2026-03-23 21:28:14 -04:00
|
|
|
# OTSSignsOrchestrator — environment variables
|
|
|
|
|
# Copy to .env and fill in real values before running.
|
feat: Implement provisioning pipelines for subscription management
- Add ReactivatePipeline to handle subscription reactivation, including scaling Docker services, health verification, status updates, audit logging, and broadcasting status changes.
- Introduce RotateCredentialsPipeline for OAuth2 credential rotation, managing the deletion of old apps, creation of new ones, credential storage, access verification, and audit logging.
- Create StepRunner to manage job step execution, including lifecycle management and progress broadcasting via SignalR.
- Implement SuspendPipeline for subscription suspension, scaling down services, updating statuses, logging audits, and broadcasting changes.
- Add UpdateScreenLimitPipeline to update Xibo CMS screen limits and record snapshots.
- Introduce XiboFeatureManifests for hardcoded feature ACLs per role.
- Add docker-compose.dev.yml for local development with PostgreSQL setup.
2026-03-18 10:27:26 -04:00
|
|
|
|
2026-03-23 21:28:14 -04:00
|
|
|
# ── PostgreSQL ───────────────────────────────────────────────────────────────
|
|
|
|
|
# Used directly by the app. When running via docker-compose, POSTGRES_PASSWORD
|
|
|
|
|
# is also required so the postgres service can initialise the database.
|
|
|
|
|
ConnectionStrings__OrchestratorDb=Host=postgres;Port=5432;Database=orchestrator;Username=ots;Password=changeme
|
|
|
|
|
POSTGRES_PASSWORD=changeme
|
|
|
|
|
|
|
|
|
|
# ── JWT ──────────────────────────────────────────────────────────────────────
|
|
|
|
|
# Key must be at least 32 characters (256-bit). Generate with:
|
|
|
|
|
# openssl rand -base64 32
|
feat: Implement provisioning pipelines for subscription management
- Add ReactivatePipeline to handle subscription reactivation, including scaling Docker services, health verification, status updates, audit logging, and broadcasting status changes.
- Introduce RotateCredentialsPipeline for OAuth2 credential rotation, managing the deletion of old apps, creation of new ones, credential storage, access verification, and audit logging.
- Create StepRunner to manage job step execution, including lifecycle management and progress broadcasting via SignalR.
- Implement SuspendPipeline for subscription suspension, scaling down services, updating statuses, logging audits, and broadcasting changes.
- Add UpdateScreenLimitPipeline to update Xibo CMS screen limits and record snapshots.
- Introduce XiboFeatureManifests for hardcoded feature ACLs per role.
- Add docker-compose.dev.yml for local development with PostgreSQL setup.
2026-03-18 10:27:26 -04:00
|
|
|
Jwt__Key=change-me-to-a-random-256-bit-key
|
2026-03-23 21:28:14 -04:00
|
|
|
# Jwt__Issuer=OTSSignsOrchestrator # optional — has a default
|
|
|
|
|
# Jwt__Audience=OTSSignsOrchestrator # optional — has a default
|
|
|
|
|
|
|
|
|
|
# ── Bitwarden Secrets Manager ────────────────────────────────────────────────
|
|
|
|
|
# Machine account access token from https://vault.bitwarden.com
|
|
|
|
|
Bitwarden__AccessToken=
|
|
|
|
|
Bitwarden__OrganizationId=
|
|
|
|
|
# ProjectId is the default project for orchestrator config secrets
|
|
|
|
|
Bitwarden__ProjectId=
|
|
|
|
|
# InstanceProjectId is optional; instance-level secrets go here when set
|
|
|
|
|
# Bitwarden__InstanceProjectId=
|
|
|
|
|
# Bitwarden__IdentityUrl=https://identity.bitwarden.com # optional
|
|
|
|
|
# Bitwarden__ApiUrl=https://api.bitwarden.com # optional
|
|
|
|
|
|
|
|
|
|
# ── Stripe ───────────────────────────────────────────────────────────────────
|
|
|
|
|
Stripe__SecretKey=sk_test_...
|
|
|
|
|
Stripe__WebhookSecret=whsec_...
|
|
|
|
|
|
|
|
|
|
# ── Authentik (SAML IdP) ─────────────────────────────────────────────────────
|
feat: Implement provisioning pipelines for subscription management
- Add ReactivatePipeline to handle subscription reactivation, including scaling Docker services, health verification, status updates, audit logging, and broadcasting status changes.
- Introduce RotateCredentialsPipeline for OAuth2 credential rotation, managing the deletion of old apps, creation of new ones, credential storage, access verification, and audit logging.
- Create StepRunner to manage job step execution, including lifecycle management and progress broadcasting via SignalR.
- Implement SuspendPipeline for subscription suspension, scaling down services, updating statuses, logging audits, and broadcasting changes.
- Add UpdateScreenLimitPipeline to update Xibo CMS screen limits and record snapshots.
- Introduce XiboFeatureManifests for hardcoded feature ACLs per role.
- Add docker-compose.dev.yml for local development with PostgreSQL setup.
2026-03-18 10:27:26 -04:00
|
|
|
Authentik__BaseUrl=https://auth.example.com
|
|
|
|
|
Authentik__ApiToken=
|
2026-03-23 21:28:14 -04:00
|
|
|
# UUID of the OTS signing certificate-key pair in Authentik
|
|
|
|
|
Authentik__OtsSigningKpId=
|
|
|
|
|
# Authentik__SourcePreAuthFlowSlug=default-source-pre-authentication # optional
|
|
|
|
|
# Authentik__SourceAuthFlowSlug=default-source-authentication # optional
|
|
|
|
|
|
|
|
|
|
# ── Email (SendGrid) ─────────────────────────────────────────────────────────
|
|
|
|
|
Email__SendGridApiKey=SG....
|
|
|
|
|
# Email__SenderEmail=noreply@otssigns.com # optional
|
|
|
|
|
# Email__SenderName=OTS Signs # optional
|
|
|
|
|
|
|
|
|
|
# ── Git template repository ───────────────────────────────────────────────────
|
|
|
|
|
# These are stored in Bitwarden at runtime; set here only for local dev without BW.
|
|
|
|
|
# Git__CacheDir=.template-cache # optional
|
