-
Notifications
You must be signed in to change notification settings - Fork 4
Expand file tree
/
Copy path.env.multitenant.sample
More file actions
130 lines (101 loc) · 3.83 KB
/
Copy path.env.multitenant.sample
File metadata and controls
130 lines (101 loc) · 3.83 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
# ============================================
# SABHA.CO DEPLOYMENT CONFIGURATION (SaaS Mode)
# ============================================
# Copy this file to .env.multitenant and fill in your values
# Deploy with: kamal deploy -d multitenant
# ============================================
# SERVER CONFIGURATION
# ============================================
# Server IP address
SERVER_IP=YOUR_SERVER_IP
# Domain name
PROXY_HOST=sabha.co
# ============================================
# BRANDING CONFIGURATION
# ============================================
APP_NAME="Sabha"
APP_SHORT_NAME="Sabha"
APP_DESCRIPTION="Community chat powered by Sabha"
APP_HOST="sabha.co"
# Contact & Support
SUPPORT_EMAIL="support@sabha.co"
MAILER_FROM_NAME="Sabha"
MAILER_FROM_EMAIL="noreply@sabha.co"
# Visual Branding (PWA colors)
THEME_COLOR="#1d4ed8"
BACKGROUND_COLOR="#ffffff"
# Analytics (optional — Umami)
# UMAMI_WEBSITE_ID=
# UMAMI_HOST=cloud.umami.is
# Security - Frame ancestors for Content Security Policy
CSP_FRAME_ANCESTORS=
# Cookie domain (IMPORTANT for SaaS mode - enables cross-workspace sessions)
COOKIE_DOMAIN=sabha.co
# ============================================
# UNTENANTED DATABASE (PostgreSQL)
# ============================================
# Managed PostgreSQL connection URL for the shared untenanted database
# Includes host, port, database, credentials, and SSL params in one string
UNTENANTED_DATABASE_URL=postgres://user:password@host:port/database?sslmode=require
# ============================================
# RAILS CORE CONFIGURATION
# ============================================
# Secret Key Base (generate with: rails secret)
SECRET_KEY_BASE=
# ============================================
# NOTIFICATIONS
# ============================================
# VAPID keys for web push notifications
# Generate with: npx web-push generate-vapid-keys
VAPID_PUBLIC_KEY=
VAPID_PRIVATE_KEY=
# ============================================
# EMAIL CONFIGURATION
# ============================================
# Email provider: "resend" (default) or "ses"
EMAIL_PROVIDER=resend
# Resend API key (when EMAIL_PROVIDER=resend)
RESEND_API_KEY=
# AWS SES (when EMAIL_PROVIDER=ses)
AWS_SES_REGION=us-east-1
AWS_SES_ACCESS_KEY_ID=
AWS_SES_SECRET_ACCESS_KEY=
SES_CONFIGURATION_SET=
# Platform kill switch — set to "true" to suppress notification mail
# (missed-notification bundles, weekly digest) across every tenant.
# Transactional auth mail (OTP, password reset, email verification) is NOT
# gated by this and keeps sending. Leave unset for normal operation.
EMAIL_GLOBALLY_DISABLED=
# ============================================
# OPTIONAL FEATURES
# ============================================
# Cloudflare Turnstile CAPTCHA
CLOUDFLARE_TURNSTILE_SITE_KEY=
CLOUDFLARE_TURNSTILE_SECRET_KEY=
# AnyCable (high-performance WebSocket server)
ANYCABLE_ENABLED=true
ANYCABLE_SECRET=
# Cloudflare R2 (S3-compatible storage for workspace backups)
R2_ACCESS_KEY_ID=
R2_SECRET_ACCESS_KEY=
R2_ENDPOINT=https://YOUR_ACCOUNT_ID.r2.cloudflarestorage.com
R2_BUCKET=sabha-backups
# Error tracking (optional - Sentry DSN)
# SENTRY_DSN=
# ============================================
# SSO PROVIDER
# ============================================
# sabha.co is the identity authority. cloud_sabha serves the cloud.sabha.co
# dashboard with an exact host match; managed_sabha serves *.sabha.co customer
# Sabha servers (used only for first-admin AUTO_BOOTSTRAP). Secrets must match
# sso.secret and sso.managed_sabha_secret in sabha_cloud credentials.
SSO_PROVIDER_CLIENTS=cloud_sabha,managed_sabha
SSO_CLOUD_SABHA_RETURN_HOST=cloud.sabha.co
SSO_CLOUD_SABHA_SECRET=
SSO_MANAGED_SABHA_RETURN_HOST=*.sabha.co
SSO_MANAGED_SABHA_SECRET=
# ============================================
# DOCKER REGISTRY
# ============================================
# GitHub Container Registry token
KAMAL_REGISTRY_PASSWORD=