221 lines
6.8 KiB
Plaintext
221 lines
6.8 KiB
Plaintext
# Environment Variables Template
|
|
# Copy this file to .env and fill in your values: cp .env.example .env
|
|
# NEVER commit .env to git!
|
|
|
|
# User and Group IDs (get with: id -u and id -g)
|
|
PUID=1000
|
|
PGID=1000
|
|
|
|
# Timezone (list: timedatectl list-timezones)
|
|
TZ=America/New_York
|
|
|
|
# Server IP address
|
|
SERVER_IP=192.168.1.100
|
|
|
|
# Default credentials (used by multiple services for easier setup)
|
|
DEFAULT_USER=admin
|
|
DEFAULT_PASSWORD=changeme
|
|
DEFAULT_EMAIL=admin@example.com
|
|
|
|
# ====================================
|
|
# DOMAIN & DNS CONFIGURATION
|
|
# ====================================
|
|
|
|
# Your DuckDNS domain (without https://)
|
|
DOMAIN=yourdomain.duckdns.org
|
|
|
|
# DuckDNS Configuration
|
|
DUCKDNS_TOKEN=your-duckdns-token
|
|
DUCKDNS_SUBDOMAINS=yourdomain # Without .duckdns.org
|
|
|
|
# Let's Encrypt / ACME (for SSL certificates)
|
|
ACME_EMAIL=${DEFAULT_EMAIL}
|
|
ADMIN_EMAIL=${DEFAULT_EMAIL} # Used for admin user account
|
|
|
|
# Cloudflare API (optional, for DNS challenge instead of DuckDNS)
|
|
# CF_DNS_API_TOKEN=your-cloudflare-api-token
|
|
|
|
# ====================================
|
|
# AUTHELIA SSO CONFIGURATION
|
|
# ====================================
|
|
# Generate these secrets with: openssl rand -hex 64
|
|
# The setup script will auto-generate these if not set
|
|
|
|
AUTHELIA_JWT_SECRET=generate-with-openssl-rand-hex-64
|
|
AUTHELIA_SESSION_SECRET=generate-with-openssl-rand-hex-64
|
|
AUTHELIA_STORAGE_ENCRYPTION_KEY=generate-with-openssl-rand-hex-64
|
|
|
|
# Authelia Admin Credentials
|
|
# These will be auto-generated by setup-homelab.sh
|
|
# DO NOT set these manually - they are generated during setup
|
|
# AUTHELIA_ADMIN_USER=${DEFAULT_USER}
|
|
# AUTHELIA_ADMIN_EMAIL=${DEFAULT_EMAIL}
|
|
# AUTHELIA_ADMIN_PASSWORD=${DEFAULT_PASSWORD}
|
|
|
|
# SMTP for Authelia Notifications (OPTIONAL)
|
|
# If not configured, notifications are saved to file instead
|
|
# SMTP_USERNAME=your-email@example.com
|
|
# SMTP_PASSWORD=your-smtp-password
|
|
|
|
# ====================================
|
|
# VPN CONFIGURATION (GLUETUN)
|
|
# ====================================
|
|
|
|
# Surfshark OpenVPN (RECOMMENDED - Default)
|
|
SURFSHARK_USERNAME=your-surfshark-username
|
|
SURFSHARK_PASSWORD=your-surfshark-password
|
|
VPN_SERVER_COUNTRIES=Netherlands # Preferred VPN server location
|
|
|
|
# Surfshark WireGuard (OPTIONAL - Advanced users only)
|
|
# Only needed if you prefer WireGuard over OpenVPN
|
|
# Get WireGuard details from Surfshark dashboard
|
|
# SURFSHARK_PRIVATE_KEY=your-wireguard-private-key
|
|
# SURFSHARK_ADDRESSES=10.14.0.2/16
|
|
|
|
# ====================================
|
|
# DIRECTORY PATHS
|
|
# ====================================
|
|
|
|
USERDIR=/opt/stacks
|
|
MEDIADIR=/mnt/media # Large media files on separate drive
|
|
DOWNLOADDIR=/mnt/downloads # Downloads on separate drive
|
|
PROJECTDIR=/home/username/projects
|
|
|
|
# ====================================
|
|
# ALTERNATIVE SERVICES (OPTIONAL)
|
|
# Deploy alternatives.yml stack if you want these
|
|
# ====================================
|
|
|
|
# Authentik SSO (alternative to Authelia with web UI)
|
|
# WARNING: Do not run both Authelia and Authentik at the same time
|
|
# Generate secrets with: openssl rand -hex 50
|
|
# AUTHENTIK_SECRET_KEY=your-authentik-secret-key-here-100-chars
|
|
# AUTHENTIK_DB_USER=authentik
|
|
# AUTHENTIK_DB_PASSWORD=changeme-authentik-db-password
|
|
# AUTHENTIK_DB_NAME=authentik
|
|
|
|
# ====================================
|
|
# MEDIA SERVICES
|
|
# ====================================
|
|
|
|
PLEX_CLAIM=claim-xxxxxxxxxx
|
|
|
|
# qBittorrent
|
|
QBITTORRENT_USER=admin
|
|
QBITTORRENT_PASS=${DEFAULT_PASSWORD}
|
|
|
|
# ====================================
|
|
# INFRASTRUCTURE SERVICES
|
|
# ====================================
|
|
|
|
# Pi-hole
|
|
PIHOLE_PASSWORD=${DEFAULT_PASSWORD}
|
|
|
|
# Watchtower Notifications (optional)
|
|
# If not set, Watchtower will still update containers but without notifications
|
|
# Supports various notification services via Shoutrrr URL format
|
|
# Examples:
|
|
# Discord: discord://token@webhookid
|
|
# Slack: slack://token@channel
|
|
# Email: smtp://username:password@host:port/?from=sender@example.com
|
|
# WATCHTOWER_NOTIFICATION_URL=
|
|
|
|
# ====================================
|
|
# MONITORING & DASHBOARDS
|
|
# ====================================
|
|
|
|
GRAFANA_ADMIN_PASSWORD=${DEFAULT_PASSWORD}
|
|
|
|
# ====================================
|
|
# DEVELOPMENT TOOLS
|
|
# ====================================
|
|
|
|
CODE_SERVER_PASSWORD=${DEFAULT_PASSWORD}
|
|
CODE_SERVER_SUDO_PASSWORD=${DEFAULT_PASSWORD}
|
|
|
|
JUPYTER_TOKEN=${DEFAULT_PASSWORD}
|
|
|
|
# ====================================
|
|
# DATABASES - GENERAL
|
|
# ====================================
|
|
|
|
POSTGRES_USER=${DEFAULT_USER}
|
|
POSTGRES_PASSWORD=${DEFAULT_PASSWORD}
|
|
POSTGRES_DB=homelab
|
|
|
|
PGADMIN_EMAIL=${DEFAULT_EMAIL}
|
|
PGADMIN_PASSWORD=${DEFAULT_PASSWORD}
|
|
|
|
# ====================================
|
|
# PRODUCTIVITY SERVICES
|
|
# ====================================
|
|
|
|
# Nextcloud
|
|
NEXTCLOUD_ADMIN_USER=${DEFAULT_USER}
|
|
NEXTCLOUD_ADMIN_PASSWORD=${DEFAULT_PASSWORD}
|
|
NEXTCLOUD_DB_PASSWORD=${DEFAULT_PASSWORD}
|
|
NEXTCLOUD_DB_ROOT_PASSWORD=${DEFAULT_PASSWORD}
|
|
|
|
# Gitea
|
|
GITEA_DB_PASSWORD=${DEFAULT_PASSWORD}
|
|
|
|
# WordPress
|
|
WORDPRESS_DB_PASSWORD=${DEFAULT_PASSWORD}
|
|
WORDPRESS_DB_ROOT_PASSWORD=${DEFAULT_PASSWORD}
|
|
|
|
# BookStack
|
|
BOOKSTACK_DB_PASSWORD=${DEFAULT_PASSWORD}
|
|
BOOKSTACK_DB_ROOT_PASSWORD=${DEFAULT_PASSWORD}
|
|
|
|
# MediaWiki
|
|
MEDIAWIKI_DB_PASSWORD=${DEFAULT_PASSWORD}
|
|
MEDIAWIKI_DB_ROOT_PASSWORD=${DEFAULT_PASSWORD}
|
|
|
|
# ====================================
|
|
# UTILITIES
|
|
# ====================================
|
|
|
|
# Bitwarden (Vaultwarden) Password Manager
|
|
# Admin token: openssl rand -base64 48
|
|
BITWARDEN_ADMIN_TOKEN=${DEFAULT_PASSWORD}
|
|
BITWARDEN_SIGNUPS_ALLOWED=true # Set to false after creating accounts
|
|
BITWARDEN_INVITATIONS_ALLOWED=true
|
|
SMTP_HOST=smtp.gmail.com
|
|
SMTP_FROM=${DEFAULT_EMAIL}
|
|
SMTP_PORT=587
|
|
SMTP_SECURITY=starttls
|
|
|
|
# Form.io
|
|
FORMIO_JWT_SECRET=${DEFAULT_PASSWORD}
|
|
FORMIO_DB_SECRET=${DEFAULT_PASSWORD}
|
|
|
|
# ====================================
|
|
# HOMEPAGE DASHBOARD - API KEYS
|
|
# Generate these from each service's settings page
|
|
# ====================================
|
|
|
|
HOMEPAGE_VAR_DOMAIN=${DOMAIN}
|
|
HOMEPAGE_VAR_SERVER_IP=${SERVER_IP}
|
|
HOMEPAGE_VAR_PORTAINER_KEY=your-portainer-api-key
|
|
HOMEPAGE_VAR_PIHOLE_KEY=your-pihole-api-key
|
|
HOMEPAGE_VAR_PLEX_KEY=your-plex-token
|
|
HOMEPAGE_VAR_JELLYFIN_KEY=your-jellyfin-api-key
|
|
HOMEPAGE_VAR_SONARR_KEY=your-sonarr-api-key
|
|
HOMEPAGE_VAR_RADARR_KEY=your-radarr-api-key
|
|
HOMEPAGE_VAR_LIDARR_KEY=your-lidarr-api-key
|
|
HOMEPAGE_VAR_READARR_KEY=your-readarr-api-key
|
|
HOMEPAGE_VAR_PROWLARR_KEY=your-prowlarr-api-key
|
|
HOMEPAGE_VAR_JELLYSEERR_KEY=your-jellyseerr-api-key
|
|
HOMEPAGE_VAR_QBITTORRENT_USER=${QBITTORRENT_USER}
|
|
HOMEPAGE_VAR_QBITTORRENT_PASS=${QBITTORRENT_PASS}
|
|
HOMEPAGE_VAR_HA_KEY=your-home-assistant-long-lived-token
|
|
HOMEPAGE_VAR_NEXTCLOUD_USER=${NEXTCLOUD_ADMIN_USER}
|
|
HOMEPAGE_VAR_NEXTCLOUD_PASS=${NEXTCLOUD_ADMIN_PASSWORD}
|
|
HOMEPAGE_VAR_GRAFANA_USER=admin
|
|
HOMEPAGE_VAR_GRAFANA_PASS=${GRAFANA_ADMIN_PASSWORD}
|
|
HOMEPAGE_VAR_BOOKSTACK_KEY=your-bookstack-api-token
|
|
HOMEPAGE_VAR_UPTIMEKUMA_SLUG=your-uptime-kuma-slug
|
|
HOMEPAGE_VAR_OPENWEATHER_KEY=your-openweather-api-key
|
|
HOMEPAGE_VAR_WEATHERAPI_KEY=your-weatherapi-key
|
|
HOMEPAGE_VAR_UNIFI_USER=your-unifi-username
|
|
HOMEPAGE_VAR_UNIFI_PASS=your-unifi-password |