3d9c4c65c2
HANDOFF.md and TERMIX_MIGRATION.md were stale (pre-dated the full Termix migration). Rewrote HANDOFF.md to reflect the current feature-complete state and point straight at deployment setup. Expanded README's Deployment section into concrete steps (host provisioning, secrets, .env, DNS) since the workflow/compose files already exist and just need configuring. Added a top-level .env.example for the server-side .env that docker-compose.yml expects.
21 lines
904 B
Text
21 lines
904 B
Text
# Env vars consumed by docker-compose.yml on the deploy host (racknerd1).
|
|
# Copy this to `.env` next to docker-compose.yml on the server — Compose
|
|
# loads it automatically. Never commit the real `.env`.
|
|
|
|
# 32-byte hex string. Signs auth JWTs. Generate with:
|
|
# openssl rand -hex 32
|
|
ARCHNEST_JWT_SECRET=
|
|
|
|
# 32-byte hex string. Encrypts integration secrets at rest (AES-256-GCM).
|
|
# Generate with: openssl rand -hex 32
|
|
# Changing this after data exists makes existing secrets undecryptable.
|
|
ARCHNEST_SECRET_KEY=
|
|
|
|
# Origin the frontend is served from; used for CORS. Defaults to
|
|
# https://archnest.snsnetlabs.com if unset (see docker-compose.yml).
|
|
ARCHNEST_CORS_ORIGIN=https://archnest.snsnetlabs.com
|
|
|
|
# Exactly 32 ASCII characters (used literally as an AES-256-CBC key for
|
|
# Guacamole connection configs, not hex-decoded). Generate with:
|
|
# openssl rand -base64 24 | cut -c1-32
|
|
ARCHNEST_GUAC_CRYPT_KEY=
|