mirror/archived-ackify-ce
1
0
Fork 0
mirror of https://github.com/btouchard/ackify-ce.git synced 2026-02-28 10:48:47 -06:00
Code Issues Packages Projects Releases Wiki Activity
Files
cd0b751966485bad9dd11382d43820156ea19a92
archived-ackify-ce/.env.example
T
Benjamin 44431dabf4 feat(rls): move ackify_app role creation from init script to migrate tool 
BREAKING CHANGE: ACKIFY_APP_PASSWORD environment variable is now required for RLS support. The migrate tool creates the ackify_app role before running migrations, ensuring compatibility with existing deployments.

Changes:
- Add ensureAppRole() in cmd/migrate to create/update ackify_app role
- Remove docker/init-scripts/01-create-app-user.sh (no longer needed)
- Update compose.yml: add ACKIFY_APP_PASSWORD, backend connects as ackify_app
- Update migration 0016: remove conditional role creation
- Add RLS documentation (docs/en/configuration/rls.md, docs/fr/configuration/rls.md)
- Update configuration docs with RLS section and security checklist

Migration path for existing deployments:
1. Set ACKIFY_APP_PASSWORD in .env
2. Run docker compose up (migrate will create the role automatically)
2025-12-15 23:59:06 +01:00

71 lines
2.7 KiB
Bash
Raw Blame History

# Application Configuration
ACKIFY_BASE_URL=https://sign.your-domain.com
ACKIFY_ORGANISATION="Your Organization Name"
ACKIFY_LOG_LEVEL=info
ACKIFY_LOG_FORMAT=classic
# Database Configuration
POSTGRES_PASSWORD=your_secure_password
ACKIFY_APP_PASSWORD=ackify_app_password
# ============================================================================
# Authentication Configuration
# ============================================================================
# At least ONE authentication method must be enabled (OAuth or MagicLink)
#
# AUTO-DETECTION:
# - OAuth is enabled if ACKIFY_OAUTH_CLIENT_ID and ACKIFY_OAUTH_CLIENT_SECRET are set
# - MagicLink is enabled if ACKIFY_MAIL_HOST is configured
#
# You can override auto-detection with these variables:
# ACKIFY_AUTH_OAUTH_ENABLED=true
# ACKIFY_AUTH_MAGICLINK_ENABLED=true
# OAuth2 Configuration (OPTIONAL - remove if using MagicLink only)
ACKIFY_OAUTH_CLIENT_ID=your_oauth_client_id
ACKIFY_OAUTH_CLIENT_SECRET=your_oauth_client_secret
ACKIFY_OAUTH_ALLOWED_DOMAIN=your-organization.com
ACKIFY_OAUTH_AUTO_LOGIN=false
# OAuth2 Provider Configuration
# Use ACKIFY_OAUTH_PROVIDER to configure popular providers automatically:
# - "google" for Google OAuth2
# - "github" for GitHub OAuth2
# - "gitlab" for GitLab OAuth2 (set ACKIFY_OAUTH_GITLAB_URL if self-hosted)
# - Leave empty for custom provider (requires manual URL configuration)
ACKIFY_OAUTH_PROVIDER=google
# Custom OAuth2 Provider URLs (only needed if ACKIFY_OAUTH_PROVIDER is empty)
# ACKIFY_OAUTH_AUTH_URL=https://your-provider.com/oauth/authorize
# ACKIFY_OAUTH_TOKEN_URL=https://your-provider.com/oauth/token
# ACKIFY_OAUTH_USERINFO_URL=https://your-provider.com/api/user
# ACKIFY_OAUTH_LOGOUT_URL=https://your-provider.com/api/logout
# ACKIFY_OAUTH_SCOPES=openid,email
# GitLab specific (if using gitlab as provider and self-hosted)
# ACKIFY_OAUTH_GITLAB_URL=https://gitlab.your-company.com
# Email Configuration for MagicLink Authentication (OPTIONAL - required for MagicLink)
# If configured, enables passwordless authentication via email
# ACKIFY_MAIL_HOST=smtp.example.com
# ACKIFY_MAIL_PORT=587
# ACKIFY_MAIL_USERNAME=your_smtp_username
# ACKIFY_MAIL_PASSWORD=your_smtp_password
# ACKIFY_MAIL_FROM=noreply@example.com
# ACKIFY_MAIL_FROM_NAME=Ackify
# ACKIFY_MAIL_TLS=true
# ACKIFY_MAIL_STARTTLS=true
# ACKIFY_MAIL_INSECURE_SKIP_VERIFY=false
# Security Configuration
ACKIFY_OAUTH_COOKIE_SECRET=your_base64_encoded_secret_key
ACKIFY_ED25519_PRIVATE_KEY=your_base64_encoded_ed25519_private_key
# Admin Configuration
# ACKIFY_ADMIN_EMAILS=admin@your-domain.com,admin2@your-domain.com
# Document Creation Restriction
# ACKIFY_ONLY_ADMIN_CAN_CREATE=false
# Server Configuration
ACKIFY_LISTEN_ADDR=:8080
Reference in New Issue View Git Blame Copy Permalink