######################################## ### Getting Started ######################################## ### Copy this file to `.env` and fill in values. ### After changing env vars, restart the server. ######################################## ### Application ######################################## ### Runtime environment (keep `production` in production). ### How to obtain: set by your runtime (Docker/PM2/etc.). # NODE_ENV=production ### Public name shown in the UI. ### How to obtain: choose your product name. APP_NAME=Swush ### Public base URL of your app (must match your actual domain, incl. https). ### How to obtain: your deployed domain URL (include https). APP_URL=https://domain.example ### Support/contact details shown in the UI. ### How to obtain: your support/ops contact info. SUPPORT_NAME=Swush Support SUPPORT_EMAIL=swush@domain.example ### Browser CORS allowlist (comma-separated origins). ### Only affects browsers; does not stop curl/servers. ### How to obtain: list the allowed web origins. CORS_ORIGIN=https://domain.example ######################################## ### ๐Ÿ—„๏ธ Database ######################################## ### PostgreSQL connection string. ### How to obtain: ### - Hosted (Neon/Supabase/RDS/etc.): copy the provided connection string. ### - Self-hosted: construct from your DB user/pass/host/db. DATABASE_URL=postgresql://user:pass@host/db?sslmode=verify-full&channel_binding=require ######################################## ### ๐Ÿ” Authentication & Security ######################################## ### Better Auth secret (32+ chars). ### How to obtain: generate a random secret. ### - macOS/Linux: openssl rand -base64 32 ### - Node: node -e "console.log(require('crypto').randomBytes(32).toString('base64'))" BETTER_AUTH_SECRET=replace-me-with-32+char-secret ### Better Auth base URL (public app URL). ### How to obtain: same value as APP_URL. You can rely on APP_URL # BETTER_AUTH_URL=https://domain.example ### Social login master switch (enable only if configured). ### How to obtain: set true only if at least one provider below is filled. # ENABLE_SOCIAL_LOGIN=false ### Comma-separated providers: discord,github,google ### How to obtain: list the providers you configured. # AVAILABLE_SOCIAL_LOGINS=discord,github,google ### Discord OAuth ### How to obtain: create an OAuth app in Discord Developer Portal. ### Redirect URL: https://your-domain/api/auth/callback/discord # DISCORD_CLIENT_ID= # DISCORD_CLIENT_SECRET= ### GitHub OAuth ### How to obtain: create a GitHub OAuth App. ### Redirect URL: https://your-domain/api/auth/callback/github # GITHUB_CLIENT_ID= # GITHUB_CLIENT_SECRET= ### Google OAuth ### How to obtain: create OAuth credentials in Google Cloud Console. ### Redirect URL: https://your-domain/api/auth/callback/google # GOOGLE_CLIENT_ID= # GOOGLE_CLIENT_SECRET= ### Trusted proxy IPs/CIDRs (comma-separated). ### How to obtain: list your reverse proxy/CDN IP ranges. # TRUSTED_PROXIES= ### Optional device flow allowlist (comma-separated). ### How to obtain: list trusted client identifiers. # DEVICE_AUTH_EXTENSION_IDS= ### Cloudflare Turnstile CAPTCHA (optional) ### How to obtain: create a Turnstile widget and copy site key + secret. # TURNSTILE_SITE_KEY= # TURNSTILE_SECRET_KEY= # CAPTCHA_PASS_SECRET= ######################################## ### โœ‰๏ธ Email (SMTP) ######################################## ### How to obtain: from your email provider or your own SMTP server. SMTP_HOST=smtp.example.com SMTP_PORT=465 SMTP_USER=noreply@domain.example SMTP_PASS=replace-me SMTP_FROM="Swush No Reply " ######################################## ### ๐ŸŒ Storage ######################################## ### Storage driver: local | s3 ### How to obtain: choose where you store files. STORAGE_DRIVER=local ### Local upload root (only when STORAGE_DRIVER=local). ### How to obtain: pick a persistent path and mount it as a volume in Docker. UPLOAD_ROOT=/data/uploads ### S3 / MinIO / R2 (only when STORAGE_DRIVER=s3) ### How to obtain: ### - AWS S3: create a bucket + IAM user with access. ### - MinIO: create a bucket and access keys. ### - R2 or other S3-compatible: use provider endpoint + keys. # S3_ENDPOINT=https://s3.domain.example # S3_REGION=us-east-1 # S3_BUCKET=swush-files # S3_ACCESS_KEY_ID=your_access_key_id_here # S3_SECRET_ACCESS_KEY=your_secret_access_key_here # S3_FORCE_PATH_STYLE=true ######################################## ### ๐Ÿ”” Web Push (VAPID) ######################################## ### How to obtain: generate a VAPID key pair. ### Example: npx web-push generate-vapid-keys --json # VAPID_PUBLIC_KEY=your_public_key_here # VAPID_PRIVATE_KEY=your_private_key_here # VAPID_SUBJECT=mailto:admin@example.domain ######################################## ### โซ Uploads ######################################## ### Optional chunked upload tuning (leave empty for defaults). ### How to obtain: tune only if you see upload errors for large files. ### # UPLOAD_CHUNK_SIZE_MB=90 ### # UPLOAD_CHUNK_THRESHOLD_MB=95 ### # UPLOAD_MAX_CHUNK_MB=95 ### # UPLOAD_CHUNK_SIZE_BYTES=10485760 ### # UPLOAD_CHUNK_TTL_MS=3600000 ######################################## ### ๐Ÿ›ก๏ธ Virus Scanning (ClamAV) ######################################## ### Enable virus scanning on uploads. ### How to obtain: install clamscan on the server. # VIRUS_SCAN_ENABLED=false ### Optional: max size (bytes) to scan. Defaults to 10MB. ### # VIRUS_SCAN_MAX_BYTES=10485760 ### Optional: scan timeout in ms. Defaults to 10000. ### # VIRUS_SCAN_TIMEOUT_MS=10000 ### Optional: clamscan binary path. # CLAMAV_PATH=/usr/bin/freshclam ### Optional: extra args for clamscan. # CLAMAV_ARGS=--no-summary ######################################## ### ๐Ÿ”Œ External APIs ######################################## ### Ffmpeg binary path (optional; defaults to ffmpeg in PATH) ### How to obtain: install ffmpeg and set the path if needed. FFMPEG_PATH=/usr/bin/ffmpeg ### HLS segment duration in seconds (optional; default: 2) ### # HLS_SEGMENT_SECONDS=2 ### Stream job queue cap per run (optional; default: 15, hard limit: 50). ### # STREAM_JOBS_QUEUE_LIMIT=15 ### Stream job concurrency (optional; default: 5). ### # STREAM_JOBS_CONCURRENCY=5 ### Yt-dlp binary path (optional; defaults to yt-dlp in PATH) ### How to obtain: install yt-dlp and set the path if needed. YT_DLP_PATH=/usr/bin/yt-dlp ### Yt-dlp cookies path (optional) # COOKIES_PATH=/opt/folder/cookies.txt ######################################## ### ๐Ÿ“บ AniList Integration ######################################## ### How to obtain: create an AniList API client and copy id/secret. # ANILIST_CLIENT_ID=replace-me # ANILIST_CLIENT_SECRET=replace-me ######################################## ### ๐Ÿ“ง Notifications ######################################## ### Set to `yes` to disable โ€œlimits reachedโ€ emails (optional). ### How to obtain: set to yes if you do not want limit warning emails. # DISABLE_LIMITS_EMAILS=no