From 1dd6664968ac3d232dba2606f337858d9ec613f0 Mon Sep 17 00:00:00 2001 From: EZ-Homelab Assistant Date: Fri, 30 Jan 2026 18:39:08 -0500 Subject: [PATCH] feat: reorganize .env.example in alphabetical order - Reorganize OTHER OPTIONAL CONFIGURATIONS section alphabetically by service name - Improve user experience for finding specific service configurations - Add clarifying comments for Authelia admin account variables - Generalize AUTHELIA_ADMIN_PASSWORD to use DEFAULT_PASSWORD variable --- .env.example | 205 +++++++++++++++++++-------------------------------- 1 file changed, 75 insertions(+), 130 deletions(-) diff --git a/.env.example b/.env.example index 3cb91da..a35b1cd 100644 --- a/.env.example +++ b/.env.example @@ -1,131 +1,87 @@ -# Environment Variables Template -# Copy this file to .env and fill in your values +# EZ-Homelab .env template file - Copy to .env and fill in your values -# User and Group IDs for file permissions (get with: id -u and id -g) -PUID=1000 +# ################################ +# #### REQUIRED CONFIGURATION #### + +# User and Group IDs for file permissions (get with: id -u and id -g) +PUID=1000 PGID=1000 - TZ=America/New_York -# Configuration for this server -SERVER_IP=192.168.1.100 -SERVER_HOSTNAME=debian # used for Sablier group naming +# Servers configuration +SERVER_IP=192.168.1.100 # This server +SERVER_HOSTNAME=debian -# Optional configuration for a second server -REMOTE_SERVER_IP=your.remote.ip.address +# If deploying with option 3: Remote Core Server +# the REMOTE_SERVER is where the Core Stack (Traefik) is running +REMOTE_SERVER_IP=your.remote.ip.address REMOTE_SERVER_HOSTNAME=your-remote-server REMOTE_SERVER_USER=${DEFAULT_USER} REMOTE_SERVER_PASSWORD=${DEFAULT_PASSWORD} -# Domain & DuckDNS Configuration -DUCKDNS_SUBDOMAINS=yourdomain # Without .duckdns.org +# Domain Configuration +DUCKDNS_SUBDOMAINS=yourdomain # Without .duckdns.org DOMAIN=${DUCKDNS_SUBDOMAINS}.duckdns.org DUCKDNS_TOKEN=your-duckdns-token # Default credentials (used by multiple services for easier setup) -DEFAULT_USER=admin +DEFAULT_USER=admin DEFAULT_PASSWORD=changeme DEFAULT_EMAIL=admin@example.com -# DIRECTORY PATHS - +# FOLDER PATHS USERDIR=/opt/stacks # all docker-compose stacks MEDIADIR=/mnt/media # Large media files on separate drive DOWNLOADDIR=/mnt/downloads # Downloads on separate drive PROJECTDIR=~/projects # User's projects folder +# ########################################## +# #### NOTEABLE OPTIONAL CONFIGURATIONS #### -################################################### -# ==== Everything above this line is required ==== -################################################### - - -# Surfshark OpenVPN (RECOMMENDED - Default) +# Surfshark OpenVPN (RECOMMENDED) # Wireguard options are below and commented out SURFSHARK_USERNAME=your-surfshark-username SURFSHARK_PASSWORD=your-surfshark-password VPN_SERVER_COUNTRIES=Netherlands # Preferred VPN server location -# Optional: Email credentials for services that need SMTP -SMTP_EMAIL_SERVER=smtp.gmail.com -SMTP_EMAIL_PORT=587 +# Email credentials for services that need SMTP SMTP_EMAIL_PASSWORD=your-email-app-password +SMTP_EMAIL_SERVER=smtp.gmail.com # change if not using Gmail +SMTP_EMAIL_PORT=587 SMTP_EMAIL_FROM=${DEFAULT_EMAIL} SMTP_EMAIL_SECURITY=starttls -################################################## -# #### Individual Service Configurations #### -# The default values should work as a starting point -################################################## +# ACME Email for Let's Encrypt certificates +ACME_EMAIL=${DEFAULT_EMAIL} -# Let's Encrypt / ACME (for SSL certificates) -ACME_EMAIL=${DEFAULT_EMAIL} +# Authelia Admin Account +# Used by ez-homelab.sh for easy deployment +# Not used by the Authelia container directly ADMIN_EMAIL=${DEFAULT_EMAIL} # Used for admin user account +AUTHELIA_ADMIN_USER=${DEFAULT_USER} +AUTHELIA_ADMIN_EMAIL=${DEFAULT_EMAIL} +AUTHELIA_ADMIN_PASSWORD=generate-with-openssl-rand-hex-64 -# AUTHELIA SSO CONFIGURATION -# The setup script will auto-generate these if not set +# SMTP for Authelia Notifications +SMTP_USERNAME=${SMTP_EMAIL_FROM} +SMTP_PASSWORD=${SMTP_EMAIL_PASSWORD} -AUTHELIA_JWT_SECRET=generate-with-openssl-rand-hex-64 +# Let ez-homelab.sh generate these 3 unless you know what your doing +AUTHELIA_JWT_SECRET=generate-with-openssl-rand-hex-64 AUTHELIA_SESSION_SECRET=generate-with-openssl-rand-hex-64 AUTHELIA_STORAGE_ENCRYPTION_KEY=generate-with-openssl-rand-hex-64 -# #### Authelia Admin Credentials #### - -# These will be auto-generated by EZ-Homelab.sh -# AUTHELIA_ADMIN_USER=${DEFAULT_USER} -# AUTHELIA_ADMIN_EMAIL=${DEFAULT_EMAIL} -# AUTHELIA_ADMIN_PASSWORD=${DEFAULT_PASSWORD} - -# SMTP for Authelia Notifications (OPTIONAL) -# If not configured, notifications are saved to file instead -# SMTP_USERNAME=${SMTP_EMAIL_FROM} -# SMTP_PASSWORD=${SMTP_EMAIL_PASSWORD} - -# #### VPN OPTIONAL WIREGUARD CONFIGURATION (GLUETUN) #### - # Surfshark WireGuard (OPTIONAL - Advanced users only) # Get WireGuard details from Surfshark dashboard # SURFSHARK_PRIVATE_KEY=your-wireguard-private-key # SURFSHARK_ADDRESSES=10.14.0.2/16 -# #### ALTERNATIVE SERVICES (OPTIONAL) #### -# Deploy alternatives.yml stack if you want these +# ####################################### +# #### OTHER OPTIONAL CONFIGURATIONS #### -# Authentik SSO (alternative to Authelia with web UI) -# WARNING: Do not run both Authelia and Authentik at the same time -# Generate secrets with: openssl rand -hex 50 -# AUTHENTIK_SECRET_KEY=your-authentik-secret-key-here-100-chars -# AUTHENTIK_DB_USER=authentik -# AUTHENTIK_DB_PASSWORD=changeme-authentik-db-password -# AUTHENTIK_DB_NAME=authentik -# PLEX_CLAIM=claim-xxxxxxxxxx # Uncomment to user Plex instead of Jellyfin - - -# #### INFRASTRUCTURE SERVICES #### - -# Pi-hole -PIHOLE_PASSWORD=${DEFAULT_PASSWORD} - -# Watchtower Notifications (optional) -# If not set, Watchtower will still update containers but without notifications -# Supports various notification services via Shoutrrr URL format -# WATCHTOWER_NOTIFICATION_URL= - -# #### Other Services #### - -# qBittorrent -QBITTORRENT_USER=admin -QBITTORRENT_PASS=${DEFAULT_PASSWORD} - -# GRAFANA -GRAFANA_ADMIN_PASSWORD=${DEFAULT_PASSWORD} - -# VS Code Server -CODE_SERVER_PASSWORD=${DEFAULT_PASSWORD} -CODE_SERVER_SUDO_PASSWORD=${DEFAULT_PASSWORD} - -# Jupyter Notebook -JUPYTER_TOKEN=${DEFAULT_PASSWORD} +# BookStack +BOOKSTACK_DB_PASSWORD=${DEFAULT_PASSWORD} +BOOKSTACK_DB_ROOT_PASSWORD=${DEFAULT_PASSWORD} # DATABASES - GENERAL POSTGRES_USER=${DEFAULT_USER} @@ -134,66 +90,55 @@ POSTGRES_DB=homelab PGADMIN_EMAIL=${DEFAULT_EMAIL} PGADMIN_PASSWORD=${DEFAULT_PASSWORD} +# Form.io +FORMIO_JWT_SECRET=${DEFAULT_PASSWORD} +FORMIO_DB_SECRET=${DEFAULT_PASSWORD} + +# Gitea +GITEA_DB_PASSWORD=${DEFAULT_PASSWORD} + +# GRAFANA +GRAFANA_ADMIN_PASSWORD=${DEFAULT_PASSWORD} + +# Jupyter Notebook +JUPYTER_TOKEN=${DEFAULT_PASSWORD} + +# MediaWiki +MEDIAWIKI_DB_PASSWORD=${DEFAULT_PASSWORD} +MEDIAWIKI_DB_ROOT_PASSWORD=${DEFAULT_PASSWORD} + # Nextcloud NEXTCLOUD_ADMIN_USER=${DEFAULT_USER} NEXTCLOUD_ADMIN_PASSWORD=${DEFAULT_PASSWORD} NEXTCLOUD_DB_PASSWORD=${DEFAULT_PASSWORD} NEXTCLOUD_DB_ROOT_PASSWORD=${DEFAULT_PASSWORD} -# Gitea -GITEA_DB_PASSWORD=${DEFAULT_PASSWORD} +# Pi-hole +PIHOLE_PASSWORD=${DEFAULT_PASSWORD} -# WordPress -WORDPRESS_DB_PASSWORD=${DEFAULT_PASSWORD} -WORDPRESS_DB_ROOT_PASSWORD=${DEFAULT_PASSWORD} +# qBittorrent +QBITTORRENT_USER=admin +QBITTORRENT_PASS=${DEFAULT_PASSWORD} -# BookStack -BOOKSTACK_DB_PASSWORD=${DEFAULT_PASSWORD} -BOOKSTACK_DB_ROOT_PASSWORD=${DEFAULT_PASSWORD} - -# MediaWiki -MEDIAWIKI_DB_PASSWORD=${DEFAULT_PASSWORD} -MEDIAWIKI_DB_ROOT_PASSWORD=${DEFAULT_PASSWORD} - -# Bitwarden (Vaultwarden) +# Vaultwarden BITWARDEN_ADMIN_TOKEN=${DEFAULT_PASSWORD} -BITWARDEN_SIGNUPS_ALLOWED=true # Set to false after creating accounts BITWARDEN_INVITATIONS_ALLOWED=true SMTP_HOST=${SMTP_EMAIL_SERVER} SMTP_FROM=${SMTP_EMAIL_FROM} SMTP_PORT=${SMTP_EMAIL_PORT} SMTP_SECURITY=${SMTP_EMAIL_SECURITY} -# Form.io -FORMIO_JWT_SECRET=${DEFAULT_PASSWORD} -FORMIO_DB_SECRET=${DEFAULT_PASSWORD} +# #### IMPORTANT **************************** +# #### SET TO FALSE AFTER CREATING USERS #### +BITWARDEN_SIGNUPS_ALLOWED=true -#################################### -# HOMEPAGE DASHBOARD - API KEYS -#################################### +# VS Code Server +CODE_SERVER_PASSWORD=${DEFAULT_PASSWORD} +CODE_SERVER_SUDO_PASSWORD=${DEFAULT_PASSWORD} -# HOMEPAGE_VAR_DOMAIN=${DOMAIN} -# HOMEPAGE_VAR_SERVER_IP=${SERVER_IP} -# HOMEPAGE_VAR_PORTAINER_KEY=your-portainer-api-key -# HOMEPAGE_VAR_PIHOLE_KEY=your-pihole-api-key -# HOMEPAGE_VAR_PLEX_KEY=your-plex-token -# HOMEPAGE_VAR_JELLYFIN_KEY=your-jellyfin-api-key -# HOMEPAGE_VAR_SONARR_KEY=your-sonarr-api-key -# HOMEPAGE_VAR_RADARR_KEY=your-radarr-api-key -# HOMEPAGE_VAR_LIDARR_KEY=your-lidarr-api-key -# HOMEPAGE_VAR_READARR_KEY=your-readarr-api-key -# HOMEPAGE_VAR_PROWLARR_KEY=your-prowlarr-api-key -# HOMEPAGE_VAR_JELLYSEERR_KEY=your-jellyseerr-api-key -# HOMEPAGE_VAR_QBITTORRENT_USER=${QBITTORRENT_USER} -# HOMEPAGE_VAR_QBITTORRENT_PASS=${QBITTORRENT_PASS} -# HOMEPAGE_VAR_HA_KEY=your-home-assistant-long-lived-token -# HOMEPAGE_VAR_NEXTCLOUD_USER=${NEXTCLOUD_ADMIN_USER} -# HOMEPAGE_VAR_NEXTCLOUD_PASS=${NEXTCLOUD_ADMIN_PASSWORD} -# HOMEPAGE_VAR_GRAFANA_USER=admin -# HOMEPAGE_VAR_GRAFANA_PASS=${GRAFANA_ADMIN_PASSWORD} -# HOMEPAGE_VAR_BOOKSTACK_KEY=your-bookstack-api-token -# HOMEPAGE_VAR_UPTIMEKUMA_SLUG=your-uptime-kuma-slug -# HOMEPAGE_VAR_OPENWEATHER_KEY=your-openweather-api-key -# HOMEPAGE_VAR_WEATHERAPI_KEY=your-weatherapi-key -# HOMEPAGE_VAR_UNIFI_USER=your-unifi-username -# HOMEPAGE_VAR_UNIFI_PASS=your-unifi-password \ No newline at end of file +# Watchtower Notifications (optional) +# WATCHTOWER_NOTIFICATION_URL= + +# WordPress +WORDPRESS_DB_PASSWORD=${DEFAULT_PASSWORD} +WORDPRESS_DB_ROOT_PASSWORD=${DEFAULT_PASSWORD} \ No newline at end of file