mattnite
/
forgejo-tickets
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
forgejo-tickets/docs/configuration.md

88 lines
3.8 KiB
Markdown
Raw Blame History

# Configuration
All configuration is read from environment variables. Copy `.env.example` to `.env` for local development.
## Environment Variable Reference
### Database
| Variable | Required | Default | Description |
|----------|----------|---------|-------------|
| `DATABASE_URL` | Yes | — | PostgreSQL connection string (e.g. `postgres://user:password@localhost:5432/forgejo_tickets?sslmode=disable`) |
### Server
| Variable | Required | Default | Description |
|----------|----------|---------|-------------|
| `PUBLIC_ADDR` | No | `:8080` | Listen address for the public (customer-facing) server |
| `ADMIN_ADDR` | No | `:8081` | Listen address for the admin server |
| `BASE_URL` | No | `http://localhost:8080` | Public base URL used to construct links in emails and OAuth redirects |
### Sessions
| Variable | Required | Default | Description |
|----------|----------|---------|-------------|
| `SESSION_SECRET` | Yes | — | Secret key for signing session cookies and CSRF tokens. Must be a random hex string. |
Generate a session secret:
```bash
openssl rand -hex 32
```
### Forgejo
| Variable | Required | Default | Description |
|----------|----------|---------|-------------|
| `FORGEJO_URL` | No | `""` | Base URL of the Forgejo instance (e.g. `https://forgejo.example.com`) |
| `FORGEJO_API_TOKEN` | No | `""` | API token for authenticating with the Forgejo API. Needs permission to create issues and comments. |
Both must be set for ticket-to-issue sync to work. See [Forgejo Integration](./forgejo-integration.md) for details.
### Email (Postmark)
| Variable | Required | Default | Description |
|----------|----------|---------|-------------|
| `POSTMARK_SERVER_TOKEN` | No | `""` | Postmark server API token for sending transactional emails |
| `POSTMARK_FROM_EMAIL` | No | `""` | Sender email address (e.g. `support@example.com`) |
Both must be set for email sending to work. Without them, email operations will fail silently in the logs.
### OAuth — Google
| Variable | Required | Default | Description |
|----------|----------|---------|-------------|
| `GOOGLE_CLIENT_ID` | No | `""` | Google OAuth 2.0 client ID |
| `GOOGLE_CLIENT_SECRET` | No | `""` | Google OAuth 2.0 client secret |
Leave empty to disable Google sign-in. Redirect URI must be configured as `{BASE_URL}/auth/google/callback` in the Google Cloud Console.
### OAuth — Microsoft
| Variable | Required | Default | Description |
|----------|----------|---------|-------------|
| `MICROSOFT_CLIENT_ID` | No | `""` | Microsoft Azure AD application (client) ID |
| `MICROSOFT_CLIENT_SECRET` | No | `""` | Microsoft Azure AD client secret |
| `MICROSOFT_TENANT_ID` | No | `common` | Azure AD tenant ID. Use `common` for multi-tenant, or a specific tenant ID to restrict. |
Leave `MICROSOFT_CLIENT_ID` empty to disable Microsoft sign-in. Redirect URI: `{BASE_URL}/auth/microsoft/callback`.
### OAuth — Apple
| Variable | Required | Default | Description |
|----------|----------|---------|-------------|
| `APPLE_CLIENT_ID` | No | `""` | Apple Services ID (e.g. `com.example.tickets`) |
| `APPLE_TEAM_ID` | No | `""` | Apple Developer Team ID |
| `APPLE_KEY_ID` | No | `""` | Key ID for the Sign in with Apple private key |
| `APPLE_KEY_PATH` | No | `""` | File path to the `.p8` private key file |
Leave `APPLE_CLIENT_ID` empty to disable Apple sign-in. Redirect URI: `{BASE_URL}/auth/apple/callback`. Note that Apple uses `form_post` response mode.
### Admin
| Variable | Required | Default | Description |
|----------|----------|---------|-------------|
| `TAILSCALE_ALLOWED_USERS` | No | `""` | Comma-separated list of Tailscale login names allowed to access the admin panel (e.g. `user@example.com,admin@example.com`). If empty, all requests are allowed (dev mode). |
See [Admin Guide](./admin-guide.md#authentication) for details on how Tailscale authentication works.
Reference in New Issue View Git Blame Copy Permalink