-
-
Notifications
You must be signed in to change notification settings - Fork 55
Expand file tree
/
Copy path.env.example
More file actions
181 lines (143 loc) · 6.47 KB
/
.env.example
File metadata and controls
181 lines (143 loc) · 6.47 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
# =============================================================================
# Hoodik — configuration reference
# Copy this file to .env and adjust for your environment.
# All values shown are the defaults unless marked as *required*.
# =============================================================================
# -----------------------------------------------------------------------------
# Core
# -----------------------------------------------------------------------------
# Directory where all uploaded files and the database will be stored.
# There is no default — this must be set before starting the application.
DATA_DIR=/tmp/data
# PostgreSQL connection string. Omit to use the built-in SQLite database.
# WARNING: SQLite and PostgreSQL are not interchangeable. Switching after data
# has been written will result in data loss.
# DATABASE_URL=postgres://postgres:postgres@localhost:5432/postgres
# Port the server listens on. (default: 5443)
# HTTP_PORT=5443
# IP address the server binds to.
# In the Docker image this is automatically set to 0.0.0.0.
# Only change this if you are running the binary directly outside of Docker.
# (default: localhost)
# HTTP_ADDRESS=localhost
# Public URL of the application. Used for generating links in emails and for
# CORS/cookie configuration. Set this to your actual domain in production.
# (default: https://{HTTP_ADDRESS}:{HTTP_PORT})
APP_URL=https://localhost:5443
# URL of the web frontend. In production this should match APP_URL.
# During development, point this at the Vite dev server (http://localhost:5173).
# Also used for action links inside emails.
# (default: APP_URL)
APP_CLIENT_URL=http://localhost:5173
# -----------------------------------------------------------------------------
# TLS
# -----------------------------------------------------------------------------
# Disable TLS entirely. For development and testing only.
# (default: false)
# SSL_DISABLED=true
# Path to a PEM-encoded TLS certificate.
# If neither cert nor key is provided, a self-signed certificate is generated
# automatically in DATA_DIR. Not recommended for production.
# (default: DATA_DIR/hoodik.crt.pem)
# SSL_CERT_FILE=/path/to/cert.crt.pem
# Path to the PEM-encoded TLS private key matching SSL_CERT_FILE.
# (default: DATA_DIR/hoodik.key.pem)
# SSL_KEY_FILE=/path/to/key.key.pem
# -----------------------------------------------------------------------------
# Authentication & sessions
# -----------------------------------------------------------------------------
# Secret used to sign JWT tokens.
# If not set, a random secret is generated on every startup, which invalidates
# all existing sessions whenever the application restarts.
# Set this to a stable random string in production.
# JWT_SECRET=change-me-to-a-long-random-string
# How many days an idle session remains valid before requiring a new login.
# (default: 30)
# LONG_TERM_SESSION_DURATION_DAYS=30
# Lifetime in seconds of the short-lived access token.
# The token is refreshed automatically while the user is active.
# (default: 120)
# SHORT_TERM_SESSION_DURATION_SECONDS=120
# Name of the session cookie.
# (default: hoodik_session)
# SESSION_COOKIE=hoodik_session
# Name of the refresh token cookie.
# (default: hoodik_refresh)
# REFRESH_COOKIE=hoodik_refresh
# Hide the session cookie from JavaScript (recommended).
# (default: true)
# COOKIE_HTTP_ONLY=true
# Only send cookies over HTTPS (recommended).
# (default: true)
# COOKIE_SECURE=true
# SameSite cookie policy. Valid values: Lax, Strict, None.
# Set to None if your frontend and backend are on different domains (also
# requires COOKIE_SECURE=true).
# (default: Lax)
# COOKIE_SAME_SITE=Lax
# Override the cookie domain. Defaults to the host from APP_URL.
# Only change this if you know what you are doing — a wrong value will break
# authentication.
# COOKIE_DOMAIN=example.com
# Use Authorization headers instead of cookies for authentication.
#
# Enable this when your frontend and backend are on different domains, or when
# you need to access the API from a separate application.
#
# When enabled:
# - Tokens are stored in the browser's localStorage (not HttpOnly cookies).
# - Every request must include the token via: Authorization: Bearer <token>
# - Tokens are accessible to JavaScript, which increases XSS risk.
#
# Leave this at false (the default) when running on a single domain.
# (default: false)
# USE_HEADERS_FOR_AUTH=false
# -----------------------------------------------------------------------------
# Email (SMTP)
# -----------------------------------------------------------------------------
# Email provider. Set to "smtp" to enable, or leave empty / set to "none" to
# disable. When disabled, new accounts are activated automatically without
# email confirmation — suitable for local or private deployments.
# (default: none)
# MAILER_TYPE=none
# The following variables are required when MAILER_TYPE=smtp:
# SMTP_ADDRESS=smtp.gmail.com
# SMTP_USERNAME=you@gmail.com
# SMTP_PASSWORD=your-app-password
# SMTP port. TLS mode is auto-detected from the port if SMTP_TLS_MODE is not set:
# 465 → implicit TLS (default)
# 587 → STARTTLS
# 25 → plain (no TLS)
# (default: 465)
# SMTP_PORT=465
# Force a specific TLS mode. Valid values: implicit, starttls, none.
# If not set, the mode is auto-detected from SMTP_PORT.
# SMTP_TLS_MODE=implicit
# Sender email address shown in outgoing emails.
# SMTP_DEFAULT_FROM_EMAIL=you@gmail.com
# Sender display name (optional). Defaults to "Hoodik" if not set.
# SMTP_DEFAULT_FROM_NAME=Hoodik Drive
# -----------------------------------------------------------------------------
# Storage provider
# -----------------------------------------------------------------------------
# Which backend to use for storing file chunks.
# Valid values: local, s3
# (default: local)
# STORAGE_PROVIDER=local
# The following variables are required when STORAGE_PROVIDER=s3:
# S3 bucket name where file chunks will be stored.
# S3_BUCKET=my-hoodik-bucket
# AWS region. (default: us-east-1)
# S3_REGION=us-east-1
# Custom S3 endpoint for S3-compatible services (MinIO, Backblaze B2, Wasabi,
# DigitalOcean Spaces, etc.). Omit for standard AWS S3.
# S3_ENDPOINT=http://localhost:9000
# Access key ID and secret key for S3 authentication.
# S3_ACCESS_KEY=your-access-key
# S3_SECRET_KEY=your-secret-key
# Use path-style addressing (required for MinIO and some S3-compatible services).
# (default: false)
# S3_PATH_STYLE=false
# Optional key prefix for all objects (e.g. "hoodik/" to namespace within a
# shared bucket).
# S3_PREFIX=