# Cauldron — copy to /srv/secrets/cauldron.env # (chmod 600, root:root). Some values are already populated by the deploy # bootstrap (CLAWDFORGE_*); fill in the rest before first start. # Flask SECRET_KEY=change-me-32-bytes-of-entropy # Bind BIND_HOST=0.0.0.0 BIND_PORT=7790 # Mealie (mealie.example.com is already wired with Authentik OIDC) MEALIE_BASE_URL=https://mealie.example.com MEALIE_API_TOKEN= # clawdforge (centralized claude-runner service) CLAWDFORGE_URL=http://clawdforge:8800 CLAWDFORGE_TOKEN= DEFAULT_MODEL=sonnet DEFAULT_TIMEOUT_SECS=120 # Admin bearer for batch ops (sterilize-all, etc.) — separate from user OIDC ADMIN_BEARER=change-me-this-is-the-cauldron-admin-batch-token # Authentik OIDC (provisioned 2026-04-28; client_id + secret minted by Authentik) OIDC_ISSUER=https://auth.example.com/application/o/cauldron/ OIDC_CLIENT_ID= OIDC_CLIENT_SECRET= OIDC_REDIRECT_URI=http://0.0.0.0:7790/auth/callback # DB (mariadb on the sulkta bridge) DB_HOST=mariadb DB_PORT=3306 DB_NAME=cauldron DB_USER=cauldron_app DB_PASSWORD= # Fernet master key for at-rest encryption of per-user Mealie tokens. # Generate with: python -c "from cryptography.fernet import Fernet; print(Fernet.generate_key().decode())" CAULDRON_FERNET_KEY=