-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathenv.template
More file actions
240 lines (205 loc) · 7.83 KB
/
env.template
File metadata and controls
240 lines (205 loc) · 7.83 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
# ArgusPAM Environment Configuration Template
#
# INSTRUCTIONS:
# 1. Copy this file: cp env.template .env
# 2. Fill in the required values (marked with YOUR_*)
# 3. Optional: Customize other settings as needed
# 4. Run: docker compose up -d
#
# OR use the interactive setup script: ./setup.sh
#
# For detailed documentation, see: docs/DOCKER_ENV_VARIABLES.md
# =============================================================================
# ⚠️ REQUIRED: MUST BE PROVIDED
# =============================================================================
# Database Credentials (will be auto-generated if using setup.sh)
DB_ROOT_PASSWORD=YOUR_SECURE_ROOT_PASSWORD_HERE
DB_PASSWORD=YOUR_SECURE_USER_PASSWORD_HERE
# Laravel Application Key (generate with: php artisan key:generate or setup.sh)
APP_KEY=YOUR_APP_KEY_HERE
# Domain Configuration
# For local development, use localhost
# For production, use your actual domain (e.g., arguspam.com)
APP_URL=https://api.YOUR_DOMAIN_HERE
APP_WEB_URL=https://YOUR_DOMAIN_HERE
WEB_ORIGIN=https://YOUR_DOMAIN_HERE
PUBLIC_API_URL=https://api.YOUR_DOMAIN_HERE
# Security (use your domain without protocol)
SANCTUM_STATEFUL_DOMAINS=YOUR_DOMAIN_HERE
CORS_ALLOWED_ORIGINS=https://YOUR_DOMAIN_HERE
# Email/SMTP Configuration (Required for notifications)
MAIL_HOST=YOUR_SMTP_HOST_HERE # e.g., smtp.gmail.com
MAIL_PORT=587 # Usually 587 for TLS or 465 for SSL
MAIL_USERNAME=YOUR_SMTP_USERNAME_HERE # Usually your email address
MAIL_PASSWORD=YOUR_SMTP_PASSWORD_HERE
MAIL_FROM_ADDRESS=noreply@YOUR_DOMAIN_HERE
MAIL_FROM_NAME=ArgusPAM
# OpenAI Configuration (Required for AI features)
# Get your key from: https://platform.openai.com/api-keys
OPENAI_API_KEY=YOUR_OPENAI_API_KEY_HERE
OPENAI_ORGANIZATION=YOUR_OPENAI_ORG_ID # Optional, can be empty
# Administrator Emails
EMAIL_DEFAULT=admin@YOUR_DOMAIN_HERE
EMAIL_SUPPORT=support@YOUR_DOMAIN_HERE
# =============================================================================
# DATABASE CONFIGURATION
# =============================================================================
DB_DATABASE=arguspam
DB_USERNAME=arguspam
DB_CONNECTION=mysql
DB_HOST=mysql
DB_PORT=3306
# =============================================================================
# REDIS CONFIGURATION
# =============================================================================
REDIS_CLIENT=predis
REDIS_HOST=redis
REDIS_PORT=6379
REDIS_PREFIX=argus_db_
REDIS_DEFAULT_DB=0
REDIS_CACHE_DB=1
REDIS_QUEUE_DB=2
REDIS_SESSION_DB=3
# =============================================================================
# APPLICATION SETTINGS
# =============================================================================
APP_NAME=ArgusPAM
APP_ENV=production
APP_DEBUG=false
# =============================================================================
# OPENAI MODEL CONFIGURATION
# =============================================================================
OPENAI_MODEL=gpt-4o-mini
# =============================================================================
# SECURITY SETTINGS
# =============================================================================
SANCTUM_TOKEN_EXPIRATION=3600
SANCTUM_RATE_LIMIT=60
AUTH_TEMP_KEY_EXPIRATION=5
AUTH_BYPASS_2FA=false
# =============================================================================
# SESSION, CACHE, QUEUE DRIVERS
# =============================================================================
SESSION_DRIVER=redis
CACHE_STORE=redis
QUEUE_CONNECTION=redis
BROADCAST_CONNECTION=redis
# =============================================================================
# WEB FRONTEND CONFIGURATION
# =============================================================================
WEB_NODE_ENV=production
WEB_PORT=3000
PUBLIC_API_REQUEST_TIMEOUT=60000
PUBLIC_AUTH_LOGIN_PATH=/auth/login
PUBLIC_AUTH_LOGOUT_PATH=/auth/logout
PUBLIC_ORG_ID_HEADER=X-Organization-ID
PUBLIC_ACCESS_REQUEST_MIN_DURATION=10
PUBLIC_ACCESS_REQUEST_MAX_DURATION=43200
COOKIE_EXPIRY=86400
COOKIE_SAME_SITE=lax
COOKIE_TOKEN_KEY=auth_token
COOKIE_CURRENT_ORG_KEY=current_org_id
COOKIE_TEMP_KEY_KEY=temp_key
# =============================================================================
# OPTIONAL SERVICES
# =============================================================================
# Slack Integration (optional)
# Get token from: https://api.slack.com/apps
# SLACK_BOT_USER_OAUTH_TOKEN=
# MaxMind GeoIP (optional, for IP geolocation)
# Sign up at: https://www.maxmind.com/en/geolite2/signup
# MAXMIND_USER_ID=
# MAXMIND_LICENSE_KEY=
# Laravel Telescope (optional, for debugging in development)
TELESCOPE_ENABLED=false
# =============================================================================
# PRODUCTION: RESOURCE LIMITS
# =============================================================================
# Choose one set based on your server size:
# - Small: 2 CPU cores, 4GB RAM (50-200 users, 5-20 team members)
# - Medium: 4 CPU cores, 8GB RAM (200-1000 users, 20-100 team members)
# - Large: 8 CPU cores, 16GB RAM (1000-5000 users, 100-500 team members)
# MySQL Resources (Medium server defaults)
MYSQL_CPU_LIMIT=2
MYSQL_MEMORY_LIMIT=2G
MYSQL_CPU_RESERVATION=0.5
MYSQL_MEMORY_RESERVATION=512M
# Redis Resources (Medium server defaults)
REDIS_CPU_LIMIT=1
REDIS_MEMORY_LIMIT=512M
REDIS_CPU_RESERVATION=0.25
REDIS_MEMORY_RESERVATION=128M
REDIS_MAXMEMORY=512mb
REDIS_MAXMEMORY_POLICY=allkeys-lru
# API Resources (Medium server defaults)
API_CPU_LIMIT=2
API_MEMORY_LIMIT=1G
API_CPU_RESERVATION=0.5
API_MEMORY_RESERVATION=256M
# Horizon Resources (Medium server defaults)
HORIZON_CPU_LIMIT=1
HORIZON_MEMORY_LIMIT=512M
HORIZON_CPU_RESERVATION=0.25
HORIZON_MEMORY_RESERVATION=128M
# Web Resources (Medium server defaults)
WEB_CPU_LIMIT=1
WEB_MEMORY_LIMIT=512M
WEB_CPU_RESERVATION=0.25
WEB_MEMORY_RESERVATION=128M
# =============================================================================
# LOGGING CONFIGURATION
# =============================================================================
MYSQL_LOG_DRIVER=json-file
MYSQL_LOG_MAX_SIZE=10m
MYSQL_LOG_MAX_FILE=3
REDIS_LOG_DRIVER=json-file
REDIS_LOG_MAX_SIZE=10m
REDIS_LOG_MAX_FILE=3
API_LOG_DRIVER=json-file
API_LOG_MAX_SIZE=50m
API_LOG_MAX_FILE=5
HORIZON_LOG_DRIVER=json-file
HORIZON_LOG_MAX_SIZE=50m
HORIZON_LOG_MAX_FILE=5
WEB_LOG_DRIVER=json-file
WEB_LOG_MAX_SIZE=50m
WEB_LOG_MAX_FILE=5
# =============================================================================
# RESTART POLICIES
# =============================================================================
MYSQL_RESTART_POLICY=always
REDIS_RESTART_POLICY=always
API_RESTART_POLICY=always
HORIZON_RESTART_POLICY=always
WEB_RESTART_POLICY=always
# =============================================================================
# DEVELOPMENT: HOST VOLUME MOUNTS (for docker-compose.override.yml)
# =============================================================================
# Only needed for development mode with hot-reload
# Paths are relative to docker-compose.yml location
# Works on Mac, Linux, and Windows with default values
HOST_API_PATH=./api
HOST_WEB_PATH=./web
# =============================================================================
# ADVANCED: DOCKER CONFIGURATION (usually no need to change)
# =============================================================================
MYSQL_IMAGE=mysql:8.0
REDIS_IMAGE=redis:7-alpine
MYSQL_CONTAINER_NAME=arguspam-mysql
REDIS_CONTAINER_NAME=arguspam-redis
API_CONTAINER_NAME=arguspam-api
HORIZON_CONTAINER_NAME=arguspam-horizon
WEB_CONTAINER_NAME=arguspam-web
NETWORK_DRIVER=bridge
VOLUME_DRIVER=local
# Dockerfile Build Arguments (optional - defaults are usually fine)
# Only override if you need specific PHP/Node versions or custom paths
DOCKER_PHP_VERSION=8.3-fpm-alpine
DOCKER_COMPOSER_VERSION=2
DOCKER_NODE_VERSION=20-alpine
DOCKER_API_WORKDIR=/var/www/html
DOCKER_WEB_WORKDIR=/app
DOCKER_API_PORT=80
DOCKER_VITE_HMR_PORT=5173
DOCKER_NODEJS_GROUP_ID=1001
DOCKER_NODEJS_USER_ID=1001