# Configuring Capsul-Flask

Create a `.env` file to set up the application configuration:

```
nano .env
```

You can enter any environment variables referenced in [`__init__.py`](../capsulflask/__init__.py) to this file.

For example you may enter your SMTP credentials like this:
```
MAIL_USERNAME=forest@nullhex.com
MAIL_DEFAULT_SENDER=forest@nullhex.com
MAIL_PASSWORD=**************
```

## <a name="example"></a>Example configuration from capsul.org (production):

```
#LOG_LEVEL=DEBUG

BASE_URL="https://capsul.org"

# hub url is used by the SPOKE_MODE to contact the hub. Since this server is the hub,
# this is fine. In fact it runs into problems (routing related?) when I set it to capsul.org.
# similarly the baikal "spoke" (set up in the hosts table in the db) has "http://localhost:5000" as the https_url
HUB_URL="http://localhost:5000"

HUB_MODE_ENABLED="t"
SPOKE_MODE_ENABLED="t"
HUB_MODEL="capsul-flask"
SPOKE_MODEL="shell-scripts"
SPOKE_HOST_ID="baikal"
SPOKE_HOST_TOKEN="<redacted>"
HUB_TOKEN="<redacted>"

# smtp.. see https://flask-mail.readthedocs.io/en/latest/#configuring-flask-mail
MAIL_SERVER="smtp.nullhex.com"

# MAIL_USE_SSL means SMTP with STARTTLS
MAIL_USE_SSL=true

# MAIL_USE_TLS means SMTP wrapped in TLS
MAIL_USE_TLS=false

MAIL_PORT="465"
MAIL_USERNAME="capsul@nullhex.com"
MAIL_PASSWORD="<redacted>"
MAIL_DEFAULT_SENDER="capsul@nullhex.com"

# stripe
STRIPE_SECRET_KEY="sk_live_<redacted>"
STRIPE_PUBLISHABLE_KEY="pk_live_tGDHY7kBwqC71b4F0N7LZdGl00GZOw0iNJ"

# internal
SECRET_KEY="<redacted>"
POSTGRES_CONNECTION_PARAMETERS="sslmode=verify-full sslrootcert=letsencrypt-root-ca.crt host=postgres.cyberia.club port=5432 ...<redacted>"


# btcpay server
BTCPAY_URL="https://beeteeceepae2.cyberia.club"
BTCPAY_PRIVATE_KEY='-----BEGIN EC PRIVATE KEY-----\n<redacted>\n-----END EC PRIVATE KEY-----'
```

## <a name="config_that_lives_in_db"></a>Configuration-type-stuff that lives in the database 

  - `hosts` table:
    - `id` (corresponds to `SPOKE_HOST_ID` in the config)
    - `https_url`
    - `token` (corresponds to `SPOKE_HOST_TOKEN` in the config)
  - `os_images` table:
    - `id` 
    - `template_image_file_name`
    - `description`
    - `deprecated`
  - `vm_sizes` table:
    - `id` 
    - `dollars_per_month`
    - `memory_mb`
    - `vcpus`
    - `bandwidth_gb_per_month`
    
## <a name="docker_secrets"></a>Loading variables from files (docker secrets)

To support [Docker Secrets](https://docs.docker.com/engine/swarm/secrets/), you can also load secret values from files – for example, to load `MAIL_PASSWORD` from `/run/secrets/mail_password`, set
```sh
MAIL_PASSWORD_FILE=/run/secrets/mail_password
```