env documentation

.env.example

@@ -2,10 +2,6 @@
 # Copy this file to .env and fill in your values: cp .env.example .env
 # NEVER commit .env to git!
 
-# ====================================
-# SYSTEM CONFIGURATION
-# ====================================
-
 # User and Group IDs (get with: id -u and id -g)
 PUID=1000
 PGID=1000
@@ -16,6 +12,11 @@ TZ=America/New_York
 # Server IP address
 SERVER_IP=192.168.1.100
 
+# Default credentials (used by multiple services for easier setup)
+DEFAULT_USER=admin
+DEFAULT_PASSWORD=changeme
+DEFAULT_EMAIL=admin@example.com
+
 # ====================================
 # DOMAIN & DNS CONFIGURATION
 # ====================================
@@ -28,8 +29,8 @@ DUCKDNS_TOKEN=your-duckdns-token
 DUCKDNS_SUBDOMAINS=yourdomain  # Without .duckdns.org
 
 # Let's Encrypt / ACME (for SSL certificates)
-ACME_EMAIL=your-email@example.com
-ADMIN_EMAIL=your-email@example.com  # Used for admin user account
+ACME_EMAIL=${DEFAULT_EMAIL}
+ADMIN_EMAIL=${DEFAULT_EMAIL}  # Used for admin user account
 
 # Cloudflare API (optional, for DNS challenge instead of DuckDNS)
 # CF_DNS_API_TOKEN=your-cloudflare-api-token
@@ -47,9 +48,9 @@ AUTHELIA_STORAGE_ENCRYPTION_KEY=generate-with-openssl-rand-hex-64
 # Authelia Admin Credentials
 # These will be auto-generated by setup-homelab.sh
 # DO NOT set these manually - they are generated during setup
-# AUTHELIA_ADMIN_USER=admin
-# AUTHELIA_ADMIN_EMAIL=admin@example.com
-# AUTHELIA_ADMIN_PASSWORD=auto-generated-password
+# AUTHELIA_ADMIN_USER=${DEFAULT_USER}
+# AUTHELIA_ADMIN_EMAIL=${DEFAULT_EMAIL}
+# AUTHELIA_ADMIN_PASSWORD=${DEFAULT_PASSWORD}
 
 # SMTP for Authelia Notifications (OPTIONAL)
 # If not configured, notifications are saved to file instead
@@ -101,14 +102,14 @@ PLEX_CLAIM=claim-xxxxxxxxxx
 
 # qBittorrent
 QBITTORRENT_USER=admin
-QBITTORRENT_PASS=changeme
+QBITTORRENT_PASS=${DEFAULT_PASSWORD}
 
 # ====================================
 # INFRASTRUCTURE SERVICES
 # ====================================
 
 # Pi-hole
-PIHOLE_PASSWORD=changeme
+PIHOLE_PASSWORD=${DEFAULT_PASSWORD}
 
 # Watchtower Notifications (optional)
 # If not set, Watchtower will still update containers but without notifications
@@ -123,52 +124,52 @@ PIHOLE_PASSWORD=changeme
 # MONITORING & DASHBOARDS
 # ====================================
 
-GRAFANA_ADMIN_PASSWORD=changeme
+GRAFANA_ADMIN_PASSWORD=${DEFAULT_PASSWORD}
 
 # ====================================
 # DEVELOPMENT TOOLS
 # ====================================
 
-CODE_SERVER_PASSWORD=changeme
-CODE_SERVER_SUDO_PASSWORD=changeme
+CODE_SERVER_PASSWORD=${DEFAULT_PASSWORD}
+CODE_SERVER_SUDO_PASSWORD=${DEFAULT_PASSWORD}
 
-JUPYTER_TOKEN=changeme
+JUPYTER_TOKEN=${DEFAULT_PASSWORD}
 
 # ====================================
 # DATABASES - GENERAL
 # ====================================
 
-POSTGRES_USER=postgres
-POSTGRES_PASSWORD=changeme
+POSTGRES_USER=${DEFAULT_USER}
+POSTGRES_PASSWORD=${DEFAULT_PASSWORD}
 POSTGRES_DB=homelab
 
-PGADMIN_EMAIL=admin@example.com
-PGADMIN_PASSWORD=changeme
+PGADMIN_EMAIL=${DEFAULT_EMAIL}
+PGADMIN_PASSWORD=${DEFAULT_PASSWORD}
 
 # ====================================
 # PRODUCTIVITY SERVICES
 # ====================================
 
 # Nextcloud
-NEXTCLOUD_ADMIN_USER=admin
-NEXTCLOUD_ADMIN_PASSWORD=changeme
-NEXTCLOUD_DB_PASSWORD=changeme
-NEXTCLOUD_DB_ROOT_PASSWORD=changeme
+NEXTCLOUD_ADMIN_USER=${DEFAULT_USER}
+NEXTCLOUD_ADMIN_PASSWORD=${DEFAULT_PASSWORD}
+NEXTCLOUD_DB_PASSWORD=${DEFAULT_PASSWORD}
+NEXTCLOUD_DB_ROOT_PASSWORD=${DEFAULT_PASSWORD}
 
 # Gitea
-GITEA_DB_PASSWORD=changeme
+GITEA_DB_PASSWORD=${DEFAULT_PASSWORD}
 
 # WordPress
-WORDPRESS_DB_PASSWORD=changeme
-WORDPRESS_DB_ROOT_PASSWORD=changeme
+WORDPRESS_DB_PASSWORD=${DEFAULT_PASSWORD}
+WORDPRESS_DB_ROOT_PASSWORD=${DEFAULT_PASSWORD}
 
 # BookStack
-BOOKSTACK_DB_PASSWORD=changeme
-BOOKSTACK_DB_ROOT_PASSWORD=changeme
+BOOKSTACK_DB_PASSWORD=${DEFAULT_PASSWORD}
+BOOKSTACK_DB_ROOT_PASSWORD=${DEFAULT_PASSWORD}
 
 # MediaWiki
-MEDIAWIKI_DB_PASSWORD=changeme
-MEDIAWIKI_DB_ROOT_PASSWORD=changeme
+MEDIAWIKI_DB_PASSWORD=${DEFAULT_PASSWORD}
+MEDIAWIKI_DB_ROOT_PASSWORD=${DEFAULT_PASSWORD}
 
 # ====================================
 # UTILITIES
@@ -176,17 +177,17 @@ MEDIAWIKI_DB_ROOT_PASSWORD=changeme
 
 # Bitwarden (Vaultwarden) Password Manager
 # Admin token: openssl rand -base64 48
-BITWARDEN_ADMIN_TOKEN=changeme-bitwarden-admin-token
+BITWARDEN_ADMIN_TOKEN=${DEFAULT_PASSWORD}
 BITWARDEN_SIGNUPS_ALLOWED=true  # Set to false after creating accounts
 BITWARDEN_INVITATIONS_ALLOWED=true
 SMTP_HOST=smtp.gmail.com
-SMTP_FROM=bitwarden@yourdomain.com
+SMTP_FROM=${DEFAULT_EMAIL}
 SMTP_PORT=587
 SMTP_SECURITY=starttls
 
 # Form.io
-FORMIO_JWT_SECRET=changeme
-FORMIO_DB_SECRET=changeme
+FORMIO_JWT_SECRET=${DEFAULT_PASSWORD}
+FORMIO_DB_SECRET=${DEFAULT_PASSWORD}
 
 # ====================================
 # HOMEPAGE DASHBOARD - API KEYS
@@ -217,6 +218,4 @@ HOMEPAGE_VAR_UPTIMEKUMA_SLUG=your-uptime-kuma-slug
 HOMEPAGE_VAR_OPENWEATHER_KEY=your-openweather-api-key
 HOMEPAGE_VAR_WEATHERAPI_KEY=your-weatherapi-key
 HOMEPAGE_VAR_UNIFI_USER=your-unifi-username
-HOMEPAGE_VAR_UNIFI_PASS=your-unifi-password
-
-# Add your own variables below
+HOMEPAGE_VAR_UNIFI_PASS=your-unifi-password