refactor: start refactoring env file

deploy/env.prod.sample

@@ -1,137 +1,214 @@
-# If you have any doubts about what a setting does,
-# check https://docs.funkwhale.audio/configuration.html#configuration-reference
+# This file controls environment settings for your Funkwhale pod.
+# If you change any of the variables in this file, remember to restart Funkwhale.
 
-# If you're tweaking this file from the template, ensure you edit at least the
-# following variables:
-# - DJANGO_SECRET_KEY
-# - FUNKWHALE_HOSTNAME
-# - EMAIL_CONFIG and DEFAULT_FROM_EMAIL if you plan to send e-mails)
-# On non-docker setup **only**, you'll also have to tweak/uncomment those variables:
-# - DATABASE_URL
-# - CACHE_URL
-#
-# You **don't** need to update those variables on pure docker setups.
-#
-# Additional options you may want to check:
-# - MUSIC_DIRECTORY_PATH and MUSIC_DIRECTORY_SERVE_PATH if you plan to use
-#   in-place import
-# - TYPESENSE_API_KEY if you want to enable typesense to experiment with
-#   the recommendation system set this. You can
-#   generate one using `openssl rand -base64 45`, for example
-#
-# Docker only
-# -----------
+# See https://docs.funkwhale.audio/administrator/configuration/env-file.html for more information
+
+# Required settings
+# -----------------
+# These settings are required for all Funkwhale deployments
+
+# The DJANGO_SECRET_KEY is cryptographic key used to secure Django
+# You can generate a random key by running `openssl rand -base64 45`
+
+DJANGO_SECRET_KEY=
+
+# FUNKWHALE_HOSTNAME is your pod's domain name. Don't include the protocol (for example: `https`).
+# The FUNKWHALE_HOSTNAME must be a root domain or a subdomain (for example: `example.com` or `subdomain.example.com)
+# You can't run Funkwhale on a subpath (for example: `example.com/funkwhale`)
+
+FUNKWHALE_HOSTNAME=
+
+# Additional required settings for Docker
+# ---------------------------------------
+# If you're running Funkwhale using Docker, you must configure these variables.
+
+# Enter the Funkwhale version you want to run.
+# This value is interpolated in the Docker compose file.
+# To use the latest release of Funkwhale, use `latest`.
+# If you want to run the develop branch, use `develop`.
+# To use a specific version, use the full semantic version number (for example: 1.3.0)
+# You don't need to comment this variable out for non-Docker deployments
 
-# The tag of the image we should use
-# (it will be interpolated in docker-compose file)
-# You can comment or ignore this if you're not using docker
 FUNKWHALE_VERSION=latest
 
-# End of Docker-only configuration
+# Additional required settings for non-Docker deployments
+# -------------------------------------------------------
+# If you run Funkwhale outside of Docker, you must configure these variables.
 
-# General configuration
-# ---------------------
+# The DATABASE_URL is the address of your postgres database.
+# Funkwhale uses this value to connect to postgres.
+# This variable uses the following format: `postgresql://<user>:<password>@<host>:<port>/<database>`
+# Uncomment the line below to set your URL.
+# Use the provided value if you followed the Debian installation guide.
 
-# Set this variables to bind the API server to another interface/port
-# example: FUNKWHALE_API_IP=0.0.0.0
-# example: FUNKWHALE_API_PORT=5678
-FUNKWHALE_API_IP=127.0.0.1
-FUNKWHALE_API_PORT=5000
-# The number of web workers to start in parallel. Higher means you can handle
-# more concurrent requests, but also leads to higher CPU/Memory usage
-FUNKWHALE_WEB_WORKERS=4
-# Replace this by the definitive, public domain you will use for
-# your instance. It cannot be changed after initial deployment
-# without breaking your instance.
-FUNKWHALE_HOSTNAME=yourdomain.funkwhale
-FUNKWHALE_PROTOCOL=https
-
-# Log level (debug, info, warning, error, critical)
-LOGLEVEL=error
-
-# Configure e-mail sending using this variale
-# By default, funkwhale will output e-mails sent to stdout
-# here are a few examples for this setting
-# EMAIL_CONFIG=consolemail://         # output e-mails to console (the default)
-# EMAIL_CONFIG=dummymail://          # disable e-mail sending completely
-# On a production instance, you'll usually want to use an external SMTP server:
-# If `user` or `password` contain special characters (eg.
-# `noreply@youremail.host` as `user`), be sure to urlencode them, using
-# for example the command:
-# `python3 -c 'import urllib.parse; print(urllib.parse.quote_plus
-# ("noreply@youremail.host"))'`
-# (returns `noreply%40youremail.host`)
-# EMAIL_CONFIG=smtp://user:password@youremail.host:25
-# EMAIL_CONFIG=smtp+ssl://user:password@youremail.host:465
-# EMAIL_CONFIG=smtp+tls://user:password@youremail.host:587
-
-# Make e-mail verification mandatory before using the service
-# Doesn't apply to admins.
-# ACCOUNT_EMAIL_VERIFICATION_ENFORCE=false
-
-# The e-mail address to use to send system e-mails.
-# DEFAULT_FROM_EMAIL=noreply@yourdomain
-
-# Depending on the reverse proxy used in front of your funkwhale instance,
-# the API will use different kind of headers to serve audio files
-# Allowed values: nginx, apache2
-REVERSE_PROXY_TYPE=nginx
-
-# API/Django configuration
-
-# Database configuration
-# Examples:
-#  DATABASE_URL=postgresql://<user>:<password>@<host>:<port>/<database>
-#  DATABASE_URL=postgresql://funkwhale:passw0rd@localhost:5432/funkwhale_database
-# Use the next one if you followed Debian installation guide
 # DATABASE_URL=postgresql://funkwhale@:5432/funkwhale
 
-# Cache configuration
-# Examples:
-#  CACHE_URL=redis://<host>:<port>/<database>
-#  CACHE_URL=redis://localhost:6379/0c
-#  With a password:
-#  CACHE_URL=redis://:password@localhost:6379/0
-#  (the extra semicolon is important)
-# Use the next one if you followed Debian installation guide
-#
-# CACHE_URL=redis://127.0.0.1:6379/0
-#
-# If you want to use Redis over unix sockets, you'll actually need two variables:
-# For the cache part:
-#  CACHE_URL=redis:///run/redis/redis.sock?db=0
-# For the Celery/asynchronous tasks part:
-#  CELERY_BROKER_URL=redis+socket:///run/redis/redis.sock?virtual_host=0
+# The CACHE_URL is the address of your redis instance.
+# Funkwhale uses this value to connect to redis.
+# This variable uses the following format: `redis://<host>:<port>/<database>`
+# To include a password, add it before the hostname.
+# For example: `redis://:<password>@<host>:<port>/<database>`
+# Uncomment the line below to set your URL.
+# Use the provided value if you followed the Debian installation guide.
 
-# Number of worker processes to execute. Defaults to 0, in which case it uses your number of CPUs
-# Celery workers handle background tasks (such file imports or federation
-# messaging). The more processes a worker gets, the more tasks
-# can be processed in parallel. However, more processes also means
-# a bigger memory footprint.
-# CELERYD_CONCURRENCY=0
+# CACHE_URL=redis://127.0.0.1:6379/0
+
+# Network configuration
+# ---------------------
+# Use these variables to configure the network settings of your Funkwhale pod.
+
+# The FUNKWHALE_API_IP is the address that serves the Funkwhale API.
+# Change this variable if you host the API on a different IP address.
+
+FUNKWHALE_API_IP=127.0.0.1
+
+# The FUNKWHALE_API_PORT is the port the Funkwhale API is served on.
+# Change this variable if you host the API on a different port.
+
+FUNKWHALE_API_PORT=5000
+
+# The REVERSE_PROXY_TYPE refers to the web server you use as a reverse proxy.
+# If you followed the Debian installation guide, you're using `nginx`
+# Available values: `nginx`, `apache2`
+
+REVERSE_PROXY_TYPE=nginx
+
+# The FUNKWHALE_PROTOCOL is the protocol your pod is served on.
+# In most cases, you will use a secure (`https`) connection.
+# Only change this if you need to serve Funkwhale over an insecure connection.
+# Available values: `https`, `http`
+
+FUNKWHALE_PROTOCOL=https
+
+# The NGINX_MAX_BODY_SIZE variable controls what size of files Nginx allows.
+# Adjust this variable to set the size of individual files that users can upload.
+
+NGINX_MAX_BODY_SIZE=100M
+
+# The FUNKWHALE_FRONTEND_PATH variable controls where frontend files are served from.
+# Only change this if you're serving the Funkwhale web app from a custom directory.
+
+FUNKWHALE_FRONTEND_PATH=/srv/funkwhale/front/dist
+
+# The FUNKWHALE_WEB_WORKERS variable sets the number of web workers to start in parallel.
+# More workers means the server can handle more concurrent requests.
+# More workers also increases the memory/CPU usage of your server.
+
+FUNKWHALE_WEB_WORKERS=4
+
+# The CELERYD_CONCURRENCY variable controls how many celeryworker processes run.
+# Celery workers handle background tasks (such as file imports and federation messaging).
+# The more processes a worker gets, the more tasks it can perform in the background.
+# More workers also increases the memory/CPU usage of your server.
+# If set to `0`, celery will create one worker per CPU core on your server.
+
+CELERYD_CONCURRENCY=0
 
 # Where media files (such as album covers or audio tracks) should be stored
 # on your system?
 # (Ensure this directory actually exists)
+
 MEDIA_ROOT=/srv/funkwhale/data/media
 
 # Where static files (such as API css or icons) should be compiled
 # on your system?
 # (Ensure this directory actually exists)
+
 STATIC_ROOT=/srv/funkwhale/data/static
 
-# which settings module should django use?
-# You don't have to touch this unless you really know what you're doing
+# Email configuration
+# -------------------
+# Use these variables to configure email sending on your pod.
+# Funkwhale uses email to confirm user identity and allow users to self-serve password resets.
+
+# The EMAIL_CONFIG variable controls how email is sent.
+# You can send emails using SMTP, or output to a different source.
+# Use `consolemail://` to output emails to the console
+# Use `dummymail://` to disable sending email
+# If you want to send email, enter your SMTP server settings in the following format:
+# `<protocol>://<user>:<password>@<host>:<port>`
+# For example:
+# `smtp://user:password@youremail.host:25`
+# `smtp+ssl://user:password@youremail.host:465`
+# `smtp+tls://user:password@youremail.host:587`
+# If your username contains special characters, you need to URL encode it.
+# You can use Python to encode your username as follows:
+# `python3 -c 'import urllib.parse; print(urllib.parse.quote_plus("noreply@youremail.host"))'`
+
+EMAIL_CONFIG=consolemail://
+
+# The ACCOUNT_EMAIL_VERIFICATION_ENFORCE variable allows you to require users to verify their email.
+
+ACCOUNT_EMAIL_VERIFICATION_ENFORCE=false
+
+# The DEFAULT_FROM_EMAIL variable sets the email address used to send emails to users.
+# This is the address that users see when they receive an email from your pod.
+
+# DEFAULT_FROM_EMAIL=noreply@yourdomain
+
+# Storage configuration
+# ---------------------
+# Use these variables to configure S3-compatible storage.
+
+# The AWS_S3_ENDPOINT_URL is the full URL of your S3-compatible storage service.
+# You only need to configure this variable if you use a service other than Amazon S3.
+# For example: `https://minio.mydomain.com`
+
+# AWS_S3_ENDPOINT_URL=
+
+# If you serve media from Amazon S3, you need to specify which AWS region your bucket is in.
+
+# If you are using Amazon S3 to serve media directly, you will need to specify your region
+# For example: `eu-west-2`
+
+# AWS_S3_REGION_NAME=
+
+# Use the following settings to configure access to your bucket.
+# These values are available in the interface of your storage provider.
+
+# AWS_ACCESS_KEY_ID=
+
+# AWS_SECRET_ACCESS_KEY=
+
+# AWS_STORAGE_BUCKET_NAME=
+
+# The AWS_LOCATION variable controls which directory your Funkwhale files are stored in.
+# By default, Funkwhale stores files in the root of your S3 bucket.
+
+# AWS_LOCATION=
+
+# The AWS_QUERYSTRING_EXPIRE variable controls how long generated URLs are valid for.
+# Longer expiry times reduce security, but make caching more effective.
+# The default value is 3600 (60 minutes). The maximum accepted value is 604800 (7 days).
+
+# AWS_QUERYSTRING_EXPIRE=
+
+# The AWS_DEFAULT_ACL variable allows you to set custom Access Control List settings for object uploads.
+# For example: `public-read`
+# Funkwhale uses the default settings provided by boto3 by default.
+# Available options can be found here: https://docs.aws.amazon.com/AmazonS3/latest/userguide/acl-overview.html#canned-acl
+
+# AWS_DEFAULT_ACL=
+
+# If you want to serve media directly from your S3 bucket rather than through a proxy,
+# set this to false
+# PROXY_MEDIA=false
+
+# Django configuration
+# --------------------
+
+# The DJANGO_SETTINGS_MODULE variable controls what settings are loaded by Django.
+# Don't change this variable unless you need to use a custom settings module.
+
 DJANGO_SETTINGS_MODULE=config.settings.production
 
-# Generate one using `openssl rand -base64 45`, for example
-DJANGO_SECRET_KEY=
+# The DJANGO_ADMIN_URL variable is the subpath used to access the Django admin panel.
+# By default, you can access Django at `<yourdomain>/api/admin`
 
-# You don't have to edit this, but you can put the admin on another URL if you
-# want to
 # DJANGO_ADMIN_URL=^api/admin/
 
-# In-place import settings
+# In-place import configuration
+# -----------------------------
 # You can safely leave those settings uncommented if you don't plan to use
 # in place imports.
 # Typical docker setup:
@@ -144,11 +221,35 @@ DJANGO_SECRET_KEY=
 MUSIC_DIRECTORY_PATH=/srv/funkwhale/data/music
 MUSIC_DIRECTORY_SERVE_PATH=/srv/funkwhale/data/music
 
+# Feature configuration
+# ---------------------
+# Use these variables to control optional features on Funkwhale
+
+# Typesense is a search engine that Funkwhale uses to improve content discovery
+# To use Typesense, set the TYPESENSE_API_KEY variable
+# You can generate a random key by running `openssl rand -base64 45`
+
+# TYPESENSE_API_KEY=
+
+# Logging configuration
+# ---------------------
+# Use these variables to configure logging on your Funkwhale pod.
+
+# The LOGLEVEL variable controls how verbose your Funkwhale server logs are.
+# Available values: `debug`, `info`, `warning`, `error`, `critical`
+
+LOGLEVEL=error
+
+# Funkwhale supports error logging using Sentry-compatible APIs.
+# The FUNKWHALE_SENTRY_DSN variable controls where Sentry sends these logs.
+# You can use the value provided to send logs directly to the Funkwhale project.
+
+# FUNKWHALE_SENTRY_DSN=https://5840197379c64f65aad3c5c09274994d@am.funkwhale.audio/1
+
 # LDAP settings
-# Use the following options to allow authentication on your Funkwhale instance
-# using a LDAP directory.
-# Have a look at https://docs.funkwhale.audio/installation/ldap.html for
-# detailed instructions.
+# -------------
+# These variables enable you to authenticate on your Funkwhale instance using LDAP.
+# See https://docs.funkwhale.audio/administrator/configuration/ldap.html for more information.
 
 # LDAP_ENABLED=False
 # LDAP_SERVER_URI=ldap://your.server:389
@@ -157,50 +258,3 @@ MUSIC_DIRECTORY_SERVE_PATH=/srv/funkwhale/data/music
 # LDAP_SEARCH_FILTER=(|(cn={0})(mail={0}))
 # LDAP_START_TLS=False
 # LDAP_ROOT_DN=dc=domain,dc=com
-
-FUNKWHALE_FRONTEND_PATH=/srv/funkwhale/front/dist
-
-# Nginx related configuration
-NGINX_MAX_BODY_SIZE=100M
-
-## External storages configuration
-# Funkwhale can store uploaded files on Amazon S3 and S3-compatible storages (such as Minio)
-# Uncomment and fill the variables below
-
-AWS_ACCESS_KEY_ID=
-AWS_SECRET_ACCESS_KEY=
-AWS_STORAGE_BUCKET_NAME=
-# An optional bucket subdirectory were you want to store the files. This is especially useful
-# if you plan to use share the bucket with other services
-# AWS_LOCATION=
-
-# If you use a S3-compatible storage such as minio, set the following variable
-# the full URL to the storage server. Example:
-#   AWS_S3_ENDPOINT_URL=https://minio.mydomain.com
-# AWS_S3_ENDPOINT_URL=
-
-# If you want to serve media directly from your S3 bucket rather than through a proxy,
-# set this to false
-# PROXY_MEDIA=false
-
-# If you are using Amazon S3 to serve media directly, you will need to specify your region
-# name in order to access files. Example:
-#   AWS_S3_REGION_NAME=eu-west-2
-# AWS_S3_REGION_NAME=
-
-# If you are using Amazon S3, use this setting to configure how long generated URLs should stay
-# valid. The default value is 3600 (60 minutes). The maximum accepted value is 604800 (7 days)
-
-# AWS_QUERYSTRING_EXPIRE=
-
-# If you are using an S3-compatible object storage provider, and need to provide a default
-# ACL for object uploads that is different from the default applied by boto3, you may
-# override it here. Example:
-#    AWS_DEFAULT_ACL=public-read
-# Available options can be found here: https://docs.aws.amazon.com/AmazonS3/latest/userguide/acl-overview.html#canned-acl
-
-# AWS_DEFAULT_ACL=
-
-# Funkwhale allows collecting errors using Sentry compatible APIs. If you want
-# to help us improving Funkwhale, feel free to use our instance:
-#FUNKWHALE_SENTRY_DSN=https://5840197379c64f65aad3c5c09274994d@am.funkwhale.audio/1