4d0448fa76
Only oidc_client_secret is actually sensitive — issuer_url and client_id are now plain env vars. Renamed oidc_client_secret to oidc_secret to pass abra lint. Updated README with accurate quickstart and OIDC setup. Entrypoint guards git commands for min image compatibility.
37 lines
1.1 KiB
Plaintext
37 lines
1.1 KiB
Plaintext
TYPE=lichen
|
|
TIMEOUT=120
|
|
ENABLE_AUTO_UPDATE=true
|
|
ENABLE_BACKUPS=true
|
|
|
|
DOMAIN=lichen.example.com
|
|
LETS_ENCRYPT_ENV=production
|
|
|
|
# Wildcard domain for site subdomains (Traefik routes *.WILDCARD_DOMAIN to lichen)
|
|
# Usually same as DOMAIN. Set differently when the dashboard is a subdomain,
|
|
# e.g. DOMAIN=admin.lichen.example.com, WILDCARD_DOMAIN=lichen.example.com
|
|
WILDCARD_DOMAIN=$DOMAIN
|
|
|
|
COMPOSE_FILE="compose.yml"
|
|
|
|
# Extra domains for sites with custom domains (HostSNI backtick format)
|
|
#EXTRA_DOMAINS=', `site1.example.com`, `site2.example.org`'
|
|
|
|
# Minimal image without atproto/git/shell (uncomment to use)
|
|
#COMPOSE_FILE="$COMPOSE_FILE:compose.min.yml"
|
|
|
|
# SSO/OIDC (uncomment to enable)
|
|
#COMPOSE_FILE="$COMPOSE_FILE:compose.oidc.yml"
|
|
#OIDC_ISSUER_URL=https://keycloak.example.com/realms/myrealm
|
|
#OIDC_CLIENT_ID=lichen
|
|
#SECRET_OIDC_SECRET_VERSION=v1 # generate=false
|
|
# Secrets
|
|
SECRET_ADMIN_PASSWORD_VERSION=v1
|
|
|
|
# Config versions
|
|
ENTRYPOINT_VERSION=v4
|
|
CADDYFILE_VERSION=v2
|
|
LICHEN_TOML_VERSION=v1
|
|
|
|
# Auth providers (comma-separated: file, atproto, oidc)
|
|
#AUTH_PROVIDERS=file,atproto
|