quackback/.env.example at main · medods/quackback · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
# ============================================================================
# Quackback Environment Configuration
# ============================================================================
# Copy this file to .env and fill in your values.
# For self-hosted deployments, only the "Required" section needs configuration.

# ============================================================================
# Required
# ============================================================================

# PostgreSQL connection string
POSTGRES_PORT="5432"
DATABASE_URL="postgresql://postgres:password@localhost:${POSTGRES_PORT}/quackback"

# Port for the application server
PORT="3000"
# Public URL for your Quackback instance (used for auth, emails, OAuth callbacks)
BASE_URL="http://localhost:${PORT}"

# Secret key for authentication and encryption - MUST be at least 32 characters
# This single key is used for session signing and deriving encryption keys.
# Generate with: openssl rand -base64 32
SECRET_KEY=""

# Redis/Dragonfly connection for background job queue (BullMQ)
# Dragonfly is included in docker-compose and started by `bun run setup`.
REDIS_PORT="6379"
REDIS_URL="redis://localhost:${REDIS_PORT}"

# ============================================================================
# Email (optional)
# ============================================================================
# If not configured, emails are logged to console (useful for development).
# Priority: SMTP (if configured) → Resend (if configured) → Console logging
#
# Option 1: SMTP (recommended for self-hosted, works with any provider)
#   - Gmail: smtp.gmail.com (port 587, use app password)
#   - Amazon SES: email-smtp.{region}.amazonaws.com
#   - Mailgun: smtp.mailgun.org
#   - SendGrid: smtp.sendgrid.net

EMAIL_SMTP_HOST=""
EMAIL_SMTP_PORT="587"
EMAIL_SMTP_USER=""
EMAIL_SMTP_PASS=""
# EMAIL_SMTP_SECURE="true"  # Uncomment for port 465 (implicit TLS)

# Option 2: Resend API (simpler setup, requires Resend account)
# Get your API key at: https://resend.com/api-keys

EMAIL_RESEND_API_KEY=""

# Sender address (REQUIRED when using SMTP or Resend)
# Format: "Your App <noreply@yourdomain.com>"
EMAIL_FROM=""

# ============================================================================
# AI (optional)
# ============================================================================
# Enable AI features like auto-categorization and summarization.

# OpenAI API
OPENAI_API_KEY=""
OPENAI_BASE_URL=""  # Optional: custom endpoint (e.g., Azure OpenAI, Cloudflare AI Gateway)

# ============================================================================
# File Storage (for image uploads)
# ============================================================================
# S3-compatible storage for image uploads in changelogs.
# Supports AWS S3, Cloudflare R2, Backblaze B2, MinIO, Railway Buckets, and other S3-compatible services.
# If not configured, image upload will be disabled in the rich text editor.
#
# S3_PUBLIC_URL is optional. If not set, files are served via BASE_URL/api/storage
# using presigned URL redirects (works with any provider, including private buckets).
# Set it explicitly to use a CDN or public bucket URL instead.
#
# For local development, MinIO is included in docker-compose and configured by default.
# Run `bun run setup` or `docker compose up -d minio` to start it.

# MinIO (local development - enabled by default)
MINIO_PORT="9000"
MINIO_CONSOLE_PORT="9001"
S3_ENDPOINT="http://localhost:${MINIO_PORT}"
S3_BUCKET="quackback"
S3_REGION="us-east-1"
S3_ACCESS_KEY_ID="minioadmin"
S3_SECRET_ACCESS_KEY="minioadmin"
S3_FORCE_PATH_STYLE="true"
S3_PUBLIC_URL=""
S3_PROXY="true"
# S3_PROXY="false"  # Stream S3 files through the server instead of redirecting.
                     # Enable when the browser can't reach S3 directly (e.g., ngrok, mixed content).

# For production, replace with your preferred S3-compatible provider:
#
# AWS S3 (public bucket):
#   S3_ENDPOINT=""  # Leave empty for AWS S3
#   S3_BUCKET="your-bucket-name"
#   S3_REGION="us-east-1"
#   S3_ACCESS_KEY_ID="your-access-key"
#   S3_SECRET_ACCESS_KEY="your-secret-key"
#   S3_FORCE_PATH_STYLE="false"
#   S3_PUBLIC_URL="https://your-bucket-name.s3.us-east-1.amazonaws.com"
#
# AWS S3 (private bucket via presigned redirect):
#   S3_ENDPOINT=""
#   S3_BUCKET="your-bucket-name"
#   S3_REGION="us-east-1"
#   S3_ACCESS_KEY_ID="your-access-key"
#   S3_SECRET_ACCESS_KEY="your-secret-key"
#   S3_FORCE_PATH_STYLE="false"
#   S3_PUBLIC_URL="https://your-app.example.com/api/storage"
#
# Cloudflare R2:
#   S3_ENDPOINT="https://<account-id>.r2.cloudflarestorage.com"
#   S3_BUCKET="your-bucket-name"
#   S3_REGION="auto"
#   S3_ACCESS_KEY_ID="your-access-key"
#   S3_SECRET_ACCESS_KEY="your-secret-key"
#   S3_FORCE_PATH_STYLE="true"
#   S3_PUBLIC_URL="https://your-custom-domain.com"
#
# Railway Buckets (private — served via presigned URL redirects automatically):
#   S3_ENDPOINT="https://your-bucket-endpoint.storageapi.dev"
#   S3_BUCKET="your-bucket-name"
#   S3_REGION="us-east-1"
#   S3_ACCESS_KEY_ID="your-access-key"
#   S3_SECRET_ACCESS_KEY="your-secret-key"
#   S3_FORCE_PATH_STYLE="true"
#   # No S3_PUBLIC_URL needed — files served via BASE_URL/api/storage automatically

# ============================================================================
# Telemetry (optional)
# ============================================================================
# Anonymous usage statistics are enabled by default to help improve Quackback.
# Uncomment to disable.

# DISABLE_TELEMETRY="true"