# Environment Variables Template # Copy this file to .env and fill in your values # User and Group IDs for file permissions (get with: id -u and id -g) PUID=1000 PGID=1000 TZ=America/New_York SERVER_IP=192.168.1.100 SERVER_HOSTNAME=debian # used for Sablier group naming # Domain & DuckDNS Configuration DUCKDNS_SUBDOMAINS=yourdomain # Without .duckdns.org DOMAIN=${DUCKDNS_SUBDOMAINS}.duckdns.org DUCKDNS_TOKEN=your-duckdns-token # Default credentials (used by multiple services for easier setup) DEFAULT_USER=admin DEFAULT_PASSWORD=changeme DEFAULT_EMAIL=admin@example.com # DIRECTORY PATHS USERDIR=/opt/stacks # all docker-compose stacks MEDIADIR=/mnt/media # Large media files on separate drive DOWNLOADDIR=/mnt/downloads # Downloads on separate drive PROJECTDIR=~/projects # User's projects folder ################################################### # ==== Everything above this line is required ==== ################################################### # Surfshark OpenVPN (RECOMMENDED - Default) # Wireguard options are below and commented out SURFSHARK_USERNAME=your-surfshark-username SURFSHARK_PASSWORD=your-surfshark-password VPN_SERVER_COUNTRIES=Netherlands # Preferred VPN server location # Optional: Email credentials for services that need SMTP SMTP_EMAIL_SERVER=smtp.gmail.com SMTP_EMAIL_PORT=587 SMTP_EMAIL_PASSWORD=your-email-app-password SMTP_EMAIL_FROM=${DEFAULT_EMAIL} SMTP_EMAIL_SECURITY=starttls ################################################## # #### Individual Service Configurations #### # The default values should work as a starting point ################################################## # Let's Encrypt / ACME (for SSL certificates) ACME_EMAIL=${DEFAULT_EMAIL} ADMIN_EMAIL=${DEFAULT_EMAIL} # Used for admin user account # AUTHELIA SSO CONFIGURATION # The setup script will auto-generate these if not set AUTHELIA_JWT_SECRET=generate-with-openssl-rand-hex-64 AUTHELIA_SESSION_SECRET=generate-with-openssl-rand-hex-64 AUTHELIA_STORAGE_ENCRYPTION_KEY=generate-with-openssl-rand-hex-64 # #### Authelia Admin Credentials #### # These will be auto-generated by EZ-Homelab.sh # AUTHELIA_ADMIN_USER=${DEFAULT_USER} # AUTHELIA_ADMIN_EMAIL=${DEFAULT_EMAIL} # AUTHELIA_ADMIN_PASSWORD=${DEFAULT_PASSWORD} # SMTP for Authelia Notifications (OPTIONAL) # If not configured, notifications are saved to file instead # SMTP_USERNAME=${SMTP_EMAIL_FROM} # SMTP_PASSWORD=${SMTP_EMAIL_PASSWORD} # #### VPN OPTIONAL WIREGUARD CONFIGURATION (GLUETUN) #### # Surfshark WireGuard (OPTIONAL - Advanced users only) # Get WireGuard details from Surfshark dashboard # SURFSHARK_PRIVATE_KEY=your-wireguard-private-key # SURFSHARK_ADDRESSES=10.14.0.2/16 # #### ALTERNATIVE SERVICES (OPTIONAL) #### # Deploy alternatives.yml stack if you want these # Authentik SSO (alternative to Authelia with web UI) # WARNING: Do not run both Authelia and Authentik at the same time # Generate secrets with: openssl rand -hex 50 # AUTHENTIK_SECRET_KEY=your-authentik-secret-key-here-100-chars # AUTHENTIK_DB_USER=authentik # AUTHENTIK_DB_PASSWORD=changeme-authentik-db-password # AUTHENTIK_DB_NAME=authentik # PLEX_CLAIM=claim-xxxxxxxxxx # Uncomment to user Plex instead of Jellyfin # #### INFRASTRUCTURE SERVICES #### # Pi-hole PIHOLE_PASSWORD=${DEFAULT_PASSWORD} # Watchtower Notifications (optional) # If not set, Watchtower will still update containers but without notifications # Supports various notification services via Shoutrrr URL format # WATCHTOWER_NOTIFICATION_URL= # #### Other Services #### # qBittorrent QBITTORRENT_USER=admin QBITTORRENT_PASS=${DEFAULT_PASSWORD} # GRAFANA GRAFANA_ADMIN_PASSWORD=${DEFAULT_PASSWORD} # VS Code Server CODE_SERVER_PASSWORD=${DEFAULT_PASSWORD} CODE_SERVER_SUDO_PASSWORD=${DEFAULT_PASSWORD} # Jupyter Notebook JUPYTER_TOKEN=${DEFAULT_PASSWORD} # DATABASES - GENERAL POSTGRES_USER=${DEFAULT_USER} POSTGRES_PASSWORD=${DEFAULT_PASSWORD} POSTGRES_DB=homelab PGADMIN_EMAIL=${DEFAULT_EMAIL} PGADMIN_PASSWORD=${DEFAULT_PASSWORD} # Nextcloud NEXTCLOUD_ADMIN_USER=${DEFAULT_USER} NEXTCLOUD_ADMIN_PASSWORD=${DEFAULT_PASSWORD} NEXTCLOUD_DB_PASSWORD=${DEFAULT_PASSWORD} NEXTCLOUD_DB_ROOT_PASSWORD=${DEFAULT_PASSWORD} # Gitea GITEA_DB_PASSWORD=${DEFAULT_PASSWORD} # WordPress WORDPRESS_DB_PASSWORD=${DEFAULT_PASSWORD} WORDPRESS_DB_ROOT_PASSWORD=${DEFAULT_PASSWORD} # BookStack BOOKSTACK_DB_PASSWORD=${DEFAULT_PASSWORD} BOOKSTACK_DB_ROOT_PASSWORD=${DEFAULT_PASSWORD} # MediaWiki MEDIAWIKI_DB_PASSWORD=${DEFAULT_PASSWORD} MEDIAWIKI_DB_ROOT_PASSWORD=${DEFAULT_PASSWORD} # Bitwarden (Vaultwarden) BITWARDEN_ADMIN_TOKEN=${DEFAULT_PASSWORD} BITWARDEN_SIGNUPS_ALLOWED=true # Set to false after creating accounts BITWARDEN_INVITATIONS_ALLOWED=true SMTP_HOST=${SMTP_EMAIL_SERVER} SMTP_FROM=${SMTP_EMAIL_FROM} SMTP_PORT=${SMTP_EMAIL_PORT} SMTP_SECURITY=${SMTP_EMAIL_SECURITY} # Form.io FORMIO_JWT_SECRET=${DEFAULT_PASSWORD} FORMIO_DB_SECRET=${DEFAULT_PASSWORD} #################################### # HOMEPAGE DASHBOARD - API KEYS #################################### # HOMEPAGE_VAR_DOMAIN=${DOMAIN} # HOMEPAGE_VAR_SERVER_IP=${SERVER_IP} # HOMEPAGE_VAR_PORTAINER_KEY=your-portainer-api-key # HOMEPAGE_VAR_PIHOLE_KEY=your-pihole-api-key # HOMEPAGE_VAR_PLEX_KEY=your-plex-token # HOMEPAGE_VAR_JELLYFIN_KEY=your-jellyfin-api-key # HOMEPAGE_VAR_SONARR_KEY=your-sonarr-api-key # HOMEPAGE_VAR_RADARR_KEY=your-radarr-api-key # HOMEPAGE_VAR_LIDARR_KEY=your-lidarr-api-key # HOMEPAGE_VAR_READARR_KEY=your-readarr-api-key # HOMEPAGE_VAR_PROWLARR_KEY=your-prowlarr-api-key # HOMEPAGE_VAR_JELLYSEERR_KEY=your-jellyseerr-api-key # HOMEPAGE_VAR_QBITTORRENT_USER=${QBITTORRENT_USER} # HOMEPAGE_VAR_QBITTORRENT_PASS=${QBITTORRENT_PASS} # HOMEPAGE_VAR_HA_KEY=your-home-assistant-long-lived-token # HOMEPAGE_VAR_NEXTCLOUD_USER=${NEXTCLOUD_ADMIN_USER} # HOMEPAGE_VAR_NEXTCLOUD_PASS=${NEXTCLOUD_ADMIN_PASSWORD} # HOMEPAGE_VAR_GRAFANA_USER=admin # HOMEPAGE_VAR_GRAFANA_PASS=${GRAFANA_ADMIN_PASSWORD} # HOMEPAGE_VAR_BOOKSTACK_KEY=your-bookstack-api-token # HOMEPAGE_VAR_UPTIMEKUMA_SLUG=your-uptime-kuma-slug # HOMEPAGE_VAR_OPENWEATHER_KEY=your-openweather-api-key # HOMEPAGE_VAR_WEATHERAPI_KEY=your-weatherapi-key # HOMEPAGE_VAR_UNIFI_USER=your-unifi-username # HOMEPAGE_VAR_UNIFI_PASS=your-unifi-password