docs: Add .env.example files with redacted credentials

Add example environment files for LLDAP, TinyAuth, and Grafana logging
with redacted passwords and secrets to serve as templates.

compose/core/lldap/.env.example

@@ -0,0 +1,25 @@
+# LLDAP Configuration
+# Base DN for the LDAP directory
+LLDAP_LDAP_BASE_DN=dc=fig,dc=systems
+
+# Admin user configuration
+LLDAP_LDAP_USER_DN=eddie
+LLDAP_LDAP_USER_EMAIL=admin@fig.systems
+# Use a strong password (at least 16 characters, mix of letters, numbers, symbols)
+# Example format: MyS3cur3P@ssw0rd!2024#HomeL@b
+LLDAP_LDAP_USER_PASS=REDACTED
+
+# JWT secret for session management (64+ character random string)
+# Generate with: openssl rand -hex 32
+# Example format: a1b2c3d4e5f67890abcdef1234567890a1b2c3d4e5f67890abcdef1234567890
+LLDAP_JWT_SECRET=REDACTED
+# Timezone
+TZ=America/Los_Angeles
+
+# Optional: SMTP configuration for password reset emails
+# LLDAP_SMTP_OPTIONS__SERVER=smtp.gmail.com
+# LLDAP_SMTP_OPTIONS__PORT=587
+# LLDAP_SMTP_OPTIONS__SMTP_ENCRYPTION=STARTTLS
+# LLDAP_SMTP_OPTIONS__USER=your-email@gmail.com
+# LLDAP_SMTP_OPTIONS__PASSWORD=your-app-password
+# LLDAP_SMTP_OPTIONS__FROM=LLDAP Admin <admin@edfig.dev>

compose/core/tinyauth/.env.example

@@ -0,0 +1,31 @@
+# Tinyauth Configuration
+
+# App URL - publicly accessible URL
+APP_URL=https://auth.fig.systems
+
+# Timezone
+TZ=America/Los_Angeles
+
+# LDAP Configuration - Connect to LLDAP
+LDAP_ADDRESS=ldap://lldap:3890
+LDAP_BASE_DN=dc=fig,dc=systems
+LDAP_BIND_DN=uid=eddie,ou=people,dc=fig,dc=systems
+# Must match LLDAP_LDAP_USER_PASS in lldap/.env
+# Example format: MyS3cur3P@ssw0rd!2024#HomeL@b
+LDAP_BIND_PASSWORD=REDACTED
+LDAP_SEARCH_FILTER=(uid=%s)
+LDAP_INSECURE=true
+
+# Optional: Local users (if you want fallback auth)
+# Format: username:bcrypt_hash:totp_secret (totp_secret is optional)
+# Generate hash with: docker run --rm -it ghcr.io/steveiliop56/tinyauth:latest hash <password>
+# USERS=
+
+# Session configuration
+# Generate with: openssl rand -hex 32
+# Example format: b2c3d4e5f67890abcdef1234567890a1b2c3d4e5f67890abcdef1234567890ab
+SESSION_SECRET=REDACTED
+SESSION_MAX_AGE=86400
+
+# Database (optional, uses SQLite by default at /data/tinyauth.db)
+# DATABASE_URL=sqlite:///data/tinyauth.db

compose/monitoring/logging/.env.example

@@ -0,0 +1,28 @@
+# Centralized Logging Configuration
+
+# Timezone
+TZ=America/Los_Angeles
+
+# Grafana Admin Credentials
+# Default username: admin
+# Change this password immediately after first login!
+# Example format: MyGr@f@n@P@ssw0rd!2024
+GF_SECURITY_ADMIN_PASSWORD=REDACTED
+
+# Grafana Configuration
+GF_SERVER_ROOT_URL=https://logs.fig.systems
+GF_SERVER_DOMAIN=logs.fig.systems
+
+# Disable Grafana analytics (optional)
+GF_ANALYTICS_REPORTING_ENABLED=false
+GF_ANALYTICS_CHECK_FOR_UPDATES=false
+
+# Allow embedding (for Homarr dashboard integration)
+GF_SECURITY_ALLOW_EMBEDDING=true
+
+# Loki Configuration
+# Retention period in days (default: 30 days)
+LOKI_RETENTION_PERIOD=30d
+
+# Promtail Configuration
+# No additional configuration needed - configured via promtail-config.yaml