forked from NTIA/scos-sensor
-
Notifications
You must be signed in to change notification settings - Fork 1
/
env.template
81 lines (64 loc) · 2.81 KB
/
env.template
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
# -*- sh -*-
# Copy env.template to env and modify
# Mark all the following variables for export
set -o allexport
# https://docs.djangoproject.com/en/1.11/ref/settings/#std:setting-SECRET_KEY
# SECURITY WARNING: generate unique key with `manage.py generate_secret_key`
SECRET_KEY="$(python3 -c 'import secrets; print(secrets.token_urlsafe(64))')"
ENCRYPT_DATA_FILES=true
ENCRYPTION_KEY="$(python3 -c 'import secrets; import base64; print(base64.b64encode(secrets.token_bytes(32)).decode("utf-8"))')"
# Get scos-sensor branch name
SCOS_SENSOR_GIT_TAG="$(git describe --tags)"
# SECURITY WARNING: don't run with debug turned on in production!
# Use either true or false
DEBUG=true
# A space-separated list of domain names and IPs
DOMAINS="localhost $(hostname -d) $(hostname -s).local"
IPS="$(hostname -I) 127.0.0.1"
FQDN="$(hostname -f)"
# SECURITY WARNING: You should be using certs from a trusted authority.
# If you don't have any, try letsencrypt or a similar service.
# Provide the absolute path to your ssl certificate and key
# Paths relative to configs/certs
REPO_ROOT=$(git rev-parse --show-toplevel)
SSL_CERT_PATH=sensor01.pem
SSL_KEY_PATH=sensor01.pem
SSL_CA_PATH=scos_test_ca.crt
# Use latest as default for local development
DOCKER_TAG=latest
GIT_BRANCH="git:$(git rev-parse --abbrev-ref HEAD)@$(git rev-parse --short HEAD)"
# If admin user email and password set, admin user will be generated.
ADMIN_EMAIL="[email protected]"
ADMIN_PASSWORD=password
# Session password for Postgres. Username is "postgres".
# SECURITY WARNING: generate unique key with something like
# `openssl rand -base64 12`
POSTGRES_PASSWORD="$(python3 -c 'import secrets; import base64; print(base64.b64encode(secrets.token_bytes(32)).decode("utf-8"))')"
# Set to enable monitoring sensors with your sentry.io account
SENTRY_DSN=
if $DEBUG; then
GUNICORN_LOG_LEVEL=debug
RAY_record_ref_creation_sites=1
else
GUNICORN_LOG_LEVEL=info
fi
# Set to false to disable SSL cert verification in the callback POST request
CALLBACK_SSL_VERIFICATION=true
# set default manager FQDN and IP to this machine
MANAGER_FQDN="$(hostname -f)"
MANAGER_IP="$(hostname -I | cut -d' ' -f1)"
BASE_IMAGE=ghcr.io/ntia/scos-tekrsa/tekrsa_usb:0.2.3
# Default callback api/results
# Set to OAUTH if using OAuth Password Flow Authentication, callback url needs to be api/v2/results
CALLBACK_AUTHENTICATION=TOKEN
CALLBACK_TIMEOUT=2
CLIENT_ID=sensor01.sms.internal
CLIENT_SECRET=sensor-secret
# Sensor certificate with private key used as client cert
PATH_TO_CLIENT_CERT=sensor01.pem
# Trusted Certificate Authority certificate to verify authserver and callback URL server certificate
PATH_TO_VERIFY_CERT=scos_test_ca.crt
# Path relative to configs/certs
PATH_TO_JWT_PUBLIC_KEY=jwt_pubkey.pem
# set to JWT to enable JWT authentication
AUTHENTICATION=TOKEN