mirror of
https://github.com/zoriya/Kyoo.git
synced 2025-05-23 17:52:36 -04:00
54 lines
2.5 KiB
Plaintext
54 lines
2.5 KiB
Plaintext
# vi: ft=sh
|
|
# shellcheck disable=SC2034
|
|
|
|
# http route prefix (will listen to $KEIBI_PREFIX/users for example)
|
|
KEIBI_PREFIX=""
|
|
|
|
# path of the private key used to sign jwts. If this is empty, a new one will be generated on startup
|
|
RSA_PRIVATE_KEY_PATH=""
|
|
|
|
# json object with the claims to add to every jwt (this is read when creating a new user)
|
|
EXTRA_CLAIMS='{}'
|
|
# json object with the claims to add to every jwt of the FIRST user (this can be used to mark the first user as admin).
|
|
# Those claims are merged with the `EXTRA_CLAIMS`.
|
|
FIRST_USER_CLAIMS='{"permissions": ["users.read", "users.write", "users.delete"]}'
|
|
# If this is not empty, calls to `/jwt` without an `Authorization` header will still create a jwt (with `null` in `sub`)
|
|
GUEST_CLAIMS=""
|
|
# Comma separated list of claims that users without the `user.write` permissions should NOT be able to edit
|
|
# (if you don't specify this an user could make themself administrator for example)
|
|
# PS: `permissions` is always a protected claim since keibi uses it for user.read/user.write
|
|
PROTECTED_CLAIMS="permissions"
|
|
|
|
# The url you can use to reach your kyoo instance. This is used during oidc to redirect users to your instance.
|
|
PUBLIC_URL=http://localhost:8901
|
|
|
|
# You can create apikeys at runtime via POST /apikey but you can also have some defined in the env.
|
|
# Replace $YOURNAME with the name of the key you want (only alpha are valid)
|
|
# The value will be the apikey (max 128 bytes)
|
|
# KEIBI_APIKEY_$YOURNAME=oaeushtaoesunthoaensuth
|
|
# KEIBI_APIKEY_$YOURNAME_CLAIMS='{"permissions": ["users.read"]}'
|
|
|
|
# Database things
|
|
# It is recommended to use the below PG environment variables when possible.
|
|
# POSTGRES_URL=postgres://user:password@hostname:port/dbname?sslmode=verify-full&sslrootcert=/path/to/server.crt&sslcert=/path/to/client.crt&sslkey=/path/to/client.key
|
|
|
|
# The behavior of the below variables match what is documented here:
|
|
# https://www.postgresql.org/docs/current/libpq-envars.html
|
|
# The "source of truth" for what variables are supported is documented here:
|
|
# https://github.com/jackc/pgx/blob/master/pgconn/config.go#L190-L205
|
|
PGUSER=kyoo
|
|
PGPASSWORD=password
|
|
PGDATABASE=kyoo
|
|
PGHOST=postgres
|
|
PGPORT=5432
|
|
# PGPASSFILE=/my/password
|
|
# PGSSLMODE=verify-full
|
|
# PGSSLROOTCERT=/my/serving.crt
|
|
# PGSSLCERT=/my/client.crt
|
|
# PGSSLKEY=/my/client.key
|
|
|
|
# Default is keibi, you can specify "disabled" to use the default search_path of the user.
|
|
# If this is not "disabled", the schema will be created (if it does not exists) and
|
|
# the search_path of the user will be ignored (only the schema specified will be used).
|
|
POSTGRES_SCHEMA=keibi
|