| 1 | # shithub environment example. Copy to .env and edit. .env is gitignored. |
| 2 | # |
| 3 | # Variables follow SHITHUB_<area>_<key> naming so they don't collide with |
| 4 | # system env. Nested config keys are joined with double-underscore in env |
| 5 | # (e.g. database.url -> SHITHUB_DATABASE__URL). |
| 6 | |
| 7 | # ----- web ----- |
| 8 | SHITHUB_WEB_ADDR=:8080 |
| 9 | |
| 10 | # ----- database (S01) ----- |
| 11 | # Used by `shithubd web`, `shithubd worker`, `shithubd migrate`, etc. |
| 12 | SHITHUB_DATABASE_URL=postgres://shithub:shithub_dev@127.0.0.1:5432/shithub?sslmode=disable |
| 13 | |
| 14 | # Used only by tests. The dbtest harness creates per-test DBs cloned from a |
| 15 | # template DB rooted under this server. |
| 16 | SHITHUB_TEST_DATABASE_URL=postgres://shithub:shithub_dev@127.0.0.1:5432/postgres?sslmode=disable |
| 17 | |
| 18 | # ----- storage (S04) ----- |
| 19 | # Filesystem root for bare git repos. Production: /data/repos on the |
| 20 | # block-storage volume. Dev default below points at a per-user dir. |
| 21 | SHITHUB_STORAGE__REPOS_ROOT=/tmp/shithub-dev/repos |
| 22 | |
| 23 | # S3-compatible object storage. Dev defaults target the local MinIO from |
| 24 | # docker-compose. Set non-default credentials in .env (do NOT commit). |
| 25 | SHITHUB_STORAGE__S3__ENDPOINT=127.0.0.1:9000 |
| 26 | SHITHUB_STORAGE__S3__REGION=us-east-1 |
| 27 | SHITHUB_STORAGE__S3__ACCESS_KEY_ID=shithub-dev |
| 28 | SHITHUB_STORAGE__S3__SECRET_ACCESS_KEY=shithub-dev-secret-please-change |
| 29 | SHITHUB_STORAGE__S3__BUCKET=shithub-dev |
| 30 | SHITHUB_STORAGE__S3__USE_SSL=false |
| 31 | SHITHUB_STORAGE__S3__FORCE_PATH_STYLE=true |
| 32 | |
| 33 | # ----- auth (S05) ----- |
| 34 | # Set false in dev for fast iteration; keep true in prod. |
| 35 | SHITHUB_AUTH__REQUIRE_EMAIL_VERIFICATION=false |
| 36 | # Used for the link in transactional emails — set to your public origin in prod. |
| 37 | SHITHUB_AUTH__BASE_URL=http://127.0.0.1:8080 |
| 38 | SHITHUB_AUTH__SITE_NAME=shithub |
| 39 | SHITHUB_AUTH__EMAIL_FROM=shithub <noreply@shithub.local> |
| 40 | # stdout (default in dev), smtp (MailHog), postmark, or resend. |
| 41 | SHITHUB_AUTH__EMAIL_BACKEND=stdout |
| 42 | # When email_backend=smtp: |
| 43 | SHITHUB_AUTH__SMTP__ADDR=127.0.0.1:1025 |
| 44 | # When email_backend=postmark: |
| 45 | # SHITHUB_AUTH__POSTMARK__SERVER_TOKEN=... |
| 46 | # When email_backend=resend (https://resend.com — no approval queue): |
| 47 | # SHITHUB_AUTH__RESEND__API_KEY=re_... |
| 48 | |
| 49 | # AEAD key for at-rest TOTP secrets (S06). Generate once and persist — |
| 50 | # rotating without re-encrypting every row breaks every existing 2FA login. |
| 51 | # SHITHUB_TOTP_KEY=$(openssl rand -base64 32) |
| 52 | |
| 53 | # ----- rate limits (S50 §0) ----- |
| 54 | # Per-hour budgets for /api/v1/* requests. Authed keyed by token id; |
| 55 | # anon keyed by remote IP. Zero falls back to the default. |
| 56 | SHITHUB_RATELIMIT__API__AUTHED_PER_HOUR=5000 |
| 57 | SHITHUB_RATELIMIT__API__ANON_PER_HOUR=60 |
| 58 | |
| 59 | # ----- billing (SP03) ----- |
| 60 | # Stripe Billing is disabled by default. Use Stripe test-mode keys for local |
| 61 | # drills and keep live keys in the production EnvironmentFile only. |
| 62 | SHITHUB_BILLING__ENABLED=false |
| 63 | SHITHUB_BILLING__GRACE_PERIOD=336h |
| 64 | # Required when billing is enabled: |
| 65 | # SHITHUB_BILLING__STRIPE__SECRET_KEY=sk_test_... |
| 66 | # SHITHUB_BILLING__STRIPE__WEBHOOK_SECRET=whsec_... |
| 67 | # SHITHUB_BILLING__STRIPE__TEAM_PRICE_ID=price_... |
| 68 | # Optional absolute override URLs; omitted values are derived from |
| 69 | # SHITHUB_AUTH__BASE_URL. |
| 70 | # SHITHUB_BILLING__STRIPE__SUCCESS_URL=https://shithub.example/organizations/{org}/billing/success |
| 71 | # SHITHUB_BILLING__STRIPE__CANCEL_URL=https://shithub.example/organizations/{org}/billing/cancel |
| 72 | # SHITHUB_BILLING__STRIPE__PORTAL_RETURN_URL=https://shithub.example/organizations/{org}/settings/billing |
| 73 | SHITHUB_BILLING__STRIPE__AUTOMATIC_TAX=false |