From e228683191fc26264cee26e18e8f3687ea0e3443 Mon Sep 17 00:00:00 2001 From: Georges-Antoine Assi Date: Sat, 18 Apr 2026 16:18:46 -0400 Subject: [PATCH] refactor env.tempalte --- env.template | 259 +++++++++++++++++++++++++-------------------------- 1 file changed, 125 insertions(+), 134 deletions(-) diff --git a/env.template b/env.template index d1361af9b..7baa37177 100644 --- a/env.template +++ b/env.template @@ -1,149 +1,140 @@ -ROMM_BASE_PATH=/path/to/romm_mock -ROMM_TMP_PATH= -KIOSK_MODE=false +# Core Application +ROMM_BASE_PATH=/romm # Base folder path for library, resources and assets +ROMM_TMP_PATH= # Custom temporary directory path +ROMM_BASE_URL=http://0.0.0.0 # Base URL used when rendering container log links +ROMM_PORT=8080 # Port on which the application listens +KIOSK_MODE=false # Read-only mode for public displays or kiosks -# IGDB credentials -IGDB_CLIENT_ID= -IGDB_CLIENT_SECRET= +# Database +ROMM_DB_DRIVER=mariadb # Database driver to use (mariadb, mysql, postgresql) +DB_HOST= # Host name of the database instance [REQUIRED] +DB_PORT=3306 # Port number of the database instance +DB_NAME=romm # Database name (should match MYSQL_DATABASE in MariaDB) +DB_USER= # Database username (should match MARIADB_USER in MariaDB) [REQUIRED] +DB_PASSWD= # Database password (should match MARIADB_PASSWORD in MariaDB) [REQUIRED] +DB_ROOT_PASSWD= # Database root user password (only used by the bundled MariaDB container) +DB_QUERY_JSON= # Extra query parameters for the database connection, as JSON -# Mobygames -MOBYGAMES_API_KEY= - -# Screenscraper -SCREENSCRAPER_USER= -SCREENSCRAPER_PASSWORD= - -# SteamGridDB -STEAMGRIDDB_API_KEY= - -# RetroAchievements -RETROACHIEVEMENTS_API_KEY= - -# Playmatch -PLAYMATCH_API_ENABLED= - -# LaunchBox -LAUNCHBOX_API_ENABLED= - -# Hasheous -HASHEOUS_API_ENABLED= - -# Flashpoint Project -FLASHPOINT_API_ENABLED= - -# HowLongToBeat -HLTB_API_ENABLED= - -# TheGamesDB -TGDB_API_ENABLED= - -# Database config -ROMM_DB_DRIVER=mariadb -DB_HOST=127.0.0.1 -DB_PORT=3306 -DB_NAME=romm -DB_USER=romm -DB_PASSWD= -DB_ROOT_PASSWD= - -# Redis config -REDIS_HOST=127.0.0.1 -REDIS_PORT=6379 - - -# Authentik -POSTGRES_DB=authentik -POSTGRES_USER=authentik -POSTGRES_PASSWORD=authentik -AUTHENTIK_SECRET_KEY= -AUTHENTIK_BOOTSTRAP_PASSWORD= +# Redis/Valkey +REDIS_HOST=127.0.0.1 # Host name of the Redis/Valkey instance +REDIS_PORT=6379 # Port number of the Redis/Valkey instance +REDIS_USERNAME= # Username for the Redis/Valkey instance +REDIS_PASSWORD= # Password for the Redis/Valkey instance +REDIS_DB=0 # Database number for the Redis/Valkey instance +REDIS_SSL=false # Enable SSL (rediss://) for the Redis/Valkey connection # Authentication -ROMM_AUTH_SECRET_KEY= -OAUTH_ACCESS_TOKEN_EXPIRE_SECONDS= -OAUTH_REFRESH_TOKEN_EXPIRE_SECONDS= -SESSION_MAX_AGE_SECONDS= -# Disable auth on download endpoint for 3rd party support -DISABLE_DOWNLOAD_ENDPOINT_AUTH= -# Disable CSRF protection for development and testing purposes -DISABLE_CSRF_PROTECTION= -# Disable username + passsword login when using OIDC login -DISABLE_USERPASS_LOGIN= -DISABLE_SETUP_WIZARD= -INVITE_TOKEN_EXPIRY_SECONDS=600 +ROMM_AUTH_SECRET_KEY= # App secret, generate with `openssl rand -hex 32` [REQUIRED] +OAUTH_ACCESS_TOKEN_EXPIRE_SECONDS=1800 # Access token lifetime in seconds +OAUTH_REFRESH_TOKEN_EXPIRE_SECONDS=604800 # Refresh token lifetime in seconds +SESSION_MAX_AGE_SECONDS=1209600 # Maximum age of a session in seconds +INVITE_TOKEN_EXPIRY_SECONDS=600 # Invite token lifetime in seconds +DISABLE_DOWNLOAD_ENDPOINT_AUTH=false # Disable auth on the download endpoint for WebRcade/Tinfoil +DISABLE_CSRF_PROTECTION=false # Disable CSRF protection (not recommended) +DISABLE_USERPASS_LOGIN=false # Disable username/password login when using OIDC +DISABLE_SETUP_WIZARD=false # Skip the first-boot setup wizard -# OpenID Connect (Authentik, Authelia, etc.) -OIDC_ENABLED= -OIDC_AUTOLOGIN= -OIDC_PROVIDER= -OIDC_CLIENT_ID= -OIDC_CLIENT_SECRET= -OIDC_REDIRECT_URI= -OIDC_SERVER_APPLICATION_URL= -OIDC_SERVER_METADATA_URL= -OIDC_CLAIM_ROLES= -OIDC_ROLE_VIEWER= -OIDC_ROLE_EDITOR= -OIDC_ROLE_ADMIN= -OIDC_TLS_CACERTFILE= -OIDC_USERNAME_ATTRIBUTE=preferred_username -OIDC_RP_INITIATED_LOGOUT= -OIDC_END_SESSION_ENDPOINT= +# OpenID Connect +OIDC_ENABLED=false # Enable OpenID Connect authentication +OIDC_AUTOLOGIN=false # Skip the OIDC button on the login page and auto-redirect +OIDC_PROVIDER= # Name of the OIDC provider in use +OIDC_CLIENT_ID= # Client ID for OIDC authentication +OIDC_CLIENT_SECRET= # Client secret for OIDC authentication +OIDC_REDIRECT_URI= # Absolute redirect URI for OIDC authentication +OIDC_SERVER_APPLICATION_URL= # Absolute URL of the OIDC server application +OIDC_SERVER_METADATA_URL= # URL to the OIDC provider metadata endpoint +OIDC_CLAIM_ROLES= # OIDC claim containing user roles +OIDC_ROLE_VIEWER= # Role value mapping to viewer permissions +OIDC_ROLE_EDITOR= # Role value mapping to editor permissions +OIDC_ROLE_ADMIN= # Role value mapping to admin permissions +OIDC_TLS_CACERTFILE= # Path to file containing trusted CA certificates +OIDC_USERNAME_ATTRIBUTE=preferred_username # Attribute on OIDC user info used as the username +OIDC_RP_INITIATED_LOGOUT=false # Enable RP-initiated logout flow +OIDC_END_SESSION_ENDPOINT= # OIDC end-session endpoint override URL -# Filesystem watcher (optional) -ENABLE_RESCAN_ON_FILESYSTEM_CHANGE=true -RESCAN_ON_FILESYSTEM_CHANGE_DELAY=5 +# Metadata Providers +IGDB_CLIENT_ID= # Client ID for the IGDB API +IGDB_CLIENT_SECRET= # Client secret for the IGDB API +MOBYGAMES_API_KEY= # MobyGames secret API key +SCREENSCRAPER_USER= # Screenscraper username +SCREENSCRAPER_PASSWORD= # Screenscraper password +STEAMGRIDDB_API_KEY= # SteamGridDB secret API key +RETROACHIEVEMENTS_API_KEY= # RetroAchievements secret API key +REFRESH_RETROACHIEVEMENTS_CACHE_DAYS=30 # RetroAchievements metadata cache refresh interval in days +PLAYMATCH_API_ENABLED=false # Enable PlayMatch API integration +LAUNCHBOX_API_ENABLED=false # Enable LaunchBox API integration +HASHEOUS_API_ENABLED=false # Enable Hasheous API integration +FLASHPOINT_API_ENABLED=false # Enable Flashpoint API integration +HLTB_API_ENABLED=false # Enable HowLongToBeat API integration +TGDB_API_ENABLED=false # Enable TheGamesDB API integration -# Tasks (optional) -TASK_TIMEOUT=300 -TASK_RESULT_TTL=86400 -SEVEN_ZIP_TIMEOUT=60 -ENABLE_SCHEDULED_RESCAN=true -SCHEDULED_RESCAN_CRON=0 3 * * * -ENABLE_SCHEDULED_UPDATE_SWITCH_TITLEDB=true -SCHEDULED_UPDATE_SWITCH_TITLEDB_CRON=0 4 * * * -ENABLE_SCHEDULED_UPDATE_LAUNCHBOX_METADATA=true -SCHEDULED_UPDATE_LAUNCHBOX_METADATA_CRON=0 4 * * * -ENABLE_SCHEDULED_CONVERT_IMAGES_TO_WEBP=true -SCHEDULED_CONVERT_IMAGES_TO_WEBP_CRON=0 4 * * * -ENABLE_SCHEDULED_RETROACHIEVEMENTS_PROGRESS_SYNC=true -SCHEDULED_RETROACHIEVEMENTS_PROGRESS_SYNC_CRON=0 4 * * * -REFRESH_RETROACHIEVEMENTS_CACHE_DAYS=30 +# Scans & Tasks +SCAN_TIMEOUT=14400 # Timeout for background scan/rescan tasks in seconds +SCAN_WORKERS=1 # Number of worker processes for scanning tasks +TASK_TIMEOUT=300 # Timeout for other background tasks in seconds +TASK_RESULT_TTL=86400 # How long to keep task results in Valkey in seconds +SEVEN_ZIP_TIMEOUT=60 # Timeout for 7-Zip operations in seconds +ENABLE_RESCAN_ON_FILESYSTEM_CHANGE=false # Re-scan the library automatically when the filesystem changes +RESCAN_ON_FILESYSTEM_CHANGE_DELAY=5 # Delay in minutes before re-scanning after a filesystem change +ENABLE_SCHEDULED_RESCAN=false # Enable scheduled library re-scans +SCHEDULED_RESCAN_CRON=0 3 * * * # Cron expression for scheduled re-scans +ENABLE_SCHEDULED_UPDATE_SWITCH_TITLEDB=false # Enable scheduled Switch TitleDB index updates +SCHEDULED_UPDATE_SWITCH_TITLEDB_CRON=0 4 * * * # Cron expression for scheduled Switch TitleDB updates +ENABLE_SCHEDULED_UPDATE_LAUNCHBOX_METADATA=false # Enable scheduled LaunchBox metadata updates +SCHEDULED_UPDATE_LAUNCHBOX_METADATA_CRON=0 4 * * * # Cron expression for scheduled LaunchBox metadata updates +ENABLE_SCHEDULED_CONVERT_IMAGES_TO_WEBP=false # Enable scheduled conversion of images to WebP +SCHEDULED_CONVERT_IMAGES_TO_WEBP_CRON=0 4 * * * # Cron expression for scheduled WebP conversion +ENABLE_SCHEDULED_RETROACHIEVEMENTS_PROGRESS_SYNC=false # Enable scheduled RetroAchievements progress sync +SCHEDULED_RETROACHIEVEMENTS_PROGRESS_SYNC_CRON=0 4 * * * # Cron expression for scheduled RetroAchievements sync -# In-browser emulation -DISABLE_EMULATOR_JS=false -DISABLE_RUFFLE_RS=false +# Sync +SYNC_BASE_PATH= # Base folder for sync state (defaults to $ROMM_BASE_PATH/sync) +ENABLE_SYNC_FOLDER_WATCHER=false # Watch the sync folder and trigger scans on change +SYNC_FOLDER_SCAN_DELAY=2 # Delay in minutes before scanning after a sync folder change +ENABLE_SYNC_PUSH_PULL=false # Enable scheduled sync push/pull +SYNC_PUSH_PULL_CRON=*/30 * * * * # Cron expression for scheduled sync push/pull +SYNC_SSH_KEYS_PATH= # Path to SSH keys for sync remotes (defaults to $ROMM_BASE_PATH/sync/keys) +SYNC_SSH_KNOWN_HOSTS_PATH= # Path to SSH known_hosts (defaults to $ROMM_BASE_PATH/sync/known_hosts) -# YouTube alternatives (Piped, Invidious, etc.) -YOUTUBE_BASE_URL=https://www.youtube.com +# Emulation +DISABLE_EMULATOR_JS=false # Disable in-browser play via EmulatorJS +DISABLE_RUFFLE_RS=false # Disable in-browser Flash playback via RuffleRS -# Switch Tinfoil -TINFOIL_WELCOME_MESSAGE="RomM Switch Library" +# Integrations +YOUTUBE_BASE_URL=https://www.youtube.com # Base URL for alternate YouTube frontends (Piped, Invidious, etc.) +TINFOIL_WELCOME_MESSAGE="RomM Switch Library" # Welcome message shown in Tinfoil Switch clients # Logging -LOGLEVEL=DEBUG -FORCE_COLOR= -NO_COLOR= +LOGLEVEL=INFO # Application log level +FORCE_COLOR=false # Force colored log output +NO_COLOR=false # Disable colored log output -# Web server (optional) -# Workers -> (2 × CPU cores) + 1 -WEB_SERVER_CONCURRENCY=2 -WEB_SERVER_TIMEOUT=300 -WEB_SERVER_KEEPALIVE=2 -WEB_SERVER_MAX_REQUESTS=1000 -WEB_SERVER_MAX_REQUESTS_JITTER=100 -WEB_SERVER_WORKER_CONNECTIONS=1000 -WEB_SERVER_GUNICORN_WAIT_SECONDS=30 -IPV4_ONLY=false +# Web Server +WEB_SERVER_CONCURRENCY=1 # Number of worker processes (recommended: 2 × CPU cores + 1) +WEB_SERVER_TIMEOUT=300 # Timeout for web server requests in seconds +WEB_SERVER_KEEPALIVE=2 # Keep-Alive connection wait time in seconds +WEB_SERVER_MAX_REQUESTS=1000 # Maximum requests a worker processes before restarting +WEB_SERVER_MAX_REQUESTS_JITTER=100 # Random jitter added to max requests value +WEB_SERVER_WORKER_CONNECTIONS=1000 # Maximum simultaneous clients per worker process +WEB_SERVER_GUNICORN_WAIT_SECONDS=30 # Seconds to wait for Gunicorn to start before giving up +IPV4_ONLY=false # Bind only to IPv4 -# Redis Workers -SCAN_TIMEOUT= -SCAN_WORKERS= +# Proxy +HTTP_PROXY= # HTTP proxy URL for outbound requests +HTTPS_PROXY= # HTTPS proxy URL for outbound requests +NO_PROXY= # Comma-separated list of hosts to bypass the proxy -# Development only -DEV_MODE=true -DEV_HOST=127.0.0.1 -DEV_PORT=5000 -DEV_HTTPS=false -DEV_SQL_ECHO=false -SENTRY_DSN= +# Observability +SENTRY_DSN= # DSN for Sentry error tracking + +# Development +DEV_MODE=false # Enable development mode (debugging, hot-reloading) +DEV_HOST=127.0.0.1 # Host for the development server +DEV_PORT=5000 # Port for the development server +DEV_HTTPS=false # Enable HTTPS in the development server +DEV_SQL_ECHO=false # Log all SQL queries in development mode +POSTGRES_DB=authentik # Postgres database name for the Authentik dev stack +POSTGRES_USER=authentik # Postgres user for the Authentik dev stack +POSTGRES_PASSWORD=authentik # Postgres password for the Authentik dev stack +AUTHENTIK_SECRET_KEY= # Authentik secret key +AUTHENTIK_BOOTSTRAP_PASSWORD= # Initial Authentik admin bootstrap password