-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathexample.env
More file actions
318 lines (265 loc) · 11.1 KB
/
example.env
File metadata and controls
318 lines (265 loc) · 11.1 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
########################################
### Getting Started
########################################
### Copy this file to `.env` and fill in values.
### After changing env vars, restart the server.
########################################
### Application
########################################
### Runtime environment (keep `production` in production).
### How to obtain: set by your runtime (Docker/PM2/etc.).
# NODE_ENV=production
### Public name shown in the UI.
### How to obtain: choose your product name.
APP_NAME=Swush
### Public base URL of your app (must match your actual domain, incl. https).
### How to obtain: your deployed domain URL (include https).
APP_URL=https://domain.example
### Process role for background job execution.
### - all: API + job runners in same process (default)
### - api: API only (no background workers)
### - worker: background workers only (no API traffic expected)
### Use api/worker split when deploying separate app + worker containers.
# JOB_RUNNER_ROLE=all
### Support/contact details shown in the UI.
### How to obtain: your support/ops contact info.
SUPPORT_NAME=Swush Support
SUPPORT_EMAIL=swush@domain.example
### Browser CORS allowlist (comma-separated origins).
### Only affects browsers; does not stop curl/servers.
### How to obtain: list the allowed web origins.
CORS_ORIGIN=https://domain.example
########################################
### 🗄️ Database
########################################
### PostgreSQL connection string.
### How to obtain:
### - Hosted (Neon/Supabase/RDS/etc.): copy the provided connection string.
### - Self-hosted: construct from your DB user/pass/host/db.
DATABASE_URL=postgresql://user:pass@host/db?sslmode=verify-full&channel_binding=require
### Optional DB pool tuning for mixed interactive + background workloads.
# PG_POOL_MAX=20
# PG_POOL_IDLE_TIMEOUT_MS=30000
# PG_POOL_CONNECTION_TIMEOUT_MS=7500
# PG_POOL_MAX_USES=7500
########################################
### ⚡ Redis (optional, recommended)
########################################
### Redis for shared cache + distributed job locks.
### How to obtain: from your managed Redis provider or self-hosted Redis.
### Option A (preferred): full URL
# REDIS_URL=redis://127.0.0.1:6379
### Option B: host/port/database envs (used when REDIS_URL is not set)
# REDIS_HOST=127.0.0.1
# REDIS_PORT=6379
### Redis DB index (same idea as redis://host:6379/1)
# REDIS_DB=0
### Optional auth / ACL / TLS
# REDIS_USERNAME=
# REDIS_PASSWORD=
# REDIS_TLS=false
### Optional key prefix (useful when sharing one Redis instance).
# REDIS_PREFIX=swush
### Optional server settings cache TTL in milliseconds.
# SERVER_SETTINGS_CACHE_TTL_MS=30000
### Optional lock TTLs for distributed runners (milliseconds).
# REDIS_CRON_LOCK_TTL_MS=7200000
# REDIS_PREVIEW_JOB_LOCK_TTL_MS=1200000
# REDIS_STREAM_JOB_LOCK_TTL_MS=3600000
########################################
### 🔐 Authentication & Security
########################################
### Better Auth secret (32+ chars).
### How to obtain: generate a random secret.
### - macOS/Linux: openssl rand -base64 32
### - Node: node -e "console.log(require('crypto').randomBytes(32).toString('base64'))"
BETTER_AUTH_SECRET=replace-me-with-32+char-secret
### Better Auth base URL (public app URL).
### How to obtain: same value as APP_URL. You can rely on APP_URL
# BETTER_AUTH_URL=https://domain.example
### Social login master switch (enable only if configured).
### How to obtain: set true only if at least one provider below is filled.
# ENABLE_SOCIAL_LOGIN=false
### Comma-separated providers: discord,github,google
### How to obtain: list the providers you configured.
# AVAILABLE_SOCIAL_LOGINS=discord,github,google
### Discord OAuth
### How to obtain: create an OAuth app in Discord Developer Portal.
### Redirect URL: https://your-domain/api/auth/callback/discord
# DISCORD_CLIENT_ID=
# DISCORD_CLIENT_SECRET=
### GitHub OAuth
### How to obtain: create a GitHub OAuth App.
### Redirect URL: https://your-domain/api/auth/callback/github
# GITHUB_CLIENT_ID=
# GITHUB_CLIENT_SECRET=
### Google OAuth
### How to obtain: create OAuth credentials in Google Cloud Console.
### Redirect URL: https://your-domain/api/auth/callback/google
# GOOGLE_CLIENT_ID=
# GOOGLE_CLIENT_SECRET=
### Trusted proxy IPs/CIDRs (comma-separated).
### How to obtain: list your reverse proxy/CDN IP ranges.
# TRUSTED_PROXIES=
### Optional device flow allowlist (comma-separated).
### How to obtain: list trusted client identifiers.
# DEVICE_AUTH_EXTENSION_IDS=
### Cloudflare Turnstile CAPTCHA (optional)
### How to obtain: create a Turnstile widget and copy site key + secret.
# TURNSTILE_SITE_KEY=
# TURNSTILE_SECRET_KEY=
# CAPTCHA_PASS_SECRET=
########################################
### ✉️ Email (SMTP)
########################################
### How to obtain: from your email provider or your own SMTP server.
SMTP_HOST=smtp.example.com
SMTP_PORT=465
SMTP_USER=noreply@domain.example
SMTP_PASS=replace-me
SMTP_FROM="Swush No Reply <noreply@domain.example>"
########################################
### 🌐 Storage
########################################
### Storage driver: local | s3
### How to obtain: choose where you store files.
STORAGE_DRIVER=local
### Local upload root (only when STORAGE_DRIVER=local).
### How to obtain: pick a persistent path and mount it as a volume in Docker.
UPLOAD_ROOT=/data/uploads
### S3 / MinIO / R2 (only when STORAGE_DRIVER=s3)
### How to obtain:
### - AWS S3: create a bucket + IAM user with access.
### - MinIO: create a bucket and access keys.
### - R2 or other S3-compatible: use provider endpoint + keys.
# S3_ENDPOINT=https://s3.domain.example
# S3_REGION=us-east-1
# S3_BUCKET=swush-files
# S3_ACCESS_KEY_ID=your_access_key_id_here
# S3_SECRET_ACCESS_KEY=your_secret_access_key_here
# S3_FORCE_PATH_STYLE=true
### Optional: increase pool for high-concurrency MinIO/S3 workloads.
# S3_MAX_SOCKETS=256
### Optional: delay queue saturation warnings (milliseconds).
# S3_SOCKET_ACQUISITION_WARNING_TIMEOUT_MS=10000
########################################
### 🔔 Web Push (VAPID)
########################################
### How to obtain: generate a VAPID key pair.
### Example: npx web-push generate-vapid-keys --json
# VAPID_PUBLIC_KEY=your_public_key_here
# VAPID_PRIVATE_KEY=your_private_key_here
# VAPID_SUBJECT=mailto:admin@example.domain
########################################
### ⏫ Uploads
########################################
### Optional chunked upload tuning (leave empty for defaults).
### How to obtain: tune only if you see upload errors for large files.
### # UPLOAD_CHUNK_SIZE_MB=90
### # UPLOAD_CHUNK_THRESHOLD_MB=95
### # UPLOAD_MAX_CHUNK_MB=95
### # UPLOAD_CHUNK_SIZE_BYTES=10485760
### # UPLOAD_CHUNK_TTL_MS=3600000
### Optional vault warmup controls.
### # VAULT_WARMUP_ENABLED=true
### # VAULT_WARMUP_LIMIT=10
### # VAULT_PREVIEW_WARMUP_RUN_LIMIT=1
### # VAULT_AUDIO_WARMUP_RUN_LIMIT=1
########################################
### 🛡️ Virus Scanning (ClamAV)
########################################
### Enable virus scanning on uploads.
### How to obtain: install clamscan on the server.
# VIRUS_SCAN_ENABLED=false
### Optional: max size (bytes) to scan. Defaults to 10MB.
### # VIRUS_SCAN_MAX_BYTES=10485760
### Optional: scan timeout in ms. Defaults to 10000.
### # VIRUS_SCAN_TIMEOUT_MS=10000
### Optional: clamscan binary path.
# CLAMAV_PATH=/usr/bin/freshclam
### Optional: extra args for clamscan.
# CLAMAV_ARGS=--no-summary
########################################
### 🔌 External APIs
########################################
### Ffmpeg binary path (optional; defaults to ffmpeg in PATH)
### How to obtain: install ffmpeg and set the path if needed.
FFMPEG_PATH=/usr/bin/ffmpeg
### Optional ffmpeg CPU thread cap (default: 1).
### # FFMPEG_THREADS=1
### Optional process niceness for heavy background subprocesses on Linux/macOS
### (higher number = lower priority, default: 10).
### # BACKGROUND_PROCESS_NICE=10
### Shared background workload caps (protect API responsiveness under heavy job load).
### BACKGROUND_RESERVED_CORES: keep this many CPU cores for API work (default: 2).
### BACKGROUND_CPU_SLOTS: max concurrent CPU-heavy background slots (default: auto).
### BACKGROUND_IO_SLOTS: max concurrent IO-heavy background slots (default: auto).
### # BACKGROUND_RESERVED_CORES=2
### # BACKGROUND_CPU_SLOTS=2
### # BACKGROUND_IO_SLOTS=3
### Adaptive throttling driven by runtime signals (event-loop lag + API p95 latency).
### # BACKGROUND_ADAPTIVE_THROTTLE=true
### # BACKGROUND_ADAPTIVE_MIN_SCALE=0.35
### # BACKGROUND_TARGET_EVENT_LOOP_LAG_MS=60
### # BACKGROUND_TARGET_API_P95_MS=250
### Remove stale PWA push subscriptions not active for this many days (default: 30).
### # PWA_SUBSCRIPTION_CLEANUP_DAYS=30
### Background worker polling loop controls.
### # ENABLE_BACKGROUND_WORKER_LOOP=true
### # WORKER_LOOP_INTERVAL_MS=3000
### # WORKER_PREVIEW_TICK_LIMIT=5
### # WORKER_STREAM_TICK_LIMIT=5
### # WORKER_MEDIA_TICK_LIMIT=4
### # WORKER_EXPORT_TICK_LIMIT=1
### # WORKER_CLEANUP_TICK_LIMIT=5
### # WORKER_LOOP_LOCK_TTL_MS=8000
### Retry/dead-letter controls for background jobs.
### # JOB_RETRY_MAX_ATTEMPTS=5
### # JOB_RETRY_BASE_DELAY_MS=5000
### # JOB_RETRY_MAX_DELAY_MS=600000
### # JOB_RETRY_JITTER_RATIO=0.15
### HLS segment duration in seconds (optional; default: 2)
### # HLS_SEGMENT_SECONDS=2
### Stream job queue cap per run (optional; default: 10, hard limit: 50).
### # STREAM_JOBS_QUEUE_LIMIT=10
### Stream job concurrency (optional; default: 2).
### # STREAM_JOBS_CONCURRENCY=2
### Shared CPU slot cost per stream job (optional; default: 2).
### # STREAM_JOB_CPU_SLOTS=2
### Preview job queue cap per run (optional; default: 10, hard limit: 50).
### # PREVIEW_JOBS_QUEUE_LIMIT=10
### Preview job concurrency (optional; default: 2).
### # PREVIEW_JOBS_CONCURRENCY=2
### Shared CPU slot cost per preview job (optional; default: 1).
### # PREVIEW_JOB_CPU_SLOTS=1
### Media optimization queue and concurrency controls.
### # MEDIA_JOBS_QUEUE_LIMIT=10
### # MEDIA_JOBS_CONCURRENCY=2
### # MEDIA_IMAGE_JOB_CPU_SLOTS=1
### # MEDIA_TRANSCODE_JOB_CPU_SLOTS=2
### Remote upload worker concurrency (optional; default: 2).
### # REMOTE_UPLOAD_JOBS_CONCURRENCY=2
### Shared IO slot cost per remote upload worker run (optional; default: 1).
### # REMOTE_UPLOAD_IO_SLOTS=1
### Remote upload progress update throttling.
### # REMOTE_UPLOAD_PROGRESS_UPDATE_MS=1200
### # REMOTE_UPLOAD_PROGRESS_STEP=2
### Yt-dlp binary path (optional; defaults to yt-dlp in PATH)
### How to obtain: install yt-dlp and set the path if needed.
YT_DLP_PATH=/usr/bin/yt-dlp
### Optional download format selector.
### # YT_DLP_FORMAT=best[ext=mp4]/bestvideo+bestaudio/best
### Yt-dlp cookies path (optional)
# COOKIES_PATH=/opt/folder/cookies.txt
########################################
### 📺 AniList Integration
########################################
### How to obtain: create an AniList API client and copy id/secret.
# ANILIST_CLIENT_ID=replace-me
# ANILIST_CLIENT_SECRET=replace-me
########################################
### 📧 Notifications
########################################
### Set to `yes` to disable “limits reached” emails (optional).
### How to obtain: set to yes if you do not want limit warning emails.
# DISABLE_LIMITS_EMAILS=no