-
Notifications
You must be signed in to change notification settings - Fork 4
Expand file tree
/
Copy path.env.example
More file actions
167 lines (155 loc) · 6.39 KB
/
.env.example
File metadata and controls
167 lines (155 loc) · 6.39 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
# Shared runtime (optional defaults)
LOG_LEVEL=INFO
ENVIRONMENT=local
SENTRY_DSN=
SENTRY_SEND_DEFAULT_PII=false
SENTRY_DEBUG=false
# Queue transport (optional defaults for host-run app services)
REDIS_URL=redis://127.0.0.1:6379/0
REDIS_QUEUE_NAME=jobs.default
REDIS_KEY_PREFIX=jobs
REDIS_SOCKET_CONNECT_TIMEOUT=5.0
REDIS_SOCKET_TIMEOUT=5.0
REDIS_HOST_BIND=127.0.0.1
# Optional: expose Redis on a fixed host port for local debugging.
# `./scripts/dev.sh` computes a deterministic per-worktree port when unset.
# `./scripts/docker-compose.sh` computes a deterministic per-worktree port when unset.
# REDIS_HOST_PORT=6379
# Postgres (required in production; optional defaults for host-run app services)
POSTGRES_URL=postgresql://postgres:postgres@127.0.0.1:5432/workflows
POSTGRES_DB=workflows
POSTGRES_USER=postgres
# Change in production
POSTGRES_PASSWORD=postgres
POSTGRES_HOST_BIND=127.0.0.1
# Optional: expose postgres on a fixed host port for local debugging.
# `./scripts/dev.sh` computes a deterministic per-worktree port when unset.
# `./scripts/docker-compose.sh` computes a deterministic per-worktree port when unset.
# POSTGRES_HOST_PORT=5432
# Job retry behavior (optional)
JOB_MAX_ATTEMPTS=8
JOB_RETRY_BASE_SECONDS=5
JOB_RETRY_MAX_SECONDS=300
JOB_TIMEOUT_SECONDS=600
JOB_RESULT_TTL_SECONDS=3600
# Internal transfer storage (optional defaults for host-run app services)
MINIO_ENDPOINT=http://127.0.0.1:9000
MINIO_ROOT_USER=internal
# Change in production
MINIO_ROOT_PASSWORD=change-me
MINIO_INTERNAL_BUCKET=internal-transfers
MINIO_HOST_BIND=127.0.0.1
# Optional: expose MinIO on fixed host ports for local debugging.
# `./scripts/dev.sh` computes deterministic per-worktree ports when unset.
# `./scripts/docker-compose.sh` computes deterministic per-worktree ports when unset.
# MINIO_API_HOST_PORT=9000
# MINIO_CONSOLE_HOST_PORT=9001
# API (optional defaults; API_SHARED_SECRET required to accept ingest calls)
WEBHOOK_INGEST_HOST=0.0.0.0
# Host-run API processes use this port directly. docker-compose.yml pins the
# API container to 8090 internally and varies only the published host port.
WEBHOOK_INGEST_PORT=8090
WEBHOOK_INGEST_HOST_BIND=127.0.0.1
# Optional: expose ingest API on a fixed host port for local debugging.
# Leave unset to let ./scripts/docker-compose.sh compute a deterministic port.
# WEBHOOK_INGEST_HOST_PORT=8090
# Host-run API processes launched through `./scripts/dev.sh api` override
# `WEBHOOK_INGEST_PORT` with a deterministic per-worktree port automatically.
# Required: ingest requests are rejected when unset
API_SHARED_SECRET=
# Authentik admin API (required for /create-sso-user)
# Base URL can omit /api/v3; the client adds it automatically.
AUTHENTIK_API_BASE_URL=
AUTHENTIK_API_TIMEOUT_SECONDS=20.0
AUTHENTIK_API_TOKEN=
# Optional override. When unset, the bot resolves the Email Stage by name.
AUTHENTIK_RECOVERY_EMAIL_STAGE_ID=
# Optional Authentik Email Stage name used when the UUID override is unset.
AUTHENTIK_RECOVERY_EMAIL_STAGE_NAME=default-recovery-email
# Optional: Discord logs webhook for operator-visible logs from commands/jobs
DISCORD_LOGS_WEBHOOK_URL=
# Optional: wait for Discord server confirmation before returning from webhook call
DISCORD_LOGS_WEBHOOK_WAIT=true
# Dashboard/API auth (OIDC via Authentik; optional until enabled)
OIDC_ISSUER_URL=
OIDC_CLIENT_ID=
OIDC_CLIENT_SECRET=
OIDC_SCOPE=openid profile email groups
OIDC_GROUPS_CLAIM=groups
OIDC_ADMIN_GROUPS=authentik Admins
OIDC_CALLBACK_PATH=/auth/callback
# Optional external base URL used to build redirect_uri (defaults to request base URL)
OIDC_REDIRECT_BASE_URL=
AUTH_SESSION_COOKIE_NAME=five08_session
DASHBOARD_DEFAULT_PATH=/dashboard
# Optional external base URL for generated deep links
DASHBOARD_PUBLIC_BASE_URL=
# Discord admin link checks (DB-first, Discord API fallback)
DISCORD_SERVER_ID=
DISCORD_ADMIN_ROLES=Admin,Owner
DISCORD_API_TIMEOUT_SECONDS=8.0
DISCORD_LINK_TTL_SECONDS=600
# Temporary bootstrap switch: when false, Discord deep-link logins do not require
# an OIDC roundtrip and skip OIDC-based admin-group and email-to-Discord-link checks.
DISCORD_LINK_REQUIRE_OIDC_IDENTITY_CHECKS=true
# Worker / consumer (optional defaults)
WORKER_NAME=worker
WORKER_API_BASE_URL=http://127.0.0.1:8090
DISCORD_BOT_INTERNAL_BASE_URL=http://127.0.0.1:3000
WORKER_QUEUE_NAMES=jobs.default
WORKER_BURST=false
MAX_ATTACHMENTS_PER_CONTACT=3
MAX_FILE_SIZE_MB=10
ALLOWED_FILE_TYPES=pdf,doc,docx,txt
OPENAI_API_KEY=
# For OpenRouter, set OPENAI_BASE_URL=https://openrouter.ai/api/v1
OPENAI_BASE_URL=
OPENAI_MODEL=gpt-5-mini
# Resume model name without provider prefix; OpenRouter is auto-prefixed to openai/<model>
RESUME_AI_MODEL=gpt-5-mini
RESUME_EXTRACTOR_MAX_TOKENS=2000
RESUME_EXTRACTOR_VERSION=v1
CRM_SYNC_ENABLED=true
CRM_SYNC_INTERVAL_SECONDS=900
CRM_SYNC_PAGE_SIZE=200
# Optional: restrict Docuseal agreements to this template id.
# If unset, Docuseal agreement processing is ignored.
DOCUSEAL_MEMBER_AGREEMENT_TEMPLATE_ID=
# Required for sending member agreement requests from Discord.
# For DocuSeal Cloud use https://api.docuseal.com
# For self-hosted DocuSeal, this is usually https://your-host/api
DOCUSEAL_BASE_URL=
DOCUSEAL_API_KEY=
# Discord bot (required for bot runtime)
DISCORD_BOT_TOKEN=your_bot_token_here
HEALTHCHECK_PORT=3000
# Host-run bot processes launched through `./scripts/dev.sh discord-bot` override
# `HEALTHCHECK_PORT` with a deterministic per-worktree port automatically.
BACKEND_API_BASE_URL=http://127.0.0.1:8090
AUDIT_API_BASE_URL=
AUDIT_API_TIMEOUT_SECONDS=2.0
# Worker mailbox resume intake (required if email intake is enabled)
CHECK_EMAIL_WAIT=2
EMAIL_USERNAME=your_email@example.com
EMAIL_PASSWORD=your_app_password
IMAP_SERVER=imap.migadu.com
IMAP_TIMEOUT_SECONDS=10.0
# Intake form resume URL fetch guardrails
INTAKE_RESUME_FETCH_TIMEOUT_SECONDS=20.0
INTAKE_RESUME_MAX_REDIRECTS=3
# Optional comma-separated host allowlist for intake resume URL fetches
INTAKE_RESUME_ALLOWED_HOSTS=
EMAIL_RESUME_INTAKE_ENABLED=false
EMAIL_RESUME_ALLOWED_EXTENSIONS=pdf,doc,docx
EMAIL_RESUME_MAX_FILE_SIZE_MB=10
EMAIL_REQUIRE_SENDER_AUTH_HEADERS=true
# Migadu mailbox automation (required for /create-mailbox command)
MIGADU_API_USER=your_migadu_api_user
MIGADU_API_KEY=your_migadu_api_key
MIGADU_MAILBOX_DOMAIN=508.dev
# EspoCRM (required for worker integration)
ESPO_API_KEY=your_key_here
ESPO_BASE_URL=https://espo.url/
# Kimai time tracking (optional until Kimai integrations are used)
KIMAI_BASE_URL=https://kimai.example.com
KIMAI_API_TOKEN=your_kimai_api_token_here