# Environment Variables Template # Copy this file to .env and fill in your values: cp .env.example .env # NEVER commit .env to git! # ==================================== # SYSTEM CONFIGURATION # ==================================== # User and Group IDs (get with: id -u and id -g) PUID=1000 PGID=1000 # Timezone (list: timedatectl list-timezones) TZ=America/New_York # Server IP address SERVER_IP=192.168.1.100 # ==================================== # DOMAIN & DNS CONFIGURATION # ==================================== # Your DuckDNS domain (without https://) DOMAIN=yourdomain.duckdns.org # DuckDNS Configuration DUCKDNS_TOKEN=your-duckdns-token DUCKDNS_SUBDOMAINS=yourdomain # Without .duckdns.org # Let's Encrypt / ACME (for SSL certificates) ACME_EMAIL=your-email@example.com ADMIN_EMAIL=your-email@example.com # Used for admin user account # Cloudflare API (optional, for DNS challenge instead of DuckDNS) # CF_DNS_API_TOKEN=your-cloudflare-api-token # ==================================== # AUTHELIA SSO CONFIGURATION # ==================================== # Generate these secrets with: openssl rand -hex 64 # The deploy script will use these to configure Authelia AUTHELIA_JWT_SECRET=generate-with-openssl-rand-hex-64 AUTHELIA_SESSION_SECRET=generate-with-openssl-rand-hex-64 AUTHELIA_STORAGE_ENCRYPTION_KEY=generate-with-openssl-rand-hex-64 # Authelia Admin Password (OPTIONAL) # If not provided, deploy script will generate a random password # and save it to /opt/stacks/core/authelia/ADMIN_PASSWORD.txt # AUTHELIA_ADMIN_PASSWORD=your-secure-password-here # SMTP for Authelia Notifications (OPTIONAL) # If not configured, notifications are saved to file instead # SMTP_USERNAME=your-email@example.com # SMTP_PASSWORD=your-smtp-password # ==================================== # VPN CONFIGURATION (GLUETUN) # ==================================== # Surfshark OpenVPN (RECOMMENDED - Default) SURFSHARK_USERNAME=your-surfshark-username SURFSHARK_PASSWORD=your-surfshark-password VPN_SERVER_COUNTRIES=Netherlands # Preferred VPN server location # Surfshark WireGuard (OPTIONAL - Advanced users only) # Only needed if you prefer WireGuard over OpenVPN # Get WireGuard details from Surfshark dashboard # SURFSHARK_PRIVATE_KEY=your-wireguard-private-key # SURFSHARK_ADDRESSES=10.14.0.2/16 # ==================================== # DIRECTORY PATHS # ==================================== USERDIR=/opt/stacks MEDIADIR=/mnt/media # Large media files on separate drive DOWNLOADDIR=/mnt/downloads # Downloads on separate drive PROJECTDIR=/home/username/projects # ==================================== # ALTERNATIVE SERVICES (OPTIONAL) # Deploy alternatives.yml stack if you want these # ==================================== # Authentik SSO (alternative to Authelia with web UI) # WARNING: Do not run both Authelia and Authentik at the same time # Generate secrets with: openssl rand -hex 50 # AUTHENTIK_SECRET_KEY=your-authentik-secret-key-here-100-chars # AUTHENTIK_DB_USER=authentik # AUTHENTIK_DB_PASSWORD=changeme-authentik-db-password # AUTHENTIK_DB_NAME=authentik # ==================================== # MEDIA SERVICES # ==================================== PLEX_CLAIM=claim-xxxxxxxxxx # qBittorrent QBITTORRENT_USER=admin QBITTORRENT_PASS=changeme # ==================================== # INFRASTRUCTURE SERVICES # ==================================== # Pi-hole PIHOLE_PASSWORD=changeme # Watchtower Notifications (optional) # WATCHTOWER_NOTIFICATION_URL= # ==================================== # MONITORING & DASHBOARDS # ==================================== GRAFANA_ADMIN_PASSWORD=changeme # ==================================== # DEVELOPMENT TOOLS # ==================================== CODE_SERVER_PASSWORD=changeme CODE_SERVER_SUDO_PASSWORD=changeme JUPYTER_TOKEN=changeme # ==================================== # DATABASES - GENERAL # ==================================== POSTGRES_USER=postgres POSTGRES_PASSWORD=changeme POSTGRES_DB=homelab PGADMIN_EMAIL=admin@example.com PGADMIN_PASSWORD=changeme # ==================================== # PRODUCTIVITY SERVICES # ==================================== # Nextcloud NEXTCLOUD_ADMIN_USER=admin NEXTCLOUD_ADMIN_PASSWORD=changeme NEXTCLOUD_DB_PASSWORD=changeme NEXTCLOUD_DB_ROOT_PASSWORD=changeme # Gitea GITEA_DB_PASSWORD=changeme # WordPress WORDPRESS_DB_PASSWORD=changeme WORDPRESS_DB_ROOT_PASSWORD=changeme # BookStack BOOKSTACK_DB_PASSWORD=changeme BOOKSTACK_DB_ROOT_PASSWORD=changeme # MediaWiki MEDIAWIKI_DB_PASSWORD=changeme MEDIAWIKI_DB_ROOT_PASSWORD=changeme # ==================================== # UTILITIES # ==================================== # Bitwarden (Vaultwarden) Password Manager # Admin token: openssl rand -base64 48 BITWARDEN_ADMIN_TOKEN=changeme-bitwarden-admin-token BITWARDEN_SIGNUPS_ALLOWED=true # Set to false after creating accounts BITWARDEN_INVITATIONS_ALLOWED=true SMTP_HOST=smtp.gmail.com SMTP_FROM=bitwarden@yourdomain.com SMTP_PORT=587 SMTP_SECURITY=starttls # Form.io FORMIO_JWT_SECRET=changeme FORMIO_DB_SECRET=changeme # ==================================== # HOMEPAGE DASHBOARD - API KEYS # Generate these from each service's settings page # ==================================== HOMEPAGE_VAR_DOMAIN=${DOMAIN} HOMEPAGE_VAR_SERVER_IP=${SERVER_IP} HOMEPAGE_VAR_PORTAINER_KEY=your-portainer-api-key HOMEPAGE_VAR_PIHOLE_KEY=your-pihole-api-key HOMEPAGE_VAR_PLEX_KEY=your-plex-token HOMEPAGE_VAR_JELLYFIN_KEY=your-jellyfin-api-key HOMEPAGE_VAR_SONARR_KEY=your-sonarr-api-key HOMEPAGE_VAR_RADARR_KEY=your-radarr-api-key HOMEPAGE_VAR_LIDARR_KEY=your-lidarr-api-key HOMEPAGE_VAR_READARR_KEY=your-readarr-api-key HOMEPAGE_VAR_PROWLARR_KEY=your-prowlarr-api-key HOMEPAGE_VAR_JELLYSEERR_KEY=your-jellyseerr-api-key HOMEPAGE_VAR_QBITTORRENT_USER=${QBITTORRENT_USER} HOMEPAGE_VAR_QBITTORRENT_PASS=${QBITTORRENT_PASS} HOMEPAGE_VAR_HA_KEY=your-home-assistant-long-lived-token HOMEPAGE_VAR_NEXTCLOUD_USER=${NEXTCLOUD_ADMIN_USER} HOMEPAGE_VAR_NEXTCLOUD_PASS=${NEXTCLOUD_ADMIN_PASSWORD} HOMEPAGE_VAR_GRAFANA_USER=admin HOMEPAGE_VAR_GRAFANA_PASS=${GRAFANA_ADMIN_PASSWORD} HOMEPAGE_VAR_BOOKSTACK_KEY=your-bookstack-api-token HOMEPAGE_VAR_UPTIMEKUMA_SLUG=your-uptime-kuma-slug HOMEPAGE_VAR_OPENWEATHER_KEY=your-openweather-api-key HOMEPAGE_VAR_WEATHERAPI_KEY=your-weatherapi-key HOMEPAGE_VAR_UNIFI_USER=your-unifi-username HOMEPAGE_VAR_UNIFI_PASS=your-unifi-password # Add your own variables below