Initial scaffold: push-to-deploy + auth-proxy + public-switch template
This commit is contained in:
Lumen
@@ -0,0 +1,27 @@
|
||||
# Copy to .env for local dev. In production these come from Gitea Actions secrets
|
||||
# (Settings → Actions → Secrets), NOT from a committed file.
|
||||
#
|
||||
# Generate strong values:
|
||||
# for s in AUTH_SECRET JWT_SECRET DB_PASSWORD; do echo "$s=$(openssl rand -base64 32)"; done
|
||||
|
||||
# NextAuth v5 (Auth.js) session secret. Rotating invalidates all sessions.
|
||||
AUTH_SECRET=changeme-base64-32
|
||||
|
||||
# Backend HMAC signing key (base64; JwtService base64-decodes it).
|
||||
# Rotating invalidates all previously issued access/refresh tokens.
|
||||
JWT_SECRET=changeme-base64-32
|
||||
|
||||
# Postgres role password for the live DB role.
|
||||
# NOTE: only applies on FIRST volume init; the deploy reconciles existing
|
||||
# volumes via ALTER USER (see .gitea/workflows/deploy.yml).
|
||||
DB_PASSWORD=changeme-base64-24
|
||||
|
||||
# ── Local-only frontend origin (override in compose for public phase) ──
|
||||
# For LOCAL phase point these at the LAN host:
|
||||
# NEXTAUTH_URL=http://192.168.188.119:__FRONTEND_PORT__
|
||||
# AUTH_URL=http://192.168.188.119:__FRONTEND_PORT__
|
||||
# For PUBLIC phase the TrueNAS override sets them to https://__SUBDOMAIN__
|
||||
NEXTAUTH_URL=http://localhost:3000
|
||||
AUTH_URL=http://localhost:3000
|
||||
AUTH_TRUST_HOST=true
|
||||
BACKEND_URL=http://backend:8080
|
||||
Reference in New Issue
Block a user