From ff58fa49130468c8976dcafdd4d02949c641f9fc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ciar=C3=A1n=20Ainsworth?= Date: Sun, 18 Jun 2023 13:58:26 +0200 Subject: [PATCH] refactor: start refactoring env file --- deploy/env.prod.sample | 374 +++++++++++++++++++++++------------------ 1 file changed, 214 insertions(+), 160 deletions(-) diff --git a/deploy/env.prod.sample b/deploy/env.prod.sample index 0ff7a5be1..749953fa8 100644 --- a/deploy/env.prod.sample +++ b/deploy/env.prod.sample @@ -1,137 +1,214 @@ -# If you have any doubts about what a setting does, -# check https://docs.funkwhale.audio/configuration.html#configuration-reference +# This file controls environment settings for your Funkwhale pod. +# If you change any of the variables in this file, remember to restart Funkwhale. -# If you're tweaking this file from the template, ensure you edit at least the -# following variables: -# - DJANGO_SECRET_KEY -# - FUNKWHALE_HOSTNAME -# - EMAIL_CONFIG and DEFAULT_FROM_EMAIL if you plan to send e-mails) -# On non-docker setup **only**, you'll also have to tweak/uncomment those variables: -# - DATABASE_URL -# - CACHE_URL -# -# You **don't** need to update those variables on pure docker setups. -# -# Additional options you may want to check: -# - MUSIC_DIRECTORY_PATH and MUSIC_DIRECTORY_SERVE_PATH if you plan to use -# in-place import -# - TYPESENSE_API_KEY if you want to enable typesense to experiment with -# the recommendation system set this. You can -# generate one using `openssl rand -base64 45`, for example -# -# Docker only -# ----------- +# See https://docs.funkwhale.audio/administrator/configuration/env-file.html for more information + +# Required settings +# ----------------- +# These settings are required for all Funkwhale deployments + +# The DJANGO_SECRET_KEY is cryptographic key used to secure Django +# You can generate a random key by running `openssl rand -base64 45` + +DJANGO_SECRET_KEY= + +# FUNKWHALE_HOSTNAME is your pod's domain name. Don't include the protocol (for example: `https`). +# The FUNKWHALE_HOSTNAME must be a root domain or a subdomain (for example: `example.com` or `subdomain.example.com) +# You can't run Funkwhale on a subpath (for example: `example.com/funkwhale`) + +FUNKWHALE_HOSTNAME= + +# Additional required settings for Docker +# --------------------------------------- +# If you're running Funkwhale using Docker, you must configure these variables. + +# Enter the Funkwhale version you want to run. +# This value is interpolated in the Docker compose file. +# To use the latest release of Funkwhale, use `latest`. +# If you want to run the develop branch, use `develop`. +# To use a specific version, use the full semantic version number (for example: 1.3.0) +# You don't need to comment this variable out for non-Docker deployments -# The tag of the image we should use -# (it will be interpolated in docker-compose file) -# You can comment or ignore this if you're not using docker FUNKWHALE_VERSION=latest -# End of Docker-only configuration +# Additional required settings for non-Docker deployments +# ------------------------------------------------------- +# If you run Funkwhale outside of Docker, you must configure these variables. -# General configuration -# --------------------- +# The DATABASE_URL is the address of your postgres database. +# Funkwhale uses this value to connect to postgres. +# This variable uses the following format: `postgresql://:@:/` +# Uncomment the line below to set your URL. +# Use the provided value if you followed the Debian installation guide. -# Set this variables to bind the API server to another interface/port -# example: FUNKWHALE_API_IP=0.0.0.0 -# example: FUNKWHALE_API_PORT=5678 -FUNKWHALE_API_IP=127.0.0.1 -FUNKWHALE_API_PORT=5000 -# The number of web workers to start in parallel. Higher means you can handle -# more concurrent requests, but also leads to higher CPU/Memory usage -FUNKWHALE_WEB_WORKERS=4 -# Replace this by the definitive, public domain you will use for -# your instance. It cannot be changed after initial deployment -# without breaking your instance. -FUNKWHALE_HOSTNAME=yourdomain.funkwhale -FUNKWHALE_PROTOCOL=https - -# Log level (debug, info, warning, error, critical) -LOGLEVEL=error - -# Configure e-mail sending using this variale -# By default, funkwhale will output e-mails sent to stdout -# here are a few examples for this setting -# EMAIL_CONFIG=consolemail:// # output e-mails to console (the default) -# EMAIL_CONFIG=dummymail:// # disable e-mail sending completely -# On a production instance, you'll usually want to use an external SMTP server: -# If `user` or `password` contain special characters (eg. -# `noreply@youremail.host` as `user`), be sure to urlencode them, using -# for example the command: -# `python3 -c 'import urllib.parse; print(urllib.parse.quote_plus -# ("noreply@youremail.host"))'` -# (returns `noreply%40youremail.host`) -# EMAIL_CONFIG=smtp://user:password@youremail.host:25 -# EMAIL_CONFIG=smtp+ssl://user:password@youremail.host:465 -# EMAIL_CONFIG=smtp+tls://user:password@youremail.host:587 - -# Make e-mail verification mandatory before using the service -# Doesn't apply to admins. -# ACCOUNT_EMAIL_VERIFICATION_ENFORCE=false - -# The e-mail address to use to send system e-mails. -# DEFAULT_FROM_EMAIL=noreply@yourdomain - -# Depending on the reverse proxy used in front of your funkwhale instance, -# the API will use different kind of headers to serve audio files -# Allowed values: nginx, apache2 -REVERSE_PROXY_TYPE=nginx - -# API/Django configuration - -# Database configuration -# Examples: -# DATABASE_URL=postgresql://:@:/ -# DATABASE_URL=postgresql://funkwhale:passw0rd@localhost:5432/funkwhale_database -# Use the next one if you followed Debian installation guide # DATABASE_URL=postgresql://funkwhale@:5432/funkwhale -# Cache configuration -# Examples: -# CACHE_URL=redis://:/ -# CACHE_URL=redis://localhost:6379/0c -# With a password: -# CACHE_URL=redis://:password@localhost:6379/0 -# (the extra semicolon is important) -# Use the next one if you followed Debian installation guide -# -# CACHE_URL=redis://127.0.0.1:6379/0 -# -# If you want to use Redis over unix sockets, you'll actually need two variables: -# For the cache part: -# CACHE_URL=redis:///run/redis/redis.sock?db=0 -# For the Celery/asynchronous tasks part: -# CELERY_BROKER_URL=redis+socket:///run/redis/redis.sock?virtual_host=0 +# The CACHE_URL is the address of your redis instance. +# Funkwhale uses this value to connect to redis. +# This variable uses the following format: `redis://:/` +# To include a password, add it before the hostname. +# For example: `redis://:@:/` +# Uncomment the line below to set your URL. +# Use the provided value if you followed the Debian installation guide. -# Number of worker processes to execute. Defaults to 0, in which case it uses your number of CPUs -# Celery workers handle background tasks (such file imports or federation -# messaging). The more processes a worker gets, the more tasks -# can be processed in parallel. However, more processes also means -# a bigger memory footprint. -# CELERYD_CONCURRENCY=0 +# CACHE_URL=redis://127.0.0.1:6379/0 + +# Network configuration +# --------------------- +# Use these variables to configure the network settings of your Funkwhale pod. + +# The FUNKWHALE_API_IP is the address that serves the Funkwhale API. +# Change this variable if you host the API on a different IP address. + +FUNKWHALE_API_IP=127.0.0.1 + +# The FUNKWHALE_API_PORT is the port the Funkwhale API is served on. +# Change this variable if you host the API on a different port. + +FUNKWHALE_API_PORT=5000 + +# The REVERSE_PROXY_TYPE refers to the web server you use as a reverse proxy. +# If you followed the Debian installation guide, you're using `nginx` +# Available values: `nginx`, `apache2` + +REVERSE_PROXY_TYPE=nginx + +# The FUNKWHALE_PROTOCOL is the protocol your pod is served on. +# In most cases, you will use a secure (`https`) connection. +# Only change this if you need to serve Funkwhale over an insecure connection. +# Available values: `https`, `http` + +FUNKWHALE_PROTOCOL=https + +# The NGINX_MAX_BODY_SIZE variable controls what size of files Nginx allows. +# Adjust this variable to set the size of individual files that users can upload. + +NGINX_MAX_BODY_SIZE=100M + +# The FUNKWHALE_FRONTEND_PATH variable controls where frontend files are served from. +# Only change this if you're serving the Funkwhale web app from a custom directory. + +FUNKWHALE_FRONTEND_PATH=/srv/funkwhale/front/dist + +# The FUNKWHALE_WEB_WORKERS variable sets the number of web workers to start in parallel. +# More workers means the server can handle more concurrent requests. +# More workers also increases the memory/CPU usage of your server. + +FUNKWHALE_WEB_WORKERS=4 + +# The CELERYD_CONCURRENCY variable controls how many celeryworker processes run. +# Celery workers handle background tasks (such as file imports and federation messaging). +# The more processes a worker gets, the more tasks it can perform in the background. +# More workers also increases the memory/CPU usage of your server. +# If set to `0`, celery will create one worker per CPU core on your server. + +CELERYD_CONCURRENCY=0 # Where media files (such as album covers or audio tracks) should be stored # on your system? # (Ensure this directory actually exists) + MEDIA_ROOT=/srv/funkwhale/data/media # Where static files (such as API css or icons) should be compiled # on your system? # (Ensure this directory actually exists) + STATIC_ROOT=/srv/funkwhale/data/static -# which settings module should django use? -# You don't have to touch this unless you really know what you're doing +# Email configuration +# ------------------- +# Use these variables to configure email sending on your pod. +# Funkwhale uses email to confirm user identity and allow users to self-serve password resets. + +# The EMAIL_CONFIG variable controls how email is sent. +# You can send emails using SMTP, or output to a different source. +# Use `consolemail://` to output emails to the console +# Use `dummymail://` to disable sending email +# If you want to send email, enter your SMTP server settings in the following format: +# `://:@:` +# For example: +# `smtp://user:password@youremail.host:25` +# `smtp+ssl://user:password@youremail.host:465` +# `smtp+tls://user:password@youremail.host:587` +# If your username contains special characters, you need to URL encode it. +# You can use Python to encode your username as follows: +# `python3 -c 'import urllib.parse; print(urllib.parse.quote_plus("noreply@youremail.host"))'` + +EMAIL_CONFIG=consolemail:// + +# The ACCOUNT_EMAIL_VERIFICATION_ENFORCE variable allows you to require users to verify their email. + +ACCOUNT_EMAIL_VERIFICATION_ENFORCE=false + +# The DEFAULT_FROM_EMAIL variable sets the email address used to send emails to users. +# This is the address that users see when they receive an email from your pod. + +# DEFAULT_FROM_EMAIL=noreply@yourdomain + +# Storage configuration +# --------------------- +# Use these variables to configure S3-compatible storage. + +# The AWS_S3_ENDPOINT_URL is the full URL of your S3-compatible storage service. +# You only need to configure this variable if you use a service other than Amazon S3. +# For example: `https://minio.mydomain.com` + +# AWS_S3_ENDPOINT_URL= + +# If you serve media from Amazon S3, you need to specify which AWS region your bucket is in. + +# If you are using Amazon S3 to serve media directly, you will need to specify your region +# For example: `eu-west-2` + +# AWS_S3_REGION_NAME= + +# Use the following settings to configure access to your bucket. +# These values are available in the interface of your storage provider. + +# AWS_ACCESS_KEY_ID= + +# AWS_SECRET_ACCESS_KEY= + +# AWS_STORAGE_BUCKET_NAME= + +# The AWS_LOCATION variable controls which directory your Funkwhale files are stored in. +# By default, Funkwhale stores files in the root of your S3 bucket. + +# AWS_LOCATION= + +# The AWS_QUERYSTRING_EXPIRE variable controls how long generated URLs are valid for. +# Longer expiry times reduce security, but make caching more effective. +# The default value is 3600 (60 minutes). The maximum accepted value is 604800 (7 days). + +# AWS_QUERYSTRING_EXPIRE= + +# The AWS_DEFAULT_ACL variable allows you to set custom Access Control List settings for object uploads. +# For example: `public-read` +# Funkwhale uses the default settings provided by boto3 by default. +# Available options can be found here: https://docs.aws.amazon.com/AmazonS3/latest/userguide/acl-overview.html#canned-acl + +# AWS_DEFAULT_ACL= + +# If you want to serve media directly from your S3 bucket rather than through a proxy, +# set this to false +# PROXY_MEDIA=false + +# Django configuration +# -------------------- + +# The DJANGO_SETTINGS_MODULE variable controls what settings are loaded by Django. +# Don't change this variable unless you need to use a custom settings module. + DJANGO_SETTINGS_MODULE=config.settings.production -# Generate one using `openssl rand -base64 45`, for example -DJANGO_SECRET_KEY= +# The DJANGO_ADMIN_URL variable is the subpath used to access the Django admin panel. +# By default, you can access Django at `/api/admin` -# You don't have to edit this, but you can put the admin on another URL if you -# want to # DJANGO_ADMIN_URL=^api/admin/ -# In-place import settings +# In-place import configuration +# ----------------------------- # You can safely leave those settings uncommented if you don't plan to use # in place imports. # Typical docker setup: @@ -144,11 +221,35 @@ DJANGO_SECRET_KEY= MUSIC_DIRECTORY_PATH=/srv/funkwhale/data/music MUSIC_DIRECTORY_SERVE_PATH=/srv/funkwhale/data/music +# Feature configuration +# --------------------- +# Use these variables to control optional features on Funkwhale + +# Typesense is a search engine that Funkwhale uses to improve content discovery +# To use Typesense, set the TYPESENSE_API_KEY variable +# You can generate a random key by running `openssl rand -base64 45` + +# TYPESENSE_API_KEY= + +# Logging configuration +# --------------------- +# Use these variables to configure logging on your Funkwhale pod. + +# The LOGLEVEL variable controls how verbose your Funkwhale server logs are. +# Available values: `debug`, `info`, `warning`, `error`, `critical` + +LOGLEVEL=error + +# Funkwhale supports error logging using Sentry-compatible APIs. +# The FUNKWHALE_SENTRY_DSN variable controls where Sentry sends these logs. +# You can use the value provided to send logs directly to the Funkwhale project. + +# FUNKWHALE_SENTRY_DSN=https://5840197379c64f65aad3c5c09274994d@am.funkwhale.audio/1 + # LDAP settings -# Use the following options to allow authentication on your Funkwhale instance -# using a LDAP directory. -# Have a look at https://docs.funkwhale.audio/installation/ldap.html for -# detailed instructions. +# ------------- +# These variables enable you to authenticate on your Funkwhale instance using LDAP. +# See https://docs.funkwhale.audio/administrator/configuration/ldap.html for more information. # LDAP_ENABLED=False # LDAP_SERVER_URI=ldap://your.server:389 @@ -157,50 +258,3 @@ MUSIC_DIRECTORY_SERVE_PATH=/srv/funkwhale/data/music # LDAP_SEARCH_FILTER=(|(cn={0})(mail={0})) # LDAP_START_TLS=False # LDAP_ROOT_DN=dc=domain,dc=com - -FUNKWHALE_FRONTEND_PATH=/srv/funkwhale/front/dist - -# Nginx related configuration -NGINX_MAX_BODY_SIZE=100M - -## External storages configuration -# Funkwhale can store uploaded files on Amazon S3 and S3-compatible storages (such as Minio) -# Uncomment and fill the variables below - -AWS_ACCESS_KEY_ID= -AWS_SECRET_ACCESS_KEY= -AWS_STORAGE_BUCKET_NAME= -# An optional bucket subdirectory were you want to store the files. This is especially useful -# if you plan to use share the bucket with other services -# AWS_LOCATION= - -# If you use a S3-compatible storage such as minio, set the following variable -# the full URL to the storage server. Example: -# AWS_S3_ENDPOINT_URL=https://minio.mydomain.com -# AWS_S3_ENDPOINT_URL= - -# If you want to serve media directly from your S3 bucket rather than through a proxy, -# set this to false -# PROXY_MEDIA=false - -# If you are using Amazon S3 to serve media directly, you will need to specify your region -# name in order to access files. Example: -# AWS_S3_REGION_NAME=eu-west-2 -# AWS_S3_REGION_NAME= - -# If you are using Amazon S3, use this setting to configure how long generated URLs should stay -# valid. The default value is 3600 (60 minutes). The maximum accepted value is 604800 (7 days) - -# AWS_QUERYSTRING_EXPIRE= - -# If you are using an S3-compatible object storage provider, and need to provide a default -# ACL for object uploads that is different from the default applied by boto3, you may -# override it here. Example: -# AWS_DEFAULT_ACL=public-read -# Available options can be found here: https://docs.aws.amazon.com/AmazonS3/latest/userguide/acl-overview.html#canned-acl - -# AWS_DEFAULT_ACL= - -# Funkwhale allows collecting errors using Sentry compatible APIs. If you want -# to help us improving Funkwhale, feel free to use our instance: -#FUNKWHALE_SENTRY_DSN=https://5840197379c64f65aad3c5c09274994d@am.funkwhale.audio/1