super-productivity/packages/super-sync-server/env.example
felix bear d82754faf2
feat(supersync): configure server bind host #7301 (#8108)
Co-authored-by: cocojojo5213 <cocojojo5213@users.noreply.github.com>
2026-06-08 12:12:49 +02:00

125 lines
5.2 KiB
Text

# Super Sync Server - Production Environment Configuration
# Copy this file to .env and configure all required values
# =============================================================================
# REQUIRED SETTINGS
# =============================================================================
# Your domain (without https://)
# Caddy will automatically obtain SSL certificates for this domain
DOMAIN=sync.your-domain.com
# JWT secret for authentication tokens (minimum 32 characters)
# Generate with: openssl rand -base64 32
JWT_SECRET=your-secure-jwt-secret-minimum-32-characters
# PostgreSQL password for the database
# Generate with: openssl rand -base64 24
POSTGRES_PASSWORD=your-secure-postgres-password
# =============================================================================
# SERVER SETTINGS (optional - defaults provided)
# =============================================================================
# Server bind address (default: 0.0.0.0)
# Use :: for IPv6-only deployments.
HOST=0.0.0.0
# =============================================================================
# DATABASE SETTINGS (optional - defaults provided)
# =============================================================================
# PostgreSQL user (default: supersync)
# POSTGRES_USER=supersync
# PostgreSQL database name (default: supersync)
# POSTGRES_DB=supersync
# External PostgreSQL connection string. Leave unset to use the bundled compose
# postgres service. The bundled service is reachable as postgres:5432; db:5432
# is also kept as a compatibility alias for older .env files. If you point this
# at an external host, also set POSTGRES_SERVICE= below.
#
# IMPORTANT: append ?connection_limit=N&pool_timeout=20 to bound Prisma's pool.
# Prisma's DEFAULT pool size is ~(host_cpu_count * 2), read from HOST cores —
# NOT the container cpu limit. On a many-core host an unbounded pool silently
# consumes the entire postgres max_connections cap (compose: 120), leaving zero
# headroom for psql, migrations, the old-ops cleanup job, or the reconnect
# stampede after a crash recovery -> "sorry, too many clients already" and a
# fleet-wide WS reconnect storm. Keep N well below max_connections (e.g. 60).
# DATABASE_URL=postgresql://supersync:password@example.com:5432/supersync?connection_limit=60&pool_timeout=20
# =============================================================================
# CORS SETTINGS
# =============================================================================
# CORS allowed origins (comma-separated)
# Default: https://app.super-productivity.com
# Add your self-hosted frontend URL if applicable
CORS_ORIGINS=https://app.super-productivity.com
# =============================================================================
# SMTP CONFIGURATION (Required for email verification)
# =============================================================================
# SMTP server hostname
SMTP_HOST=smtp.your-email-provider.com
# SMTP port (default: 587 for TLS, 465 for SSL)
SMTP_PORT=587
# Use SSL/TLS (true for port 465, false for STARTTLS on 587)
SMTP_SECURE=false
# SMTP authentication credentials
SMTP_USER=your-smtp-username
SMTP_PASS=your-smtp-password
# From address for emails
SMTP_FROM="Super Productivity Sync" <noreply@your-domain.com>
# =============================================================================
# CONTAINER REGISTRY (for build-and-push.sh)
# =============================================================================
# GitHub username for GHCR
# GHCR_USER=your-github-username
# GitHub token with "Packages: Read and write" permission
# Create at: https://github.com/settings/tokens?type=beta
# GHCR_TOKEN=your-github-token
# =============================================================================
# ADVANCED SETTINGS (usually no changes needed)
# =============================================================================
# Log level (info, debug, warn, error)
# LOG_LEVEL=info
# Startup migrations are disabled by default. Use scripts/deploy.sh for
# production and local Docker deploys so migrations run once before the app
# container is replaced. Only set this to true for one-off/manual runs.
# RUN_MIGRATIONS_ON_STARTUP=false
# Compose service used for database readiness checks. Leave unset to use the
# bundled postgres service. Set POSTGRES_SERVICE= to an empty value only when
# DATABASE_URL points to an external database; deploy.sh will then start
# supersync/caddy without compose dependencies. Prisma migrations still run
# against the configured DATABASE_URL.
# POSTGRES_SERVICE=
# Old operation retention cleanup deletes in bounded batches so a backlog cannot
# monopolize PostgreSQL. Increase carefully on larger servers.
# OLD_OPS_CLEANUP_DELETE_BATCH_SIZE=5000
# OLD_OPS_CLEANUP_MAX_DELETED_PER_RUN=25000
# Timeout in seconds for `prisma migrate deploy` during ./scripts/deploy.sh.
# Online index builds (CREATE INDEX CONCURRENTLY) can block on long-running
# transactions; raise this for very large tables. Exit code 124 = timed out.
# MIGRATION_TIMEOUT=900
# Safety valve for custom/private images without an
# org.opencontainers.image.revision label. Leave this unset in production; the
# deploy script uses the label to prevent mixing fresh SuperSync deploy inputs
# with a stale supersync image.
# SUPERSYNC_SKIP_IMAGE_REVISION_CHECK=false