phil/Gondulf
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
65d5dfdbd668cdf91cf36524ed830bd756a3908a
Gondulf/.env.example
Phil Skentelbery 01dcaba86b feat(deploy): merge Phase 5a deployment configuration 
Complete containerized deployment system with Docker/Podman support.

Key features:
- Multi-stage Dockerfile with Python 3.11-slim base
- Docker Compose configurations for production and development
- Nginx reverse proxy with security headers and rate limiting
- Systemd service units for Docker, Podman, and docker-compose
- Backup/restore scripts with integrity verification
- Podman compatibility (ADR-009)

All tests pass including Podman verification testing.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-11-21 19:16:54 -07:00

174 lines
5.2 KiB
Plaintext
Raw Blame History

# Gondulf IndieAuth Server - Configuration File
# Copy this file to .env and fill in your values
# NEVER commit .env to version control!
# ========================================
# REQUIRED SETTINGS
# ========================================
# Secret key for cryptographic operations (JWT signing, session security)
# MUST be at least 32 characters long
# Generate with: python -c "import secrets; print(secrets.token_urlsafe(32))"
GONDULF_SECRET_KEY=
# Base URL of your Gondulf server
# Development: http://localhost:8000
# Production: https://auth.example.com (MUST use HTTPS in production)
GONDULF_BASE_URL=http://localhost:8000
# ========================================
# DATABASE CONFIGURATION
# ========================================
# SQLite database location
# Container (production): sqlite:////data/gondulf.db (absolute path, 4 slashes)
# Development (relative): sqlite:///./data/gondulf.db (relative path, 3 slashes)
# Note: Container uses /data volume mount for persistence
GONDULF_DATABASE_URL=sqlite:////data/gondulf.db
# ========================================
# SMTP CONFIGURATION
# ========================================
# SMTP server for sending verification emails
GONDULF_SMTP_HOST=localhost
GONDULF_SMTP_PORT=587
# SMTP authentication (leave empty if not required)
GONDULF_SMTP_USERNAME=
GONDULF_SMTP_PASSWORD=
# Sender email address
GONDULF_SMTP_FROM=noreply@example.com
# Use STARTTLS encryption (recommended: true for port 587)
GONDULF_SMTP_USE_TLS=true
# ========================================
# SMTP PROVIDER EXAMPLES
# ========================================
# Gmail (requires app-specific password):
# GONDULF_SMTP_HOST=smtp.gmail.com
# GONDULF_SMTP_PORT=587
# GONDULF_SMTP_USERNAME=your-email@gmail.com
# GONDULF_SMTP_PASSWORD=your-app-specific-password
# GONDULF_SMTP_FROM=your-email@gmail.com
# GONDULF_SMTP_USE_TLS=true
# SendGrid:
# GONDULF_SMTP_HOST=smtp.sendgrid.net
# GONDULF_SMTP_PORT=587
# GONDULF_SMTP_USERNAME=apikey
# GONDULF_SMTP_PASSWORD=your-sendgrid-api-key
# GONDULF_SMTP_FROM=noreply@yourdomain.com
# GONDULF_SMTP_USE_TLS=true
# Mailgun:
# GONDULF_SMTP_HOST=smtp.mailgun.org
# GONDULF_SMTP_PORT=587
# GONDULF_SMTP_USERNAME=postmaster@yourdomain.mailgun.org
# GONDULF_SMTP_PASSWORD=your-mailgun-password
# GONDULF_SMTP_FROM=noreply@yourdomain.com
# GONDULF_SMTP_USE_TLS=true
# ========================================
# TOKEN AND CODE EXPIRY
# ========================================
# Access token expiry in seconds
# Default: 3600 (1 hour)
# Range: 300 to 86400 (5 minutes to 24 hours)
GONDULF_TOKEN_EXPIRY=3600
# Authorization and verification code expiry in seconds
# Default: 600 (10 minutes)
# Per IndieAuth spec, codes should expire quickly
GONDULF_CODE_EXPIRY=600
# ========================================
# TOKEN CLEANUP (Phase 3)
# ========================================
# Automatic token cleanup (not implemented in v1.0.0)
# Set to false for manual cleanup only
GONDULF_TOKEN_CLEANUP_ENABLED=false
# Cleanup interval in seconds (if enabled)
# Default: 3600 (1 hour), minimum: 600 (10 minutes)
GONDULF_TOKEN_CLEANUP_INTERVAL=3600
# ========================================
# SECURITY SETTINGS
# ========================================
# Redirect HTTP requests to HTTPS
# Production: true (requires TLS termination at nginx or load balancer)
# Development: false
GONDULF_HTTPS_REDIRECT=true
# Trust X-Forwarded-* headers from reverse proxy
# Enable ONLY if behind trusted nginx/load balancer
# Production with nginx: true
# Direct exposure: false
GONDULF_TRUST_PROXY=false
# Set Secure flag on cookies (HTTPS only)
# Production with HTTPS: true
# Development (HTTP): false
GONDULF_SECURE_COOKIES=true
# ========================================
# LOGGING
# ========================================
# Logging level: DEBUG, INFO, WARNING, ERROR, CRITICAL
# Development: DEBUG
# Production: INFO or WARNING
GONDULF_LOG_LEVEL=INFO
# Debug mode (enables detailed logging and disables security features)
# NEVER enable in production!
# Development: true
# Production: false
GONDULF_DEBUG=false
# ========================================
# DEVELOPMENT CONFIGURATION EXAMPLE
# ========================================
# Uncomment and use these settings for local development:
# GONDULF_SECRET_KEY=dev-secret-key-change-in-production-minimum-32-characters-required
# GONDULF_BASE_URL=http://localhost:8000
# GONDULF_DATABASE_URL=sqlite:///./data/gondulf.db
# GONDULF_SMTP_HOST=mailhog
# GONDULF_SMTP_PORT=1025
# GONDULF_SMTP_USE_TLS=false
# GONDULF_HTTPS_REDIRECT=false
# GONDULF_TRUST_PROXY=false
# GONDULF_SECURE_COOKIES=false
# GONDULF_DEBUG=true
# GONDULF_LOG_LEVEL=DEBUG
# ========================================
# PRODUCTION CONFIGURATION EXAMPLE
# ========================================
# Example production configuration:
# GONDULF_SECRET_KEY=<generate-with-secrets-module>
# GONDULF_BASE_URL=https://auth.example.com
# GONDULF_DATABASE_URL=sqlite:////data/gondulf.db
# GONDULF_SMTP_HOST=smtp.sendgrid.net
# GONDULF_SMTP_PORT=587
# GONDULF_SMTP_USERNAME=apikey
# GONDULF_SMTP_PASSWORD=<your-api-key>
# GONDULF_SMTP_FROM=noreply@example.com
# GONDULF_SMTP_USE_TLS=true
# GONDULF_TOKEN_EXPIRY=3600
# GONDULF_CODE_EXPIRY=600
# GONDULF_HTTPS_REDIRECT=true
# GONDULF_TRUST_PROXY=true
# GONDULF_SECURE_COOKIES=true
# GONDULF_DEBUG=false
# GONDULF_LOG_LEVEL=INFO
Reference in New Issue View Git Blame Copy Permalink