-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy path.env.example
More file actions
193 lines (153 loc) · 6.45 KB
/
.env.example
File metadata and controls
193 lines (153 loc) · 6.45 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
# ============================================================================
# OASIS PYTHONUI DOCKER COMPOSE CONFIGURATION
# ============================================================================
# Copy this file to .env and configure for your deployment
# For quick start, use one of the example files:
# - .env.simple (Simple JWT authentication)
# - .env.keycloak (Keycloak OIDC)
# - .env.authentik (Authentik OIDC)
# ============================================================================
# PROJECT CONFIGURATION
# ============================================================================
# Docker Compose project name (used for volume and network naming)
COMPOSE_PROJECT_NAME=oasispythonui
# Enable debug mode (1=on, 0=off)
OASIS_DEBUG=1
# Docker socket path (required for traefik reverse proxy)
# Standard Docker: /var/run/docker.sock
# Docker Desktop: ~/.docker/desktop/docker.sock
DOCKER_SOCK=/var/run/docker.sock
# ============================================================================
# HOSTNAME CONFIGURATION
# ============================================================================
# Matches OasisPlatform Kubernetes values.yaml: ingress.uiHostname
#
# For local development: localhost
# For production/custom domain: ui.oasis.local or your domain
# This hostname is used in:
# - OIDC redirect URIs
# - API endpoint URLs
# - External access URLs
OASIS_UI_HOSTNAME=localhost
OASIS_PROTOCOL=http
# ============================================================================
# AUTHENTICATION CONFIGURATION
# ============================================================================
# Authentication type
# Options: simple, keycloak, authentik
API_AUTH_TYPE=simple
# Allowed OIDC providers (comma-separated)
# Used when API_AUTH_TYPE is keycloak or authentik
OASIS_SERVER_ALLOWED_OIDC_AUTH_PROVIDERS=keycloak,authentik
# ============================================================================
# SIMPLE AUTHENTICATION (when API_AUTH_TYPE=simple)
# ============================================================================
# These credentials are used for:
# - Django admin interface
# - REST API JWT authentication
# - Service-to-service communication
OASIS_ADMIN_USER=admin
OASIS_ADMIN_PASS=password
# ============================================================================
# OIDC SERVICE ACCOUNT (when API_AUTH_TYPE=keycloak or authentik)
# ============================================================================
# OIDC client credentials for service-to-service authentication.
# Must match the service client configured in Keycloak/Authentik.
# Not used for simple auth (install.sh uses OASIS_ADMIN_USER/PASS instead).
OASIS_SERVICE_CLIENT_NAME=oasis-service
OASIS_SERVICE_CLIENT_SECRET=serviceNotSoSecret
# ============================================================================
# IMAGE VERSIONS
# ============================================================================
SERVER_IMG=coreoasis/api_server
VERS_API=2.5
WORKER_IMG=coreoasis/model_worker
VERS_WORKER=2.5
PYTHONUI_IMG=coreoasis/oasispythonui_app
VERS_UI=latest
# PiWind model version
VERS_PIWIND=stable/2.5.x
# ============================================================================
# DATABASE CONFIGURATION
# ============================================================================
# Oasis API Database (PostgreSQL)
OASIS_SERVER_DB_HOST=server-db
OASIS_SERVER_DB_PORT=5432
OASIS_SERVER_DB_NAME=oasis
OASIS_SERVER_DB_USER=oasis
OASIS_SERVER_DB_PASS=oasis
# Celery Results Database (PostgreSQL)
OASIS_CELERY_DB_HOST=celery-db
OASIS_CELERY_DB_PORT=5432
OASIS_CELERY_DB_NAME=celery
OASIS_CELERY_DB_USER=celery
OASIS_CELERY_DB_PASS=password
# ============================================================================
# BROKER & CHANNEL LAYER
# ============================================================================
# RabbitMQ Message Broker
RABBITMQ_DEFAULT_USER=rabbit
RABBITMQ_DEFAULT_PASS=rabbit
OASIS_CELERY_BROKER_URL=amqp://rabbit:rabbit@broker:5672
# Redis/Valkey Channel Layer
REDIS_HOST=channel-layer
REDIS_PORT=6379
OASIS_SERVER_CHANNEL_LAYER_SSL=false
# ============================================================================
# KEYCLOAK CONFIGURATION (when API_AUTH_TYPE=keycloak)
# ============================================================================
# Keycloak Service Configuration
KEYCLOAK_HOST=keycloak
KEYCLOAK_PORT=8080
# Keycloak Admin Console Credentials
# Access at: http://localhost:8080/auth/admin
KEYCLOAK_ADMIN_USER=keycloak
KEYCLOAK_ADMIN_PASSWORD=password
# Keycloak Database
KEYCLOAK_DB_NAME=keycloak
KEYCLOAK_DB_USER=keycloak
KEYCLOAK_DB_PASSWORD=password
# OIDC Client Configuration
# These must match the client configurations in the realm template
OIDC_KEYCLOAK_CLIENT_NAME=oasis-server
OIDC_KEYCLOAK_CLIENT_SECRET=e4f4fb25-2250-4210-a7d6-9b16c3d2ab77
# Default Users Configuration
# Users are defined in: oidc/keycloak/users.yaml
# Edit that file to add/modify users
# ============================================================================
# AUTHENTIK CONFIGURATION (when API_AUTH_TYPE=authentik)
# ============================================================================
# Authentik Service Configuration
AUTHENTIK_HOST=authentik
AUTHENTIK_PORT=9000
# Authentik Bootstrap Configuration
# Used for initial setup only
# Access at: http://localhost:9000/authentik/
AUTHENTIK_BOOTSTRAP_USER=akadmin
AUTHENTIK_BOOTSTRAP_EMAIL=akadmin@example.com
AUTHENTIK_BOOTSTRAP_PASSWORD=password
AUTHENTIK_BOOTSTRAP_TOKEN=my-demo-token-abc123
# Authentik Secret Key (for encryption)
# CHANGE THIS IN PRODUCTION!
AUTHENTIK_SECRET_KEY=notsosecretkey
# Authentik Database
AUTHENTIK_DB_NAME=authentik
AUTHENTIK_DB_USER=authentik
AUTHENTIK_DB_PASSWORD=password
# OIDC Client Configuration
# These must match the provider configurations in the blueprint
OIDC_AUTHENTIK_CLIENT_NAME=oasis-server
OIDC_AUTHENTIK_CLIENT_SECRET=EfNMUM3GG1bd1CYUvNfiBGWKfvbGFiNAdutEqHSarZ9H7oL0sZfKLvPT1ujaqVm2839Vka8Ky0elliMQ6yWKN8Jv8dzh3BeVFn0F7LPquGkIus6JJ9nGH1vtfCt7AhtO
# Default Users Configuration
# Users are defined in: oidc/authentik/users.yaml
# Edit that file to add/modify users
# ============================================================================
# ADVANCED CONFIGURATION
# ============================================================================
# Portfolio upload validation (0=off, 1=on)
OASIS_PORTFOLIO_UPLOAD_VALIDATION=0
# Worker library versions (empty = latest)
OASIS_OASISLMF_VERSION=
OASIS_ODS_VERSION=
OASIS_ODM_VERSION=
OASIS_OED_SCHEMA_INFO=