-
-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy path.env.example
More file actions
189 lines (156 loc) · 7.82 KB
/
.env.example
File metadata and controls
189 lines (156 loc) · 7.82 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
# =============================================================================
# allthingslinux monorepo — base environment (.env.example)
# =============================================================================
# Copy to .env and adjust values. This is the shared baseline for both dev and
# prod. Use .env.dev / .env.prod for mode-specific overrides.
#
# This root .env is for Docker/compose-driven services. App runtime env (portal,
# chat-web) is validated inline in each app — see their own .env.example files.
# =============================================================================
# ── Core ──────────────────────────────────────────────────────────────────────
PUID=1000
PGID=1000
TZ=UTC
NODE_ENV=development
ATL_GATEWAY_IP=127.0.0.1
ATL_CHAT_IP=127.0.0.1
LOG_MAX_SIZE=50m
LOG_MAX_FILES=5
# ── Portal ────────────────────────────────────────────────────────────────────
DATABASE_URL=postgresql://postgres:postgres@localhost:5432/portal
BETTER_AUTH_SECRET=change_me_32_char_secret
BETTER_AUTH_URL=http://portal.localhost:3000
# ── Web (Cloudflare) ──────────────────────────────────────────────────────────
CLOUDFLARE_API_TOKEN=
CLOUDFLARE_ACCOUNT_ID=
# ── Chat Web ──────────────────────────────────────────────────────────────────
NEXT_PUBLIC_IRC_WS_URL=wss://irc.localhost/ws
NEXT_PUBLIC_XMPP_BOSH_URL=https://xmpp.localhost:5281/http-bind
# ── IRC / UnrealIRCd ──────────────────────────────────────────────────────────
UNREALIRCD_VERSION=6.2.0.1
IRC_DOMAIN=irc.localhost
IRC_ROOT_DOMAIN=atl.chat
IRC_NETWORK_NAME=All Things Linux IRC
IRC_CLOAK_PREFIX=atl
IRC_TLS_PORT=6697
IRC_SERVER_PORT=6900
IRC_RPC_PORT=8600
IRC_WEBSOCKET_PORT=8000
IRC_ADMIN_NAME=All Things Linux
IRC_ADMIN_EMAIL=admin@allthingslinux.org
IRC_STAFF_VHOST=allthingslinux.org
IRC_STS_DURATION=1m
IRC_STS_PRELOAD=no
IRC_SSL_CERT_PATH=/home/unrealircd/unrealircd/certs/live/irc.localhost/fullchain.pem
IRC_SSL_KEY_PATH=/home/unrealircd/unrealircd/certs/live/irc.localhost/privkey.pem
# CLOAK KEYS — generate with `just gencloak` after first setup.
# DO NOT use these placeholder values in production.
IRC_CLOAK_KEY_1=
IRC_CLOAK_KEY_2=
IRC_CLOAK_KEY_3=
IRC_OPER_PASSWORD=change_me_irc_oper_password
IRC_DRPASS=change_me_irc_drpass
IRC_SERVICES_PASSWORD=change_me_irc_services_password
ATL_WEBIRC_PASSWORD=change_me_webirc_password
WEBPANEL_RPC_USER=adminpanel
WEBPANEL_RPC_PASSWORD=change_me_webpanel_password
IRC_TLS_VERIFY=false
IRC_LOUNGE_REJECT_UNAUTHORIZED=false
IRC_WEBSOCKET_USE_TLS=true
BRIDGE_IRC_TLS_VERIFY=false
# ── Atheme ────────────────────────────────────────────────────────────────────
ATHEME_VERSION=master
ATHEME_SERVER_NAME=services.atl.chat
ATHEME_SERVER_DESC=All Things Linux IRC Services
ATHEME_NUMERIC=00A
ATHEME_RECONTIME=10
ATHEME_NETNAME=atl.chat
ATHEME_HIDEHOST_SUFFIX=users.atl.chat
ATHEME_ADMIN_NAME=All Things Linux
ATHEME_ADMIN_EMAIL=admin@allthingslinux.org
ATHEME_REGISTER_EMAIL=noreply@allthingslinux.org
ATHEME_UPLINK_HOST=127.0.0.1
ATHEME_UPLINK_PORT=6901
ATHEME_HTTPD_PORT=8081
ATHEME_SRA_BOOTSTRAP_ACCOUNT=admin
ATHEME_HELP_CHANNEL=#help
ATHEME_HELP_URL=https://allthingslinux.org
ATHEME_SEND_PASSWORD=change_me_atheme_send_password
# ── XMPP / Prosody ───────────────────────────────────────────────────────────
XMPP_DOMAIN=xmpp.localhost
PROSODY_DOMAIN=xmpp.localhost
PROSODY_C2S_PORT=5222
PROSODY_S2S_PORT=5269
PROSODY_C2S_DIRECT_TLS_PORT=5223
PROSODY_S2S_DIRECT_TLS_PORT=5270
PROSODY_HTTP_PORT=5280
PROSODY_HTTPS_PORT=5281
PROSODY_PROXY65_PORT=5000
PROSODY_ADMIN_JID=admin@xmpp.localhost
PROSODY_ADMIN_EMAIL=admin@allthingslinux.org
PROSODY_OAUTH2_REGISTRATION_KEY=change_me_prosody_oauth2_registration_key
PROSODY_ALLOW_PLACEHOLDER_KEY=true
PROSODY_HTTPS_VIA_PROXY=false
PROSODY_UPLOAD_EXTERNAL_URL=https://xmpp.localhost:5281/upload/
PROSODY_HTTP_EXTERNAL_URL=http://xmpp.localhost:5280/
PROSODY_PROXY_ADDRESS=xmpp.localhost
PROSODY_SSL_KEY=/etc/prosody/certs/live/xmpp.localhost/privkey.pem
PROSODY_SSL_CERT=/etc/prosody/certs/live/xmpp.localhost/fullchain.pem
PROSODY_REST_URL=http://atl-xmpp-server:5280/admin_api
PROSODY_REST_TOKEN=
PROSODY_FEED_URL=https://allthingslinux.org/feed
TURN_SECRET=change_me_turn_secret
TURN_EXTERNAL_HOST=turn.atl.network
TURN_PORT=3478
TURNS_PORT=5349
# ── Bridge ────────────────────────────────────────────────────────────────────
BRIDGE_DISCORD_TOKEN=
BRIDGE_DISCORD_CHANNEL_ID=
BRIDGE_PORTAL_BASE_URL=
BRIDGE_PORTAL_TOKEN=
IRC_BRIDGE_SERVER=atl-irc-server
BRIDGE_IRC_NICK=bridge
BRIDGE_IRC_OPER_PASSWORD=
BRIDGE_XMPP_COMPONENT_JID=bridge.xmpp.localhost
BRIDGE_XMPP_COMPONENT_SECRET=change_me_xmpp_component_secret
BRIDGE_XMPP_COMPONENT_SERVER=atl-xmpp-server
BRIDGE_XMPP_COMPONENT_PORT=5347
BRIDGE_RELAYMSG_CLEAN_NICKS=true
BRIDGE_IRC_REDACT_ENABLED=true
LOG_LEVEL=INFO
XMPP_AVATAR_BASE_URL=http://atl-xmpp-server:5280
XMPP_AVATAR_PUBLIC_URL=
XMPP_UPLOAD_FETCH_URL=http://atl-xmpp-server:5280
# ── The Lounge ────────────────────────────────────────────────────────────────
THELOUNGE_PORT=9000
THELOUNGE_WEBIRC_PASSWORD=change_me_thelounge_webirc
THELOUNGE_DELETE_UPLOADS_AFTER_MINUTES=1440
# ── Fluux Messenger ──────────────────────────────────────────────────────────
FLUUX_VERSION=v0.13.3
FLUUX_DOMAIN=webxmpp.atl.chat
FLUUX_CERT_DOMAIN=atl.chat
FLUUX_MESSENGER_PORT=8091
FLUUX_MESSENGER_HTTPS_PORT=8443
# ── TLS automation (prod) ────────────────────────────────────────────────────
LETSENCRYPT_EMAIL=admin@allthingslinux.org
CLOUDFLARE_DNS_API_TOKEN=
# ── Network services ─────────────────────────────────────────────────────────
EXTERNAL_IP=127.0.0.1
TURN_REALM=atl.network
# ── atl.tools ─────────────────────────────────────────────────────────────────
TAILSCALE_IP= # VPS Tailscale IP — required for all tools service port bindings
CONVERTX_JWT_SECRET= # Required — ConvertX auth token
CONVERTX_ALLOW_UNAUTHENTICATED=true
SEARXNG_SECRET= # Required — SearXNG secret key
# Port overrides (defaults shown)
PRIVATEBIN_PORT=8080
CYBERCHEF_PORT=1337
CONVERTX_PORT=3001
SEARXNG_PORT=8082
IT_TOOLS_PORT=8083
JSONCRACK_PORT=8890
STIRLING_PDF_PORT=8084
HCKRNWS_PORT=3000
# Alloy agent (observability)
ALLOY_REMOTE_WRITE_URL= # Central Mimir endpoint via Tailscale
ALLOY_LOKI_URL= # Central Loki endpoint via Tailscale