Expand admin panel documentation to detail the transition from live env var reading to one-shot seeding for TTS providers in v3.0.0. Add warnings about the impact of rotating AUTH_SECRET on encrypted admin provider keys and the required manual steps after rotation. docs(migrations): add schema migration history table Document the sequence and purpose of each migration introduced in v3.0.0, clarifying upgrade behavior from v2.2.0 and summarizing schema changes. chore(env): remove commented default TTS model example from .env.example
98 lines
4.3 KiB
Text
98 lines
4.3 KiB
Text
|
|
# Local / OpenAI TTS API Configuration (default)
|
|
# Suggest using https://github.com/remsky/Kokoro-FastAPI
|
|
#
|
|
# NOTE: On first boot, the server auto-seeds these values into a "default-openai"
|
|
# admin-managed shared provider (DB-backed, encrypted at rest). After that, the
|
|
# admin UI is authoritative and changing these env vars has no effect. You may
|
|
# remove them once the seed has run. See Settings → Admin → Shared providers.
|
|
API_BASE=http://localhost:8880/v1
|
|
API_KEY=api_key_optional
|
|
|
|
# (Optional) TTS request/cache tuning (leave unset to use defaults)
|
|
# TTS_CACHE_MAX_SIZE_BYTES=268435456 # 256MB
|
|
# TTS_CACHE_TTL_MS=1800000 # 30 minutes
|
|
# TTS_MAX_RETRIES=2
|
|
# TTS_RETRY_INITIAL_MS=250
|
|
# TTS_RETRY_MAX_MS=2000
|
|
# TTS_RETRY_BACKOFF=2
|
|
# TTS_UPSTREAM_TIMEOUT_MS=285000 # 285 seconds
|
|
|
|
# (Optional) Enable TTS character rate limiting (default is `false`)
|
|
# TTS_ENABLE_RATE_LIMIT=true
|
|
# (Optional) TTS per-user daily limits (leave unset to use defaults)
|
|
# TTS_DAILY_LIMIT_ANONYMOUS=50000
|
|
# TTS_DAILY_LIMIT_AUTHENTICATED=500000
|
|
# (Optional) TTS IP backstop daily limits (leave unset to use defaults)
|
|
# TTS_IP_DAILY_LIMIT_ANONYMOUS=100000
|
|
# TTS_IP_DAILY_LIMIT_AUTHENTICATED=1000000
|
|
|
|
# Auth configuration (recommended for contributors and public instances)
|
|
# (Optional) Auth is only enabled when AUTH_SECRET and BASE_URL are set
|
|
BASE_URL=http://localhost:3003 # Externally facing URL for this app (set to LAN IP for access from other devices on the network)
|
|
AUTH_SECRET=some_random_secret_key # Generate with `openssl rand -hex 32`
|
|
AUTH_TRUSTED_ORIGINS=http://localhost:3003,http://127.0.0.1:3003 # Additional trusted origins (BASE_URL is always trusted)
|
|
# (Optional) Allow anonymous auth sessions when auth is enabled (default: `false`)
|
|
USE_ANONYMOUS_AUTH_SESSIONS=
|
|
# (Optional) Sign in w/ GitHub Configuration
|
|
GITHUB_CLIENT_ID=
|
|
GITHUB_CLIENT_SECRET=
|
|
# (Optional) Disable Better Auth built-in rate limiting (useful for testing)
|
|
DISABLE_AUTH_RATE_LIMIT=
|
|
|
|
# (Optional) Comma-separated list of emails that are auto-promoted to admin.
|
|
# Admins see the "Admin" tab in Settings (TTS shared providers + site features).
|
|
# Demotion is automatic: removing an email here demotes the user on next login.
|
|
# Requires auth to be enabled (AUTH_SECRET + BASE_URL).
|
|
ADMIN_EMAILS=
|
|
|
|
# (Optional) Backend DB used for server-side metadata (documents/audiobooks) and, when auth is enabled, auth tables.
|
|
# Defaults to SQLite at docstore/sqlite3.db when not set.
|
|
POSTGRES_URL=
|
|
|
|
# Embedded SeaweedFS weed mini config
|
|
# (Optional) Enable embedded weed mini for local S3-compatible storage (default: `true`)
|
|
USE_EMBEDDED_WEED_MINI=
|
|
WEED_MINI_DIR=
|
|
WEED_MINI_WAIT_SEC=
|
|
|
|
# S3 storage config (use with embedded weed mini or external S3-compatible storage)
|
|
# (Optional) For embedded weed mini, set explicit keys if you want stable credentials across restarts.
|
|
S3_ACCESS_KEY_ID=
|
|
S3_SECRET_ACCESS_KEY=
|
|
S3_BUCKET=
|
|
S3_REGION=
|
|
# (Optional) If empty in embedded mode, OpenReader uses BASE_URL host (when set) or detected LAN host.
|
|
S3_ENDPOINT=
|
|
S3_FORCE_PATH_STYLE=
|
|
S3_PREFIX=
|
|
|
|
# Migrations configuration
|
|
# (Optional) Skip automatic startup migrations when set to `false` (default: `true`)
|
|
RUN_DRIZZLE_MIGRATIONS=
|
|
# (Optional) Skip automatic filesystem->S3/DB migration pass when set to `false` (default: `true`)
|
|
RUN_FS_MIGRATIONS=
|
|
|
|
# (Optional) Server library import roots (uses /docstore/library by default)
|
|
IMPORT_LIBRARY_DIR=
|
|
IMPORT_LIBRARY_DIRS=
|
|
|
|
# (Required without Docker) Path to your local whisper.cpp CLI binary for STT timestamp generation
|
|
WHISPER_CPP_BIN=/whisper.cpp/build/bin/whisper-cli
|
|
|
|
# (Optional) Override ffmpeg binary path used for audiobook processing
|
|
FFMPEG_BIN=
|
|
|
|
# (Optional) Client feature flags — seeded into the admin-managed runtime
|
|
# config on first boot, then ignored. Edit values from Settings → Admin →
|
|
# Site features instead of redeploying. SSR-injected so they take effect
|
|
# without rebuilding (unlike the old NEXT_PUBLIC_* build-time pattern).
|
|
# NEXT_PUBLIC_ENABLE_DOCX_CONVERSION=true
|
|
# NEXT_PUBLIC_ENABLE_DESTRUCTIVE_DELETE_ACTIONS=true
|
|
# NEXT_PUBLIC_ENABLE_TTS_PROVIDERS_TAB=true
|
|
# NEXT_PUBLIC_ENABLE_USER_SIGNUPS=true
|
|
# NEXT_PUBLIC_RESTRICT_USER_API_KEYS=true
|
|
# NEXT_PUBLIC_DEFAULT_TTS_PROVIDER=custom-openai
|
|
# NEXT_PUBLIC_CHANGELOG_FEED_URL=https://docs.openreader.richardr.dev/changelog/manifest.json
|
|
# NEXT_PUBLIC_ENABLE_AUDIOBOOK_EXPORT=true
|
|
# NEXT_PUBLIC_ENABLE_WORD_HIGHLIGHT=true
|