mirror of
https://github.com/BetterCorp/BetterFrame.git
synced 2026-05-26 16:56:33 +00:00
88526095e2
sec-config.yaml is now generated at Docker build time from
sec-config.template.yaml via envsubst. Secrets come from Coolify
build args (set in UI, never in git). Template uses ${VAR:-default}
placeholders — safe to commit to public repo.
- sec-config.yaml removed from git, added to .gitignore
- sec-config.template.yaml added (public, no secrets)
- Dockerfile.server: ARGs for all config, envsubst generates config
at build time, result is chmod 444 (read-only)
- Coolify compose: removed sec-config volume mount (baked in now)
- For native installs: copy template to sec-config.yaml, fill values
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
87 lines
2.7 KiB
YAML
87 lines
2.7 KiB
YAML
# BSB runtime configuration — template for Docker builds.
|
|
#
|
|
# Placeholders (${VAR}) are replaced by envsubst during docker build.
|
|
# Set values via Coolify build args or docker build --build-arg.
|
|
#
|
|
# For native (non-Docker) installs, copy to sec-config.yaml and
|
|
# replace placeholders with actual values.
|
|
|
|
default:
|
|
observable:
|
|
observable-default:
|
|
plugin: observable-default
|
|
enabled: true
|
|
config: {}
|
|
events:
|
|
events-default:
|
|
plugin: events-default
|
|
enabled: true
|
|
services:
|
|
service-store:
|
|
plugin: service-store
|
|
enabled: true
|
|
config:
|
|
driver: ${BF_DB_DRIVER:-postgres}
|
|
sqlitePath: /var/lib/betterframe/betterframe.db
|
|
pgHost: ${BF_PG_HOST:-postgres}
|
|
pgPort: ${BF_PG_PORT:-5432}
|
|
pgDatabase: ${BF_PG_DATABASE:-betterframe}
|
|
pgUser: ${BF_PG_USER:-betterframe}
|
|
pgPassword: ${BF_PG_PASSWORD:-betterframe}
|
|
pgPoolMax: ${BF_PG_POOL_MAX:-10}
|
|
|
|
service-admin-http:
|
|
plugin: service-admin-http
|
|
enabled: true
|
|
config:
|
|
host: 0.0.0.0
|
|
port: 18080
|
|
dataDir: /var/lib/betterframe
|
|
sessionIdleSeconds: 43200
|
|
sessionMaxSeconds: 2592000
|
|
loginLockoutThreshold: 8
|
|
loginLockoutSeconds: 900
|
|
argon2Memory: 65536
|
|
argon2TimeCost: 3
|
|
argon2Parallelism: 2
|
|
cookieName: betterframe_session
|
|
totpIssuer: BetterFrame
|
|
noderedUrl: ${BF_NODERED_URL:-http://nodered:1880}
|
|
selfUrl: ${BF_SELF_URL:-http://server:18080}
|
|
systemdCredsDir: ""
|
|
firmwareSigningKey: "${BF_FIRMWARE_SIGNING_KEY:-}"
|
|
firmwareImportApiKey: "${BF_FIRMWARE_IMPORT_API_KEY:-}"
|
|
otaImportApiKey: "${BF_OTA_IMPORT_API_KEY:-}"
|
|
|
|
service-api-http:
|
|
plugin: service-api-http
|
|
enabled: true
|
|
config:
|
|
host: 0.0.0.0
|
|
port: 18081
|
|
codeTtlSeconds: 600
|
|
dataDir: /var/lib/betterframe
|
|
argon2Memory: 65536
|
|
argon2TimeCost: 3
|
|
argon2Parallelism: 2
|
|
cookieName: betterframe_session
|
|
totpIssuer: BetterFrame
|
|
noderedUrl: ${BF_NODERED_URL:-http://nodered:1880}
|
|
mqttUrl: "${BF_MQTT_URL:-}"
|
|
mqttUsername: "${BF_MQTT_USERNAME:-}"
|
|
mqttPassword: "${BF_MQTT_PASSWORD:-}"
|
|
mqttTopicPrefix: ${BF_MQTT_TOPIC_PREFIX:-betterframe}
|
|
|
|
service-coordinator-ws:
|
|
plugin: service-coordinator-ws
|
|
enabled: true
|
|
config:
|
|
host: 0.0.0.0
|
|
port: 18082
|
|
dataDir: /var/lib/betterframe
|
|
argon2Memory: 65536
|
|
argon2TimeCost: 3
|
|
argon2Parallelism: 2
|
|
cookieName: betterframe_session
|
|
totpIssuer: BetterFrame
|
|
noderedUrl: ${BF_NODERED_URL:-http://nodered:1880}
|