.env.example

##### Change the name of this file to .env after updating it!

############
# [required]
# flowise credentials - you set this to whatever you want, just make it a long and secure string for both!
############

FLOWISE_USERNAME=
FLOWISE_PASSWORD=


############
# [required]
# n8n credentials - you set this to whatever you want, just make it a long and secure string for both!
############

N8N_ENCRYPTION_KEY=
N8N_USER_MANAGEMENT_JWT_SECRET=
N8N_RUNNERS_AUTH_TOKEN=
N8N_RUNNERS_VERSION=

############
# [required]
# grafana credentials - you set this to whatever you want, just make it a long and secure string for both!
############

GRAFANA_ADMIN_PASSWORD=


############
# [required]
# prometheus credentials - you set this to whatever you want, just make it a long and secure string for both!
############

PROMETHEUS_USERNAME=
PROMETHEUS_PASSWORD=


############
# [required]
# searxng credentials - you set this to whatever you want, just make it a long and secure string for both!
############

SEARXNG_USERNAME=
SEARXNG_PASSWORD=


############
# [required]
# Supabase Secrets

# YOU MUST CHANGE THESE BEFORE GOING INTO PRODUCTION
# Read these docs for any help: https://supabase.com/docs/guides/self-hosting/docker
# For the JWT Secret and keys, see: https://supabase.com/docs/guides/self-hosting/docker#generate-api-keys
# For the other secrets, see: https://supabase.com/docs/guides/self-hosting/docker#update-secrets
# You can really decide any value for POOLER_TENANT_ID like 1000.

# Note that using special symbols (like '%') can complicate things a bit for your Postgres password.
# If you use special symbols in your Postgres password, you must remember to percent-encode your password later if using the Postgres connection string, for example, postgresql://postgres.projectref:p%3Dword@aws-0-us-east-1.pooler.supabase.com:6543/postgres
############

POSTGRES_PASSWORD=

############
# [optional]
# PostgreSQL Version Configuration
# Default: 17 (automatically set in docker-compose.yml)
# WARNING: Do not change to 'latest' or upgrade without proper migration!
# Major version upgrades (e.g., 17->18) require database migration.
# See README for PostgreSQL upgrade instructions.
############
# POSTGRES_VERSION=17
# METABASE_POSTGRES_VERSION=16-alpine
# TWENTY_POSTGRES_VERSION=16-alpine

JWT_SECRET=
ANON_KEY=
SERVICE_ROLE_KEY=
DASHBOARD_USERNAME=
DASHBOARD_PASSWORD=
POOLER_TENANT_ID=1000

############
# [required] 
# Weaviate username and password
############

WEAVIATE_USERNAME=
WEAVIATE_API_KEY=


############
# [required]
# Qdrant API Key
############
QDRANT_API_KEY=


############
# [required]
# Neo4j username and password
############

NEO4J_AUTH_USERNAME=neo4j
NEO4J_AUTH_PASSWORD=


############
# [required]
# Langfuse credentials
# Each of the secret keys you can set to whatever you want, just make it secure!
# For the encryption key, use the command `openssl rand -hex 32`
#   openssl is available by defualt on Linux/Mac
#   For Windows, you can use the 'Git Bash' terminal installed with git
############

CLICKHOUSE_PASSWORD=
MINIO_ROOT_PASSWORD=
LANGFUSE_SALT=
NEXTAUTH_SECRET=
ENCRYPTION_KEY=
LANGFUSE_INIT_PROJECT_PUBLIC_KEY=
LANGFUSE_INIT_PROJECT_SECRET_KEY=
LANGFUSE_INIT_USER_EMAIL=
LANGFUSE_INIT_USER_PASSWORD=

############
# [required]
# ComfyUI credentials - you set this to whatever you want, just make it a long and secure string for both!
############

COMFYUI_USERNAME=
COMFYUI_PASSWORD=

############
# [required for prod]
# Caddy Config

# By default listen on https://localhost:[service port] and don't use an email for SSL
# To change this for production:
# Uncomment all of these environment variables for the services you want exposed
# Note that you might not want to expose Ollama or SearXNG since they aren't secured by default
# Replace the placeholder value with the host for each service (like n8n.yourdomain.com)
# Replace internal by your email (require to create a Let's Encrypt certificate)
############

USER_DOMAIN_NAME=
BASE_DOMAIN=${USER_DOMAIN_NAME:-yourdomain.com}
N8N_HOSTNAME=n8n.yourdomain.com
WEBUI_HOSTNAME=webui.yourdomain.com
FLOWISE_HOSTNAME=flowise.yourdomain.com
BOLT_HOSTNAME=bolt.yourdomain.com
############
# [required]
# Bolt.diy credentials (for Caddy basic auth)
############
BOLT_USERNAME=
BOLT_PASSWORD=
BOLT_PASSWORD_HASH=
OPENUI_HOSTNAME=openui.yourdomain.com
DIFY_HOSTNAME=dify.yourdomain.com
SUPABASE_HOSTNAME=supabase.yourdomain.com
LANGFUSE_HOSTNAME=langfuse.yourdomain.com
SEARXNG_HOSTNAME=searxng.yourdomain.com
WEAVIATE_HOSTNAME=weaviate.yourdomain.com
NEO4J_HOSTNAME=neo4j.yourdomain.com
GRAFANA_HOSTNAME=grafana.yourdomain.com
PROMETHEUS_HOSTNAME=prometheus.yourdomain.com
PORTAINER_HOSTNAME=portainer.yourdomain.com
POSTIZ_HOSTNAME=postiz.yourdomain.com
LETTA_HOSTNAME=letta.yourdomain.com
QDRANT_HOSTNAME=qdrant.yourdomain.com
COMFYUI_HOSTNAME=comfyui.yourdomain.com
RAGAPP_HOSTNAME=ragapp.yourdomain.com
WHISPER_HOSTNAME=asr.yourdomain.com
TTS_HOSTNAME=tts.yourdomain.com
SCRIBERR_HOSTNAME=scriberr.yourdomain.com
LIBRETRANSLATE_HOSTNAME=translate.yourdomain.com
LIGHTRAG_HOSTNAME=lightrag.yourdomain.com
PERPLEXICA_HOSTNAME=perplexica.yourdomain.com
ODOO_HOSTNAME=odoo.yourdomain.com
TWENTY_CRM_HOSTNAME=twenty.yourdomain.com
ESPOCRM_HOSTNAME=espocrm.yourdomain.com
MAUTIC_HOSTNAME=mautic.yourdomain.com
BASEROW_HOSTNAME=baserow.yourdomain.com
NOCODB_HOSTNAME=nocodb.yourdomain.com
VIKUNJA_HOSTNAME=vikunja.yourdomain.com
LEANTIME_HOSTNAME=leantime.yourdomain.com
CALCOM_HOSTNAME=cal.yourdomain.com
MAILPIT_HOSTNAME=mail.yourdomain.com
MAILSERVER_WEBMAIL_HOSTNAME=webmail.yourdomain.com
SNAPPYMAIL_HOSTNAME=webmail.yourdomain.com
JITSI_HOSTNAME=meet.yourdomain.com
LIVEKIT_HOSTNAME=livekit.yourdomain.com
VAULTWARDEN_HOSTNAME=vault.yourdomain.com
KOPIA_HOSTNAME=backup.yourdomain.com
KIMAI_HOSTNAME=time.yourdomain.com
INVOICENINJA_HOSTNAME=invoices.yourdomain.com
FORMBRICKS_HOSTNAME=forms.yourdomain.com
METABASE_HOSTNAME=analytics.yourdomain.com
STIRLING_HOSTNAME=pdf.yourdomain.com
CHATTERBOX_HOSTNAME=chatterbox.yourdomain.com
CHATTERBOX_FRONTEND_HOSTNAME=voice.yourdomain.com
N8N_MCP_HOSTNAME=n8nmcp.yourdomain.com
GPTR_HOSTNAME=research.yourdomain.com
SEAFILE_HOSTNAME=files.yourdomain.com
PAPERLESS_HOSTNAME=docs.yourdomain.com
OPENNOTEBOOK_HOSTNAME=notebook.yourdomain.com
WEBHOOK_TESTER_HOSTNAME=webhook-test.yourdomain.com
HOPPSCOTCH_HOSTNAME=api-test.yourdomain.com
UPTIME_KUMA_HOSTNAME=status.yourdomain.com
AIRBYTE_HOSTNAME=airbyte.yourdomain.com
PAPERLESS_GPT_HOSTNAME=paperless-gpt.yourdomain.com
PAPERLESS_AI_HOSTNAME=paperless-ai.yourdomain.com
HOMEPAGE_HOSTNAME=dashboard.yourdomain.com
OUTLINE_HOSTNAME=outline.yourdomain.com
DEX_HOSTNAME=auth.${BASE_DOMAIN}
OUTLINE_S3_HOSTNAME=outline-s3.yourdomain.com
OUTLINE_S3_ADMIN_HOSTNAME=outline-s3-admin.yourdomain.com
GITEA_HOSTNAME=git.yourdomain.com
DOCUSEAL_HOSTNAME=sign.yourdomain.com
CODESERVER_HOSTNAME=code.yourdomain.com
LETSENCRYPT_EMAIL=

# Everything below this point is optional.
# Default values will suffice unless you need more features/customization.

RUN_N8N_IMPORT=

############
# [required]
# RAGApp credentials - used for Basic Auth in Caddy
############

RAGAPP_USERNAME=
RAGAPP_PASSWORD=

   #
   #
#######
 #####
   #

############
# [required]
# LibreTranslate credentials (for Caddy basic auth)
############
LIBRETRANSLATE_USERNAME=
LIBRETRANSLATE_PASSWORD=
LIBRETRANSLATE_PASSWORD_HASH=

############
# LightRAG credentials (for Caddy basic auth)
############
LIGHTRAG_USERNAME=
LIGHTRAG_PASSWORD=
LIGHTRAG_PASSWORD_HASH=
# LightRAG API configuration
LIGHTRAG_TOKEN_SECRET=
LIGHTRAG_TOKEN_EXPIRE=24
LIGHTRAG_WORKSPACE=default
LIGHTRAG_LLM=ollama/llama3.2
LIGHTRAG_EMBEDDING=nomic-embed-text
# Internal auth for LightRAG API (username:password format)
LIGHTRAG_AUTH_ACCOUNTS=

############
# Perplexica credentials (for Caddy basic auth)
############
PERPLEXICA_USERNAME=
PERPLEXICA_PASSWORD=
PERPLEXICA_PASSWORD_HASH=

############
# Odoo ERP/CRM credentials
############
ODOO_DB_PASSWORD=
ODOO_MASTER_PASSWORD=
ODOO_USERNAME=
ODOO_PASSWORD=
ODOO_PASSWORD_HASH=

############
# Twenty CRM - Modern Customer Relationship Management
############

# Twenty CRM Database
TWENTY_CRM_DB_NAME=default
TWENTY_CRM_DB_USER=twenty
TWENTY_CRM_DB_PASSWORD=

# Twenty CRM Secrets (auto-generated)
TWENTY_CRM_APP_SECRET=

############
# EspoCRM - Full-Featured Customer Relationship Management  
############

# EspoCRM Database
ESPOCRM_DB_NAME=espocrm
ESPOCRM_DB_USER=espocrm
ESPOCRM_DB_PASSWORD=
ESPOCRM_DB_ROOT_PASSWORD=

# EspoCRM Admin Account (created during first setup)
ESPOCRM_ADMIN_USERNAME=admin
ESPOCRM_ADMIN_PASSWORD=

############
# MAUTIC - Marketing Automation Platform
############

# Database Credentials
MAUTIC_DB_USER=mautic
MAUTIC_DB_PASSWORD=
MAUTIC_DB_ROOT_PASSWORD=

# Admin Credentials
MAUTIC_ADMIN_EMAIL=
MAUTIC_ADMIN_PASSWORD=

# Performance Tuning
MAUTIC_PHP_MEMORY_LIMIT=512M
MAUTIC_PHP_MAX_EXECUTION_TIME=300

############
# Baserow (Airtable Alternative)
############
BASEROW_SECRET_KEY=

############
# NocoDB - Open Source Airtable Alternative
############

# Admin credentials (auto-generated if empty)
NOCODB_ADMIN_PASSWORD=

# JWT Secret for authentication (auto-generated)
NOCODB_JWT_SECRET=

############
# Vikunja - Task Management
############
VIKUNJA_JWT_SECRET=

############
# MySQL - Database Server (auto-installed with Leantime)
############
MYSQL_ROOT_PASSWORD=

############
# Leantime - Project Management Suite
############
LEANTIME_DB_PASSWORD=
LEANTIME_SESSION_PASSWORD=

############
# Cal.com (Open Source Scheduling Platform)
############
CALCOM_NEXTAUTH_SECRET=
CALCOM_ENCRYPTION_KEY=

# Jitsi Internal Configuration
JITSI_XMPP_DOMAIN=meet.jitsi
XMPP_DOMAIN=meet.jitsi
XMPP_SERVER=jitsi-prosody
ENABLE_XMPP_WEBSOCKET=true
PUBLIC_URL=  # Auto-generated from JITSI_HOSTNAME

# Authentication Passwords (Auto-generated)
JICOFO_COMPONENT_SECRET=
JICOFO_AUTH_PASSWORD=
JVB_AUTH_PASSWORD=

############################################################################
# LIVEKIT - Real-time Voice & Video Infrastructure
# Uses JWT-based authentication (API Key/Secret), NO Basic Auth needed!
############################################################################

# LiveKit Server API Credentials (auto-generated)
LIVEKIT_API_KEY=
LIVEKIT_API_SECRET=

# Note: Clients authenticate with JWT tokens generated from these credentials.
# No username/password needed - LiveKit has no web UI!

############
# Vaultwarden - Self-hosted Password Manager
############
VAULTWARDEN_ADMIN_TOKEN=
# Optional: Whitelist domains for registration (comma-separated)
SIGNUPS_DOMAINS_WHITELIST=yourdomain.com

############################################################################
# KIMAI - Professional Time Tracking
############################################################################

# Kimai Admin Account
KIMAI_ADMIN_EMAIL=
KIMAI_ADMIN_PASSWORD=

# Database Configuration
KIMAI_DB_NAME=kimai
KIMAI_DB_USER=kimai
KIMAI_DB_PASSWORD=
KIMAI_DB_ROOT_PASSWORD=

# Mail Configuration (optional)
KIMAI_MAIL_FROM=kimai@yourdomain.com

############################################################################
# INVOICE NINJA - Professional Invoicing Platform
############################################################################

# CRITICAL: Generate this BEFORE first start!
# Run: docker run --rm invoiceninja/invoiceninja:5 php artisan key:generate --show
INVOICENINJA_APP_KEY=

# Initial Admin Account (remove after first login)
INVOICENINJA_ADMIN_EMAIL=
INVOICENINJA_ADMIN_PASSWORD=

# Database Configuration
INVOICENINJA_DB_NAME=invoiceninja
INVOICENINJA_DB_USER=invoiceninja
INVOICENINJA_DB_PASSWORD=
INVOICENINJA_DB_ROOT_PASSWORD=

# Mail Settings
INVOICENINJA_MAIL_FROM=invoices@yourdomain.com

# Optional: Payment Gateway Keys
INVOICENINJA_STRIPE_KEY=
INVOICENINJA_STRIPE_SECRET=
INVOICENINJA_PAYPAL_CLIENT_ID=
INVOICENINJA_PAYPAL_SECRET=

############
# Formbricks - Open Source Survey Platform
############
FORMBRICKS_NEXTAUTH_SECRET=
FORMBRICKS_ENCRYPTION_KEY=
FORMBRICKS_CRON_SECRET=
FORMBRICKS_MAIL_FROM=forms@yourdomain.com
# Optional: Unsplash Integration for Survey Backgrounds
FORMBRICKS_UNSPLASH_ACCESS_KEY=
# Database Password for dedicated PostgreSQL with pgvector
FORMBRICKS_DB_PASSWORD=

############################################################################
# METABASE - Business Intelligence & Analytics
############################################################################
METABASE_SITE_NAME=Analytics

# Security (auto-generated)
METABASE_ENCRYPTION_KEY=

# Database Configuration
METABASE_DB_NAME=metabase
METABASE_DB_USER=metabase
METABASE_DB_PASSWORD=

# Performance
METABASE_MEMORY=1g  # Increase to 2g for large datasets

# Localization
METABASE_LOCALE=en  # or de, fr, es, etc.

# Mail Settings
METABASE_MAIL_FROM=analytics@yourdomain.com

# Optional: Google Auth (SSO)
METABASE_GOOGLE_AUTH_CLIENT_ID=
METABASE_GOOGLE_AUTH_DOMAIN=

# Optional: Maps
METABASE_MAPS_TILE_SERVER_URL=

############################################################################
# STIRLING-PDF - Advanced PDF Tools Suite
############################################################################

# Note: Stirling-PDF uses fixed initial credentials:
# Username: admin
# Password: stirling
# You'll be prompted to change the password on first login

# Optional Customization
STIRLING_LOCALE=de-DE
STIRLING_APP_NAME="AI LaunchKit PDF"
STIRLING_APP_DESC="Professional PDF editing"
STIRLING_ENABLE_LOGIN=true

############
# TTS Chatterbox - State-of-the-Art Text-to-Speech
# Outperforms ElevenLabs with emotion control & voice cloning
############
CHATTERBOX_API_KEY=
CHATTERBOX_DEVICE=cpu
# Options: cpu, cuda, rocm, auto
CHATTERBOX_EXAGGERATION=0.5
# Range: 0.25 to 2.0 for emotion control
CHATTERBOX_MAX_LENGTH=500
CHATTERBOX_DEFAULT_VOICE=default
CHATTERBOX_MEMORY_CLEANUP=60
# Memory cleanup interval in seconds
CHATTERBOX_CUDA_CLEANUP=120
# CUDA cache cleanup interval in seconds

############################################################################
# AI SECURITY SUITE - LLM Guard + Microsoft Presidio
# Comprehensive AI security: prompt injection protection, PII detection, GDPR compliance
# NO external access needed - internal APIs only for n8n integration
############################################################################

# LLM Guard - Prompt Injection & AI Security
# API token for authentication (auto-generated during installation)
LLM_GUARD_TOKEN=

# Logging level: DEBUG, INFO, WARNING, ERROR
LLM_GUARD_LOG_LEVEL=INFO

# Presidio - GDPR-compliant PII Detection & Anonymization
# Minimum confidence score for PII detection (0.0 - 1.0)
# Lower = more detections but more false positives
# Higher = fewer false positives but might miss some PII
PRESIDIO_MIN_SCORE=0.5

# Note: Both services run internally only (no hostnames needed)
# Access from n8n via:
#   - LLM Guard: http://llm-guard:8000
#   - Presidio Analyzer: http://presidio-analyzer:3000
#   - Presidio Anonymizer: http://presidio-anonymizer:3000

############################################################################
# KOPIA - Fast and Secure Backup with Nextcloud WebDAV
############################################################################

# Kopia UI & Server credentials (own authentication system)
KOPIA_UI_USERNAME=admin
KOPIA_UI_PASSWORD=

# Repository encryption password (DIFFERENT from UI password!)
KOPIA_PASSWORD=

# Nextcloud WebDAV Integration
NEXTCLOUD_WEBDAV_URL=https://your.nextcloud.com/remote.php/dav/files/USERNAME/kopia-backup
NEXTCLOUD_USERNAME=your-nextcloud-username
NEXTCLOUD_APP_PASSWORD=your-nextcloud-app-password

############################################################################
# MAIL CONFIGURATION
# Mailpit runs always for development/testing
# Docker-Mailserver optional for production
############################################################################

# Mail Mode (mailpit or mailserver)
MAIL_MODE=mailpit

############
# Mailpit credentials (for Caddy basic auth)
############
MAILPIT_USERNAME=
MAILPIT_PASSWORD=
MAILPIT_PASSWORD_HASH=

# Docker-Mailserver Settings (when MAIL_MODE=mailserver)
MAILSERVER_ENABLED=false  # Set to true during installation if selected
MAIL_DOMAIN=${BASE_DOMAIN}
MAIL_HOSTNAME=mail.${BASE_DOMAIN}

# Auto-generated email account for services
MAIL_NOREPLY_USER=noreply@${BASE_DOMAIN}
MAIL_NOREPLY_PASSWORD=  # Auto-generated

# Universal SMTP Settings (auto-configured based on MAIL_MODE)
SMTP_HOST=mailpit
SMTP_PORT=1025
SMTP_USER=admin
SMTP_PASS=admin
SMTP_FROM=noreply@yourdomain.com
SMTP_SECURE=false

# These get auto-set for services (for compatibility)
EMAIL_SMTP_HOST=${SMTP_HOST}
EMAIL_SMTP_PORT=${SMTP_PORT}
EMAIL_SMTP_USER=${SMTP_USER}
EMAIL_SMTP_PASSWORD=${SMTP_PASS}
EMAIL_FROM=${SMTP_FROM}
EMAIL_SMTP_USE_TLS=${SMTP_SECURE}

# Mailpit Settings
MAILPIT_MAX_MESSAGES=5000
MAILPIT_UI_AUTH_FILE=

############
# Speech Stack Configuration
############

WHISPER_MODEL=Systran/faster-distil-whisper-large-v3

# TTS Voice via API

############
# Speech Stack Authentication (REQUIRED for production!)
# Generate password hash with: docker run --rm caddy:alpine caddy hash-password --plaintext your_password
############

WHISPER_AUTH_USER=admin
WHISPER_AUTH_PASSWORD=
WHISPER_AUTH_PASSWORD_HASH=
TTS_AUTH_USER=admin
TTS_AUTH_PASSWORD=
TTS_AUTH_PASSWORD_HASH=

############
# [required]
# Scriberr - AI Audio Transcription with Speaker Diarization
############

# Whisper Model: tiny, base, small, medium, large
# Larger models = better quality, more RAM/time required
SCRIBERR_WHISPER_MODEL=base

# Speaker Diarization Settings
SCRIBERR_SPEAKER_DIARIZATION=true
SCRIBERR_MIN_SPEAKERS=2
SCRIBERR_MAX_SPEAKERS=4

# Performance (CPU threads for transcription)
SCRIBERR_THREADS=4
SCRIBERR_BATCH_SIZE=16

############
# OCR Bundle Configuration
############
# Number of CPU cores for Tesseract workers
OCR_CPU_CORES=4

# EasyOCR API Secret Key
EASYOCR_SECRET_KEY=

# LibreTranslate Configuration (optional)
############
LIBRETRANSLATE_CHAR_LIMIT=10000
LIBRETRANSLATE_DEFAULT_SOURCE=auto
LIBRETRANSLATE_DEFAULT_TARGET=en
LIBRETRANSLATE_API_KEYS=false
LIBRETRANSLATE_THREADS=4
LIBRETRANSLATE_SUGGESTIONS=false
LIBRETRANSLATE_DISABLE_WEB_UI=false
LIBRETRANSLATE_UPDATE_MODELS=true
LIBRETRANSLATE_LOAD_ONLY=en,de,fr,es,it,nl,pl,pt,ru
LIBRETRANSLATE_METRICS=false

############
# Optional Google Authentication for Supabase
# Get these values from the Google Admin Console
############
# ENABLE_GOOGLE_SIGNUP=true
# GOOGLE_CLIENT_ID=
# GOOGLE_CLIENT_SECRET=
# GOOGLE_REDIRECT_URI=

############
# Optional SearXNG Config
# If you run a very small or a very large instance, you might want to change the amount of used uwsgi workers and threads per worker
# More workers (= processes) means that more search requests can be handled at the same time, but it also causes more resource usage
############

# SEARXNG_UWSGI_WORKERS=4
# SEARXNG_UWSGI_THREADS=4

############
# Database - You can change these to any PostgreSQL database that has logical replication enabled.
############

POSTGRES_HOST=db
POSTGRES_DB=postgres
POSTGRES_PORT=5432
# default user is postgres
POSTGRES_USER=postgres

############
# Supavisor -- Database pooler and others that can be left as default values
############
POOLER_PROXY_PORT_TRANSACTION=6543
POOLER_DEFAULT_POOL_SIZE=20
POOLER_MAX_CLIENT_CONN=100
SECRET_KEY_BASE=
VAULT_ENC_KEY=
# Pool size for internal metadata storage used by Supavisor
# This is separate from client connections and used only by Supavisor itself
POOLER_DB_POOL_SIZE=5


############
# API Proxy - Configuration for the Kong Reverse proxy.
############

KONG_HTTP_PORT=8000
KONG_HTTPS_PORT=8443


############
# API - Configuration for PostgREST.
############

PGRST_DB_SCHEMAS=public,storage,graphql_public


############
# Auth - Configuration for the GoTrue authentication server.
############

## General
SITE_URL=http://localhost:3000
ADDITIONAL_REDIRECT_URLS=
JWT_EXPIRY=3600
DISABLE_SIGNUP=false
API_EXTERNAL_URL=http://localhost:8000

## Mailer Config
MAILER_URLPATHS_CONFIRMATION="/auth/v1/verify"
MAILER_URLPATHS_INVITE="/auth/v1/verify"
MAILER_URLPATHS_RECOVERY="/auth/v1/verify"
MAILER_URLPATHS_EMAIL_CHANGE="/auth/v1/verify"

## Email auth
ENABLE_EMAIL_SIGNUP=true
ENABLE_EMAIL_AUTOCONFIRM=true
SMTP_ADMIN_EMAIL=admin@example.com
SMTP_HOST=supabase-mail
SMTP_PORT=2500
SMTP_USER=fake_mail_user
SMTP_PASS=fake_mail_password
SMTP_SENDER_NAME=fake_sender
ENABLE_ANONYMOUS_USERS=false

## Phone auth
ENABLE_PHONE_SIGNUP=true
ENABLE_PHONE_AUTOCONFIRM=true


############
# Studio - Configuration for the Dashboard
############

STUDIO_DEFAULT_ORGANIZATION=Organization
STUDIO_DEFAULT_PROJECT=Project

STUDIO_PORT=3000
# replace if you intend to use Studio outside of localhost
SUPABASE_PUBLIC_URL=http://localhost:8000

# Enable webp support
IMGPROXY_ENABLE_WEBP_DETECTION=true

# Add your OpenAI API key to enable SQL Editor Assistant
OPENAI_API_KEY=

# Anthropic Claude API (used by bolt.diy)
ANTHROPIC_API_KEY=

# Groq API (fast inference, used by bolt.diy)
GROQ_API_KEY=

############
# Ollama Configuration - Local LLM Server
############
OLLAMA_HOST=http://ollama:11434
OLLAMA_MODEL=qwen2.5:7b-instruct-q4_K_M

# ============================================
# Cloudflare Tunnel Configuration (Optional)
# ============================================
CLOUDFLARE_TUNNEL_TOKEN=

############
# Functions - Configuration for Functions
############
# NOTE: VERIFY_JWT applies to all functions. Per-function VERIFY_JWT is not supported yet.
FUNCTIONS_VERIFY_JWT=false


############
# Logs - Configuration for Analytics
# Please refer to https://supabase.com/docs/reference/self-hosting-analytics/introduction
############

# Change vector.toml sinks to reflect this change
# these cannot be the same value
LOGFLARE_PUBLIC_ACCESS_TOKEN="not-in-use"
LOGFLARE_PRIVATE_ACCESS_TOKEN="not-in-use"

# Docker socket location - this value will differ depending on your OS
DOCKER_SOCKET_LOCATION=/var/run/docker.sock

# Google Cloud Project details
GOOGLE_PROJECT_ID=GOOGLE_PROJECT_ID
GOOGLE_PROJECT_NUMBER=GOOGLE_PROJECT_NUMBER

# Letta
LETTA_SERVER_PASSWORD=

# Langsmith
LANGCHAIN_ENDPOINT=https://api.smith.langchain.com
LANGCHAIN_TRACING_V2=true
LANGCHAIN_API_KEY=

# Dify application settings
# Based on: https://docs.dify.ai/en/getting-started/install-self-hosted/environments
############
DIFY_SECRET_KEY=
DIFY_EXPOSE_NGINX_PORT=8080
DIFY_EXPOSE_NGINX_SSL_PORT=9443

###########################################################################################
COMPOSE_PROFILES="n8n,flowise,monitoring"
PROMETHEUS_PASSWORD_HASH=
SEARXNG_PASSWORD_HASH=
COMFYUI_PASSWORD_HASH=
RAGAPP_PASSWORD_HASH=

############
# Postiz configuration
# Reference: https://docs.postiz.com/configuration/reference
# To protect Postiz via Caddy basic auth (optional), set these:
############

POSTIZ_DISABLE_REGISTRATION=false

############
# Postiz Social Media Integrations
# Leave blank if not used. Provide credentials from each platform.
############

X_API_KEY=
X_API_SECRET=

LINKEDIN_CLIENT_ID=
LINKEDIN_CLIENT_SECRET=

REDDIT_CLIENT_ID=
REDDIT_CLIENT_SECRET=

GITHUB_CLIENT_ID=
GITHUB_CLIENT_SECRET=

BEEHIIVE_API_KEY=
BEEHIIVE_PUBLICATION_ID=

THREADS_APP_ID=
THREADS_APP_SECRET=

FACEBOOK_APP_ID=
FACEBOOK_APP_SECRET=

YOUTUBE_CLIENT_ID=
YOUTUBE_CLIENT_SECRET=

TIKTOK_CLIENT_ID=
TIKTOK_CLIENT_SECRET=

PINTEREST_CLIENT_ID=
PINTEREST_CLIENT_SECRET=

DRIBBBLE_CLIENT_ID=
DRIBBBLE_CLIENT_SECRET=

DISCORD_CLIENT_ID=
DISCORD_CLIENT_SECRET=
DISCORD_BOT_TOKEN_ID=

SLACK_ID=
SLACK_SECRET=
SLACK_SIGNING_SECRET=

MASTODON_URL=https://mastodon.social
MASTODON_CLIENT_ID=
MASTODON_CLIENT_SECRET=

KOPIA_PASSWORD_HASH=

############
# Vexa - Real-time Meeting Transcription API
############

# Vexa Internal Configuration
VEXA_API_KEY=
VEXA_ADMIN_TOKEN=

# Whisper Configuration
VEXA_WHISPER_MODEL=base
VEXA_WHISPER_DEVICE=cpu

# Notes:
# - Vexa is API-only (no web UI), accessible internally at http://api-gateway:8000
# - Use VEXA_API_KEY in n8n workflows for authentication
# - Whisper models: tiny (fastest) -> base (balanced) -> medium/large (best quality)
# - For GPU: Set VEXA_WHISPER_DEVICE=cuda (requires NVIDIA drivers)

############
# Browser Automation Suite - Browserless + Skyvern + Browser-use
# All services run internally (API-only, no external access needed)
############

# Browserless - Centralized Chrome Runtime
BROWSERLESS_TOKEN=
BROWSERLESS_CONCURRENT=10
BROWSERLESS_TIMEOUT=120000
BROWSERLESS_QUEUE=10
BROWSERLESS_DEBUGGER=false

# Skyvern - Vision-based Browser Automation  
SKYVERN_API_KEY=
# Optional: Switch to Ollama for local LLMs (default: uses OpenAI)
# ENABLE_OLLAMA=false
# SKYVERN_LLM_KEY=OPENAI
# OLLAMA_MODEL=qwen2.5:7b-instruct

############
# n8n-MCP - Model Context Protocol Server
# Enables AI assistants (Claude/Cursor) to generate n8n workflows
############
N8N_MCP_TOKEN=
N8N_API_KEY=

############
# AI RESEARCH TOOLS - GPT Researcher & Local Deep Research
############

# GPT Researcher - Autonomous Research Agent
GPTR_USERNAME=
GPTR_PASSWORD=
GPTR_PASSWORD_HASH=

# GPT Researcher Configuration
GPTR_RETRIEVER=searx
GPTR_LLM_PROVIDER=ollama
GPTR_REPORT_FORMAT=APA
GPTR_MAX_ITERATIONS=5
GPTR_TOTAL_WORDS=2000
GPTR_LANGUAGE=english

# Local Deep Research Configuration
LDR_LLM_PROVIDER=ollama
LDR_LOCAL_MODEL=qwen2.5:7b-instruct-q4_K_M
LDR_SEARCH_API=searxng
LDR_MAX_LOOPS=5
LDR_FETCH_FULL=false

# Optional API Keys (for cloud models instead of Ollama)
TAVILY_API_KEY=
PERPLEXITY_API_KEY=

############
# Seafile - File Sync & Share Platform
############
SEAFILE_DB_ROOT_PASSWORD=
SEAFILE_DB_PASSWORD=
SEAFILE_ADMIN_PASSWORD=

############
# Paperless-ngx - Document Management with OCR
############
PAPERLESS_DB_PASSWORD=
PAPERLESS_SECRET_KEY=
PAPERLESS_ADMIN_PASSWORD=

############
# Paperless-ngx - Document Management with OCR
############
PAPERLESS_DB_PASSWORD=
PAPERLESS_SECRET_KEY=
PAPERLESS_ADMIN_EMAIL=
PAPERLESS_ADMIN_PASSWORD=

############
# Paperless AI Extensions - Enhanced OCR & RAG
############

# IMPORTANT: Generate this token in Paperless-ngx Admin Panel after installation!
# Go to https://docs.yourdomain.com/admin → Auth Tokens → Add Token
PAPERLESS_API_TOKEN=

# ===== Paperless-GPT (OCR Enhancement) - Protected with Basic Auth =====
PAPERLESS_GPT_USERNAME=
PAPERLESS_GPT_PASSWORD=
PAPERLESS_GPT_PASSWORD_HASH=

# LLM Configuration - DEFAULT: OpenAI (for CPU VPS)
PAPERLESS_GPT_LLM_PROVIDER=openai
PAPERLESS_GPT_LLM_MODEL=gpt-4o-mini
# For Ollama (uncomment and comment out OpenAI above):
# PAPERLESS_GPT_LLM_PROVIDER=ollama
# PAPERLESS_GPT_LLM_MODEL=qwen2.5:7b

# Vision Model for OCR - DEFAULT: OpenAI
PAPERLESS_GPT_VISION_PROVIDER=openai
PAPERLESS_GPT_VISION_MODEL=gpt-4o-mini
# For Ollama Vision (uncomment and comment out OpenAI above):
# PAPERLESS_GPT_VISION_PROVIDER=ollama
# PAPERLESS_GPT_VISION_MODEL=minicpm-v

# Language & Limits
PAPERLESS_GPT_LANGUAGE=German
PAPERLESS_GPT_OCR_LIMIT=0
PAPERLESS_GPT_TOKEN_LIMIT=0

# ===== Paperless-AI (RAG & Chat) - Has OWN Authentication! =====
PAPERLESS_AI_PORT=3000
# NO username/password needed here! 
# Paperless-AI will ask for credentials on first access

############
# Open Notebook - AI-Powered Knowledge Management & Research Platform
# Privacy-First Alternative zu Google NotebookLM
############

# Open Notebook Authentication
# Native Open Notebook password protection (for Web UI)
OPENNOTEBOOK_PASSWORD=

# Open Notebook Configuration
# AI Provider Keys are shared with other services (OPENAI_API_KEY, ANTHROPIC_API_KEY, GROQ_API_KEY)
# Supports 16+ AI providers: OpenAI, Anthropic, Ollama, Google, Groq, Mistral, DeepSeek, xAI, etc.

# Notes:
# - Port 8502: Web UI (accessible via HTTPS through Caddy)
# - Port 5055: REST API (internal only, for n8n workflows)
# - Data stored in ./opennotebook/notebook_data (notebooks & research)
# - Database stored in ./opennotebook/surreal_data (embedded SurrealDB)
# - Password protection optional for local deployments, recommended for public servers

############################################################################
# WEBHOOK TESTING SUITE - Testing & Debugging Webhooks
############################################################################

############
# Webhook Tester - Debug incoming webhooks (Protected with Basic Auth)
############
WEBHOOK_TESTER_USERNAME=
WEBHOOK_TESTER_PASSWORD=
WEBHOOK_TESTER_PASSWORD_HASH=

############
# Hoppscotch - API Testing Platform (Has own user management!)
############

# Database Password for dedicated PostgreSQL
HOPPSCOTCH_DB_PASSWORD=

# Security Secrets (all auto-generated during installation)
HOPPSCOTCH_JWT_SECRET=
HOPPSCOTCH_SESSION_SECRET=
HOPPSCOTCH_REFRESH_TOKEN_SECRET=

# Data Encryption Key (32 characters, auto-generated)
HOPPSCOTCH_DATA_ENCRYPTION_KEY=

# Optional: Pre-configure admin account (remove after first login)
# HOPPSCOTCH_ADMIN_EMAIL=
# HOPPSCOTCH_ADMIN_PASSWORD=

############################################################################
# AIRBYTE - Data Integration Platform (600+ Sources)
# Sync data from Google Ads, Meta Ads, TikTok, GA4, Mailjet, etc.
# Perfect companion to Metabase for marketing analytics dashboards
############################################################################

# Airbyte Login Credentials (Built-in Authentication)
AIRBYTE_USERNAME=
AIRBYTE_PASSWORD=

# Airbyte Destination Database Password
# PostgreSQL database where Airbyte syncs all your marketing data
# Connect Metabase to this database (marketing_data) for analytics
AIRBYTE_DESTINATION_DB_PASSWORD=

# Notes:
# - Airbyte runs with built-in PostgreSQL for metadata (managed by abctl)
# - This separate database stores your actual synced data
# - Configure as "Destination" in Airbyte UI after installation

############
# Outline - Wiki/Documentation (Self-hosted auth with Dex)
############

# Outline Secrets (auto-generated)
OUTLINE_SECRET_KEY=
OUTLINE_UTILS_SECRET=

# Outline OIDC with Dex (auto-generated)
OUTLINE_OIDC_CLIENT_SECRET=

# Outline MinIO S3 Storage
OUTLINE_MINIO_ROOT_USER=minio
OUTLINE_MINIO_ROOT_PASSWORD=

# Dex Admin Account (auto-generated)
DEX_ADMIN_EMAIL=
DEX_ADMIN_PASSWORD=
DEX_ADMIN_PASSWORD_HASH=

############
# Gitea - Git Hosting (Built-in authentication)
############

# Gitea SSH Port (default: 2222 to avoid conflicts)
GITEA_SSH_PORT=2222

# Note: First registered user becomes admin
# No pre-configured credentials needed

############
# DocuSeal - E-Signatures (Built-in authentication)
############

# DocuSeal Database Password (auto-generated)
DOCUSEAL_DB_PASSWORD=

# Note: Admin account created during first access via setup wizard

############
# Code-Server - VS Code in the Browser
# Uses built-in password authentication (no Caddy basic auth needed)
############
CODESERVER_PASSWORD=
CODESERVER_SUDO_PASSWORD=