Kyle Pope
dadd19bc30
In production, CORS_ORIGINS now defaults to UMBRA_URL so deployers only need to set the external URL once. In development it defaults to http://localhost:5173 (Vite dev server). Explicit CORS_ORIGINS env var is still respected as an override for multi-origin or custom setups. This means a production .env only needs: ENVIRONMENT, SECRET_KEY, UMBRA_URL, and DB credentials. COOKIE_SECURE and CORS_ORIGINS both auto-derive. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
39 lines
2.0 KiB
Plaintext
39 lines
2.0 KiB
Plaintext
# ──────────────────────────────────────
|
|
# Database
|
|
# ──────────────────────────────────────
|
|
POSTGRES_USER=umbra
|
|
POSTGRES_PASSWORD=changeme_in_production
|
|
POSTGRES_DB=umbra
|
|
DATABASE_URL=postgresql+asyncpg://umbra:changeme_in_production@db:5432/umbra
|
|
|
|
# ──────────────────────────────────────
|
|
# Application
|
|
# ──────────────────────────────────────
|
|
# Generate with: python3 -c "import secrets; print(secrets.token_hex(32))"
|
|
SECRET_KEY=your-secret-key-change-in-production
|
|
|
|
# development | production — controls Swagger/ReDoc visibility and cookie defaults
|
|
ENVIRONMENT=development
|
|
|
|
# Public URL — used for ntfy click links and auto-derives CORS_ORIGINS in production
|
|
# UMBRA_URL=https://umbra.example.com
|
|
|
|
# Timezone (applied to backend + db containers via env_file)
|
|
TZ=Australia/Perth
|
|
|
|
# ──────────────────────────────────────
|
|
# Integrations
|
|
# ──────────────────────────────────────
|
|
OPENWEATHERMAP_API_KEY=your-openweathermap-api-key
|
|
|
|
# ──────────────────────────────────────
|
|
# Overrides (rarely needed)
|
|
# ──────────────────────────────────────
|
|
# COOKIE_SECURE auto-derives from ENVIRONMENT (production → true).
|
|
# Only set explicitly to override, e.g. false for a non-TLS prod behind a proxy.
|
|
# COOKIE_SECURE=false
|
|
|
|
# CORS_ORIGINS auto-derives from UMBRA_URL in production, http://localhost:5173 in dev.
|
|
# Only set explicitly if you need a different origin or multiple origins.
|
|
# CORS_ORIGINS=https://custom-domain.example.com
|