-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy path.env.example
205 lines (170 loc) · 7.29 KB
/
.env.example
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
# example env file
# copy to .env
################ WARNING ################
# Using special characters in the values (e.g. in passwords or secrets) might corrupt some processes.
# If you experience any problems, remove the special characters from the values or place them in quotes (' or ").
################ WARNING ################
# .env is consumed by docker-compose.yml
# currently assigned values are for .env
# You also need to obtain/generate missing secrets
# ---- DOCKER PROJECT SETTINGS ----------
# Define this variable, if you are running different versions of the RSD, in
# order to define the docker project name. If you leave this empty, docker will
# automatically name the containers.
COMPOSE_PROJECT_NAME="kin"
# ---- PUBLIC ENV VARIABLES -------------
# postgresql
# consumed by services: backend
POSTGRES_DB_HOST=database
# consumed by services: backend
POSTGRES_DB_HOST_PORT=5432
# consumed by services: database, backend
POSTGRES_DB=kin-rpd-db
# consumed by services: database
POSTGRES_USER=rsd
# backend (postgREST)
# consumed by services: backend
PGRST_DB_ANON_ROLE=rsd_web_anon
PGRST_DB_SCHEMA=public
PGRST_SERVER_PORT=3500
# postgREST API
# consumed by services: authentication,frontend,auth-tests, scrapers
# .env.local: http://localhost/api/v1, .env: http://backend:3500
POSTGREST_URL=http://backend:3500
# postgREST API reachable outside of Docker
# consumed by services: swagger
POSTGREST_URL_EXTERNAL=http://localhost/api/v1
# RSD Auth module
# consumed by services: frontend (api/fe)
# .env.local: http://localhost/auth, .env: http://auth:7000
RSD_AUTH_URL=http://auth:7000
# consumed by services: authentication
# If set to "dev", the first user to log in will become admin.
# Any other value doesn't activate this feature (and doesn't do anything).
RSD_ENVIRONMENT=prod
# consumed by services: authentication, frontend (api/fe)
# provide a list of supported OpenID auth providers
# the values should be separated by semicolon (;)
# Allowed values are: SURFCONEXT, ORCID, AZURE, LINKEDIN or LOCAL
# if env value is not provided default provider is set to be SURFCONEXT
# if you add the value "LOCAL", then local accounts are enabled, USE THIS FOR TESTING PURPOSES ONLY
RSD_AUTH_PROVIDERS=SURFCONEXT;ORCID;AZURE;LOCAL
# consumed by services: authentication, frontend (api/fe)
# provide a list of supported OpenID auth providers for coupling with the user's RSD account
# the values should be separated by semicolon (;)
# Allowed values are: ORCID
RSD_AUTH_COUPLE_PROVIDERS=ORCID
# Define a semicolon-separated list of user email addresses which are allowed to
# login to the RSD. If the variable is left empty, or is not defined, all users
# will be allowed to login.
# consumed by: authentication
# SURFCONEXT - TEST ENVIRONMENT
# consumed by: authentication, frontend/utils/loginHelpers
SURFCONEXT_CLIENT_ID=kin-rpd-demo.com
# consumed by: authentication, frontend/utils/loginHelpers
SURFCONEXT_REDIRECT=http://localhost/auth/login/surfconext
# consumed by: authentication, frontend/utils/loginHelpers
SURFCONEXT_WELL_KNOWN_URL=https://connect.test.surfconext.nl/.well-known/openid-configuration
# consumed by: authentication, frontend/utils/loginHelpers
SURFCONEXT_SCOPES=openid
# consumed by: frontend/utils/loginHelpers
SURFCONEXT_RESPONSE_MODE=form_post
# ORCID
# consumed by: authentication, frontend/utils/loginHelpers
ORCID_CLIENT_ID=APP-4D4D69ASWTYOI9QI
# consumed by: authentication, frontend/utils/loginHelpers
ORCID_REDIRECT=http://www.localhost/auth/login/orcid
# consumed by: authentication, frontend/utils/loginHelpers
ORCID_REDIRECT_COUPLE=http://www.localhost/auth/couple/orcid
# consumed by: authentication, frontend/utils/loginHelpers
ORCID_WELL_KNOWN_URL=https://sandbox.orcid.org/.well-known/openid-configuration
# consumed by: authentication, frontend/utils/loginHelpers
ORCID_SCOPES=openid
# consumed by: frontend/utils/loginHelpers
ORCID_RESPONSE_MODE=query
# AZURE ACTIVE DIRECTORY
# consumed by: authentication, frontend/utils/loginHelpers
AZURE_CLIENT_ID=
# consumed by: authentication, frontend/utils/loginHelpers
AZURE_REDIRECT=http://localhost/auth/login/azure
# consumed by: authentication, frontend/utils/loginHelpers
AZURE_WELL_KNOWN_URL=
# consumed by: authentication, frontend/utils/loginHelpers
AZURE_SCOPES=openid+email+profile
# consumed by: authentication, frontend/utils/loginHelpers
AZURE_LOGIN_PROMPT=select_account
# consumed by: frontend
# the name displayed to users when multiple providers are configured
AZURE_DISPLAY_NAME="Imperial College Login"
# consumed by: frontend
# the description text displayed to users when multiple providers are configured
AZURE_DESCRIPTION_HTML="Sign in with your institutional credentials"
# consumed by: authentication
# the organisation recorded for users logged in via this provider
AZURE_ORGANISATION=
# LINKEDIN
# consumed by: authentication, frontend/pages/api/fe/auth/
LINKEDIN_CLIENT_ID=
# consumed by: authentication, frontend/pages/api/fe/auth/
LINKEDIN_REDIRECT=http://localhost/auth/login/linkedin
# consumed by: authentication, frontend/pages/api/fe/auth/
LINKEDIN_WELL_KNOWN_URL=https://www.linkedin.com/oauth/.well-known/openid-configuration
# max requests to the GitHub API per run, runs 10 times per hour
# optional, comment out if not available, a default of 6 will be used
# consumed by: scrapers
MAX_REQUESTS_GITHUB=6
# max request to GitLab API per run, runs 10 times per hour
# optional, comment out if not available, a default of 6 will be used
# consumed by: scrapers
MAX_REQUESTS_GITLAB=6
# max mentions to scrape per run, runs 10 times per hour
# optional, comment out if not available, a default of 6 will be used
# consumed by: scrapers
MAX_REQUESTS_DOI=6
# max organisations to scrape per run, runs 10 times per hour
# optional, comment out if not available, a default of 6 will be used
# consumed by: scrapers
MAX_REQUESTS_ROR=6
# ---- SECRETS ------ SECRETS -----------
# consumed by services: database
# generate random/strong password
POSTGRES_PASSWORD=
# consumed by services: database, backend
# generate random/strong password
POSTGRES_AUTHENTICATOR_PASSWORD=
# POSTGREST JWT SECRET
# consumed by services: authentication, frontend (auth-node), auth-tests, scrapers
# generate random/strong password with at least 32 characters
PGRST_JWT_SECRET=
# SURFCONEXT
# consumed by services: authentication
# obtain the secret from SURFCONEXT dashboard
AUTH_SURFCONEXT_CLIENT_SECRET=
# ORCID
# consumed by services: authentication
# obtain the secret from the project team
AUTH_ORCID_CLIENT_SECRET=
# Azure Active Directory
# consumed by services: authentication
AUTH_AZURE_CLIENT_SECRET=
# LinkedIn
# consumed by services: authentication
AUTH_LINKEDIN_CLIENT_SECRET=
# consumed by: scrapers
# optional, comment out if not available, should be of the form username:token
# obtain the secret from GITHUB dashboard
API_CREDENTIALS_GITHUB=
# consumed by: scrapers
# obtain the secret from ZENODO dashboard
ZENODO_ACCESS_TOKEN=
# consumed by: scrapers, frontend api (node)
# email address that Crossref can contact you with to comply with their "polite" policy
# leave blank or use a real email address that you will respond to
CROSSREF_CONTACT_EMAIL=
# consumed by: frontend
# URL (should end with a trailing slash) and ID for Matomo Tracking Code
# MATOMO_URL=
# MATOMO_ID=
# consumed by: scrapers
# LIBRARIES_IO_ACCESS_TOKEN=