOCAL phase point these at the LAN host:
|
|
# NEXTAUTH_URL=http://192.168.188.119:__FRONTEND_PORT__
|
|
# AUTH_URL=http://192.168.188.119:__FRONTEND_PORT__
|
|
# For PUBLIC phase the TrueNAS override sets them to https://__SUBDOMAIN__
|
|
NEXTAUTH_URL=http://localhost:3000
|
|
AUTH_URL=http://localhost:3000
|
|
AUTH_TRUST_HOST=true
|
|
BACKEND_URL=http://backend:8080
|