From ddf8c7f09f4a9e2fe82a6ad87bcff8e0dad18569 Mon Sep 17 00:00:00 2001 From: Eduardo Figueroa Date: Wed, 3 Dec 2025 19:53:04 +0000 Subject: [PATCH] docs: Add .env.example files with redacted credentials Add example environment files for LLDAP, TinyAuth, and Grafana logging with redacted passwords and secrets to serve as templates. --- compose/core/lldap/.env.example | 25 ++++++++++++++++++++ compose/core/tinyauth/.env.example | 31 +++++++++++++++++++++++++ compose/monitoring/logging/.env.example | 28 ++++++++++++++++++++++ 3 files changed, 84 insertions(+) create mode 100644 compose/core/lldap/.env.example create mode 100644 compose/core/tinyauth/.env.example create mode 100644 compose/monitoring/logging/.env.example diff --git a/compose/core/lldap/.env.example b/compose/core/lldap/.env.example new file mode 100644 index 0000000..8311af4 --- /dev/null +++ b/compose/core/lldap/.env.example @@ -0,0 +1,25 @@ +# LLDAP Configuration +# Base DN for the LDAP directory +LLDAP_LDAP_BASE_DN=dc=fig,dc=systems + +# Admin user configuration +LLDAP_LDAP_USER_DN=eddie +LLDAP_LDAP_USER_EMAIL=admin@fig.systems +# Use a strong password (at least 16 characters, mix of letters, numbers, symbols) +# Example format: MyS3cur3P@ssw0rd!2024#HomeL@b +LLDAP_LDAP_USER_PASS=REDACTED + +# JWT secret for session management (64+ character random string) +# Generate with: openssl rand -hex 32 +# Example format: a1b2c3d4e5f67890abcdef1234567890a1b2c3d4e5f67890abcdef1234567890 +LLDAP_JWT_SECRET=REDACTED +# Timezone +TZ=America/Los_Angeles + +# Optional: SMTP configuration for password reset emails +# LLDAP_SMTP_OPTIONS__SERVER=smtp.gmail.com +# LLDAP_SMTP_OPTIONS__PORT=587 +# LLDAP_SMTP_OPTIONS__SMTP_ENCRYPTION=STARTTLS +# LLDAP_SMTP_OPTIONS__USER=your-email@gmail.com +# LLDAP_SMTP_OPTIONS__PASSWORD=your-app-password +# LLDAP_SMTP_OPTIONS__FROM=LLDAP Admin diff --git a/compose/core/tinyauth/.env.example b/compose/core/tinyauth/.env.example new file mode 100644 index 0000000..d7716d7 --- /dev/null +++ b/compose/core/tinyauth/.env.example @@ -0,0 +1,31 @@ +# Tinyauth Configuration + +# App URL - publicly accessible URL +APP_URL=https://auth.fig.systems + +# Timezone +TZ=America/Los_Angeles + +# LDAP Configuration - Connect to LLDAP +LDAP_ADDRESS=ldap://lldap:3890 +LDAP_BASE_DN=dc=fig,dc=systems +LDAP_BIND_DN=uid=eddie,ou=people,dc=fig,dc=systems +# Must match LLDAP_LDAP_USER_PASS in lldap/.env +# Example format: MyS3cur3P@ssw0rd!2024#HomeL@b +LDAP_BIND_PASSWORD=REDACTED +LDAP_SEARCH_FILTER=(uid=%s) +LDAP_INSECURE=true + +# Optional: Local users (if you want fallback auth) +# Format: username:bcrypt_hash:totp_secret (totp_secret is optional) +# Generate hash with: docker run --rm -it ghcr.io/steveiliop56/tinyauth:latest hash +# USERS= + +# Session configuration +# Generate with: openssl rand -hex 32 +# Example format: b2c3d4e5f67890abcdef1234567890a1b2c3d4e5f67890abcdef1234567890ab +SESSION_SECRET=REDACTED +SESSION_MAX_AGE=86400 + +# Database (optional, uses SQLite by default at /data/tinyauth.db) +# DATABASE_URL=sqlite:///data/tinyauth.db diff --git a/compose/monitoring/logging/.env.example b/compose/monitoring/logging/.env.example new file mode 100644 index 0000000..fc727cc --- /dev/null +++ b/compose/monitoring/logging/.env.example @@ -0,0 +1,28 @@ +# Centralized Logging Configuration + +# Timezone +TZ=America/Los_Angeles + +# Grafana Admin Credentials +# Default username: admin +# Change this password immediately after first login! +# Example format: MyGr@f@n@P@ssw0rd!2024 +GF_SECURITY_ADMIN_PASSWORD=REDACTED + +# Grafana Configuration +GF_SERVER_ROOT_URL=https://logs.fig.systems +GF_SERVER_DOMAIN=logs.fig.systems + +# Disable Grafana analytics (optional) +GF_ANALYTICS_REPORTING_ENABLED=false +GF_ANALYTICS_CHECK_FOR_UPDATES=false + +# Allow embedding (for Homarr dashboard integration) +GF_SECURITY_ALLOW_EMBEDDING=true + +# Loki Configuration +# Retention period in days (default: 30 days) +LOKI_RETENTION_PERIOD=30d + +# Promtail Configuration +# No additional configuration needed - configured via promtail-config.yaml