61 lines
1.9 KiB
Bash
61 lines
1.9 KiB
Bash
# --- Portainer / Compose ---
|
|
APP_PORT="3000"
|
|
POSTGRES_DB="formbuilder"
|
|
POSTGRES_USER="formbuilder"
|
|
POSTGRES_PASSWORD="change-this"
|
|
|
|
# --- Auth.js ---
|
|
# Generate with: openssl rand -base64 32
|
|
AUTH_SECRET="change-me"
|
|
# Public origin of the app (no trailing slash).
|
|
AUTH_URL="https://forms.example.com"
|
|
|
|
# --- Authentik OIDC ---
|
|
# In Authentik: Applications → Providers → Create → OAuth2/OpenID
|
|
# Redirect URI: ${AUTH_URL}/api/auth/callback/oidc
|
|
OIDC_ISSUER="https://authentik.example.com/application/o/formbuilder/"
|
|
OIDC_CLIENT_ID="your-client-id"
|
|
OIDC_CLIENT_SECRET="your-client-secret"
|
|
OIDC_PROVIDER_NAME="Authentik"
|
|
|
|
# Comma-separated emails auto-promoted to admin on first sign-in.
|
|
# (The very first user is also auto-promoted to admin.)
|
|
AUTH_BOOTSTRAP_ADMINS=""
|
|
|
|
# --- Rate limiting ---
|
|
# memory (default, single process) or redis (multi-instance; requires REDIS_URL)
|
|
RATE_LIMIT_DRIVER="memory"
|
|
# REDIS_URL="redis://localhost:6379"
|
|
|
|
# --- Notifications ---
|
|
# Defaults to AUTH_URL in docker-compose.yml.
|
|
PUBLIC_BASE_URL="https://forms.example.com"
|
|
# Email driver: resend | smtp | none
|
|
EMAIL_DRIVER="none"
|
|
EMAIL_FROM="Forms <forms@example.com>"
|
|
# RESEND_API_KEY="re_xxx"
|
|
# SMTP_URL="smtp://user:pass@smtp.example.com:587"
|
|
|
|
# --- File storage ---
|
|
# local (default; files under ./uploads/) | s3 (install @aws-sdk/client-s3 first)
|
|
STORAGE_DRIVER="local"
|
|
UPLOAD_DIR="uploads"
|
|
# S3_BUCKET=""
|
|
# S3_REGION=""
|
|
# S3_ENDPOINT="" # set for R2 / Minio / custom
|
|
# S3_ACCESS_KEY_ID=""
|
|
# S3_SECRET_ACCESS_KEY=""
|
|
|
|
# --- hCaptcha (optional) ---
|
|
# Site key + secret from https://dashboard.hcaptcha.com/
|
|
# HCAPTCHA_SITE_KEY=""
|
|
# HCAPTCHA_SECRET=""
|
|
|
|
# --- Webhook worker (optional) ---
|
|
# Shared secret protecting POST /api/webhooks/process — call it from a cron job
|
|
# every minute to drain pending webhook retries.
|
|
# Example call:
|
|
# curl -X POST -H "Authorization: Bearer $CRON_SECRET" \
|
|
# $PUBLIC_BASE_URL/api/webhooks/process
|
|
# CRON_SECRET=""
|