feat: Update Sablier configs for debian hostname and reorganize .env.example

- Change Traefik configs to use ${SERVER_HOSTNAME} placeholder (defaults to debian) - Update ez-homelab.sh to replace SERVER_HOSTNAME in config templates - Set Sablier session duration to 5m for testing (increase to 30m for production) - Add SERVER_HOSTNAME prompt and saving in setup script - Reorganize .env.example with better structure and SMTP variables - Add production guidance comments to docker-compose files - Intentional SMTP variable redundancy for service flexibility
2026-01-23 15:25:25 -05:00
parent 970231fc04
commit 3701b11a73
9 changed files with 1247 additions and 329 deletions
--- a/.env.example
+++ b/.env.example
@@ -1,93 +1,88 @@
 # Environment Variables Template
-# Copy this file to .env and fill in your values: cp .env.example .env
-# NEVER commit .env to git!
+# Copy this file to .env and fill in your values

-# User and Group IDs (get with: id -u and id -g)
+# User and Group IDs for file permissions (get with: id -u and id -g) 
 PUID=1000
 PGID=1000

-# Timezone (list: timedatectl list-timezones)
 TZ=America/New_York

-# Server IP address
 SERVER_IP=192.168.1.100
+SERVER_HOSTNAME=debian  # used for Sablier group naming

-# Server hostname (used for Sablier group naming)
-SERVER_HOSTNAME=debian
+# Domain & DuckDNS Configuration
+DUCKDNS_SUBDOMAINS=yourdomain  # Without .duckdns.org
+DOMAIN=${DUCKDNS_SUBDOMAINS}.duckdns.org
+DUCKDNS_TOKEN=your-duckdns-token

 # Default credentials (used by multiple services for easier setup)
 DEFAULT_USER=admin
 DEFAULT_PASSWORD=changeme
 DEFAULT_EMAIL=admin@example.com

-# ====================================
-# DOMAIN & DNS CONFIGURATION
-# ====================================
+# DIRECTORY PATHS

-# Your DuckDNS domain (without https://)
-DOMAIN=yourdomain.duckdns.org
+USERDIR=/opt/stacks           # all docker-compose stacks
+MEDIADIR=/mnt/media           # Large media files on separate drive
+DOWNLOADDIR=/mnt/downloads    # Downloads on separate drive
+PROJECTDIR=~/projects         # User's projects folder

-# DuckDNS Configuration
-DUCKDNS_TOKEN=your-duckdns-token
-DUCKDNS_SUBDOMAINS=yourdomain  # Without .duckdns.org
+
+###################################################
+# ====  Everything above this line is required ====
+###################################################
+
+
+# Surfshark OpenVPN (RECOMMENDED - Default)
+# Wireguard options are below and commented out
+SURFSHARK_USERNAME=your-surfshark-username
+SURFSHARK_PASSWORD=your-surfshark-password
+VPN_SERVER_COUNTRIES=Netherlands  # Preferred VPN server location
+
+# Optional: Email credentials for services that need SMTP
+SMTP_EMAIL_SERVER=smtp.gmail.com
+SMTP_EMAIL_PORT=587
+SMTP_EMAIL_PASSWORD=your-email-app-password
+SMTP_EMAIL_FROM=${DEFAULT_EMAIL}
+SMTP_EMAIL_SECURITY=starttls
+
+##################################################
+# ####   Individual Service Configurations    #### 
+# The default values should work as a starting point
+##################################################

 # Let's Encrypt / ACME (for SSL certificates)
 ACME_EMAIL=${DEFAULT_EMAIL}
 ADMIN_EMAIL=${DEFAULT_EMAIL}  # Used for admin user account

-# Cloudflare API (optional, for DNS challenge instead of DuckDNS)
-# CF_DNS_API_TOKEN=your-cloudflare-api-token
-
-# ====================================
 # AUTHELIA SSO CONFIGURATION
-# ====================================
-# Generate these secrets with: openssl rand -hex 64
 # The setup script will auto-generate these if not set

 AUTHELIA_JWT_SECRET=generate-with-openssl-rand-hex-64
 AUTHELIA_SESSION_SECRET=generate-with-openssl-rand-hex-64
 AUTHELIA_STORAGE_ENCRYPTION_KEY=generate-with-openssl-rand-hex-64

-# Authelia Admin Credentials
-# These will be auto-generated by setup-homelab.sh
-# DO NOT set these manually - they are generated during setup
+# ####  Authelia Admin Credentials  ####
+
+# These will be auto-generated by EZ-Homelab.sh
 # AUTHELIA_ADMIN_USER=${DEFAULT_USER}
 # AUTHELIA_ADMIN_EMAIL=${DEFAULT_EMAIL}
 # AUTHELIA_ADMIN_PASSWORD=${DEFAULT_PASSWORD}

 # SMTP for Authelia Notifications (OPTIONAL)
 # If not configured, notifications are saved to file instead
-# SMTP_USERNAME=your-email@example.com
-# SMTP_PASSWORD=your-smtp-password
+# SMTP_USERNAME=${SMTP_EMAIL_FROM}
+# SMTP_PASSWORD=${SMTP_EMAIL_PASSWORD}

-# ====================================
-# VPN CONFIGURATION (GLUETUN)
-# ====================================
-
-# Surfshark OpenVPN (RECOMMENDED - Default)
-SURFSHARK_USERNAME=your-surfshark-username
-SURFSHARK_PASSWORD=your-surfshark-password
-VPN_SERVER_COUNTRIES=Netherlands  # Preferred VPN server location
+# ####   VPN OPTIONAL WIREGUARD CONFIGURATION (GLUETUN)  ####

 # Surfshark WireGuard (OPTIONAL - Advanced users only)
-# Only needed if you prefer WireGuard over OpenVPN
 # Get WireGuard details from Surfshark dashboard
 # SURFSHARK_PRIVATE_KEY=your-wireguard-private-key
 # SURFSHARK_ADDRESSES=10.14.0.2/16

-# ====================================
-# DIRECTORY PATHS
-# ====================================
-
-USERDIR=/opt/stacks
-MEDIADIR=/mnt/media           # Large media files on separate drive
-DOWNLOADDIR=/mnt/downloads    # Downloads on separate drive
-PROJECTDIR=/home/username/projects
-
-# ====================================
-# ALTERNATIVE SERVICES (OPTIONAL)
+# ####   ALTERNATIVE SERVICES (OPTIONAL)  ####
 # Deploy alternatives.yml stack if you want these
-# ====================================

 # Authentik SSO (alternative to Authelia with web UI)
 # WARNING: Do not run both Authelia and Authentik at the same time
@@ -96,63 +91,42 @@ PROJECTDIR=/home/username/projects
 # AUTHENTIK_DB_USER=authentik
 # AUTHENTIK_DB_PASSWORD=changeme-authentik-db-password
 # AUTHENTIK_DB_NAME=authentik
+# PLEX_CLAIM=claim-xxxxxxxxxx       # Uncomment to user Plex instead of Jellyfin

-# ====================================
-# MEDIA SERVICES
-# ====================================

-PLEX_CLAIM=claim-xxxxxxxxxx
-
-# qBittorrent
-QBITTORRENT_USER=admin
-QBITTORRENT_PASS=${DEFAULT_PASSWORD}
-
-# ====================================
-# INFRASTRUCTURE SERVICES
-# ====================================
+# ####  INFRASTRUCTURE SERVICES  ####

 # Pi-hole
 PIHOLE_PASSWORD=${DEFAULT_PASSWORD}

 # Watchtower Notifications (optional)
-# If not set, Watchtower will still update containers but without notifications
-# Supports various notification services via Shoutrrr URL format
-# Examples: 
-#   Discord: discord://token@webhookid
-#   Slack: slack://token@channel
-#   Email: smtp://username:password@host:port/?from=sender@example.com
+#   If not set, Watchtower will still update containers but without notifications
+#   Supports various notification services via Shoutrrr URL format
 # WATCHTOWER_NOTIFICATION_URL=

-# ====================================
-# MONITORING & DASHBOARDS
-# ====================================
+# #### Other Services  ####

+# qBittorrent
+QBITTORRENT_USER=admin
+QBITTORRENT_PASS=${DEFAULT_PASSWORD}
+
+# GRAFANA
 GRAFANA_ADMIN_PASSWORD=${DEFAULT_PASSWORD}

-# ====================================
-# DEVELOPMENT TOOLS
-# ====================================
-
+# VS Code Server
 CODE_SERVER_PASSWORD=${DEFAULT_PASSWORD}
 CODE_SERVER_SUDO_PASSWORD=${DEFAULT_PASSWORD}

+# Jupyter Notebook
 JUPYTER_TOKEN=${DEFAULT_PASSWORD}

-# ====================================
 # DATABASES - GENERAL
-# ====================================
-
 POSTGRES_USER=${DEFAULT_USER}
 POSTGRES_PASSWORD=${DEFAULT_PASSWORD}
 POSTGRES_DB=homelab
-
 PGADMIN_EMAIL=${DEFAULT_EMAIL}
 PGADMIN_PASSWORD=${DEFAULT_PASSWORD}

-# ====================================
-# PRODUCTIVITY SERVICES
-# ====================================
-
 # Nextcloud
 NEXTCLOUD_ADMIN_USER=${DEFAULT_USER}
 NEXTCLOUD_ADMIN_PASSWORD=${DEFAULT_PASSWORD}
@@ -174,51 +148,45 @@ BOOKSTACK_DB_ROOT_PASSWORD=${DEFAULT_PASSWORD}
 MEDIAWIKI_DB_PASSWORD=${DEFAULT_PASSWORD}
 MEDIAWIKI_DB_ROOT_PASSWORD=${DEFAULT_PASSWORD}

-# ====================================
-# UTILITIES
-# ====================================
-
-# Bitwarden (Vaultwarden) Password Manager
-# Admin token: openssl rand -base64 48
+# Bitwarden (Vaultwarden)
 BITWARDEN_ADMIN_TOKEN=${DEFAULT_PASSWORD}
 BITWARDEN_SIGNUPS_ALLOWED=true  # Set to false after creating accounts
 BITWARDEN_INVITATIONS_ALLOWED=true
-SMTP_HOST=smtp.gmail.com
-SMTP_FROM=${DEFAULT_EMAIL}
-SMTP_PORT=587
-SMTP_SECURITY=starttls
+SMTP_HOST=${SMTP_EMAIL_SERVER}
+SMTP_FROM=${SMTP_EMAIL_FROM}
+SMTP_PORT=${SMTP_EMAIL_PORT}
+SMTP_SECURITY=${SMTP_EMAIL_SECURITY}

 # Form.io
 FORMIO_JWT_SECRET=${DEFAULT_PASSWORD}
 FORMIO_DB_SECRET=${DEFAULT_PASSWORD}

-# ====================================
+####################################
 # HOMEPAGE DASHBOARD - API KEYS
-# Generate these from each service's settings page
-# ====================================
+####################################

-HOMEPAGE_VAR_DOMAIN=${DOMAIN}
-HOMEPAGE_VAR_SERVER_IP=${SERVER_IP}
-HOMEPAGE_VAR_PORTAINER_KEY=your-portainer-api-key
-HOMEPAGE_VAR_PIHOLE_KEY=your-pihole-api-key
-HOMEPAGE_VAR_PLEX_KEY=your-plex-token
-HOMEPAGE_VAR_JELLYFIN_KEY=your-jellyfin-api-key
-HOMEPAGE_VAR_SONARR_KEY=your-sonarr-api-key
-HOMEPAGE_VAR_RADARR_KEY=your-radarr-api-key
-HOMEPAGE_VAR_LIDARR_KEY=your-lidarr-api-key
-HOMEPAGE_VAR_READARR_KEY=your-readarr-api-key
-HOMEPAGE_VAR_PROWLARR_KEY=your-prowlarr-api-key
-HOMEPAGE_VAR_JELLYSEERR_KEY=your-jellyseerr-api-key
-HOMEPAGE_VAR_QBITTORRENT_USER=${QBITTORRENT_USER}
-HOMEPAGE_VAR_QBITTORRENT_PASS=${QBITTORRENT_PASS}
-HOMEPAGE_VAR_HA_KEY=your-home-assistant-long-lived-token
-HOMEPAGE_VAR_NEXTCLOUD_USER=${NEXTCLOUD_ADMIN_USER}
-HOMEPAGE_VAR_NEXTCLOUD_PASS=${NEXTCLOUD_ADMIN_PASSWORD}
-HOMEPAGE_VAR_GRAFANA_USER=admin
-HOMEPAGE_VAR_GRAFANA_PASS=${GRAFANA_ADMIN_PASSWORD}
-HOMEPAGE_VAR_BOOKSTACK_KEY=your-bookstack-api-token
-HOMEPAGE_VAR_UPTIMEKUMA_SLUG=your-uptime-kuma-slug
-HOMEPAGE_VAR_OPENWEATHER_KEY=your-openweather-api-key
-HOMEPAGE_VAR_WEATHERAPI_KEY=your-weatherapi-key
-HOMEPAGE_VAR_UNIFI_USER=your-unifi-username
-HOMEPAGE_VAR_UNIFI_PASS=your-unifi-password
+# HOMEPAGE_VAR_DOMAIN=${DOMAIN}
+# HOMEPAGE_VAR_SERVER_IP=${SERVER_IP}
+# HOMEPAGE_VAR_PORTAINER_KEY=your-portainer-api-key
+# HOMEPAGE_VAR_PIHOLE_KEY=your-pihole-api-key
+# HOMEPAGE_VAR_PLEX_KEY=your-plex-token
+# HOMEPAGE_VAR_JELLYFIN_KEY=your-jellyfin-api-key
+# HOMEPAGE_VAR_SONARR_KEY=your-sonarr-api-key
+# HOMEPAGE_VAR_RADARR_KEY=your-radarr-api-key
+# HOMEPAGE_VAR_LIDARR_KEY=your-lidarr-api-key
+# HOMEPAGE_VAR_READARR_KEY=your-readarr-api-key
+# HOMEPAGE_VAR_PROWLARR_KEY=your-prowlarr-api-key
+# HOMEPAGE_VAR_JELLYSEERR_KEY=your-jellyseerr-api-key
+# HOMEPAGE_VAR_QBITTORRENT_USER=${QBITTORRENT_USER}
+# HOMEPAGE_VAR_QBITTORRENT_PASS=${QBITTORRENT_PASS}
+# HOMEPAGE_VAR_HA_KEY=your-home-assistant-long-lived-token
+# HOMEPAGE_VAR_NEXTCLOUD_USER=${NEXTCLOUD_ADMIN_USER}
+# HOMEPAGE_VAR_NEXTCLOUD_PASS=${NEXTCLOUD_ADMIN_PASSWORD}
+# HOMEPAGE_VAR_GRAFANA_USER=admin
+# HOMEPAGE_VAR_GRAFANA_PASS=${GRAFANA_ADMIN_PASSWORD}
+# HOMEPAGE_VAR_BOOKSTACK_KEY=your-bookstack-api-token
+# HOMEPAGE_VAR_UPTIMEKUMA_SLUG=your-uptime-kuma-slug
+# HOMEPAGE_VAR_OPENWEATHER_KEY=your-openweather-api-key
+# HOMEPAGE_VAR_WEATHERAPI_KEY=your-weatherapi-key
+# HOMEPAGE_VAR_UNIFI_USER=your-unifi-username
+# HOMEPAGE_VAR_UNIFI_PASS=your-unifi-password