-
Notifications
You must be signed in to change notification settings - Fork 14
/
.env.example
234 lines (196 loc) · 8.49 KB
/
.env.example
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
# SPDX-FileCopyrightText: 2021 - 2022 Netherlands eScience Center
# SPDX-FileCopyrightText: 2021 - 2022 dv4all
# SPDX-FileCopyrightText: 2022 Helmholtz Centre for Environmental Research (UFZ)
#
# SPDX-License-Identifier: CC-BY-4.0
#
# example env file
# copy to .env and /frontend/.env.local
################ WARNING ################
# Using special characters in the values (e.g. in passwords or secrets) might corrupt some processes.
# If you experience any problems, remove the special characters from the values or place them in quotes (' or ").
################ WARNING ################
# .env.local is consumed by frontent (Next)
# see https://nextjs.org/docs/basic-features/environment-variables
# .env is consumed by docker-compose.yml
# currently assigned values are for .env
# .env.local values, if they differ, are placed as a comment above the env variable
# You also need to obtain/generate missing secrets
# ---- DOCKER PROJECT SETTINGS ----------
# Define this variable, if you are running different versions of the RSD, in
# order to define the docker project name. If you leave this empty, docker will
# automatically name the containers.
COMPOSE_PROJECT_NAME="rsd"
# ---- PUBLIC ENV VARIABLES -------------
# postgresql
# consumed by services: backend
POSTGRES_DB_HOST=database
# consumed by services: backend
POSTGRES_DB_HOST_PORT=5432
# consumed by services: database, backend
POSTGRES_DB=rsd-db
# consumed by services: database
POSTGRES_USER=rsd
# backend (postgREST)
# consumed by services: backend
PGRST_DB_ANON_ROLE=rsd_web_anon
PGRST_DB_SCHEMA=public
PGRST_SERVER_PORT=3500
# postgREST API
# consumed by services: authentication,frontend,auth-tests, scrapers
# .env.local: http://localhost/api/v1, .env: http://backend:3500
POSTGREST_URL=http://backend:3500
# postgREST API reachable outside of Docker
# consumed by services: swagger
POSTGREST_URL_EXTERNAL=http://localhost/api/v1
# RSD Auth module
# consumed by services: frontend (api/fe)
# .env.local: http://localhost/auth, .env: http://auth:7000
RSD_AUTH_URL=http://auth:7000
# RSD Reverse Proxy URL
# consumed by services: frontend
# .env.local: http://localhost, .env: http://nginx
RSD_REVERSE_PROXY_URL=http://nginx
# consumed by services: authentication
# If set to "dev", the first user to log in will become admin.
# Any other value doesn't activate this feature (and doesn't do anything).
RSD_ENVIRONMENT=prod
# consumed by services: authentication, frontend (api/fe)
# provide a list of supported OpenID auth providers
# the values should be separated by semicolon (;)
# Allowed values are: SURFCONEXT, HELMHOLTZID, ORCID or LOCAL
# if env value is not provided default provider is set to be SURFCONEXT
# if you add the value "LOCAL", then local accounts are enabled, USE THIS FOR TESTING PURPOSES ONLY
RSD_AUTH_PROVIDERS=SURFCONEXT;ORCID;AZURE;LOCAL
# consumed by services: authentication, frontend (api/fe)
# provide a list of supported OpenID auth providers for coupling with the user's RSD account
# the values should be separated by semicolon (;)
# Allowed values are: ORCID
RSD_AUTH_COUPLE_PROVIDERS=ORCID
# Define a semicolon-separated list of user email addresses which are allowed to
# login to the RSD. If the variable is left empty, or is not defined, all users
# will be allowed to login.
# consumed by: authentication
# SURFCONEXT - TEST ENVIRONMENT
# consumed by: authentication, frontend/utils/loginHelpers
SURFCONEXT_CLIENT_ID=www.research-software.nl
# consumed by: authentication, frontend/utils/loginHelpers
SURFCONEXT_REDIRECT=http://localhost/auth/login/surfconext
# consumed by: authentication, frontend/utils/loginHelpers
SURFCONEXT_WELL_KNOWN_URL=https://connect.test.surfconext.nl/.well-known/openid-configuration
# consumed by: authentication, frontend/utils/loginHelpers
SURFCONEXT_SCOPES=openid
# consumed by: frontend/utils/loginHelpers
SURFCONEXT_RESPONSE_MODE=form_post
# Helmholtz ID
# consumed by: authentication, frontend/utils/loginHelpers
HELMHOLTZID_CLIENT_ID=rsd-dev
# consumed by: authentication, frontend/utils/loginHelpers
HELMHOLTZID_REDIRECT=http://localhost/auth/login/HELMHOLTZID
# consumed by: authentication, frontend/utils/loginHelpers
HELMHOLTZID_WELL_KNOWN_URL=https://login-dev.helmholtz.de/oauth2/.well-known/openid-configuration
# consumed by: authentication, frontend/utils/loginHelpers
HELMHOLTZID_SCOPES=openid+profile+email+eduperson_principal_name
# consumed by: frontend/utils/loginHelpers
HELMHOLTZID_RESPONSE_MODE=query
# consumed by: authentication
# uncomment if you want to allow users from non-Helmholtz centres or social IdPs:
#HELMHOLTZID_ALLOW_EXTERNAL_USERS=true
# consumed by: authentication
# set to true to allow users specified in HELMHOLTZID_ALLOW_LIST access to the RSD
# HELMHOLTZID_USE_ALLOW_LIST=false
# consumed by: authentication
# HELMHOLTZID_ALLOW_LIST=
# ORCID
# consumed by: authentication, frontend/utils/loginHelpers
ORCID_CLIENT_ID=APP-4D4D69ASWTYOI9QI
# consumed by: authentication, frontend/utils/loginHelpers
ORCID_REDIRECT=http://www.localhost/auth/login/orcid
# consumed by: authentication, frontend/utils/loginHelpers
ORCID_REDIRECT_COUPLE=http://www.localhost/auth/couple/orcid
# consumed by: authentication, frontend/utils/loginHelpers
ORCID_WELL_KNOWN_URL=https://sandbox.orcid.org/.well-known/openid-configuration
# consumed by: authentication, frontend/utils/loginHelpers
ORCID_SCOPES=openid
# consumed by: frontend/utils/loginHelpers
ORCID_RESPONSE_MODE=query
# AZURE ACTIVE DIRECTORY
# consumed by: authentication, frontend/utils/loginHelpers
AZURE_CLIENT_ID=
# consumed by: authentication, frontend/utils/loginHelpers
AZURE_REDIRECT=http://localhost/auth/login/azure
# consumed by: authentication, frontend/utils/loginHelpers
AZURE_WELL_KNOWN_URL=
# consumed by: authentication, frontend/utils/loginHelpers
AZURE_SCOPES=openid+email+profile
# consumed by: authentication, frontend/utils/loginHelpers
AZURE_LOGIN_PROMPT=select_account
# consumed by: frontend
# the name displayed to users when multiple providers are configured
AZURE_DISPLAY_NAME="Imperial College Login"
# consumed by: frontend
# the description text displayed to users when multiple providers are configured
AZURE_DESCRIPTION_HTML="Sign in with your institutional credentials"
# consumed by: authentication
# the organisation recorded for users logged in via this provider
AZURE_ORGANISATION=
# max requests to the GitHub API per run, runs 10 times per hour
# optional, comment out if not available, a default of 6 will be used
# consumed by: scrapers
MAX_REQUESTS_GITHUB=6
# max request to GitLab API per run, runs 10 times per hour
# optional, comment out if not available, a default of 6 will be used
# consumed by: scrapers
MAX_REQUESTS_GITLAB=6
# max mentions to scrape per run, runs 10 times per hour
# optional, comment out if not available, a default of 6 will be used
# consumed by: scrapers
MAX_REQUESTS_DOI=6
# max organisations to scrape per run, runs 10 times per hour
# optional, comment out if not available, a default of 6 will be used
# consumed by: scrapers
MAX_REQUESTS_ROR=6
# ---- SECRETS ------ SECRETS -----------
# consumed by services: database
# generate random/strong password
POSTGRES_PASSWORD=
# consumed by services: database, backend
# generate random/strong password
POSTGRES_AUTHENTICATOR_PASSWORD=
# POSTGREST JWT SECRET
# consumed by services: authentication, frontend (auth-node), auth-tests, scrapers
# generate random/strong password with at least 32 characters
PGRST_JWT_SECRET=
# SURFCONEXT
# consumed by services: authentication
# obtain the secret from SURFCONEXT dashboard
AUTH_SURFCONEXT_CLIENT_SECRET=
# Helmholtz ID
# consumed by services: authentication
# obtain the secret from the project team
AUTH_HELMHOLTZID_CLIENT_SECRET=
# ORCID
# consumed by services: authentication
# obtain the secret from the project team
AUTH_ORCID_CLIENT_SECRET=
# Azure Active Directory
# consumed by services: authentication
AUTH_AZURE_CLIENT_SECRET=
# consumed by: scrapers
# optional, comment out if not available, should be of the form username:token
# obtain the secret from GITHUB dashboard
API_CREDENTIALS_GITHUB=
# consumed by: scrapers
# obtain the secret from ZENODO dashboard
ZENODO_ACCESS_TOKEN=
# consumed by: scrapers, frontend api (node)
# email address that Crossref can contact you with to comply with their "polite" policy
# leave blank or use a real email address that you will respond to
CROSSREF_CONTACT_EMAIL=
# consumed by: frontend
# URL (should end with a trailing slash) and ID for Matomo Tracking Code
MATOMO_URL=
MATOMO_ID=
# consumed by: scrapers
LIBRARIES_IO_ACCESS_TOKEN=