notifuse/env.example at main · Notifuse/notifuse · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
# Notifuse Environment Configuration
# Copy this file to .env and update the values below for your installation
#
# ⚠️  IMPORTANT: Special Characters in Values
# If your values contain the # character, you MUST wrap them in quotes:
#   CORRECT:   DB_PASSWORD="mypass#word123"
#   INCORRECT: DB_PASSWORD=mypass#word123   (will be truncated to "mypass")
#
# This limitation applies only to .env files. Environment variables set directly
# in your shell or container environment do not have this restriction.

# =============================================================================
# REQUIRED VARIABLES - Minimal configuration for first boot
# =============================================================================

# Secret key for encrypting sensitive data in the database (REQUIRED)
# Also used for:
#   - JWT token signing (HS256 symmetric)
#   - Magic code hashing (HMAC-SHA256)
# Generate a secure random string (at least 32 characters)
# Example: openssl rand -base64 32
SECRET_KEY=your-secret-key-here

# Database Configuration (Optional - compose.yaml has working defaults for Docker)
# Uncomment and modify only if using an external database or custom setup
# DB_HOST=postgres
# DB_PORT=5432
# DB_USER=postgres
# DB_PASSWORD=postgres
# DB_NAME=notifuse_system

# =============================================================================
# SETUP WIZARD - Configure via Web Interface (Recommended)
# =============================================================================
#
# On first boot, you'll be redirected to the setup wizard at /setup where you can:
# - Configure SMTP settings through a web form
# - Set up the admin account
# - Configure the API endpoint
#
# All settings below can be configured via the setup wizard and are stored
# securely in the database. You only need to set them here if you prefer
# environment-variable-based configuration or want to override database values.
#

# Root administrator email (Optional - can be set via setup wizard)
# ROOT_EMAIL=admin@yourcompany.com

# Public API endpoint URL (Optional - auto-detected via setup wizard)
# API_ENDPOINT=https://emails.yourcompany.com

# PASETO keys - DEPRECATED in v15.0
# For backward compatibility only: If SECRET_KEY is not set, PASETO_PRIVATE_KEY will be used
# PASETO_PRIVATE_KEY=your_base64_encoded_private_key_here

# SMTP Configuration (Optional - can be configured via setup wizard)
# SMTP_HOST=smtp.gmail.com
# SMTP_PORT=587
# SMTP_USERNAME=your-email@gmail.com
# SMTP_PASSWORD=your-app-password
# SMTP_FROM_EMAIL=noreply@yourcompany.com
# SMTP_FROM_NAME=Your Company Name

# SMTP Relay Server Configuration (Optional - for receiving emails to trigger notifications)
# Enable this to receive emails that trigger transactional notifications via API
# Authentication uses SMTP AUTH with workspace_id as username and api_key as password
#
# IMPORTANT: If SMTP_RELAY_ENABLED is explicitly set (even to "false"), the setup wizard
# will NOT be able to configure SMTP relay - it will be locked to the env var value.
# Only leave this unset (commented out) if you want the setup wizard to configure it.
# SMTP_RELAY_ENABLED=false
# SMTP_RELAY_PORT=587
# SMTP_RELAY_DOMAIN=smtp.yourdomain.com

# TLS Configuration (Base64 Encoded Certificates)
# Perfect for containers and secret managers - no file mounting needed
# To encode your certificates:
#   CERT_BASE64=$(cat /etc/letsencrypt/live/smtp.example.com/fullchain.pem | base64 -w 0)
#   KEY_BASE64=$(cat /etc/letsencrypt/live/smtp.example.com/privkey.pem | base64 -w 0)
# SMTP_RELAY_TLS_CERT_BASE64=LS0tLS1CRUdJTi...
# SMTP_RELAY_TLS_KEY_BASE64=LS0tLS1CRUdJTi...
#
# Leave empty for no TLS (Development only - NOT recommended for production)

# Getting Let's Encrypt Certificates:
# 1. Install certbot: apt-get install certbot (or brew install certbot)
# 2. Get certificate:
#    certbot certonly --standalone -d smtp.yourcompany.com
#    OR for DNS validation (no port 80 needed):
#    certbot certonly --manual --preferred-challenges dns -d smtp.yourcompany.com
# 3. Set auto-renewal:
#    certbot renew --deploy-hook "docker restart notifuse-api"

# =============================================================================
# OPTIONAL VARIABLES - Uncomment and modify if needed
# =============================================================================

# Privacy and Update Settings (Optional - can be configured via setup wizard)
# TELEMETRY=true                                # Send anonymous usage statistics (default: configured in setup wizard)
# CHECK_FOR_UPDATES=true                        # Check for new versions and security updates (default: configured in setup wizard)
# Note: If not set via environment variables, these will be configured via the setup wizard.
# Environment variables always take precedence over database settings.

# Server Configuration
# SERVER_PORT=8080
# SERVER_HOST=0.0.0.0
# CORS_ALLOW_ORIGIN=*
# ENVIRONMENT=production
# LOG_LEVEL=info

# Database Configuration (for custom setups)
# DB_PREFIX=notifuse
# DB_NAME=notifuse_system
# DB_SSLMODE=require

# Database Connection Pool Settings
# DB_MAX_CONNECTIONS=100                    # Total max connections across all databases (default: 100)
# DB_MAX_CONNECTIONS_PER_DB=3               # Max connections per workspace database (default: 3)
# DB_CONNECTION_MAX_LIFETIME=10m            # Maximum lifetime of a connection (default: 10m)
# DB_CONNECTION_MAX_IDLE_TIME=5m            # Maximum idle time before closing (default: 5m)

# Task Scheduler Configuration
# The internal scheduler handles task execution automatically
# TASK_SCHEDULER_ENABLED=true               # Enable/disable internal scheduler (default: true)
# TASK_SCHEDULER_INTERVAL=30s               # How often to check for pending tasks (default: 30s)
# TASK_SCHEDULER_MAX_TASKS=100              # Max tasks to process per execution (default: 100)

# Tracing Configuration
# TRACING_ENABLED=false
# TRACING_SERVICE_NAME=notifuse-api
# TRACING_SAMPLING_PROBABILITY=0.1
# TRACING_TRACE_EXPORTER=none
# TRACING_JAEGER_ENDPOINT=http://localhost:14268/api/traces
# TRACING_ZIPKIN_ENDPOINT=http://localhost:9411/api/v2/spans
# TRACING_STACKDRIVER_PROJECT_ID=
# TRACING_AZURE_INSTRUMENTATION_KEY=
# TRACING_DATADOG_AGENT_ADDRESS=localhost:8126
# TRACING_DATADOG_API_KEY=
# TRACING_XRAY_REGION=us-west-2
# TRACING_AGENT_ENDPOINT=localhost:8126
# TRACING_METRICS_EXPORTER=none
# TRACING_PROMETHEUS_PORT=9464