-
Notifications
You must be signed in to change notification settings - Fork 55
Expand file tree
/
Copy path.env.example
More file actions
101 lines (84 loc) · 3.41 KB
/
.env.example
File metadata and controls
101 lines (84 loc) · 3.41 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
# Optional: path to SQLite database (defaults to <state dir>/hermes.db)
# HERMES_DB_PATH=./state/hermes.db
# Path to Hermes JSON state files (defaults to ./state)
HERMES_STATE_DIR=./state
# OpenClaw instance discovery
# Single-instance default (used if HERMES_OPENCLAW_INSTANCES is not set)
HERMES_OPENCLAW_HOME=~/.openclaw
HERMES_DEFAULT_INSTANCE=default
# Host access lock for dashboard routes/proxy:
# - local (default): localhost + 127.0.0.1 + *.ts.net + 100.* tailscale hosts
# - off: disable host lock
# - comma-separated hostnames: explicit allowlist
HERMES_HOST_LOCK=local
# Multi-instance example (JSON array)
# HERMES_OPENCLAW_INSTANCES=[
# {"id":"default","label":"Default","openclawHome":"~/.openclaw"},
# {"id":"client-a","label":"Client A","openclawHome":"/var/lib/openclaw/client-a","cronUser":"openclaw"}
# ]
# Writes back into OpenClaw instance files (disabled by default for template safety)
HERMES_ALLOW_POLICY_WRITE=false
HERMES_ALLOW_CRON_WRITE=false
# Writes back into agent workspace files (disabled by default for template safety)
HERMES_ALLOW_WORKSPACE_WRITE=false
# Optional: admin CLI command used by some API routes
# HERMES_ADMIN_CLI=openclaw
# Required auth seed credentials (used only when users table is empty)
AUTH_USER=admin
AUTH_PASS=change-me-to-a-long-password
# Required for API key access paths (x-api-key), including Telegram webhook
API_KEY=change-me-to-a-random-secret
# Optional cookie security override:
# - false for plain HTTP deployments
# - true for HTTPS-only deployments
AUTH_COOKIE_SECURE=false
# Optional Google OAuth login
GOOGLE_CLIENT_ID=
GOOGLE_CLIENT_SECRET=
GOOGLE_REDIRECT_URI=
# Optional restrictions for Google login provisioning
# GOOGLE_AUTH_ALLOWED_EMAILS=alice@example.com,bob@example.com
# GOOGLE_AUTH_ALLOWED_DOMAINS=example.com
# GOOGLE_AUTH_DEFAULT_ROLE=viewer
# Optional integrations (server-only env vars; avoid NEXT_PUBLIC_* for secrets)
# EMAIL_USER=
# EMAIL_PASSWORD=
# MAILCHIMP_API_KEY=
# HELIUS_URL=
# SANITY_PROJECT_ID=
# SANITY_DATASET=
# SANITY_API_VERSION=2022-11-15
# SANITY_API_TOKEN=
# Optional analytics (server-only)
# Plausible (recommended)
# PLAUSIBLE_BASE_URL=https://plausible.io
# PLAUSIBLE_SITE_ID=example.com
# PLAUSIBLE_API_KEY=
# Optional embedded dashboards (e.g. Plausible shared link, Looker Studio)
# HERMES_ANALYTICS_WEBSITE_IFRAME_URL=
# HERMES_ANALYTICS_SOCIAL_IFRAME_URL=
# Optional local model health probe
# OLLAMA_BASE_URL=http://127.0.0.1:11434
# Google Analytics 4 (server-side via Data API)
# GA4_PROPERTY_ID=123456789
# GA4_SERVICE_ACCOUNT_JSON="{...}"
# Alternatively (base64):
# GA4_SERVICE_ACCOUNT_JSON_B64=
# Social native connectors (optional)
# X_BEARER_TOKEN=
# X_USERNAME=
# LINKEDIN_ACCESS_TOKEN=
# LINKEDIN_ORGANIZATION_URN=urn:li:organization:123
# Optional API version header (yyyyMM)
# LINKEDIN_VERSION=
# Optional 1Password runtime overlay mode for standalone startup:
# - off: never use 1Password
# - auto (default): use 1Password when available, otherwise fallback to existing env
# - required: fail startup if 1Password cannot be used
# HERMES_1PASSWORD_MODE=auto
# Optional path to op:// env template file (used by scripts/start-standalone.sh)
# HERMES_OP_ENV_FILE=/etc/hermes-dashboard/hermes-dashboard.op.env
# Agent metadata defaults:
# - false (default): discover agents dynamically from OpenClaw config/filesystem only
# - true: include built-in static metadata for known IDs (legacy behavior)
# HERMES_USE_DEFAULT_AGENT_META=false