Expand documentation and example env files to explicitly distinguish which environment variables belong in the app/root `.env` versus the `compute/worker/.env*` files when deploying in external worker mode. This clarifies routing/auth settings versus worker runtime configuration, reducing misconfiguration risk.
126 lines
5.6 KiB
Text
126 lines
5.6 KiB
Text
|
|
# Local / OpenAI TTS API Configuration (default)
|
|
# Suggest using https://github.com/remsky/Kokoro-FastAPI
|
|
#
|
|
# NOTE: On first boot, the server auto-seeds these values into a "default-openai"
|
|
# admin-managed shared provider (DB-backed, encrypted at rest). After that, the
|
|
# admin UI is authoritative and changing these env vars has no effect. You may
|
|
# remove them once the seed has run. See Settings → Admin → Shared providers.
|
|
API_BASE=http://localhost:8880/v1
|
|
API_KEY=api_key_optional
|
|
|
|
# (Optional) TTS request/cache tuning (leave unset to use defaults)
|
|
# TTS_CACHE_MAX_SIZE_BYTES=268435456 # 256MB
|
|
# TTS_CACHE_TTL_MS=1800000 # 30 minutes
|
|
# TTS_MAX_RETRIES=2
|
|
# TTS_RETRY_INITIAL_MS=250
|
|
# TTS_RETRY_MAX_MS=2000
|
|
# TTS_RETRY_BACKOFF=2
|
|
# TTS_UPSTREAM_TIMEOUT_MS=285000 # 285 seconds
|
|
|
|
# (Optional) Enable TTS character rate limiting (default is `false`)
|
|
# TTS_ENABLE_RATE_LIMIT=true
|
|
# (Optional) TTS per-user daily limits (leave unset to use defaults)
|
|
# TTS_DAILY_LIMIT_ANONYMOUS=50000
|
|
# TTS_DAILY_LIMIT_AUTHENTICATED=500000
|
|
# (Optional) TTS IP backstop daily limits (leave unset to use defaults)
|
|
# TTS_IP_DAILY_LIMIT_ANONYMOUS=100000
|
|
# TTS_IP_DAILY_LIMIT_AUTHENTICATED=1000000
|
|
|
|
# Auth configuration (recommended for contributors and public instances)
|
|
# (Optional) Auth is only enabled when AUTH_SECRET and BASE_URL are set
|
|
BASE_URL=http://localhost:3003 # Externally facing URL for this app (set to LAN IP for access from other devices on the network)
|
|
AUTH_SECRET=some_random_secret_key # Generate with `openssl rand -hex 32`
|
|
AUTH_TRUSTED_ORIGINS=http://localhost:3003,http://127.0.0.1:3003 # Additional trusted origins (BASE_URL is always trusted)
|
|
# (Optional) Allow anonymous auth sessions when auth is enabled (default: `false`)
|
|
USE_ANONYMOUS_AUTH_SESSIONS=
|
|
# (Optional) Sign in w/ GitHub Configuration
|
|
GITHUB_CLIENT_ID=
|
|
GITHUB_CLIENT_SECRET=
|
|
# (Optional) Disable Better Auth built-in rate limiting (useful for testing)
|
|
DISABLE_AUTH_RATE_LIMIT=
|
|
|
|
# (Optional) Comma-separated list of emails that are auto-promoted to admin.
|
|
# Admins see the "Admin" tab in Settings (TTS shared providers + site features).
|
|
# Demotion is automatic: removing an email here demotes the user on next login.
|
|
# Requires auth to be enabled (AUTH_SECRET + BASE_URL).
|
|
ADMIN_EMAILS=
|
|
|
|
# (Optional) Backend DB used for server-side metadata (documents/audiobooks) and, when auth is enabled, auth tables.
|
|
# Defaults to SQLite at docstore/sqlite3.db when not set.
|
|
POSTGRES_URL=
|
|
|
|
# Embedded SeaweedFS weed mini config
|
|
# (Optional) Enable embedded weed mini for local S3-compatible storage (default: `true`)
|
|
USE_EMBEDDED_WEED_MINI=
|
|
WEED_MINI_DIR=
|
|
WEED_MINI_WAIT_SEC=
|
|
|
|
# S3 storage config (use with embedded weed mini or external S3-compatible storage)
|
|
# (Optional) For embedded weed mini, set explicit keys if you want stable credentials across restarts.
|
|
S3_ACCESS_KEY_ID=
|
|
S3_SECRET_ACCESS_KEY=
|
|
S3_BUCKET=
|
|
S3_REGION=
|
|
# (Optional) If empty in embedded mode, OpenReader uses BASE_URL host (when set) or detected LAN host.
|
|
S3_ENDPOINT=
|
|
S3_FORCE_PATH_STYLE=
|
|
S3_PREFIX=
|
|
|
|
# Migrations configuration
|
|
# (Optional) Skip automatic startup migrations when set to `false` (default: `true`)
|
|
RUN_DRIZZLE_MIGRATIONS=
|
|
# (Optional) Skip automatic filesystem->S3/DB migration pass when set to `false` (default: `true`)
|
|
RUN_FS_MIGRATIONS=
|
|
|
|
# (Optional) Server library import roots (uses /docstore/library by default)
|
|
IMPORT_LIBRARY_DIR=
|
|
IMPORT_LIBRARY_DIRS=
|
|
|
|
# Compute
|
|
# Embedded/local (default): leave COMPUTE_WORKER_URL empty.
|
|
# External worker: set COMPUTE_WORKER_URL + COMPUTE_WORKER_TOKEN.
|
|
# External worker split:
|
|
# - App side (this root `.env`): set only routing/auth + shared timeout/stale overrides.
|
|
# - Worker side (`compute/worker/.env*` or worker platform env): set NATS_*, S3_*, model base URLs, and worker tuning.
|
|
# Details: docs/deploy/compute-worker
|
|
# COMPUTE_WORKER_URL=http://localhost:8081
|
|
# COMPUTE_WORKER_TOKEN=local-compute-token
|
|
# Optional embedded startup controls:
|
|
# EMBEDDED_COMPUTE_WORKER_PORT=8081
|
|
# EMBEDDED_NATS_PORT=4222
|
|
# EMBEDDED_NATS_MONITOR_PORT=8222
|
|
# EMBEDDED_NATS_STORE_DIR=docstore/nats/jetstream
|
|
# `NATS_URL` here is for embedded startup only. In external worker mode, set `NATS_URL` on the worker service env.
|
|
# NATS_URL=nats://127.0.0.1:4222
|
|
# Optional shared compute tuning:
|
|
# COMPUTE_JOB_CONCURRENCY=1
|
|
# COMPUTE_WHISPER_TIMEOUT_MS=30000
|
|
# COMPUTE_PDF_TIMEOUT_MS=300000
|
|
# COMPUTE_OP_STALE_MS=1800000
|
|
|
|
# Optional Whisper ONNX base URL override (must contain all expected files)
|
|
# Default expected Whisper variant is q4:
|
|
# - onnx/encoder_model_q4.onnx
|
|
# - onnx/decoder_model_merged_q4.onnx
|
|
# - onnx/decoder_with_past_model_q4.onnx
|
|
# WHISPER_MODEL_BASE_URL=https://huggingface.co/onnx-community/whisper-base_timestamped/resolve/main
|
|
|
|
# Optional PDF layout ONNX base URL override (must contain all expected files)
|
|
# PDF_LAYOUT_MODEL_BASE_URL=https://huggingface.co/Bei0001/PP-DocLayoutV3-ONNX/resolve/main
|
|
|
|
# (Optional) Override ffmpeg binary path used for audiobook processing
|
|
FFMPEG_BIN=
|
|
|
|
# (Optional) Client feature flags — seeded into the admin-managed runtime
|
|
# config on first boot, then ignored. Edit values from Settings → Admin →
|
|
# Site features instead of redeploying. SSR-injected so they take effect
|
|
# without rebuilding (unlike the old build-time public-env pattern).
|
|
# RUNTIME_SEED_ENABLE_DOCX_CONVERSION=true
|
|
# RUNTIME_SEED_ENABLE_DESTRUCTIVE_DELETE_ACTIONS=true
|
|
# RUNTIME_SEED_ENABLE_TTS_PROVIDERS_TAB=true
|
|
# RUNTIME_SEED_ENABLE_USER_SIGNUPS=true
|
|
# RUNTIME_SEED_RESTRICT_USER_API_KEYS=true
|
|
# RUNTIME_SEED_DEFAULT_TTS_PROVIDER=custom-openai
|
|
# RUNTIME_SEED_CHANGELOG_FEED_URL=https://docs.openreader.richardr.dev/changelog/manifest.json
|
|
# RUNTIME_SEED_ENABLE_AUDIOBOOK_EXPORT=true
|