refactor env.tempalte

2026-04-23 06:54:40 +00:00 · 2026-04-18 16:18:46 -04:00
parent 2000a6c440
commit e228683191
1 changed files with 125 additions and 134 deletions
@@ -1,149 +1,140 @@
-ROMM_BASE_PATH=/path/to/romm_mock
+# Core Application
-ROMM_TMP_PATH=
+ROMM_BASE_PATH=/romm  # Base folder path for library, resources and assets
-KIOSK_MODE=false
+ROMM_TMP_PATH=  # Custom temporary directory path
 ROMM_BASE_URL=http://0.0.0.0  # Base URL used when rendering container log links
 ROMM_PORT=8080  # Port on which the application listens
 KIOSK_MODE=false  # Read-only mode for public displays or kiosks
-# IGDB credentials
+# Database
-IGDB_CLIENT_ID=
+ROMM_DB_DRIVER=mariadb  # Database driver to use (mariadb, mysql, postgresql)
-IGDB_CLIENT_SECRET=
+DB_HOST=  # Host name of the database instance [REQUIRED]
 DB_PORT=3306  # Port number of the database instance
 DB_NAME=romm  # Database name (should match MYSQL_DATABASE in MariaDB)
 DB_USER=  # Database username (should match MARIADB_USER in MariaDB) [REQUIRED]
 DB_PASSWD=  # Database password (should match MARIADB_PASSWORD in MariaDB) [REQUIRED]
 DB_ROOT_PASSWD=  # Database root user password (only used by the bundled MariaDB container)
 DB_QUERY_JSON=  # Extra query parameters for the database connection, as JSON
-# Mobygames
+# Redis/Valkey
-MOBYGAMES_API_KEY=
+REDIS_HOST=127.0.0.1  # Host name of the Redis/Valkey instance
-
+REDIS_PORT=6379  # Port number of the Redis/Valkey instance
-# Screenscraper
+REDIS_USERNAME=  # Username for the Redis/Valkey instance
-SCREENSCRAPER_USER=
+REDIS_PASSWORD=  # Password for the Redis/Valkey instance
-SCREENSCRAPER_PASSWORD=
+REDIS_DB=0  # Database number for the Redis/Valkey instance
-
+REDIS_SSL=false  # Enable SSL (rediss://) for the Redis/Valkey connection
 # SteamGridDB
 STEAMGRIDDB_API_KEY=
 # RetroAchievements
 RETROACHIEVEMENTS_API_KEY=
 # Playmatch
 PLAYMATCH_API_ENABLED=
 # LaunchBox
 LAUNCHBOX_API_ENABLED=
 # Hasheous
 HASHEOUS_API_ENABLED=
 # Flashpoint Project
 FLASHPOINT_API_ENABLED=
 # HowLongToBeat
 HLTB_API_ENABLED=
 # TheGamesDB
 TGDB_API_ENABLED=
 # Database config
 ROMM_DB_DRIVER=mariadb
 DB_HOST=127.0.0.1
 DB_PORT=3306
 DB_NAME=romm
 DB_USER=romm
 DB_PASSWD=
 DB_ROOT_PASSWD=
 # Redis config
 REDIS_HOST=127.0.0.1
 REDIS_PORT=6379
 # Authentik
 POSTGRES_DB=authentik
 POSTGRES_USER=authentik
 POSTGRES_PASSWORD=authentik
 AUTHENTIK_SECRET_KEY=
 AUTHENTIK_BOOTSTRAP_PASSWORD=
 # Authentication
-ROMM_AUTH_SECRET_KEY=
+ROMM_AUTH_SECRET_KEY=  # App secret, generate with `openssl rand -hex 32` [REQUIRED]
-OAUTH_ACCESS_TOKEN_EXPIRE_SECONDS=
+OAUTH_ACCESS_TOKEN_EXPIRE_SECONDS=1800  # Access token lifetime in seconds
-OAUTH_REFRESH_TOKEN_EXPIRE_SECONDS=
+OAUTH_REFRESH_TOKEN_EXPIRE_SECONDS=604800  # Refresh token lifetime in seconds
-SESSION_MAX_AGE_SECONDS=
+SESSION_MAX_AGE_SECONDS=1209600  # Maximum age of a session in seconds
-# Disable auth on download endpoint for 3rd party support
+INVITE_TOKEN_EXPIRY_SECONDS=600  # Invite token lifetime in seconds
-DISABLE_DOWNLOAD_ENDPOINT_AUTH=
+DISABLE_DOWNLOAD_ENDPOINT_AUTH=false  # Disable auth on the download endpoint for WebRcade/Tinfoil
-# Disable CSRF protection for development and testing purposes
+DISABLE_CSRF_PROTECTION=false  # Disable CSRF protection (not recommended)
-DISABLE_CSRF_PROTECTION=
+DISABLE_USERPASS_LOGIN=false  # Disable username/password login when using OIDC
-# Disable username + passsword login when using OIDC login
+DISABLE_SETUP_WIZARD=false  # Skip the first-boot setup wizard
 DISABLE_USERPASS_LOGIN=
 DISABLE_SETUP_WIZARD=
 INVITE_TOKEN_EXPIRY_SECONDS=600
-# OpenID Connect (Authentik, Authelia, etc.)
+# OpenID Connect
-OIDC_ENABLED=
+OIDC_ENABLED=false  # Enable OpenID Connect authentication
-OIDC_AUTOLOGIN=
+OIDC_AUTOLOGIN=false  # Skip the OIDC button on the login page and auto-redirect
-OIDC_PROVIDER=
+OIDC_PROVIDER=  # Name of the OIDC provider in use
-OIDC_CLIENT_ID=
+OIDC_CLIENT_ID=  # Client ID for OIDC authentication
-OIDC_CLIENT_SECRET=
+OIDC_CLIENT_SECRET=  # Client secret for OIDC authentication
-OIDC_REDIRECT_URI=
+OIDC_REDIRECT_URI=  # Absolute redirect URI for OIDC authentication
-OIDC_SERVER_APPLICATION_URL=
+OIDC_SERVER_APPLICATION_URL=  # Absolute URL of the OIDC server application
-OIDC_SERVER_METADATA_URL=
+OIDC_SERVER_METADATA_URL=  # URL to the OIDC provider metadata endpoint
-OIDC_CLAIM_ROLES=
+OIDC_CLAIM_ROLES=  # OIDC claim containing user roles
-OIDC_ROLE_VIEWER=
+OIDC_ROLE_VIEWER=  # Role value mapping to viewer permissions
-OIDC_ROLE_EDITOR=
+OIDC_ROLE_EDITOR=  # Role value mapping to editor permissions
-OIDC_ROLE_ADMIN=
+OIDC_ROLE_ADMIN=  # Role value mapping to admin permissions
-OIDC_TLS_CACERTFILE=
+OIDC_TLS_CACERTFILE=  # Path to file containing trusted CA certificates
-OIDC_USERNAME_ATTRIBUTE=preferred_username
+OIDC_USERNAME_ATTRIBUTE=preferred_username  # Attribute on OIDC user info used as the username
-OIDC_RP_INITIATED_LOGOUT=
+OIDC_RP_INITIATED_LOGOUT=false  # Enable RP-initiated logout flow
-OIDC_END_SESSION_ENDPOINT=
+OIDC_END_SESSION_ENDPOINT=  # OIDC end-session endpoint override URL
-# Filesystem watcher (optional)
+# Metadata Providers
-ENABLE_RESCAN_ON_FILESYSTEM_CHANGE=true
+IGDB_CLIENT_ID=  # Client ID for the IGDB API
-RESCAN_ON_FILESYSTEM_CHANGE_DELAY=5
+IGDB_CLIENT_SECRET=  # Client secret for the IGDB API
 MOBYGAMES_API_KEY=  # MobyGames secret API key
 SCREENSCRAPER_USER=  # Screenscraper username
 SCREENSCRAPER_PASSWORD=  # Screenscraper password
 STEAMGRIDDB_API_KEY=  # SteamGridDB secret API key
 RETROACHIEVEMENTS_API_KEY=  # RetroAchievements secret API key
 REFRESH_RETROACHIEVEMENTS_CACHE_DAYS=30  # RetroAchievements metadata cache refresh interval in days
 PLAYMATCH_API_ENABLED=false  # Enable PlayMatch API integration
 LAUNCHBOX_API_ENABLED=false  # Enable LaunchBox API integration
 HASHEOUS_API_ENABLED=false  # Enable Hasheous API integration
 FLASHPOINT_API_ENABLED=false  # Enable Flashpoint API integration
 HLTB_API_ENABLED=false  # Enable HowLongToBeat API integration
 TGDB_API_ENABLED=false  # Enable TheGamesDB API integration
-# Tasks (optional)
+# Scans & Tasks
-TASK_TIMEOUT=300
+SCAN_TIMEOUT=14400  # Timeout for background scan/rescan tasks in seconds
-TASK_RESULT_TTL=86400
+SCAN_WORKERS=1  # Number of worker processes for scanning tasks
-SEVEN_ZIP_TIMEOUT=60
+TASK_TIMEOUT=300  # Timeout for other background tasks in seconds
-ENABLE_SCHEDULED_RESCAN=true
+TASK_RESULT_TTL=86400  # How long to keep task results in Valkey in seconds
-SCHEDULED_RESCAN_CRON=0 3 * * *
+SEVEN_ZIP_TIMEOUT=60  # Timeout for 7-Zip operations in seconds
-ENABLE_SCHEDULED_UPDATE_SWITCH_TITLEDB=true
+ENABLE_RESCAN_ON_FILESYSTEM_CHANGE=false  # Re-scan the library automatically when the filesystem changes
-SCHEDULED_UPDATE_SWITCH_TITLEDB_CRON=0 4 * * *
+RESCAN_ON_FILESYSTEM_CHANGE_DELAY=5  # Delay in minutes before re-scanning after a filesystem change
-ENABLE_SCHEDULED_UPDATE_LAUNCHBOX_METADATA=true
+ENABLE_SCHEDULED_RESCAN=false  # Enable scheduled library re-scans
-SCHEDULED_UPDATE_LAUNCHBOX_METADATA_CRON=0 4 * * *
+SCHEDULED_RESCAN_CRON=0 3 * * *  # Cron expression for scheduled re-scans
-ENABLE_SCHEDULED_CONVERT_IMAGES_TO_WEBP=true
+ENABLE_SCHEDULED_UPDATE_SWITCH_TITLEDB=false  # Enable scheduled Switch TitleDB index updates
-SCHEDULED_CONVERT_IMAGES_TO_WEBP_CRON=0 4 * * *
+SCHEDULED_UPDATE_SWITCH_TITLEDB_CRON=0 4 * * *  # Cron expression for scheduled Switch TitleDB updates
-ENABLE_SCHEDULED_RETROACHIEVEMENTS_PROGRESS_SYNC=true
+ENABLE_SCHEDULED_UPDATE_LAUNCHBOX_METADATA=false  # Enable scheduled LaunchBox metadata updates
-SCHEDULED_RETROACHIEVEMENTS_PROGRESS_SYNC_CRON=0 4 * * *
+SCHEDULED_UPDATE_LAUNCHBOX_METADATA_CRON=0 4 * * *  # Cron expression for scheduled LaunchBox metadata updates
-REFRESH_RETROACHIEVEMENTS_CACHE_DAYS=30
+ENABLE_SCHEDULED_CONVERT_IMAGES_TO_WEBP=false  # Enable scheduled conversion of images to WebP
 SCHEDULED_CONVERT_IMAGES_TO_WEBP_CRON=0 4 * * *  # Cron expression for scheduled WebP conversion
 ENABLE_SCHEDULED_RETROACHIEVEMENTS_PROGRESS_SYNC=false  # Enable scheduled RetroAchievements progress sync
 SCHEDULED_RETROACHIEVEMENTS_PROGRESS_SYNC_CRON=0 4 * * *  # Cron expression for scheduled RetroAchievements sync
-# In-browser emulation
+# Sync
-DISABLE_EMULATOR_JS=false
+SYNC_BASE_PATH=  # Base folder for sync state (defaults to $ROMM_BASE_PATH/sync)
-DISABLE_RUFFLE_RS=false
+ENABLE_SYNC_FOLDER_WATCHER=false  # Watch the sync folder and trigger scans on change
 SYNC_FOLDER_SCAN_DELAY=2  # Delay in minutes before scanning after a sync folder change
 ENABLE_SYNC_PUSH_PULL=false  # Enable scheduled sync push/pull
 SYNC_PUSH_PULL_CRON=*/30 * * * *  # Cron expression for scheduled sync push/pull
 SYNC_SSH_KEYS_PATH=  # Path to SSH keys for sync remotes (defaults to $ROMM_BASE_PATH/sync/keys)
 SYNC_SSH_KNOWN_HOSTS_PATH=  # Path to SSH known_hosts (defaults to $ROMM_BASE_PATH/sync/known_hosts)
-# YouTube alternatives (Piped, Invidious, etc.)
+# Emulation
-YOUTUBE_BASE_URL=https://www.youtube.com
+DISABLE_EMULATOR_JS=false  # Disable in-browser play via EmulatorJS
 DISABLE_RUFFLE_RS=false  # Disable in-browser Flash playback via RuffleRS
-# Switch Tinfoil
+# Integrations
-TINFOIL_WELCOME_MESSAGE="RomM Switch Library"
+YOUTUBE_BASE_URL=https://www.youtube.com  # Base URL for alternate YouTube frontends (Piped, Invidious, etc.)
 TINFOIL_WELCOME_MESSAGE="RomM Switch Library"  # Welcome message shown in Tinfoil Switch clients
 # Logging
-LOGLEVEL=DEBUG
+LOGLEVEL=INFO  # Application log level
-FORCE_COLOR=
+FORCE_COLOR=false  # Force colored log output
-NO_COLOR=
+NO_COLOR=false  # Disable colored log output
-# Web server (optional)
+# Web Server
-# Workers -> (2 × CPU cores) + 1
+WEB_SERVER_CONCURRENCY=1  # Number of worker processes (recommended: 2 × CPU cores + 1)
-WEB_SERVER_CONCURRENCY=2
+WEB_SERVER_TIMEOUT=300  # Timeout for web server requests in seconds
-WEB_SERVER_TIMEOUT=300
+WEB_SERVER_KEEPALIVE=2  # Keep-Alive connection wait time in seconds
-WEB_SERVER_KEEPALIVE=2
+WEB_SERVER_MAX_REQUESTS=1000  # Maximum requests a worker processes before restarting
-WEB_SERVER_MAX_REQUESTS=1000
+WEB_SERVER_MAX_REQUESTS_JITTER=100  # Random jitter added to max requests value
-WEB_SERVER_MAX_REQUESTS_JITTER=100
+WEB_SERVER_WORKER_CONNECTIONS=1000  # Maximum simultaneous clients per worker process
-WEB_SERVER_WORKER_CONNECTIONS=1000
+WEB_SERVER_GUNICORN_WAIT_SECONDS=30  # Seconds to wait for Gunicorn to start before giving up
-WEB_SERVER_GUNICORN_WAIT_SECONDS=30
+IPV4_ONLY=false  # Bind only to IPv4
 IPV4_ONLY=false
-# Redis Workers
+# Proxy
-SCAN_TIMEOUT=
+HTTP_PROXY=  # HTTP proxy URL for outbound requests
-SCAN_WORKERS=
+HTTPS_PROXY=  # HTTPS proxy URL for outbound requests
 NO_PROXY=  # Comma-separated list of hosts to bypass the proxy
-# Development only
+# Observability
-DEV_MODE=true
+SENTRY_DSN=  # DSN for Sentry error tracking
-DEV_HOST=127.0.0.1
+
-DEV_PORT=5000
+# Development
-DEV_HTTPS=false
+DEV_MODE=false  # Enable development mode (debugging, hot-reloading)
-DEV_SQL_ECHO=false
+DEV_HOST=127.0.0.1  # Host for the development server
-SENTRY_DSN=
+DEV_PORT=5000  # Port for the development server
 DEV_HTTPS=false  # Enable HTTPS in the development server
 DEV_SQL_ECHO=false  # Log all SQL queries in development mode
 POSTGRES_DB=authentik  # Postgres database name for the Authentik dev stack
 POSTGRES_USER=authentik  # Postgres user for the Authentik dev stack
 POSTGRES_PASSWORD=authentik  # Postgres password for the Authentik dev stack
 AUTHENTIK_SECRET_KEY=  # Authentik secret key
 AUTHENTIK_BOOTSTRAP_PASSWORD=  # Initial Authentik admin bootstrap password