2026-03-26 18:56:56 -07:00
|
|
|
# Copy to .env.local — never commit .env.local.
|
|
|
|
|
|
|
|
|
|
# Public origin must match the browser URL (NPM host), not the LAN upstream IP.
|
|
|
|
|
# Apex: https://sankofa.nexus — or use https://portal.sankofa.nexus if that is your vhost.
|
|
|
|
|
NEXTAUTH_URL=https://sankofa.nexus
|
|
|
|
|
NEXTAUTH_SECRET=generate-with-openssl-rand-base64-32
|
|
|
|
|
|
2026-04-09 01:20:02 -07:00
|
|
|
# Keycloak OIDC (optional). All three must be non-empty or the portal uses credentials only.
|
2026-03-26 18:56:56 -07:00
|
|
|
KEYCLOAK_URL=https://keycloak.sankofa.nexus
|
2026-04-09 01:20:02 -07:00
|
|
|
KEYCLOAK_REALM=master
|
|
|
|
|
KEYCLOAK_CLIENT_ID=sankofa-portal
|
|
|
|
|
KEYCLOAK_CLIENT_SECRET=
|
|
|
|
|
|
|
|
|
|
# Production email/password login when Keycloak client secret is not set (rotate after enabling SSO).
|
|
|
|
|
PORTAL_LOCAL_LOGIN_EMAIL=portal@sankofa.nexus
|
|
|
|
|
PORTAL_LOCAL_LOGIN_PASSWORD=change-me-strong-password
|
2026-03-26 18:56:56 -07:00
|
|
|
|
|
|
|
|
NEXT_PUBLIC_CROSSPLANE_API=https://crossplane-api.crossplane-system.svc.cluster.local
|
|
|
|
|
NEXT_PUBLIC_ARGOCD_URL=https://argocd.sankofa.nexus
|
|
|
|
|
NEXT_PUBLIC_GRAFANA_URL=https://grafana.sankofa.nexus
|
|
|
|
|
NEXT_PUBLIC_LOKI_URL=https://loki.monitoring.svc.cluster.local:3100
|
2026-04-09 01:20:02 -07:00
|
|
|
|
|
|
|
|
# Cloudflare Turnstile (public site key). When set, unauthenticated Sign In is gated until the widget succeeds.
|
|
|
|
|
# Same widget can be paired with dbis_core IRU inquiry (VITE_CLOUDFLARE_TURNSTILE_SITE_KEY there). Not a DNS API key.
|
|
|
|
|
# NEXT_PUBLIC_CLOUDFLARE_TURNSTILE_SITE_KEY=
|
|
|
|
|
|
|
|
|
|
# IT inventory read API (proxmox Phase 0). Server-side only — do not use NEXT_PUBLIC_* for the key.
|
|
|
|
|
# Base URL of sankofa-it-read-api (e.g. http://192.168.11.11:8787 or internal NPM upstream).
|
|
|
|
|
# IT_READ_API_URL=http://192.168.11.11:8787
|
|
|
|
|
# IT_READ_API_KEY=
|