-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy path.env.example
More file actions
111 lines (94 loc) · 4.13 KB
/
.env.example
File metadata and controls
111 lines (94 loc) · 4.13 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
# hack.sv ID - Environment Configuration
# Copy this file to .env and configure your settings
# =============================================================================
# REQUIRED SETTINGS
# =============================================================================
# Flask Configuration
SECRET_KEY=your-super-secret-key-change-this-in-production
PROD=FALSE
BASE_URL=http://127.0.0.1:3000
# Google OAuth 2.0 (Required)
# Get these from: https://console.cloud.google.com/
GOOGLE_CLIENT_ID=your-google-client-id.apps.googleusercontent.com
GOOGLE_CLIENT_SECRET=your-google-client-secret
# =============================================================================
# OPTIONAL SETTINGS
# =============================================================================
# Discord Integration (Optional)
# Get these from: https://discord.com/developers/applications
DISCORD_BOT_TOKEN=your-discord-bot-token
DISCORD_GUILD_ID=your-discord-server-id
# Email Notifications (Optional)
# AWS SES SMTP Configuration
MAIL_HOST=email-smtp.us-west-1.amazonaws.com
MAIL_PORT=587
MAIL_USERNAME=your-aws-ses-smtp-username
MAIL_PASSWORD=your-aws-ses-smtp-password
# Analytics (Optional)
# PostHog Configuration - Get from: https://posthog.com/
POSTHOG_API_KEY=phc_your-posthog-api-key
POSTHOG_HOST=https://us.i.posthog.com
POSTHOG_ENABLED=true
# Mailing List (Optional)
# Listmonk Configuration - Self-hosted newsletter/mailing list manager
LISTMONK_URL=https://mail.hack.sv
LISTMONK_API_KEY=your-listmonk-admin-api-key
LISTMONK_ENABLED=true
# Teable (Required for persistent data)
TEABLE_API_URL=https://app.teable.ai/api
TEABLE_ACCESS_TOKEN=your-teable-access-token
TEABLE_BASE_ID=your-teable-base-id
TEABLE_TABLE_USERS=tbl_users
TEABLE_TABLE_ADMINS=tbl_admins
TEABLE_TABLE_ADMIN_PERMISSIONS=tbl_admin_permissions
TEABLE_TABLE_API_KEYS=tbl_api_keys
TEABLE_TABLE_APPS=tbl_apps
TEABLE_TABLE_APP_ACCESS_ENTRIES=tbl_app_access_entries
TEABLE_TABLE_APP_ACCESS_AUDIT=tbl_app_access_audit
# ACL guardrail (<1000 while pagination is deferred)
APP_ACL_MAX_ENTRIES=500
# =============================================================================
# SAML IDP SETTINGS (OPTIONAL, required when SAML_ENABLED=true)
# =============================================================================
SAML_ENABLED=false
SAML_IDP_ENTITY_ID=https://id.hack.sv/saml/metadata
SAML_IDP_KEY_ACTIVE_PATH=/run/secrets/saml_idp_key_active.pem
SAML_IDP_CERT_ACTIVE_PATH=/run/secrets/saml_idp_cert_active.pem
SAML_IDP_KEY_NEXT_PATH=
SAML_IDP_CERT_NEXT_PATH=
SAML_XMLSEC_BINARY=/usr/bin/xmlsec1
SAML_METADATA_SYNC_ENABLED=true
SAML_METADATA_SYNC_TIMEOUT_SEC=10
SAML_METADATA_SYNC_MAX_BYTES=262144
SAML_METADATA_SYNC_USER_AGENT=hack-id-saml-sync/1.0
# =============================================================================
# PRODUCTION SETTINGS
# =============================================================================
# When BASE_URL is unset, PROD controls defaults:
# - PROD=TRUE => https://id.hack.sv
# - PROD=FALSE => http://127.0.0.1:3000
# You can override either by setting BASE_URL explicitly (recommended for tunnels/staging).
# - OAuth Redirect: https://id.hack.sv/auth/google/callback
#
# Make sure to:
# 1. Set PROD=TRUE (for production defaults) or set BASE_URL directly
# 2. Update your Google OAuth redirect URIs
# 3. Use HTTPS in production
# 4. Set a strong SECRET_KEY
# =============================================================================
# SETUP INSTRUCTIONS
# =============================================================================
# 1. Copy this file: cp .env.example .env
# 2. Edit .env with your actual values
# 3. Set up Google OAuth (see README.md)
# 4. Initialize database: python utils/db_init.py
# 5. Set up first admin: python setup_admin.py your-admin@example.com
# 6. Start application: python app.py
# =============================================================================
# SECURITY NOTES
# =============================================================================
# - Never commit .env to version control
# - Use strong, unique SECRET_KEY in production
# - Enable HTTPS in production (PROD=TRUE)
# - Regularly rotate API keys and secrets
# - Review admin access periodically