From 4c94e2f28032cf49686a9411903c4deeaaf218e3 Mon Sep 17 00:00:00 2001 From: Ebn0 Date: Sun, 15 Feb 2026 00:06:55 +0100 Subject: [PATCH] =?UTF-8?q?.env=20hinzugef=C3=BCgt?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .env | 197 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 197 insertions(+) create mode 100644 .env diff --git a/.env b/.env new file mode 100644 index 0000000..31f02a5 --- /dev/null +++ b/.env @@ -0,0 +1,197 @@ +# ============================================================================= +# PatchMon Environment Configuration For Docker +# ============================================================================= +# Copy this file to .env and fill in the required values. +# +# cp env.example .env +# +# Generate strong secrets with: +# openssl rand -hex 32 (for passwords) +# openssl rand -hex 64 (for JWT secret) +# +# For full documentation, see: https://docs.patchmon.net +# ============================================================================= + + +# ============================================================================= +# REQUIRED - These MUST be set before starting PatchMon +# ============================================================================= + +POSTGRES_PASSWORD=WLYkMdTJpvaDcEwTmw4y +REDIS_PASSWORD=zabUw7KgwaTgyHMV4Csn +JWT_SECRET=Sq35fXQM93L2BlHcjJ8FAhVlEZtJEPs9OWjrmVONK04= + +# Server access - how agents and browsers reach PatchMon. +# CORS_ORIGIN should match the full URL you access PatchMon from in your browser. + +SERVER_PROTOCOL=http +SERVER_HOST=localhost +SERVER_PORT=3000 +CORS_ORIGIN=http://192.168.2.132:3000 + + +# ============================================================================= +# OPTIONAL - Uncomment and change any values below to override defaults +# ============================================================================= + +# --- Environment --- +# Set to 'development' for development mode, 'production' for production +# Development mode enables hot reload, more verbose logging, and dev tools +# NODE_ENV=production + +# --- Logging --- + +# LOG_LEVEL=info +# ENABLE_LOGGING=true +# PM_LOG_TO_CONSOLE=false +# PM_LOG_REQUESTS_IN_DEV=false +# PRISMA_LOG_QUERIES=false + + +# --- Authentication --- + +# JWT_EXPIRES_IN=1h +# JWT_REFRESH_EXPIRES_IN=7d +# SESSION_INACTIVITY_TIMEOUT_MINUTES=30 +# DEFAULT_USER_ROLE=user + +# --- Network --- + +# ENABLE_HSTS=true + +# TRUST_PROXY: Trust proxy headers when behind a reverse proxy (nginx, Apache, etc.) +# SECURITY: Setting this to 'true' allows IP spoofing. Use specific values instead: +# - '1' or 'loopback' for single trusted proxy (recommended for Docker) +# - 'false' if not behind a reverse proxy +# - See https://expressjs.com/en/guide/behind-proxies.html for advanced options +# TRUST_PROXY=1 + +# Multiple CORS origins (comma-separated). Only needed if PatchMon is accessed +# from more than one domain. Overrides CORS_ORIGIN above when set. +# CORS_ORIGINS=https://patchmon.example.com,https://patchmon-alt.example.com + + +# --- Body size limits --- + +# JSON_BODY_LIMIT=5mb +# AGENT_UPDATE_BODY_LIMIT=2mb + + +# --- Timezone --- +# Controls timestamps in logs and the UI (e.g. UTC, Europe/London, America/New_York). + +# TZ=UTC + + +# --- Database connection pool (Prisma) --- +# Adjust based on deployment size. See documentation for guidance. + +# DB_CONNECTION_LIMIT=30 +# DB_POOL_TIMEOUT=20 +# DB_CONNECT_TIMEOUT=10 +# DB_IDLE_TIMEOUT=300 +# DB_MAX_LIFETIME=1800 + + +# --- Database transaction timeouts (milliseconds) --- + +# DB_TRANSACTION_MAX_WAIT=10000 +# DB_TRANSACTION_TIMEOUT=30000 +# DB_TRANSACTION_LONG_TIMEOUT=60000 + + +# --- Database connection retry --- + +# PM_DB_CONN_MAX_ATTEMPTS=30 +# PM_DB_CONN_WAIT_INTERVAL=2 + + +# --- Redis Configuration --- +# These settings control Redis connection and BullMQ job queue behavior. + +# REDIS_HOST=redis +# REDIS_PORT=6379 +# REDIS_USER= +# REDIS_DB=0 + +# Redis Connection Timeouts (milliseconds) +# Increase these if you see "Command timed out" errors +# Common causes: Redis memory pressure, slow disk I/O, connection pool exhaustion +# REDIS_CONNECT_TIMEOUT_MS=60000 # Time to wait for initial connection (default: 60s) +# REDIS_COMMAND_TIMEOUT_MS=60000 # Time to wait for Redis commands to complete (default: 60s) +# +# Note: enableReadyCheck is set to true by default to prevent commands from queueing +# before Redis is ready. This prevents timeout errors caused by command queueing. + +# BullMQ Lock Configuration (milliseconds) +# These settings prevent "Missing lock" or "could not renew lock" errors when Redis is slow. +# lockDuration: How long a job can run before its lock expires (default: 120000 = 120s) +# lockRenewTime: How often to renew the lock to prevent expiration (default: 20000 = 20s) +# Increase lockDuration if you see lock expiration errors with long-running jobs +# Decrease lockRenewTime if lock renewals are timing out (must be < lockDuration and < REDIS_COMMAND_TIMEOUT_MS) +# BULLMQ_LOCK_DURATION_MS=120000 +# BULLMQ_LOCK_RENEW_TIME_MS=20000 + + +# --- Rate limiting (values in milliseconds) --- + +# RATE_LIMIT_WINDOW_MS=900000 +# RATE_LIMIT_MAX=5000 +# AUTH_RATE_LIMIT_WINDOW_MS=600000 +# AUTH_RATE_LIMIT_MAX=500 +# AGENT_RATE_LIMIT_WINDOW_MS=60000 +# AGENT_RATE_LIMIT_MAX=1000 + + +# --- Password policy --- + +# PASSWORD_MIN_LENGTH=8 +# PASSWORD_REQUIRE_UPPERCASE=true +# PASSWORD_REQUIRE_LOWERCASE=true +# PASSWORD_REQUIRE_NUMBER=true +# PASSWORD_REQUIRE_SPECIAL=true +# PASSWORD_RATE_LIMIT_WINDOW_MS=900000 +# PASSWORD_RATE_LIMIT_MAX=5 + +# --- Account lockout --- + +# MAX_LOGIN_ATTEMPTS=5 +# LOCKOUT_DURATION_MINUTES=15 + +# --- Two-Factor Authentication (TFA) --- + +# MAX_TFA_ATTEMPTS=5 +# TFA_LOCKOUT_DURATION_MINUTES=30 +# TFA_REMEMBER_ME_EXPIRES_IN=30d +# TFA_MAX_REMEMBER_SESSIONS=5 +# TFA_SUSPICIOUS_ACTIVITY_THRESHOLD=3 + + +# --- OIDC / SSO --- +# Set OIDC_ENABLED=true and fill in the provider details to enable SSO. + +# OIDC_ENABLED=false +# OIDC_ISSUER_URL= +# OIDC_CLIENT_ID= +# OIDC_CLIENT_SECRET= +# OIDC_REDIRECT_URI=https://patchmon.example.com/api/v1/auth/oidc/callback +# OIDC_SCOPES=openid email profile groups +# OIDC_AUTO_CREATE_USERS=true +# OIDC_DEFAULT_ROLE=user +# OIDC_DISABLE_LOCAL_AUTH=false +# OIDC_BUTTON_TEXT=Login with SSO + +# OIDC group-to-role mapping +# OIDC_ADMIN_GROUP=PatchMon Admins +# OIDC_USER_GROUP=PatchMon Users +# OIDC_SYNC_ROLES=true + +# --- Encryption --- +# Used to encrypt sensitive data (e.g. AI provider keys) at rest. +# If not set, a key is derived automatically. Set this for consistent +# encryption across container restarts and replicas + +# AI_ENCRYPTION_KEY= +# SESSION_SECRET= + +