-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy path.env.example
150 lines (150 loc) · 6.47 KB
/
.env.example
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
# URLs
PUBLIC_API_URL="http://localhost:4000/graphql"
PUBLIC_API_AUTH_URL="http://localhost:4000/auth"
PUBLIC_API_WEBSOCKET_URL="ws://localhost:4000/graphql"
PUBLIC_STORAGE_URL="http://localhost:4000/storage/"
PUBLIC_USER_DUMP_URL="http://localhost:4000/dump"
PRIVATE_API_URL="http://localhost:4000/graphql"
REDIS_URL="redis://localhost:6379"
PROMETHEUS_URL="http://localhost:9090"
# School
PUBLIC_SCHOOL_UID="o"
# Lydia
PUBLIC_LYDIA_API_URL="https://lydia-app.com"
LYDIA_WEBHOOK_URL="http://localhost:5173/lydia-webhook"
# Database
DATABASE_URL="postgres://postgres:dev@localhost:5432/postgres?schema=public"
# LDAP
LDAP_SCHOOL='{
"servers": {
"inp": {
"url": "ldap://localhost:1389",
"filterAttribute": "supannAliasLogin",
"wholeEmail": false,
"attributesMap": {
"schoolUid": "uid",
"schoolEmail": "mail",
"firstName": "givenName",
"lastName": "sn"
}
}
},
"emailDomains": {
"etu.enseeiht.fr": "inp",
"etu.inp-n7.fr": "inp",
"etu.toulouse-inp.fr": "inp"
}
}'
LDAP_URL="ldap://localhost:389"
LDAP_BASE_DN="dc=inpt,dc=fr"
LDAP_BIND_DN="uid=churros,ou=services"
LDAP_BIND_PASSWORD="ldapdev"
# Emails
PUBLIC_SUPPORT_EMAIL="[email protected]"
PUBLIC_CONTACT_EMAIL="[email protected]"
SMTP_URL="smtp://localhost:1025"
# Mailman
MAILMAN_API_URL="http://mailman-api-link"
MAILMAN_API_KEY="mailman-api-key"
# Misc
PUBLIC_FOY_GROUPS="foyer-n7"
PUBLIC_FRONTEND_ORIGIN="http://localhost:5173"
ORIGIN="http://localhost:5173"
GITLAB_PROJECT_ID="1013"
PUBLIC_GITLAB_PROJECT_ID="1013"
PUBLIC_GITLAB_ORIGIN="https://git.inpt.fr"
# Ignored in development: it's always (repository root)/packages/api/storage
STORAGE=""
# TODO: document this environment variable
MASTER_PASSWORD_HASH=""
# TODO: document this environment variable
PAYPAL_CLIENT_SECRET=""
# TODO: document this environment variable
PUBLIC_PAYPAL_CLIENT_ID=""
PUBLIC_PAYPAL_API_BASE_URL="https://api-m.sandbox.paypal.com"
# Disable body size limit
BODY_SIZE_LIMIT="Infinity"
# TODO: document this environment variable
GOOGLE_CLIENT_SECRET=""
PUBLIC_GOOGLE_CLIENT_ID=""
PUBLIC_GOOGLE_WALLET_ISSUER_ID="3388000000022345009"
# JSON contents of issuer service account keypair from Google Cloud Console, see net7’s bitwarden vault, should be there
GOOGLE_WALLET_ISSUER_KEY=""
# Set to "true" to deactivate signups
PUBLIC_DEACTIVATE_SIGNUPS="true"
# Custom message to show when users try to hit the /register page
PUBLIC_DEACTIVATE_SIGNUPS_MESSAGE="Les inscriptions sont désactivées pour le moment. Merci de votre compréhension."
FRONTEND_ORIGIN="http://localhost:5173"
# @churros/sync
# Logs type: pretty, json, hidden
SYNC_LOGS="pretty"
# Log level: 0: silent, 1: error, 2: warn, 3: info, 4: debug
SYNC_LOG_LEVEL="3"
# Enable modules to sync. Available modules: ldap
SYNC_MODULES="ldap"
# oauth client
PUBLIC_OAUTH_ENABLED="0"
PUBLIC_OAUTH_LOGOUT_URL=""
PUBLIC_OAUTH_AUTHORIZE_URL=""
PUBLIC_OAUTH_CLIENT_ID=""
PUBLIC_OAUTH_TOKEN_URL=""
PUBLIC_OAUTH_USER_INFO_URL=""
PUBLIC_OAUTH_SCOPES="openid,profile,email"
PUBLIC_OAUTH_LOGO_URL=""
PUBLIC_OAUTH_NAME=""
OAUTH_UID_KEY="nickname"
OAUTH_CLIENT_SECRET=""
# session
SESSION_SECRET="secret-to-change-in-production"
# Sentry
PUBLIC_SENTRY_DSN=""
# To generate this without a Mac:
# 1. Generate a CSR and private key: openssl req -nodes -newkey rsa:2048 -keyout private_key.key -out cer_sign_request.csr
# 2. Upload the CSR to Apple Developer Console: https://developer.apple.com/account/resources/certificates/add
# 3. Download the .cer file from Apple Developer Console: https://developer.apple.com/account/resources/certificates/list
# 4. Convert the .cer file to .crt file: openssl x509 -inform der -in certificate.cer -out certificate.crt
# 5. Use the .crt with the private key to get a .pfx file: openssl pkcs12 -export -out certificate.pfx -inkey private_key.key -in certificate.crt
# 6. Convert the .pfx to a .pem certificate: openssl pkcs12 -in certificate.pfx -out certificate.pem -nodes
APPLE_WALLET_PEM_CERTIFICATE=""
# The private key's optional password.
APPLE_WALLET_PEM_KEY_PASSWORD=""
# Pass Type ID, which is chosen during the certificate creation process
APPLE_WALLET_PASS_TYPE_ID="pass.dev.net7.churros.apple"
# Get it from https://developer.apple.com/account
APPLE_WALLET_TEAM_ID=""
# Additive modifier for favoring some types in global search results. A search result's rank is between 0 and 1. JSON object mapping types to rank bumps. Types are values of the `SearchResultType` GraphQL enum. Omitting a value means no bump.
PUBLIC_GLOBAL_SEARCH_BUMPS='{
"Users": 0.4,
"Groups": 0.5
}'
# Capacitor-related
PUBLIC_API_ORIGIN_WEB="http://localhost:4000"
# Note: 10.0.2.2 will *NOT* work on physical android devices, only on emulators
# To test on a physical device, install ngrok, setup your auth token, run `yarn ngrok` and set these origins to the ngrok URLs (API and frontend ports will be exposed to the Internet via Ngrok)
PUBLIC_API_ORIGIN_ANDROID="http://10.0.2.2:4000"
PUBLIC_FRONTEND_ORIGIN_ANDROID="http://10.0.2.2:5173"
PUBLIC_APP_PACKAGE_ID="app.churros"
# Notella notifications scheduler server NATS URL. See https://git.inpt.fr/churros/notella
NOTELLA_NATS_URL="nats://localhost:4222"
NOTELLA_HEALTHCHECK_ENDPOINT="http://localhost:8080/health"
# Used by notella, see services.notella in the docker-compose.yml
PUBLIC_VAPID_KEY="BO9G7s2ya5I-tgsClQs5m618yT5uwZkuWCVY0LC1Bvg_K_RsXF6dpNtipxzmrJeXZWbkDB-NkOnR_Tp3T9sOlNg"
# Used by notella, see services.notella in the docker-compose.yml
VAPID_PRIVATE_KEY=""
# Used by notella, see services.notella in the docker-compose.yml
FIREBASE_ADMIN_SERVICE_ACCOUNT_KEY=""
# Token to execute Mutation.housekeep
HOUSEKEEPER_TOKEN="housekeeper"
# In development, to test the webhook, you can start a quick & dirty server with `python -m http.server SOME_PORT` and use `http://localhost:SOME_PORT` here
USER_DELETED_WEBHOOK=""
NODE_ENV="development"
PUBLIC_REPOSITORY_URL="https://git.inpt.fr/churros/churros"
LYDIA_API_URL="https://lydia-app.com"
PUBLIC_API_ORIGIN_IOS="http://localhost:4000"
PUBLIC_ANDROID_CERTIFICATE_SHA256="3D:0E:51:2F:D6:CC:9E:5E:82:C9:E9:17:5E:F8:7D:7E:E6:08:55:D7:36:72:A8:E3:42:04:36:0C:48:79:B8:15"
PUBLIC_IOS_TEAM_ID="6SPC8F9492"
PUBLIC_IOS_BUNDLE_ID="app.churros"
PUBLIC_OAUTH_LOGO_URL="https://git.inpt.fr/inp-net/visual-identity/-/raw/main/favicon-color.svg"
PUBLIC_OAUTH_NAME="INP-net"
# Name of the update bundle asset in the gitlab release
PUBLIC_APP_UPDATE_BUNDLE_ASSET_NAME="update-bundle.zip"