-
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy path.env.example
More file actions
112 lines (94 loc) · 3.19 KB
/
.env.example
File metadata and controls
112 lines (94 loc) · 3.19 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
# === Server Configuration ===
NODE_ENV=development
PORT=9090
HOST=0.0.0.0
# === Database Configuration (MariaDB / MySQL 8) ===
DB_HOST=localhost
DB_PORT=3306
DB_NAME=deploy_center
DB_USERNAME=deploycenter
DB_PASSWORD=change_me_strong_password
DB_DIALECT=mariadb
DB_POOL_MAX=20
DB_POOL_MIN=5
DB_POOL_ACQUIRE=30000
DB_POOL_IDLE=10000
DB_AUTO_MIGRATE=true
# Opt-in dev escape hatch — when "true", DatabaseInitializer runs
# `sync({ alter: true })` to align column DDL with model definitions for
# tables the migration runner hasn't fully created. Leave OFF in production;
# migrations are the source of truth (Constitution Principle IV).
DB_FORCE_SYNC_ALTER=false
# Used only by docker-compose to bootstrap the MariaDB root user:
DB_ROOT_PASSWORD=change_me_root_password
# === JWT Configuration ===
# Generate with: openssl rand -hex 64
JWT_SECRET=replace_with_64_byte_hex
JWT_EXPIRY=7d
JWT_REFRESH_SECRET=replace_with_different_64_byte_hex
JWT_REFRESH_EXPIRY=30d
# === Encryption ===
# Master key for AES-256-GCM. Used by SSH keys, env vars (F-003), notif provider creds (F-006).
# Generate with: openssl rand -hex 32
ENCRYPTION_KEY=replace_with_32_byte_hex
# === Redis (NEW in v3.0 — required by BullMQ queue, F-001) ===
REDIS_HOST=localhost
REDIS_PORT=6379
REDIS_PASSWORD=
REDIS_DB=0
# === GitHub Webhook ===
GITHUB_WEBHOOK_SECRET=replace_with_webhook_secret
# === Discord Notifications (legacy — v3.0 keeps backward compat; new channels via F-006) ===
DISCORD_WEBHOOK_URL=https://discord.com/api/webhooks/your_webhook_here
DISCORD_ENABLED=false
# === Slack Notifications (legacy) ===
SLACK_WEBHOOK_URL=https://hooks.slack.com/services/your_webhook_here
SLACK_ENABLED=false
# === Email Configuration (SMTP) ===
SMTP_HOST=smtp.gmail.com
SMTP_PORT=587
SMTP_SECURE=false
SMTP_USER=your_email@example.com
SMTP_PASSWORD=your_app_password_here
EMAIL_FROM=Deploy Center <noreply@example.com>
EMAIL_ENABLED=false
# === Telegram Bot (v2.1 legacy — out of v3.0 scope, preserved for compat) ===
TELEGRAM_BOT_TOKEN=your_bot_token_here
TELEGRAM_CHAT_ID=your_chat_id_here
TELEGRAM_ENABLED=false
# === Logging ===
LOG_LEVEL=info
LOG_DIR=./logs
LOG_MAX_FILES=30d
LOG_MAX_SIZE=20m
# === Rate Limiting ===
RATE_LIMIT_WINDOW_MS=900000
RATE_LIMIT_MAX_REQUESTS=100
# === CORS ===
CORS_ORIGIN=http://localhost:9090,http://localhost:5173
CORS_CREDENTIALS=true
# === Session ===
SESSION_SECRET=replace_with_random_string
# === Deployment Configuration ===
BACKUP_DIR=./backups
BACKUP_RETENTION_DAYS=30
MAX_CONCURRENT_DEPLOYMENTS=5
# === Default Admin Bootstrap ===
DEFAULT_ADMIN_USERNAME=admin
DEFAULT_ADMIN_EMAIL=admin@example.com
DEFAULT_ADMIN_PASSWORD=change_me_admin_password
# === Health Check ===
HEALTH_CHECK_INTERVAL_MINUTES=5
HEALTH_CHECK_TIMEOUT_MS=5000
# === Cleanup Job ===
CLEANUP_LOGS_DAYS=90
CLEANUP_BACKUPS_DAYS=30
CLEANUP_INTERVAL_HOURS=24
# === Test gates (only honored when NODE_ENV=test) ===
# Set to "1" to run the 30-minute Socket.IO log-stream stability test
# (otherwise skipped). Don't enable in CI by default.
# RUN_LONG_STREAM_TEST=1
# Set to "1" to run the slow BullMQ retry-policy test which deliberately
# waits for the full backoff schedule (1s → 5s → 25s) and is too slow for
# the default unit run.
# RUN_SLOW_QUEUE_TEST=1