# Local dev configuration (bun run dev + ./scripts/dev-setup.sh) # # For Docker Compose deployments, use deploy/docker/.env.example instead -- # it uses DB_USER/DB_PASS/DB_NAME which compose interpolates into both the # postgres container and the app's DATABASE_URL. # ============================================================================= # Database # ============================================================================= # Full connection string (takes precedence over individual DB_* vars) DATABASE_URL=postgresql://digarr:digarr@localhost:5432/digarr # Or set individual vars (used if DATABASE_URL is not set) # DB_HOST=localhost # DB_PORT=5432 # DB_USER=digarr # DB_PASS=digarr # DB_NAME=digarr # DB_POOL_MAX=10 # DB_CONNECT_TIMEOUT_MS=10000 # DB_SSL_MODE=disable # disable, require, or no-verify # require = TLS with full certificate verification (stricter than libpq's # "require", which encrypts without verifying). # no-verify = TLS without certificate verification (self-signed setups). # ============================================================================= # Server # ============================================================================= PORT=3000 # CORS: set to your app's URL if accessed from a different origin. # In production (NODE_ENV=production), defaults to same-origin only. # ALLOWED_ORIGIN=http://localhost:3000 # Bearer token auth: if set, all API requests require Authorization: Bearer . # Leave unset to disable auth (default). # DIGARR_AUTH_TOKEN= # Initial admin user: created on first boot if no users exist. # Useful for zero-touch Docker deployments with DIGARR_AUTH_TOKEN. # DIGARR_INITIAL_USERNAME=admin # DIGARR_INITIAL_PASSWORD=changeme123 # Self-registration is disabled by default after the first user registers. # Set to false to allow open registration. # DIGARR_DISABLE_REGISTRATION=true # Encrypt API keys and tokens at rest in the database (AES-256-GCM). # Any string works as a key -- derived via HKDF internally. # Once set, existing plaintext values are encrypted on next write. # DIGARR_ENCRYPTION_KEY= # ============================================================================= # Services (global defaults -- seed the settings table when null) # ============================================================================= # These are optional env var fallbacks. You can also configure everything # through the web UI on first boot. Env vars are useful for zero-touch # Docker deployments that skip the setup wizard. # Lidarr (optional -- without it, Digarr runs in discovery-only mode) # LIDARR_URL=http://localhost:8686 # LIDARR_API_KEY=your-lidarr-api-key # SKIP_TLS_VERIFY=false # Listening sources (optional for setup, recommended before running discovery) # LISTENBRAINZ_USERNAME=your-username # LISTENBRAINZ_TOKEN=your-listenbrainz-token # LASTFM_USERNAME=your-username # LASTFM_API_KEY=your-lastfm-api-key # AI provider (required) # AI_PROVIDER=openai # openai, anthropic, gemini, ollama, or openai-compatible # AI_MODEL=gpt-4o-mini # AI_API_KEY=your-ai-api-key # AI_BASE_URL= # optional, for ollama or compatible APIs (threaded to Anthropic/OpenAI SDKs too) # DIGARR_AI_TIMEOUT_SECONDS= # optional, request timeout in seconds (Ollama defaults to 120, others 30) # ============================================================================= # Deezer OAuth (optional -- enables Deezer favorites, followed, Flow, playlists) # ============================================================================= # Create a Deezer app at https://developers.deezer.com/myapps # DEEZER_APP_ID= # DEEZER_APP_SECRET= # ============================================================================= # Per-user connectors (configured via web UI only -- no env vars) # ============================================================================= # Spotify, TIDAL, Plex, Jellyfin, Navidrome, Discogs, and Bandcamp are # configured per-user through Settings > Connections in the web UI. # Spotify and Deezer use OAuth; the rest use URL + API key/token pairs. # ============================================================================= # Proxy auth (trusted reverse proxy header authentication) # ============================================================================= # PROXY_AUTH_ENABLED=false # PROXY_AUTH_TRUSTED_PROXIES= # comma-separated CIDRs, e.g. 10.0.0.0/8,172.16.0.0/12 # ============================================================================= # OIDC (OpenID Connect SSO) # ============================================================================= # OIDC_ISSUER_URL= # e.g. https://auth.example.com/realms/main # OIDC_CLIENT_ID= # OIDC_CLIENT_SECRET= # OIDC_SCOPES= # defaults to "openid profile email" if unset # ============================================================================= # Backup & Upgrade Safety # ============================================================================= # DIGARR_BACKUP_DIR=./backups # Directory for auto-backups (default: ./backups) # DIGARR_AUTO_BACKUP=true # Auto-backup before migrations (default: true, set to false to disable) # ============================================================================= # Notifications # ============================================================================= # Webhook URL for scan completion notifications. # Supports Discord, Slack, ntfy, Gotify, or any HTTP endpoint. # For Discord threads, append ?thread_id=YOUR_THREAD_ID to the webhook URL. # WEBHOOK_URL=