cobb/cauldron
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
cauldron/.env.example
Cobb Hayes 592b4f1161 Public-flip audit: env-driven paths, scrub audit-ticket prefixes, terser README 
Lucy bind paths + LAN host pins replaced with env defaults. Repository URLs
→ git.sulkta.com. Audit-changelog scaffolding stripped from inline comments
(technical reasoning preserved). README sheds marketing scaffolding. AI-speak
in load-bearing prompts/SOULs left alone — that IS the product.
2026-05-27 11:42:56 -07:00

70 lines
2.4 KiB
Text
Raw Blame History

# Cauldron — copy to .env (chmod 600). Point compose at it via
# CAULDRON_ENV_FILE if you keep it elsewhere.
# Flask
SECRET_KEY=change-me-32-bytes-of-entropy
# Bind
BIND_HOST=0.0.0.0
BIND_PORT=7790
# Mealie
MEALIE_BASE_URL=https://mealie.example.com
MEALIE_API_TOKEN=
# clawdforge (claude-runner HTTP service)
CLAWDFORGE_URL=http://clawdforge:8800
CLAWDFORGE_TOKEN=
DEFAULT_MODEL=sonnet
DEFAULT_TIMEOUT_SECS=120
# Admin bearer for batch ops (sterilize-all, etc.) — separate from user OIDC
ADMIN_BEARER=change-me-this-is-the-cauldron-admin-batch-token
# Authentik OIDC (or any OIDC provider that exposes
# /.well-known/openid-configuration)
OIDC_ISSUER=https://auth.example.com/application/o/cauldron/
OIDC_CLIENT_ID=
OIDC_CLIENT_SECRET=
OIDC_REDIRECT_URI=http://localhost:7790/auth/callback
# DB
DB_HOST=mariadb
DB_PORT=3306
DB_NAME=cauldron
DB_USER=cauldron_app
DB_PASSWORD=
# Fernet master key for at-rest encryption of per-user Mealie tokens.
# Generate with: python -c "from cryptography.fernet import Fernet; print(Fernet.generate_key().decode())"
CAULDRON_FERNET_KEY=
# --- Public-deploy hardening ---
# Comma-separated list of OIDC subjects who get the operator-tier /me
# admin tools panel (consolidate, discover scrape). Empty = nobody.
CAULDRON_ADMIN_SUBS=
# External base URL where cauldron is reachable (e.g. https://cauldron.example.com).
# Leave empty for LAN-only HTTP. When set: enables CSRF Origin guard,
# HSTS, secure cookie.
CAULDRON_BASE_URL=
# Whether the deploy is fronted by TLS. Independent toggle from base_url
# so dev/staging can override. When true: SESSION_COOKIE_SECURE=True,
# HSTS header emitted.
CAULDRON_BEHIND_TLS=false
# Comma-separated CIDR list of trusted proxies whose X-Forwarded-* we
# honor. Empty = trust nothing → ProxyFix is OFF and X-Forwarded-* are
# stripped from every request. Set this to the reverse-proxy peer's
# address (e.g. 10.20.30.1/32). Any X-Forwarded-* from a peer outside
# this list gets dropped before ProxyFix sees it.
CAULDRON_TRUSTED_PROXIES=
# bugs.sulkta.com integration. Per-service key minted via:
# docker exec bugs-sulkta bugs-sulkta-cli keys create --service=cauldron \
# --scopes=read,write,update --description="cauldron prod"
# Empty = bugs page renders a "not configured" placeholder; POSTs return 503.
BUGS_API_KEY=
# Override only for staging / on-prem bugs deployments. Default is fine.
BUGS_BASE_URL=https://bugs.sulkta.com
Reference in a new issue View git blame Copy permalink