-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy path.env.example
More file actions
135 lines (120 loc) · 4.55 KB
/
.env.example
File metadata and controls
135 lines (120 loc) · 4.55 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
# OperatorOne - Environment Configuration
# Copy this file to .env and fill in all values
# Or run: ./scripts/start.sh (generates .env automatically)
# ===========================================
# SETUP
# ===========================================
# One-time code for the web setup wizard (auto-generated by start.sh)
SETUP_CODE=
# ===========================================
# DOMAIN CONFIGURATION
# ===========================================
DOMAIN=example.com
ACME_EMAIL=admin@example.com
TIMEZONE=America/Denver
# ===========================================
# TRAEFIK DASHBOARD
# ===========================================
# Generate with: htpasswd -nb admin yourpassword | sed -e s/\\$/\\$\\$/g
TRAEFIK_DASHBOARD_AUTH=admin:$$apr1$$xyz...
# ===========================================
# POSTGRESQL CREDENTIALS
# ===========================================
# Root password (keep secure, rarely used directly)
POSTGRES_ROOT_PASSWORD=
# Per-service database passwords (used by init-multiple-dbs.sh)
POSTGRES_OPENBAO_PASSWORD=
POSTGRES_N8N_PASSWORD=
POSTGRES_AUTHENTIK_PASSWORD=
POSTGRES_CONSOLE_PASSWORD=
POSTGRES_PAPERLESS_PASSWORD=
# ===========================================
# OPENBAO SECRETS
# ===========================================
# Generated by init-openbao.sh after first boot
OPENBAO_UNSEAL_KEY=
OPENBAO_ROOT_TOKEN=
OPENBAO_SERVICE_TOKEN=
# ===========================================
# N8N SECRETS
# ===========================================
N8N_ENCRYPTION_KEY=
N8N_JWT_SECRET=
# ===========================================
# AUTHENTIK SECRETS
# ===========================================
AUTHENTIK_SECRET_KEY=
# Initial admin password for first login (set before first boot)
AUTHENTIK_BOOTSTRAP_PASSWORD=
# API token for setup wizard to create OAuth providers (set before first boot)
AUTHENTIK_BOOTSTRAP_TOKEN=
# ===========================================
# GRAFANA (for observability profile)
# ===========================================
GRAFANA_ADMIN_PASSWORD=
# OAuth via Authentik (configure after Authentik setup — see docs/sso-setup.md)
GRAFANA_OAUTH_CLIENT_ID=
GRAFANA_OAUTH_CLIENT_SECRET=
GRAFANA_OAUTH_REDIRECT_URL=https://monitor.example.com/login/generic_oauth
# ===========================================
# EMAIL CONFIGURATION (Optional)
# Used by Authentik for sending email
# ===========================================
SMTP_HOST=
SMTP_PORT=587
SMTP_USERNAME=
SMTP_PASSWORD=
SMTP_FROM=noreply@example.com
# ===========================================
# ADMIN MODULE (Optional)
# Required only when using modules/admin/docker-compose.yml
# ===========================================
# Slack webhook for update approval notifications
SLACK_WEBHOOK_URL=
# Slack signing secret for validating interactive message callbacks
SLACK_SIGNING_SECRET=
# Shared token for MCP server <-> approval API authentication
APPROVAL_API_TOKEN=
# Docker socket GID for non-root container access (run: stat -c '%g' /var/run/docker.sock)
DOCKER_GID=999
# ===========================================
# CONSOLE MODULE (Optional)
# Required only when using modules/console/docker-compose.yml
# ===========================================
# Auth.js session signing secret
CONSOLE_AUTH_SECRET=
# OAuth2 credentials from Authentik (see docs/sso-setup.md)
CONSOLE_OAUTH_CLIENT_ID=
CONSOLE_OAUTH_CLIENT_SECRET=
# ===========================================
# INTERNAL API AUTH
# ===========================================
# Shared token for internal service-to-service calls (e.g., server actions → triage API)
# Generate with: openssl rand -hex 32
INTERNAL_API_TOKEN=
# ===========================================
# AI AGENT (Console)
# ===========================================
# Provider: "anthropic" (direct) or "openrouter" (via OpenRouter)
AI_PROVIDER=anthropic
# Anthropic API key (used when AI_PROVIDER=anthropic)
ANTHROPIC_API_KEY=
# OpenRouter API key (used when AI_PROVIDER=openrouter)
OPENROUTER_API_KEY=
# Model to use (default: claude-sonnet-4-5-20250929)
AI_MODEL=claude-sonnet-4-5-20250929
# n8n API key (generate in n8n Settings > API)
N8N_API_KEY=
# ===========================================
# PAPERLESS-NGX MODULE (Optional)
# Required only when using modules/paperless/docker-compose.yml
# ===========================================
# Django secret key for Paperless
PAPERLESS_SECRET_KEY=
# Initial admin credentials (only used on first boot)
PAPERLESS_ADMIN_USER=admin
PAPERLESS_ADMIN_PASSWORD=
# API token for AI agent access (generate in Paperless admin UI after first boot)
PAPERLESS_API_TOKEN=
# Internal API URL (default works for Docker networking)
PAPERLESS_API_URL=http://op1-paperless:8000/api