refactor env.tempalte

2026-04-23 06:54:40 +00:00 · 2026-04-18 16:18:46 -04:00
parent 2000a6c440
commit e228683191
1 changed files with 125 additions and 134 deletions
@@ -1,149 +1,140 @@
-ROMM_BASE_PATH=/path/to/romm_mock
-ROMM_TMP_PATH=
-KIOSK_MODE=false
+# Core Application
+ROMM_BASE_PATH=/romm  # Base folder path for library, resources and assets
+ROMM_TMP_PATH=  # Custom temporary directory path
+ROMM_BASE_URL=http://0.0.0.0  # Base URL used when rendering container log links
+ROMM_PORT=8080  # Port on which the application listens
+KIOSK_MODE=false  # Read-only mode for public displays or kiosks

-# IGDB credentials
-IGDB_CLIENT_ID=
-IGDB_CLIENT_SECRET=
+# Database
+ROMM_DB_DRIVER=mariadb  # Database driver to use (mariadb, mysql, postgresql)
+DB_HOST=  # Host name of the database instance [REQUIRED]
+DB_PORT=3306  # Port number of the database instance
+DB_NAME=romm  # Database name (should match MYSQL_DATABASE in MariaDB)
+DB_USER=  # Database username (should match MARIADB_USER in MariaDB) [REQUIRED]
+DB_PASSWD=  # Database password (should match MARIADB_PASSWORD in MariaDB) [REQUIRED]
+DB_ROOT_PASSWD=  # Database root user password (only used by the bundled MariaDB container)
+DB_QUERY_JSON=  # Extra query parameters for the database connection, as JSON

-# Mobygames
-MOBYGAMES_API_KEY=
-
-# Screenscraper
-SCREENSCRAPER_USER=
-SCREENSCRAPER_PASSWORD=
-
-# SteamGridDB
-STEAMGRIDDB_API_KEY=
-
-# RetroAchievements
-RETROACHIEVEMENTS_API_KEY=
-
-# Playmatch
-PLAYMATCH_API_ENABLED=
-
-# LaunchBox
-LAUNCHBOX_API_ENABLED=
-
-# Hasheous
-HASHEOUS_API_ENABLED=
-
-# Flashpoint Project
-FLASHPOINT_API_ENABLED=
-
-# HowLongToBeat
-HLTB_API_ENABLED=
-
-# TheGamesDB
-TGDB_API_ENABLED=
-
-# Database config
-ROMM_DB_DRIVER=mariadb
-DB_HOST=127.0.0.1
-DB_PORT=3306
-DB_NAME=romm
-DB_USER=romm
-DB_PASSWD=
-DB_ROOT_PASSWD=
-
-# Redis config
-REDIS_HOST=127.0.0.1
-REDIS_PORT=6379
-
-
-# Authentik
-POSTGRES_DB=authentik
-POSTGRES_USER=authentik
-POSTGRES_PASSWORD=authentik
-AUTHENTIK_SECRET_KEY=
-AUTHENTIK_BOOTSTRAP_PASSWORD=
+# Redis/Valkey
+REDIS_HOST=127.0.0.1  # Host name of the Redis/Valkey instance
+REDIS_PORT=6379  # Port number of the Redis/Valkey instance
+REDIS_USERNAME=  # Username for the Redis/Valkey instance
+REDIS_PASSWORD=  # Password for the Redis/Valkey instance
+REDIS_DB=0  # Database number for the Redis/Valkey instance
+REDIS_SSL=false  # Enable SSL (rediss://) for the Redis/Valkey connection

 # Authentication
-ROMM_AUTH_SECRET_KEY=
-OAUTH_ACCESS_TOKEN_EXPIRE_SECONDS=
-OAUTH_REFRESH_TOKEN_EXPIRE_SECONDS=
-SESSION_MAX_AGE_SECONDS=
-# Disable auth on download endpoint for 3rd party support
-DISABLE_DOWNLOAD_ENDPOINT_AUTH=
-# Disable CSRF protection for development and testing purposes
-DISABLE_CSRF_PROTECTION=
-# Disable username + passsword login when using OIDC login
-DISABLE_USERPASS_LOGIN=
-DISABLE_SETUP_WIZARD=
-INVITE_TOKEN_EXPIRY_SECONDS=600
+ROMM_AUTH_SECRET_KEY=  # App secret, generate with `openssl rand -hex 32` [REQUIRED]
+OAUTH_ACCESS_TOKEN_EXPIRE_SECONDS=1800  # Access token lifetime in seconds
+OAUTH_REFRESH_TOKEN_EXPIRE_SECONDS=604800  # Refresh token lifetime in seconds
+SESSION_MAX_AGE_SECONDS=1209600  # Maximum age of a session in seconds
+INVITE_TOKEN_EXPIRY_SECONDS=600  # Invite token lifetime in seconds
+DISABLE_DOWNLOAD_ENDPOINT_AUTH=false  # Disable auth on the download endpoint for WebRcade/Tinfoil
+DISABLE_CSRF_PROTECTION=false  # Disable CSRF protection (not recommended)
+DISABLE_USERPASS_LOGIN=false  # Disable username/password login when using OIDC
+DISABLE_SETUP_WIZARD=false  # Skip the first-boot setup wizard

-# OpenID Connect (Authentik, Authelia, etc.)
-OIDC_ENABLED=
-OIDC_AUTOLOGIN=
-OIDC_PROVIDER=
-OIDC_CLIENT_ID=
-OIDC_CLIENT_SECRET=
-OIDC_REDIRECT_URI=
-OIDC_SERVER_APPLICATION_URL=
-OIDC_SERVER_METADATA_URL=
-OIDC_CLAIM_ROLES=
-OIDC_ROLE_VIEWER=
-OIDC_ROLE_EDITOR=
-OIDC_ROLE_ADMIN=
-OIDC_TLS_CACERTFILE=
-OIDC_USERNAME_ATTRIBUTE=preferred_username
-OIDC_RP_INITIATED_LOGOUT=
-OIDC_END_SESSION_ENDPOINT=
+# OpenID Connect
+OIDC_ENABLED=false  # Enable OpenID Connect authentication
+OIDC_AUTOLOGIN=false  # Skip the OIDC button on the login page and auto-redirect
+OIDC_PROVIDER=  # Name of the OIDC provider in use
+OIDC_CLIENT_ID=  # Client ID for OIDC authentication
+OIDC_CLIENT_SECRET=  # Client secret for OIDC authentication
+OIDC_REDIRECT_URI=  # Absolute redirect URI for OIDC authentication
+OIDC_SERVER_APPLICATION_URL=  # Absolute URL of the OIDC server application
+OIDC_SERVER_METADATA_URL=  # URL to the OIDC provider metadata endpoint
+OIDC_CLAIM_ROLES=  # OIDC claim containing user roles
+OIDC_ROLE_VIEWER=  # Role value mapping to viewer permissions
+OIDC_ROLE_EDITOR=  # Role value mapping to editor permissions
+OIDC_ROLE_ADMIN=  # Role value mapping to admin permissions
+OIDC_TLS_CACERTFILE=  # Path to file containing trusted CA certificates
+OIDC_USERNAME_ATTRIBUTE=preferred_username  # Attribute on OIDC user info used as the username
+OIDC_RP_INITIATED_LOGOUT=false  # Enable RP-initiated logout flow
+OIDC_END_SESSION_ENDPOINT=  # OIDC end-session endpoint override URL

-# Filesystem watcher (optional)
-ENABLE_RESCAN_ON_FILESYSTEM_CHANGE=true
-RESCAN_ON_FILESYSTEM_CHANGE_DELAY=5
+# Metadata Providers
+IGDB_CLIENT_ID=  # Client ID for the IGDB API
+IGDB_CLIENT_SECRET=  # Client secret for the IGDB API
+MOBYGAMES_API_KEY=  # MobyGames secret API key
+SCREENSCRAPER_USER=  # Screenscraper username
+SCREENSCRAPER_PASSWORD=  # Screenscraper password
+STEAMGRIDDB_API_KEY=  # SteamGridDB secret API key
+RETROACHIEVEMENTS_API_KEY=  # RetroAchievements secret API key
+REFRESH_RETROACHIEVEMENTS_CACHE_DAYS=30  # RetroAchievements metadata cache refresh interval in days
+PLAYMATCH_API_ENABLED=false  # Enable PlayMatch API integration
+LAUNCHBOX_API_ENABLED=false  # Enable LaunchBox API integration
+HASHEOUS_API_ENABLED=false  # Enable Hasheous API integration
+FLASHPOINT_API_ENABLED=false  # Enable Flashpoint API integration
+HLTB_API_ENABLED=false  # Enable HowLongToBeat API integration
+TGDB_API_ENABLED=false  # Enable TheGamesDB API integration

-# Tasks (optional)
-TASK_TIMEOUT=300
-TASK_RESULT_TTL=86400
-SEVEN_ZIP_TIMEOUT=60
-ENABLE_SCHEDULED_RESCAN=true
-SCHEDULED_RESCAN_CRON=0 3 * * *
-ENABLE_SCHEDULED_UPDATE_SWITCH_TITLEDB=true
-SCHEDULED_UPDATE_SWITCH_TITLEDB_CRON=0 4 * * *
-ENABLE_SCHEDULED_UPDATE_LAUNCHBOX_METADATA=true
-SCHEDULED_UPDATE_LAUNCHBOX_METADATA_CRON=0 4 * * *
-ENABLE_SCHEDULED_CONVERT_IMAGES_TO_WEBP=true
-SCHEDULED_CONVERT_IMAGES_TO_WEBP_CRON=0 4 * * *
-ENABLE_SCHEDULED_RETROACHIEVEMENTS_PROGRESS_SYNC=true
-SCHEDULED_RETROACHIEVEMENTS_PROGRESS_SYNC_CRON=0 4 * * *
-REFRESH_RETROACHIEVEMENTS_CACHE_DAYS=30
+# Scans & Tasks
+SCAN_TIMEOUT=14400  # Timeout for background scan/rescan tasks in seconds
+SCAN_WORKERS=1  # Number of worker processes for scanning tasks
+TASK_TIMEOUT=300  # Timeout for other background tasks in seconds
+TASK_RESULT_TTL=86400  # How long to keep task results in Valkey in seconds
+SEVEN_ZIP_TIMEOUT=60  # Timeout for 7-Zip operations in seconds
+ENABLE_RESCAN_ON_FILESYSTEM_CHANGE=false  # Re-scan the library automatically when the filesystem changes
+RESCAN_ON_FILESYSTEM_CHANGE_DELAY=5  # Delay in minutes before re-scanning after a filesystem change
+ENABLE_SCHEDULED_RESCAN=false  # Enable scheduled library re-scans
+SCHEDULED_RESCAN_CRON=0 3 * * *  # Cron expression for scheduled re-scans
+ENABLE_SCHEDULED_UPDATE_SWITCH_TITLEDB=false  # Enable scheduled Switch TitleDB index updates
+SCHEDULED_UPDATE_SWITCH_TITLEDB_CRON=0 4 * * *  # Cron expression for scheduled Switch TitleDB updates
+ENABLE_SCHEDULED_UPDATE_LAUNCHBOX_METADATA=false  # Enable scheduled LaunchBox metadata updates
+SCHEDULED_UPDATE_LAUNCHBOX_METADATA_CRON=0 4 * * *  # Cron expression for scheduled LaunchBox metadata updates
+ENABLE_SCHEDULED_CONVERT_IMAGES_TO_WEBP=false  # Enable scheduled conversion of images to WebP
+SCHEDULED_CONVERT_IMAGES_TO_WEBP_CRON=0 4 * * *  # Cron expression for scheduled WebP conversion
+ENABLE_SCHEDULED_RETROACHIEVEMENTS_PROGRESS_SYNC=false  # Enable scheduled RetroAchievements progress sync
+SCHEDULED_RETROACHIEVEMENTS_PROGRESS_SYNC_CRON=0 4 * * *  # Cron expression for scheduled RetroAchievements sync

-# In-browser emulation
-DISABLE_EMULATOR_JS=false
-DISABLE_RUFFLE_RS=false
+# Sync
+SYNC_BASE_PATH=  # Base folder for sync state (defaults to $ROMM_BASE_PATH/sync)
+ENABLE_SYNC_FOLDER_WATCHER=false  # Watch the sync folder and trigger scans on change
+SYNC_FOLDER_SCAN_DELAY=2  # Delay in minutes before scanning after a sync folder change
+ENABLE_SYNC_PUSH_PULL=false  # Enable scheduled sync push/pull
+SYNC_PUSH_PULL_CRON=*/30 * * * *  # Cron expression for scheduled sync push/pull
+SYNC_SSH_KEYS_PATH=  # Path to SSH keys for sync remotes (defaults to $ROMM_BASE_PATH/sync/keys)
+SYNC_SSH_KNOWN_HOSTS_PATH=  # Path to SSH known_hosts (defaults to $ROMM_BASE_PATH/sync/known_hosts)

-# YouTube alternatives (Piped, Invidious, etc.)
-YOUTUBE_BASE_URL=https://www.youtube.com
+# Emulation
+DISABLE_EMULATOR_JS=false  # Disable in-browser play via EmulatorJS
+DISABLE_RUFFLE_RS=false  # Disable in-browser Flash playback via RuffleRS

-# Switch Tinfoil
-TINFOIL_WELCOME_MESSAGE="RomM Switch Library"
+# Integrations
+YOUTUBE_BASE_URL=https://www.youtube.com  # Base URL for alternate YouTube frontends (Piped, Invidious, etc.)
+TINFOIL_WELCOME_MESSAGE="RomM Switch Library"  # Welcome message shown in Tinfoil Switch clients

 # Logging
-LOGLEVEL=DEBUG
-FORCE_COLOR=
-NO_COLOR=
+LOGLEVEL=INFO  # Application log level
+FORCE_COLOR=false  # Force colored log output
+NO_COLOR=false  # Disable colored log output

-# Web server (optional)
-# Workers -> (2 × CPU cores) + 1
-WEB_SERVER_CONCURRENCY=2
-WEB_SERVER_TIMEOUT=300
-WEB_SERVER_KEEPALIVE=2
-WEB_SERVER_MAX_REQUESTS=1000
-WEB_SERVER_MAX_REQUESTS_JITTER=100
-WEB_SERVER_WORKER_CONNECTIONS=1000
-WEB_SERVER_GUNICORN_WAIT_SECONDS=30
-IPV4_ONLY=false
+# Web Server
+WEB_SERVER_CONCURRENCY=1  # Number of worker processes (recommended: 2 × CPU cores + 1)
+WEB_SERVER_TIMEOUT=300  # Timeout for web server requests in seconds
+WEB_SERVER_KEEPALIVE=2  # Keep-Alive connection wait time in seconds
+WEB_SERVER_MAX_REQUESTS=1000  # Maximum requests a worker processes before restarting
+WEB_SERVER_MAX_REQUESTS_JITTER=100  # Random jitter added to max requests value
+WEB_SERVER_WORKER_CONNECTIONS=1000  # Maximum simultaneous clients per worker process
+WEB_SERVER_GUNICORN_WAIT_SECONDS=30  # Seconds to wait for Gunicorn to start before giving up
+IPV4_ONLY=false  # Bind only to IPv4

-# Redis Workers
-SCAN_TIMEOUT=
-SCAN_WORKERS=
+# Proxy
+HTTP_PROXY=  # HTTP proxy URL for outbound requests
+HTTPS_PROXY=  # HTTPS proxy URL for outbound requests
+NO_PROXY=  # Comma-separated list of hosts to bypass the proxy

-# Development only
-DEV_MODE=true
-DEV_HOST=127.0.0.1
-DEV_PORT=5000
-DEV_HTTPS=false
-DEV_SQL_ECHO=false
-SENTRY_DSN=
+# Observability
+SENTRY_DSN=  # DSN for Sentry error tracking
+
+# Development
+DEV_MODE=false  # Enable development mode (debugging, hot-reloading)
+DEV_HOST=127.0.0.1  # Host for the development server
+DEV_PORT=5000  # Port for the development server
+DEV_HTTPS=false  # Enable HTTPS in the development server
+DEV_SQL_ECHO=false  # Log all SQL queries in development mode
+POSTGRES_DB=authentik  # Postgres database name for the Authentik dev stack
+POSTGRES_USER=authentik  # Postgres user for the Authentik dev stack
+POSTGRES_PASSWORD=authentik  # Postgres password for the Authentik dev stack
+AUTHENTIK_SECRET_KEY=  # Authentik secret key
+AUTHENTIK_BOOTSTRAP_PASSWORD=  # Initial Authentik admin bootstrap password