NODEDC_PLATFORM/infra/scripts/init-dev-env.sh

#!/usr/bin/env sh
set -eu

SCRIPT_DIR=$(CDPATH= cd -- "$(dirname -- "$0")" && pwd)
INFRA_DIR=$(CDPATH= cd -- "$SCRIPT_DIR/.." && pwd)
ENV_FILE="$INFRA_DIR/.env"

if [ -f "$ENV_FILE" ]; then
  echo "Refusing to overwrite existing $ENV_FILE" >&2
  exit 1
fi

rand() {
  openssl rand -base64 "$1" | tr -d '\n'
}

cat > "$ENV_FILE" <<EOF
# domains
AUTH_DOMAIN=auth.local.nodedc
LAUNCHER_DOMAIN=launcher.local.nodedc
TASK_DOMAIN=task.local.nodedc

# proxy
PLATFORM_HTTP_PORT=80
PLATFORM_PROXY_IMAGE=nodedc/plane-proxy:ru
LOCAL_LAUNCHER_UPSTREAM=host.docker.internal:5173
LOCAL_TASK_MANAGER_UPSTREAM=host.docker.internal:8090

# authentik image
AUTHENTIK_IMAGE=ghcr.io/goauthentik/server
AUTHENTIK_TAG=2026.2.2

# authentik database
PG_DB=authentik
PG_USER=authentik
PG_PASS=$(rand 36)

# authentik core
AUTHENTIK_SECRET_KEY=$(rand 60)
AUTHENTIK_ERROR_REPORTING__ENABLED=false
AUTHENTIK_BOOTSTRAP_EMAIL=admin@nodedc.local
AUTHENTIK_BOOTSTRAP_PASSWORD=$(rand 36)
AUTHENTIK_BOOTSTRAP_TOKEN=$(rand 36)

# launcher oidc
LAUNCHER_OIDC_ISSUER=http://auth.local.nodedc/application/o/launcher/
LAUNCHER_OIDC_CLIENT_ID=nodedc-launcher
LAUNCHER_OIDC_CLIENT_SECRET=$(openssl rand -hex 48 | tr -d '\n')
LAUNCHER_OIDC_REDIRECT_URI=http://launcher.local.nodedc/auth/callback

# plane oidc
PLANE_OIDC_ISSUER=http://auth.local.nodedc/application/o/task-manager/
PLANE_OIDC_CLIENT_ID=nodedc-task-manager
PLANE_OIDC_CLIENT_SECRET=$(openssl rand -hex 48 | tr -d '\n')
PLANE_OIDC_REDIRECT_URI=http://task.local.nodedc/auth/oidc/callback

# security
SESSION_SECRET=$(rand 48)
NODEDC_INTERNAL_ACCESS_TOKEN=$(openssl rand -hex 48 | tr -d '\n')
COOKIE_DOMAIN=.local.nodedc
COOKIE_SECURE=false
EOF

chmod 600 "$ENV_FILE"
echo "Created $ENV_FILE"
echo "Open $ENV_FILE to read the generated local akadmin bootstrap credentials."