51 lines
1.7 KiB
Plaintext
51 lines
1.7 KiB
Plaintext
# staging domains
|
|
AUTH_DOMAIN=auth.staging.nodedc.example
|
|
LAUNCHER_DOMAIN=launcher.staging.nodedc.example
|
|
TASK_DOMAIN=task.staging.nodedc.example
|
|
|
|
# edge proxy
|
|
ACME_EMAIL=admin@nodedc.example
|
|
PLATFORM_HTTP_PORT=80
|
|
PLATFORM_HTTPS_PORT=443
|
|
PLATFORM_PROXY_IMAGE=caddy:2-alpine
|
|
STAGING_LAUNCHER_UPSTREAM=launcher:5173
|
|
STAGING_TASK_MANAGER_UPSTREAM=task-manager-proxy:80
|
|
|
|
# authentik image
|
|
AUTHENTIK_IMAGE=ghcr.io/goauthentik/server
|
|
AUTHENTIK_TAG=2026.2.2
|
|
|
|
# authentik database
|
|
PG_DB=authentik
|
|
PG_USER=authentik
|
|
PG_PASS=replace-with-random-staging-secret
|
|
|
|
# authentik
|
|
AUTHENTIK_SECRET_KEY=replace-with-random-staging-secret
|
|
AUTHENTIK_ERROR_REPORTING__ENABLED=false
|
|
AUTHENTIK_LISTEN__TRUSTED_PROXY_CIDRS=replace-with-reverse-proxy-subnet
|
|
|
|
# launcher oidc
|
|
LAUNCHER_OIDC_ISSUER=https://auth.staging.nodedc.example/application/o/launcher/
|
|
LAUNCHER_OIDC_CLIENT_ID=nodedc-launcher
|
|
LAUNCHER_OIDC_CLIENT_SECRET=replace-with-random-staging-secret
|
|
LAUNCHER_OIDC_REDIRECT_URI=https://launcher.staging.nodedc.example/auth/callback
|
|
LAUNCHER_OIDC_LOGGED_OUT_REDIRECT_URI=https://launcher.staging.nodedc.example/auth/logged-out
|
|
|
|
# plane oidc
|
|
PLANE_OIDC_ISSUER=https://auth.staging.nodedc.example/application/o/task-manager/
|
|
PLANE_OIDC_CLIENT_ID=nodedc-task-manager
|
|
PLANE_OIDC_CLIENT_SECRET=replace-with-random-staging-secret
|
|
PLANE_OIDC_REDIRECT_URI=https://task.staging.nodedc.example/auth/oidc/callback
|
|
|
|
# security
|
|
SESSION_SECRET=replace-with-random-staging-secret
|
|
NODEDC_INTERNAL_ACCESS_TOKEN=replace-with-random-staging-secret
|
|
COOKIE_DOMAIN=.staging.nodedc.example
|
|
COOKIE_SECURE=true
|
|
|
|
# tasker downstream security
|
|
PLANE_NODEDC_ACCESS_ENFORCEMENT=1
|
|
PLANE_NODEDC_ACCESS_ENFORCE_UNLINKED=1
|
|
PLANE_NODEDC_ACCESS_TOKEN=replace-with-same-value-as-NODEDC_INTERNAL_ACCESS_TOKEN
|