infra/cloud/.env.example

# Aggregated env for the cloud composition.
# Copy to .env and fill in real values. Never commit .env.

TZ=Europe/Amsterdam

# Domain / TLS
PRIMARY_DOMAIN=wbd-rd.nl
LETSENCRYPT_EMAIL=r.de.ren@brabantsedelta.nl
# Production CA: https://acme-v02.api.letsencrypt.org/directory
# Staging CA (testing): https://acme-staging-v02.api.letsencrypt.org/directory
ACME_CA_URI=https://acme-v02.api.letsencrypt.org/directory

# WireGuard server
WG_SERVER_PORT=51820
WG_SERVER_PUBLIC_HOST=

# Keycloak (admin bootstrap + DB)
KEYCLOAK_ADMIN=admin
KEYCLOAK_ADMIN_PASSWORD=
KEYCLOAK_HOSTNAME=auth.wbd-rd.nl
KEYCLOAK_DB_PASSWORD=

# InfluxDB
INFLUX_ADMIN_USER=admin
INFLUX_ADMIN_PASSWORD=
INFLUX_ADMIN_TOKEN=
INFLUX_ORG=wbd
INFLUX_BUCKET=telemetry

# Grafana
GRAFANA_ADMIN_USER=admin
GRAFANA_ADMIN_PASSWORD=
GRAFANA_ROOT_URL=https://dash.wbd-rd.nl

# SQL (postgres — single point of config)
SQL_DB=config
SQL_USER=config
SQL_PASSWORD=

# RabbitMQ
RABBITMQ_USER=admin
RABBITMQ_PASSWORD=
RABBITMQ_VHOST=/

# Postfix
POSTFIX_RELAYHOST=
POSTFIX_FROM_DOMAIN=wbd-rd.nl

# Gitea (HTTPS-only; uses sql backend; OIDC via Keycloak)
GITEA_ROOT_URL=https://git.wbd-rd.nl
GITEA_DOMAIN=git.wbd-rd.nl
GITEA_DB_HOST=sql:5432
GITEA_DB_NAME=gitea
GITEA_DB_USER=gitea
GITEA_DB_PASSWORD=
GITEA_OAUTH_CLIENT_ID=gitea
GITEA_OAUTH_CLIENT_SECRET=
GITEA_OAUTH_DISCOVERY_URL=https://auth.wbd-rd.nl/realms/wbd/.well-known/openid-configuration
GITEA_MAIL_FROM=gitea@wbd-rd.nl

# Jenkins
JENKINS_ADMIN_USER=admin
JENKINS_ADMIN_PASSWORD=

# MLflow (uses sql backend)
MLFLOW_DB_NAME=mlflow
MLFLOW_DB_USER=mlflow
MLFLOW_DB_PASSWORD=

# JupyterHub
# STUB AUTH: DummyAuthenticator. Set a strong shared password — any username + this password logs in.
# Replace with Keycloak OIDC (GenericOAuthenticator) before exposing to users beyond the cloud operator.
JUPYTER_NOTEBOOK_IMAGE=jupyter/datascience-notebook:latest
JUPYTERHUB_ADMIN_USERS=
JUPYTERHUB_ADMIN_PASSWORD=

# FROST (SensorThings — dedicated postgis + internal mosquitto bus, ingressed at sta.wbd-rd.nl)
FROST_DB_PASSWORD=
FROST_SERVICE_ROOT_URL=https://sta.wbd-rd.nl/FROST-Server