monacousa-portal/deploy/.env.example

# ============================================
# Monaco USA Portal - Production Configuration
# ============================================
# Copy this file to .env and configure the values below.
# Then run ./setup.sh to generate secrets and kong.yml.
#
# Variables marked [AUTO-GENERATED] will be created by setup.sh
# if left empty or containing placeholder text.
# ============================================

# ============================================
# DOMAIN CONFIGURATION (Required)
# ============================================
# Your domain name (without https://)
DOMAIN=portal.monacousa.org

# ============================================
# DATABASE CONFIGURATION
# ============================================
# PostgreSQL settings
POSTGRES_USER=postgres
POSTGRES_DB=postgres

# [AUTO-GENERATED] Database password - leave as placeholder for auto-generation
# To generate manually: openssl rand -base64 32
POSTGRES_PASSWORD=CHANGE_ME_RUN_SETUP_SH

# ============================================
# JWT CONFIGURATION
# ============================================
# [AUTO-GENERATED] JWT secret for Supabase auth - leave as placeholder
# To generate manually: openssl rand -base64 32
JWT_SECRET=CHANGE_ME_RUN_SETUP_SH

# JWT token expiry in seconds (default: 1 hour)
JWT_EXPIRY=3600

# [AUTO-GENERATED] Anonymous API key - leave as placeholder
# This is a JWT signed with JWT_SECRET with role=anon
ANON_KEY=your-anon-key-will-be-generated

# [AUTO-GENERATED] Service role API key - leave as placeholder
# This is a JWT signed with JWT_SECRET with role=service_role
SERVICE_ROLE_KEY=your-service-role-key-will-be-generated

# These are aliases used by the portal app
PUBLIC_SUPABASE_ANON_KEY=${ANON_KEY}
SUPABASE_SERVICE_ROLE_KEY=${SERVICE_ROLE_KEY}

# ============================================
# REALTIME CONFIGURATION
# ============================================
# [AUTO-GENERATED] Secret key for realtime service
# To generate manually: openssl rand -base64 64
SECRET_KEY_BASE=generate-a-64-char-secret-key-run-setup-sh

# ============================================
# EMAIL CONFIGURATION (Optional but Recommended)
# ============================================
# SMTP settings for sending emails (password resets, invitations, etc.)
# Leave empty to disable email functionality (users won't receive confirmation emails)
SMTP_HOST=smtp.gmail.com
SMTP_PORT=587
SMTP_USER=
SMTP_PASS=
SMTP_ADMIN_EMAIL=noreply@monacousa.org
SMTP_SENDER_NAME="Monaco USA"

# Set to true to auto-confirm emails (not recommended for production)
ENABLE_EMAIL_AUTOCONFIRM=false

# Rate limit for emails sent per hour
RATE_LIMIT_EMAIL_SENT=100

# ============================================
# PORTAL APPLICATION CONFIGURATION
# ============================================
# Docker image for the portal app
# Change this to use a different registry or version
PORTAL_IMAGE=code.letsbe.solutions/letsbe/monacousa-portal:latest

# Maximum file upload size in bytes (default: 50MB)
BODY_SIZE_LIMIT=52428800

# Disable public signup (true = only admin can create accounts)
DISABLE_SIGNUP=false

# Additional redirect URLs for OAuth (comma-separated)
ADDITIONAL_REDIRECT_URLS=

# ============================================
# POSTGREST CONFIGURATION
# ============================================
# Database schemas exposed via REST API
PGRST_DB_SCHEMAS=public,storage,graphql_public


# ============================================
# NOTES
# ============================================
# 1. After configuring this file, run: ./setup.sh
#    This will:
#    - Generate any missing secrets
#    - Create kong.yml from template
#    - Validate your configuration
#
# 2. Start the services: docker compose up -d
#
# 3. Check status: docker compose ps
#
# 4. View logs: docker compose logs -f
#
# 5. First visit to https://DOMAIN will redirect to /setup
#    to create the initial admin account.
# ============================================