From 165d9e8f31e6db4730ccdfced0b79072832c056c Mon Sep 17 00:00:00 2001 From: Zoe Roux Date: Sun, 2 Nov 2025 18:40:23 +0100 Subject: [PATCH] Update .env.example --- .env.example | 62 ++++++++++++++++++++++++++++------------------------ 1 file changed, 33 insertions(+), 29 deletions(-) diff --git a/.env.example b/.env.example index a361dd8a..7e5647d5 100644 --- a/.env.example +++ b/.env.example @@ -21,8 +21,8 @@ GOCODER_PRESET=fast # Keep those empty to use kyoo's default api key. You can also specify a custom API key if you want. -# go to https://www.themoviedb.org/settings/api and copy the api key (not the read access token, the api key) -THEMOVIEDB_APIKEY= +# go to https://www.themoviedb.org/settings/api and copy the read access token (not the api key) +THEMOVIEDB_API_ACCESS_TOKEN="" # go to https://thetvdb.com/api-information/signup and copy the api key TVDB_APIKEY= # you can also input your subscriber's pin to support TVDB @@ -32,41 +32,45 @@ TVDB_PIN= # The url you can use to reach your kyoo instance. This is used during oidc to redirect users to your instance. PUBLIC_URL=http://localhost:8901 -# Use a builtin oidc service (google, discord, trakt, or simkl): -# When you create a client_id, secret combo you may be asked for a redirect url. You need to specify https://YOUR-PUBLIC-URL/api/auth/logged/YOUR-SERVICE-NAME -OIDC_DISCORD_CLIENTID= -OIDC_DISCORD_SECRET= -# Or add your custom one: -OIDC_SERVICE_NAME=YourPrettyName -OIDC_SERVICE_LOGO=https://url-of-your-logo.com -OIDC_SERVICE_CLIENTID= -OIDC_SERVICE_SECRET= -OIDC_SERVICE_AUTHORIZATION=https://url-of-the-authorization-endpoint-of-the-oidc-service.com/auth -OIDC_SERVICE_TOKEN=https://url-of-the-token-endpoint-of-the-oidc-service.com/token -OIDC_SERVICE_PROFILE=https://url-of-the-profile-endpoint-of-the-oidc-service.com/userinfo -OIDC_SERVICE_SCOPE="the list of scopes space separeted like email identity" -# Token authentication method as seen in https://openid.net/specs/openid-connect-core-1_0.html#ClientAuthentication -# Supported values: ClientSecretBasic (default) or ClientSecretPost -# If in doubt, leave this empty. -OIDC_SERVICE_AUTHMETHOD=ClientSecretBasic -# on the previous list, service is the internal name of your service, you can add as many as you want. +# Default permissions of new users. They are able to browse & play videos. +# Set `verified` to true if you don't wanna manually verify users. +EXTRA_CLAIMS='{"permissions": ["core.read", "core.play"], "verified": false}' +# This is the permissions of the first user (aka the first user is admin) +FIRST_USER_CLAIMS='{"permissions": ["users.read", "users.write", "apikeys.read", "apikeys.write", "users.delete", "core.read", "core.write", "core.play", "scanner.trigger"], "verified": true}' + +# Guest (meaning unlogged in users) can be: +# unauthorized (they need to connect before doing anything) +# GUEST_CLAIMS="" +# able to browse & see what you have but not able to play +GUEST_CLAIMS='{"permissions": ["core.read"], "verified": true}' +# or have browse & play permissions +GUEST_CLAIMS='{"permissions": ["core.read", "core.play"], "verified": true}' + +# DO NOT change this. +PROTECTED_CLAIMS="permissions,verified" -# Following options are optional and only useful for debugging. +# You can create apikeys at runtime via POST /apikey but you can also have some defined in the env. +# Replace $YOURNAME with the name of the key you want (only alpha are valid) +# The value will be the apikey (max 128 bytes) +# KEIBI_APIKEY_$YOURNAME=oaeushtaoesunthoaensuth +# KEIBI_APIKEY_$YOURNAME_CLAIMS='{"permissions": ["users.read"]}' # To debug the front end, you can set the following to an external backend KYOO_URL= -# Database things +# It is recommended to use the below PG environment variables when possible. +# POSTGRES_URL=postgres://user:password@hostname:port/dbname?sslmode=verify-full&sslrootcert=/path/to/server.crt&sslcert=/path/to/client.crt&sslkey=/path/to/client.key +# The behavior of the below variables match what is documented here: +# https://www.postgresql.org/docs/current/libpq-envars.html PGUSER=kyoo PGPASSWORD=password PGDATABASE=kyoo PGHOST=postgres PGPORT=5432 - -# v5 stuff, does absolutely nothing on master (aka: you can delete this) -EXTRA_CLAIMS='{"permissions": ["core.read"], "verified": false}' -FIRST_USER_CLAIMS='{"permissions": ["users.read", "users.write", "apikeys.read", "apikeys.write", "users.delete", "core.read", "core.write", "scanner.trigger"], "verified": true}' -GUEST_CLAIMS='{"permissions": ["users.read", "users.write", "apikeys.read", "apikeys.write", "users.delete", "core.read", "core.write", "scanner.trigger"], "verified": true}' -# GUEST_CLAIMS='{"permissions": ["core.read"]}' -PROTECTED_CLAIMS="permissions,verified" +# PGOPTIONS=-c search_path=kyoo,public +# PGPASSFILE=/my/password # Takes precedence over PGPASSWORD. New line characters are not trimmed. +# PGSSLMODE=verify-full +# PGSSLROOTCERT=/my/serving.crt +# PGSSLCERT=/my/client.crt +# PGSSLKEY=/my/client.key=password