recipe-maintainers/lasuite-meet
0
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
Files
2eebaee3ccfcf1d2004f2e43d9ca70eaa15cdf37
lasuite-meet/.env.sample
notplants 6ef5db5826 Working on public server
2026-02-27 22:25:04 -05:00

102 lines
4.3 KiB
Plaintext
Raw Blame History

TYPE=lasuite-meet
COMPOSE_FILE=compose.yml:compose.turn.yml
DOMAIN=lasuite-meet.example.com
## LiveKit domain — separate domain for WebSocket signaling
## Clients connect to wss://LIVEKIT_DOMAIN for video/audio
LIVEKIT_DOMAIN="livekit.${DOMAIN}"
## Domain aliases
#EXTRA_DOMAINS=', `www.lasuite-meet.example.com`'
LETS_ENCRYPT_ENV=production
##############################################################################
# SECRETS
##############################################################################
# abbreviations are to fit abra 12 char secret recommendation
# DJANGO_SECRET_KEY
SECRET_DJANGO_SK_VERSION=v1
# OIDC_RP_CLIENT_SECRET
SECRET_OIDC_RPCS_VERSION=v1
# DJANGO_SUPERUSER_PASSWORD
SECRET_DJANGO_SP_VERSION=v1
# POSTGRES_PASSWORD
SECRET_POSTGRES_P_VERSION=v1
# LIVEKIT_API_SECRET
SECRET_LIVEKIT_AS_VERSION=v1
# DJANGO_EMAIL_HOST_PASSWORD
SECRET_EMAIL_PASS_VERSION=v1
##############################################################################
# EMAIL
##############################################################################
DJANGO_EMAIL_BRAND_NAME="La Suite Numérique"
DJANGO_EMAIL_HOST="mail.example.com"
DJANGO_EMAIL_LOGO_IMG="https://${DOMAIN}/assets/logo-suite-numerique.png"
DJANGO_EMAIL_PORT=587
DJANGO_EMAIL_USE_SSL=False
DJANGO_EMAIL_USE_TLS=True
DJANGO_EMAIL_FROM=meet@example.com
##############################################################################
# SINGLE SIGN ON
##############################################################################
# NOTE: OpenID Connect (OIDC) single sign-on is **required**, see recipe README
OIDC_REALM=lasuite-meet
AUTH_DOMAIN=keycloak.example.com
OIDC_OP_JWKS_ENDPOINT=https://${AUTH_DOMAIN}/realms/${OIDC_REALM}/protocol/openid-connect/certs
OIDC_OP_AUTHORIZATION_ENDPOINT=https://${AUTH_DOMAIN}/realms/${OIDC_REALM}/protocol/openid-connect/auth
OIDC_OP_TOKEN_ENDPOINT=https://${AUTH_DOMAIN}/realms/${OIDC_REALM}/protocol/openid-connect/token
OIDC_OP_USER_ENDPOINT=https://${AUTH_DOMAIN}/realms/${OIDC_REALM}/protocol/openid-connect/userinfo
OIDC_OP_LOGOUT_ENDPOINT=https://${AUTH_DOMAIN}/realms/${OIDC_REALM}/protocol/openid-connect/logout
OIDC_RP_CLIENT_ID=meet
OIDC_RP_SIGN_ALGO=RS256
OIDC_RP_SCOPES="openid email"
LOGIN_REDIRECT_URL=https://${DOMAIN}
LOGIN_REDIRECT_URL_FAILURE=https://${DOMAIN}
LOGOUT_REDIRECT_URL=https://${DOMAIN}
OIDC_REDIRECT_ALLOWED_HOSTS='["https://${DOMAIN}"]'
OIDC_AUTH_REQUEST_EXTRA_PARAMS='{"acr_values": "eidas1"}'
##############################################################################
# LIVEKIT
##############################################################################
# note: this is an identifier, not a secret
LIVEKIT_API_KEY=meet
## The server's public IP address — LiveKit advertises this in ICE candidates
## so WebRTC clients can reach the media ports (7881/7882).
## Required: STUN-based detection does not work reliably inside Docker.
LIVEKIT_NODE_IP=
## Force clients to use TCP for media transport (default: false)
## Enable in environments where UDP NAT traversal is unreliable
#LIVEKIT_FORCE_TCP=false
#ALLOW_UNREGISTERED_ROOMS=False
##############################################################################
# TURN SERVER (enabled by default — improves connectivity for restrictive NATs)
##############################################################################
## LiveKit's built-in TURN server helps users behind CGNAT/symmetric NAT.
## Enabled by default via COMPOSE_FILE and LIVEKIT_TURN_ENABLED.
## To disable TURN, remove compose.turn.yml from COMPOSE_FILE and set:
#LIVEKIT_TURN_ENABLED=false
## TURN domain — must resolve to this server's IP.
## Defaults to LIVEKIT_DOMAIN, which works for TURN/UDP setups.
#TURN_DOMAIN=turn.example.com
## TURN/UDP port (default: 443). Recommended because UDP 443 is rarely
## blocked and doesn't conflict with Traefik's TCP 443.
#TURN_UDP_PORT=443
##############################################################################
# LOGGING (defaults to INFO, uncomment to override)
##############################################################################
#LOGGING_LEVEL_HANDLERS_CONSOLE=INFO
#LOGGING_LEVEL_LOGGERS_ROOT=INFO
#LOGGING_LEVEL_LOGGERS_APP=INFO
##############################################################################
# MIGRATIONS
##############################################################################
# Set to false to disable automatic migrations on backend startup
# AUTO_MIGRATIONS=true
Reference in New Issue View Git Blame Copy Permalink