-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy path.env.example
More file actions
56 lines (48 loc) · 2.29 KB
/
.env.example
File metadata and controls
56 lines (48 loc) · 2.29 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
# Chickadee — environment configuration
# Copy to .env and fill in values before starting the server.
#
# For Docker Compose: docker compose reads .env automatically.
# For VM / systemd: copy to /opt/chickadee/.env (see deploy/README.md).
# ----------------------------------------------------------------
# Runner shared secret (OPTIONAL)
# Leave unset to use the auto-generated three-word .worker-secret shared by
# the Docker Compose server and runner containers.
# Set this explicitly if you want a fixed secret across redeploys or non-Docker
# runners. Example: openssl rand -base64 32
# ----------------------------------------------------------------
# RUNNER_SHARED_SECRET=
# ----------------------------------------------------------------
# Auth mode
# Default is SSO. For local username/password auth, set both:
# AUTH_MODE=local
# ENABLE_NON_SSO_AUTH_MODES=true
# ----------------------------------------------------------------
# AUTH_MODE=local
# ENABLE_NON_SSO_AUTH_MODES=true
# ----------------------------------------------------------------
# OIDC / SSO credentials (required when AUTH_MODE=sso or dual)
# ----------------------------------------------------------------
OIDC_AUTH_SERVER=https://sso.example.com/oidc/YOUR_ID/
OIDC_CLIENT_ID=YOUR_CLIENT_ID
OIDC_CLIENT_SECRET=YOUR_CLIENT_SECRET
OIDC_CALLBACK=/oidc/callback/
# JWT claim name used as the Chickadee username (default: preferred_username).
# UWaterloo DUO: OIDC_USERNAME_CLAIM=winaccountname
# Most standard OIDC providers: leave unset or set to preferred_username
# OIDC_USERNAME_CLAIM=preferred_username
# JWT claim name used as the user's email address (default: email).
# OIDC_EMAIL_CLAIM=email
# Comma-separated list of SSO usernames that receive admin/instructor roles on first login.
# Values are matched against the username derived from OIDC_USERNAME_CLAIM.
SSO_ADMIN_USERS=
SSO_INSTRUCTOR_USERS=
# ----------------------------------------------------------------
# Public URL and HTTPS (required in production)
# ----------------------------------------------------------------
# PUBLIC_BASE_URL=https://chickadee.example.com
# ENFORCE_HTTPS=true
# SESSION_COOKIE_SECURE=true
# ----------------------------------------------------------------
# Logging
# ----------------------------------------------------------------
# LOG_LEVEL=info