kelin
d12706fda2
- setup-homelab.sh: Save AUTHELIA_ADMIN_* credentials to .env file - deploy-homelab.sh: Check .env file as fallback if temp files don't exist - .env.example: Document auto-generated Authelia admin variables This ensures credentials survive reboots (e.g., when NVIDIA drivers are installed) and the deploy script can find them even when run manually after reboot.
223 lines
6.6 KiB
Plaintext
223 lines
6.6 KiB
Plaintext
# Environment Variables Template
|
|
# Copy this file to .env and fill in your values: cp .env.example .env
|
|
# NEVER commit .env to git!
|
|
|
|
# ====================================
|
|
# SYSTEM CONFIGURATION
|
|
# ====================================
|
|
|
|
# User and Group IDs (get with: id -u and id -g)
|
|
PUID=1000
|
|
PGID=1000
|
|
|
|
# Timezone (list: timedatectl list-timezones)
|
|
TZ=America/New_York
|
|
|
|
# Server IP address
|
|
SERVER_IP=192.168.1.100
|
|
|
|
# ====================================
|
|
# DOMAIN & DNS CONFIGURATION
|
|
# ====================================
|
|
|
|
# Your DuckDNS domain (without https://)
|
|
DOMAIN=yourdomain.duckdns.org
|
|
|
|
# DuckDNS Configuration
|
|
DUCKDNS_TOKEN=your-duckdns-token
|
|
DUCKDNS_SUBDOMAINS=yourdomain # Without .duckdns.org
|
|
|
|
# Let's Encrypt / ACME (for SSL certificates)
|
|
ACME_EMAIL=your-email@example.com
|
|
ADMIN_EMAIL=your-email@example.com # Used for admin user account
|
|
|
|
# Cloudflare API (optional, for DNS challenge instead of DuckDNS)
|
|
# CF_DNS_API_TOKEN=your-cloudflare-api-token
|
|
|
|
# ====================================
|
|
# AUTHELIA SSO CONFIGURATION
|
|
# ====================================
|
|
# Generate these secrets with: openssl rand -hex 64
|
|
# The setup script will auto-generate these if not set
|
|
|
|
AUTHELIA_JWT_SECRET=generate-with-openssl-rand-hex-64
|
|
AUTHELIA_SESSION_SECRET=generate-with-openssl-rand-hex-64
|
|
AUTHELIA_STORAGE_ENCRYPTION_KEY=generate-with-openssl-rand-hex-64
|
|
|
|
# Authelia Admin Credentials
|
|
# These will be auto-generated by setup-homelab.sh
|
|
# DO NOT set these manually - they are generated during setup
|
|
# AUTHELIA_ADMIN_USER=admin
|
|
# AUTHELIA_ADMIN_EMAIL=admin@example.com
|
|
# AUTHELIA_ADMIN_PASSWORD=auto-generated-password
|
|
|
|
# SMTP for Authelia Notifications (OPTIONAL)
|
|
# If not configured, notifications are saved to file instead
|
|
# SMTP_USERNAME=your-email@example.com
|
|
# SMTP_PASSWORD=your-smtp-password
|
|
|
|
# ====================================
|
|
# VPN CONFIGURATION (GLUETUN)
|
|
# ====================================
|
|
|
|
# Surfshark OpenVPN (RECOMMENDED - Default)
|
|
SURFSHARK_USERNAME=your-surfshark-username
|
|
SURFSHARK_PASSWORD=your-surfshark-password
|
|
VPN_SERVER_COUNTRIES=Netherlands # Preferred VPN server location
|
|
|
|
# Surfshark WireGuard (OPTIONAL - Advanced users only)
|
|
# Only needed if you prefer WireGuard over OpenVPN
|
|
# Get WireGuard details from Surfshark dashboard
|
|
# SURFSHARK_PRIVATE_KEY=your-wireguard-private-key
|
|
# SURFSHARK_ADDRESSES=10.14.0.2/16
|
|
|
|
# ====================================
|
|
# DIRECTORY PATHS
|
|
# ====================================
|
|
|
|
USERDIR=/opt/stacks
|
|
MEDIADIR=/mnt/media # Large media files on separate drive
|
|
DOWNLOADDIR=/mnt/downloads # Downloads on separate drive
|
|
PROJECTDIR=/home/username/projects
|
|
|
|
# ====================================
|
|
# ALTERNATIVE SERVICES (OPTIONAL)
|
|
# Deploy alternatives.yml stack if you want these
|
|
# ====================================
|
|
|
|
# Authentik SSO (alternative to Authelia with web UI)
|
|
# WARNING: Do not run both Authelia and Authentik at the same time
|
|
# Generate secrets with: openssl rand -hex 50
|
|
# AUTHENTIK_SECRET_KEY=your-authentik-secret-key-here-100-chars
|
|
# AUTHENTIK_DB_USER=authentik
|
|
# AUTHENTIK_DB_PASSWORD=changeme-authentik-db-password
|
|
# AUTHENTIK_DB_NAME=authentik
|
|
|
|
# ====================================
|
|
# MEDIA SERVICES
|
|
# ====================================
|
|
|
|
PLEX_CLAIM=claim-xxxxxxxxxx
|
|
|
|
# qBittorrent
|
|
QBITTORRENT_USER=admin
|
|
QBITTORRENT_PASS=changeme
|
|
|
|
# ====================================
|
|
# INFRASTRUCTURE SERVICES
|
|
# ====================================
|
|
|
|
# Pi-hole
|
|
PIHOLE_PASSWORD=changeme
|
|
|
|
# Watchtower Notifications (optional)
|
|
# If not set, Watchtower will still update containers but without notifications
|
|
# Supports various notification services via Shoutrrr URL format
|
|
# Examples:
|
|
# Discord: discord://token@webhookid
|
|
# Slack: slack://token@channel
|
|
# Email: smtp://username:password@host:port/?from=sender@example.com
|
|
# WATCHTOWER_NOTIFICATION_URL=
|
|
|
|
# ====================================
|
|
# MONITORING & DASHBOARDS
|
|
# ====================================
|
|
|
|
GRAFANA_ADMIN_PASSWORD=changeme
|
|
|
|
# ====================================
|
|
# DEVELOPMENT TOOLS
|
|
# ====================================
|
|
|
|
CODE_SERVER_PASSWORD=changeme
|
|
CODE_SERVER_SUDO_PASSWORD=changeme
|
|
|
|
JUPYTER_TOKEN=changeme
|
|
|
|
# ====================================
|
|
# DATABASES - GENERAL
|
|
# ====================================
|
|
|
|
POSTGRES_USER=postgres
|
|
POSTGRES_PASSWORD=changeme
|
|
POSTGRES_DB=homelab
|
|
|
|
PGADMIN_EMAIL=admin@example.com
|
|
PGADMIN_PASSWORD=changeme
|
|
|
|
# ====================================
|
|
# PRODUCTIVITY SERVICES
|
|
# ====================================
|
|
|
|
# Nextcloud
|
|
NEXTCLOUD_ADMIN_USER=admin
|
|
NEXTCLOUD_ADMIN_PASSWORD=changeme
|
|
NEXTCLOUD_DB_PASSWORD=changeme
|
|
NEXTCLOUD_DB_ROOT_PASSWORD=changeme
|
|
|
|
# Gitea
|
|
GITEA_DB_PASSWORD=changeme
|
|
|
|
# WordPress
|
|
WORDPRESS_DB_PASSWORD=changeme
|
|
WORDPRESS_DB_ROOT_PASSWORD=changeme
|
|
|
|
# BookStack
|
|
BOOKSTACK_DB_PASSWORD=changeme
|
|
BOOKSTACK_DB_ROOT_PASSWORD=changeme
|
|
|
|
# MediaWiki
|
|
MEDIAWIKI_DB_PASSWORD=changeme
|
|
MEDIAWIKI_DB_ROOT_PASSWORD=changeme
|
|
|
|
# ====================================
|
|
# UTILITIES
|
|
# ====================================
|
|
|
|
# Bitwarden (Vaultwarden) Password Manager
|
|
# Admin token: openssl rand -base64 48
|
|
BITWARDEN_ADMIN_TOKEN=changeme-bitwarden-admin-token
|
|
BITWARDEN_SIGNUPS_ALLOWED=true # Set to false after creating accounts
|
|
BITWARDEN_INVITATIONS_ALLOWED=true
|
|
SMTP_HOST=smtp.gmail.com
|
|
SMTP_FROM=bitwarden@yourdomain.com
|
|
SMTP_PORT=587
|
|
SMTP_SECURITY=starttls
|
|
|
|
# Form.io
|
|
FORMIO_JWT_SECRET=changeme
|
|
FORMIO_DB_SECRET=changeme
|
|
|
|
# ====================================
|
|
# HOMEPAGE DASHBOARD - API KEYS
|
|
# Generate these from each service's settings page
|
|
# ====================================
|
|
|
|
HOMEPAGE_VAR_DOMAIN=${DOMAIN}
|
|
HOMEPAGE_VAR_SERVER_IP=${SERVER_IP}
|
|
HOMEPAGE_VAR_PORTAINER_KEY=your-portainer-api-key
|
|
HOMEPAGE_VAR_PIHOLE_KEY=your-pihole-api-key
|
|
HOMEPAGE_VAR_PLEX_KEY=your-plex-token
|
|
HOMEPAGE_VAR_JELLYFIN_KEY=your-jellyfin-api-key
|
|
HOMEPAGE_VAR_SONARR_KEY=your-sonarr-api-key
|
|
HOMEPAGE_VAR_RADARR_KEY=your-radarr-api-key
|
|
HOMEPAGE_VAR_LIDARR_KEY=your-lidarr-api-key
|
|
HOMEPAGE_VAR_READARR_KEY=your-readarr-api-key
|
|
HOMEPAGE_VAR_PROWLARR_KEY=your-prowlarr-api-key
|
|
HOMEPAGE_VAR_JELLYSEERR_KEY=your-jellyseerr-api-key
|
|
HOMEPAGE_VAR_QBITTORRENT_USER=${QBITTORRENT_USER}
|
|
HOMEPAGE_VAR_QBITTORRENT_PASS=${QBITTORRENT_PASS}
|
|
HOMEPAGE_VAR_HA_KEY=your-home-assistant-long-lived-token
|
|
HOMEPAGE_VAR_NEXTCLOUD_USER=${NEXTCLOUD_ADMIN_USER}
|
|
HOMEPAGE_VAR_NEXTCLOUD_PASS=${NEXTCLOUD_ADMIN_PASSWORD}
|
|
HOMEPAGE_VAR_GRAFANA_USER=admin
|
|
HOMEPAGE_VAR_GRAFANA_PASS=${GRAFANA_ADMIN_PASSWORD}
|
|
HOMEPAGE_VAR_BOOKSTACK_KEY=your-bookstack-api-token
|
|
HOMEPAGE_VAR_UPTIMEKUMA_SLUG=your-uptime-kuma-slug
|
|
HOMEPAGE_VAR_OPENWEATHER_KEY=your-openweather-api-key
|
|
HOMEPAGE_VAR_WEATHERAPI_KEY=your-weatherapi-key
|
|
HOMEPAGE_VAR_UNIFI_USER=your-unifi-username
|
|
HOMEPAGE_VAR_UNIFI_PASS=your-unifi-password
|
|
|
|
# Add your own variables below
|