-
Notifications
You must be signed in to change notification settings - Fork 4
Expand file tree
/
Copy path.env.example
More file actions
126 lines (116 loc) · 5.66 KB
/
.env.example
File metadata and controls
126 lines (116 loc) · 5.66 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
# ============================================================================
# Tale Platform - Environment Configuration
# ============================================================================
# Copy this file to .env and fill in your values
# Generate secrets with: openssl rand -base64 32 (for base64) or openssl rand -hex 32 (for hex)
# ============================================================================
# REQUIRED: Domain Configuration
# ============================================================================
# HOST: Hostname only, without protocol (used for Docker networking, emails)
# SITE_URL: Full canonical URL with protocol (used for external links, auth callbacks)
# Must match the URL users access in their browser, including non-standard ports.
#
# Examples:
# Production:
# HOST=demo.tale.dev
# SITE_URL=https://demo.tale.dev
# Custom port:
# HOST=example.com
# SITE_URL=https://example.com:8443
# Development:
# HOST=tale.local
# SITE_URL=https://tale.local
HOST=tale.local
SITE_URL=https://tale.local
# Optional: Base path for subpath deployments behind a reverse proxy
# Example: BASE_PATH=/app for accessing via https://example.com/app/
# Leave empty or unset for root deployments
# BASE_PATH=
# ============================================================================
# OPTIONAL: TLS/SSL Configuration
# ============================================================================
# TLS_MODE: Choose how SSL certificates are handled
# - "selfsigned" (default): Self-signed certificates for development
# Browser will show certificate warning (expected behavior)
# To trust certs on host: docker exec tale-proxy caddy trust
# - "letsencrypt": Free trusted certificates from Let's Encrypt
# For production. Requires valid public domain and ports 80/443 accessible.
# - "external": TLS handled by an external reverse proxy
# Caddy listens on HTTP only. Set SITE_URL to your public URL.
#
# TLS_EMAIL: Email for Let's Encrypt notifications (optional but recommended)
#
# Development (default):
TLS_MODE=selfsigned
#
# Production example:
# TLS_MODE=letsencrypt
# TLS_EMAIL=admin@yourdomain.com
# ============================================================================
# REQUIRED: Security Secrets
# ============================================================================
# Generate with: openssl rand -base64 32
BETTER_AUTH_SECRET=SB53GlYc8RaMU+stOmOWXtRU8JEyOQItpBNK5b03Aco=
# Generate with: openssl rand -hex 32
ENCRYPTION_SECRET_HEX=3143246f44def075d40141fb849faffcf409fbbeb7a282a3a7c2f4396f2ed232
# ============================================================================
# Database Configuration
# ============================================================================
# Database password for self-hosted PostgreSQL (required, auto-used by all services)
# Services will fail to start if this is not set. Change this password in production.
DB_PASSWORD=tale_password_change_me
# Advanced: Override the auto-generated database connection URL
# If not set, POSTGRES_URL is constructed as postgresql://tale:${DB_PASSWORD}@db:5432
# Note: Convex expects URL without database name; DB name derived from INSTANCE_NAME
# POSTGRES_URL=postgresql://user:password@host:port
# ============================================================================
# OPTIONAL: Convex Instance Configuration
# ============================================================================
# Generate with: openssl rand -hex 32
INSTANCE_SECRET=0516d5cddc8b9bbc01238b8696f13c711983f45f6dc4dbf9dc66ba42fc16f504
# ============================================================================
# OPTIONAL: Error Tracking (Sentry)
# ============================================================================
# Get your DSN from https://sentry.io or use a self-hosted alternative
# (GlitchTip, Bugsink) with a compatible DSN format.
# If not set, error tracking is disabled.
# SENTRY_DSN=https://your-key@your-sentry-host/project-id
# ============================================================================
# OPTIONAL: Monitoring / Metrics (Prometheus)
# ============================================================================
# Each service exposes /metrics (Prometheus text format) on the internal Docker
# network. Set a bearer token to enable external access via Caddy:
#
# METRICS_BEARER_TOKEN=your-secret-token-here
#
# Endpoints (requires valid bearer token):
# https://<host>/metrics/crawler
# https://<host>/metrics/rag
# https://<host>/metrics/operator
# https://<host>/metrics/platform
# https://<host>/metrics/convex (Convex backend: 261 built-in metrics)
#
# Prometheus scrape config example:
# scrape_configs:
# - job_name: tale-crawler
# scheme: https
# metrics_path: /metrics/crawler
# authorization:
# credentials: your-secret-token-here
# static_configs:
# - targets: ['your-tale-host.com']
#
# METRICS_BEARER_TOKEN=
# ============================================================================
# OPTIONAL: Provider Secrets Encryption
# ============================================================================
# Age secret key used by SOPS to decrypt provider secret files (*.secrets.json).
# Auto-generated by tale init, or generate manually with: age-keygen
# SOPS_AGE_KEY=
# ============================================================================
# OPTIONAL: Operator Service (Browser Automation)
# ============================================================================
# URL of the Operator service for web browser automation tasks.
# The Operator uses Playwright + AI for intelligent web interactions.
# If not set, defaults to http://localhost:8004
# OPERATOR_URL=http://operator:8004