NODEDC_PLATFORM/infra/synology/.env.synology.example

# Parallel Synology HTTP deployment.
# This intentionally uses high ports and does not touch existing nodedc-demo.

AUTH_DOMAIN=auth.nas.nodedc
LAUNCHER_DOMAIN=launcher.nas.nodedc
TASK_DOMAIN=task.nas.nodedc
NODEDC_PUBLIC_HTTP_PORT=18080
PLATFORM_HTTP_PORT=18080
SYNOLOGY_TASK_MANAGER_UPSTREAM=host.docker.internal:18090

AUTHENTIK_IMAGE=ghcr.io/goauthentik/server
AUTHENTIK_TAG=2026.2.2
AUTHENTIK_ERROR_REPORTING__ENABLED=false
AUTHENTIK_LISTEN__TRUSTED_PROXY_CIDRS=127.0.0.0/8,172.16.0.0/12

PG_DB=authentik
PG_USER=authentik
PG_PASS=replace-with-random-synology-secret
AUTHENTIK_SECRET_KEY=replace-with-random-synology-secret
AUTHENTIK_BOOTSTRAP_EMAIL=admin@nodedc.local
AUTHENTIK_BOOTSTRAP_PASSWORD=replace-with-random-synology-secret
AUTHENTIK_BOOTSTRAP_TOKEN=replace-with-random-synology-secret

LAUNCHER_BASE_URL=https://hub.nodedc.ru
TASK_BASE_URL=https://ops.nodedc.ru
TASK_LOGOUT_URI=https://ops.nodedc.ru/logout
TASK_INTERNAL_LOGOUT_URL=https://ops.nodedc.ru/api/internal/nodedc/logout/

LAUNCHER_OIDC_ISSUER=https://id.nodedc.ru/application/o/launcher/
LAUNCHER_OIDC_CLIENT_ID=nodedc-launcher
LAUNCHER_OIDC_CLIENT_SECRET=replace-with-random-synology-secret
LAUNCHER_OIDC_REDIRECT_URI=https://hub.nodedc.ru/auth/callback
LAUNCHER_OIDC_LOGGED_OUT_REDIRECT_URI=https://hub.nodedc.ru/auth/logged-out
LAUNCHER_LOGOUT_URI=https://hub.nodedc.ru/logout
LAUNCHER_COOKIE_DOMAIN=.nodedc.ru

PLANE_OIDC_ISSUER=https://id.nodedc.ru/application/o/task-manager/
PLANE_OIDC_CLIENT_ID=nodedc-task-manager
PLANE_OIDC_CLIENT_SECRET=replace-with-random-synology-secret
PLANE_OIDC_REDIRECT_URI=https://ops.nodedc.ru/auth/oidc/callback

NODEDC_AUTHENTIK_BASE_URL=http://authentik-server:9000
NODEDC_INTERNAL_ACCESS_TOKEN=replace-with-random-synology-secret
SESSION_SECRET=replace-with-random-synology-secret
COOKIE_DOMAIN=.nas.nodedc
COOKIE_SECURE=false