HomeLab/ForgeBucket
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity
Files
dev/phase-4e
ForgeBucket/.env.example
T
erangel1 2a81bda00e did something
2026-05-19 22:55:26 +02:00

60 lines
3.6 KiB
Bash
Raw Permalink Blame History

# ─── Required ───────────────────────────────────────────────────────────────
# PostgreSQL connection string
DATABASE_URL=postgres://forgebucket:password@localhost:5432/forgebucket?sslmode=disable
# Session cookie signing key — must be at least 32 characters
# Generate: openssl rand -hex 32
SESSION_SECRET=
# CSRF protection key — must be exactly 32 characters
# Generate: openssl rand -hex 16
CSRF_SECRET=
# ─── Server ──────────────────────────────────────────────────────────────────
PORT=8080
# Absolute path where bare git repositories are stored on disk
REPO_ROOT=/var/lib/forgebucket/repos
# ─── Federation (ActivityPub) ─────────────────────────────────────────────────
# Public URL of this instance (no trailing slash)
INSTANCE_URL=https://your-instance.example.com
INSTANCE_NAME=ForgeBucket
# ─── OIDC / OAuth2 (optional) ────────────────────────────────────────────────
# OIDC_ISSUER=https://accounts.google.com
# OIDC_CLIENT_ID=
# OIDC_CLIENT_SECRET=
# ─── GitOps ──────────────────────────────────────────────────────────────────
# Seconds between periodic drift checks (0 disables the ticker; push-triggered checks always run).
GITOPS_RECONCILE_INTERVAL=300
# ─── Event Bus (NATS) ────────────────────────────────────────────────────────
# Leave empty to disable event publishing (no-op mode).
# Start NATS with: make docker-up
NATS_URL=nats://localhost:4222
# ─── Artifact Signing (Phase 4) ───────────────────────────────────────────────
# PEM-encoded ECDSA P-256 private key. If empty, an ephemeral key is generated
# at startup (signatures will not survive restart). Generate with:
# openssl ecparam -genkey -name prime256v1 -noout -out signing-key.pem
# ARTIFACT_SIGNING_KEY=
# ─── SSH Server ────────────────────────────────────────────────────────────────
# Hostname shown in SSH clone URLs. Auto-detected from INSTANCE_URL or request
# Host header when empty.
# SSH_HOST=ssh.example.com
# SSH_PORT=2222
# Path to PEM-encoded SSH host key. If empty, an ephemeral RSA-4096 key is
# generated at startup (host key changes on restart — warns clients).
# SSH_HOST_KEY_PATH=
# ─── OCI Registry (Phase 4) ───────────────────────────────────────────────────
# Root directory for the OCI Distribution Spec blob and upload storage.
OCI_ROOT=/var/lib/forgebucket/oci
# ─── Dev only ─────────────────────────────────────────────────────────────────
# Set to true to disable Secure cookies and enable verbose logging
DEBUG=false
Reference in New Issue View Git Blame Copy Permalink