rs/sample.env at main · RunestoneInteractive/rs · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
# Copy this file to .env docker-compose will read and use the values from here.
# The build.py script is also aware of this file and if you run `poetry self add
# poetry-dotenv-plugin` when you run `poetry shell` it will also pick up these
# variables and add them to your environment.  Note: once an environment variable is exported to
# your environment, modifying the value of that variable in the .env file will have no effect.
# You can use the ``unset`` command in bash or ``set -e`` in fish.

# This will ensure that the postgresql database defined in the docker-compose.yml file is started
# to run your own, comment out or change the line below. (see pgbouncer or nginx_dstart_dev)
# available profiles include:
#     basic - adds the db service to the composed app
#     production - adds pgbouncer
#     dev - adds the nginx_dstart_dev service
#     author -  adds the author and worker services
# multiple profiles can be enabled using a comma separated list e.g. basic,author

COMPOSE_PROFILES=basic

# The path to runestone books (on the host) In the container is set to /books
# Please Note that the dotenv package does not expand tilde to your home directory!
# !!EDITME!!
BOOK_PATH=/path/to/Runestone/books

# Where is the runestone app located (inside the container)
RUNESTONE_PATH = /usr/local/lib/python3.10/site-packages/rsptx/web2py_server/applications/runestone

# Database URLs: You may want to have a couple of different environment
# variables set up that essentially point to the same database. Therefore we use
# one set of variables for use within docker, prefixed with DC_ and another pair
# for use outside of docker. The DC variants should only be set in this file for
# use with docker-compose. (If you don't set the DC_ variables, docker compose
# will fall back to the other pair.)

DBURL = postgresql://runestone:runestone@localhost/runestone
DC_DBURL = postgresql://runestone:runestone@host.docker.internal/runestone

DEV_DBURL = postgresql://runestone:runestone@localhost:2345/runestone_dev
DC_DEV_DBURL = postgresql://runestone:runestone@db/runestone_dev


# Needed for pgbouncer
# set these for use with pgbouncer in docker, mostly for production w/load balancer
# but needed so that pgbouncer startup does not fail.
POSTGRESQL_HOST=db # or host.docker.internal or whatever
POSTGRESQL_DATABASE=runestone_dev
PGBOUNCER_DATABASE=runestone_dev
# These should be set to the username and password for the runestone user in the database
# These are also used by the db service to create a user for the dockerized postgresql
POSTGRESQL_USERNAME=runestone
POSTGRESQL_PASSWORD=runestone
# If you use pgbouncer then you will need to adjust your ``DC_DEV_DBURL`` and/or ``DC_DBURL`` to connect to  pgbouncer not the database.
# DC_DEV_DBURL=postgresql://${POSTGRESQL_USERNAME}:${POSTGRESQL_PASSWORD}@pgbouncer:6432/${PGBOUNCER_DATABASE}


# for single configurations it is fine to use the redis configured in docker-compose
# however, for load balanced configurations you want to run a redis server that is
# shared by all the workers.
REDIS_HOST = redis

# Server configuration (production, development, or test)
# You should not set these to test as that is for our testing framework, not for
# people who are just testing out Runestone.
SERVER_CONFIG=development
WEB2PY_CONFIG=development


## !! change these if running a real server !!
# This replaces the private/auth.key file for web2py
WEB2PY_PRIVATE_KEY = sha512:24c4e0f1-df85-44cf-87b9-67fc714f5653
# This is the secret key for the javascript web token
JWT_SECRET = supersecret

# Generate a 2048-bit private key
# openssl genpkey -algorithm RSA -out private.key -pkeyopt rsa_keygen_bits:2048

# Extract the public key from the private key
# openssl rsa -pubout -in private.key -out public.key
LTI1P3_PRIVATE_KEY = "-----BEGIN RSA PRIVATE KEY-----
MAKE YOUR OWN KEY PAIR AND PASTE PRIVATE KEY HERE
-----END RSA PRIVATE KEY-----"
LTI1P3_PUBLIC_KEY = "-----BEGIN PUBLIC KEY-----
MAKE YOUR OWN KEY PAIR AND PASTE PUBLIC KEY HERE
-----END PUBLIC KEY-----"

# Insecure Login. Set to True or Yes to enable.
# Warning! Only use this for development, if you are running a server over http
# that is not localhost.
ALLOW_INSECURE_LOGIN = False

# this is used by web2py to decide on how to set the session cookie settings.
# In production you will want to change this to https://
SERVER_PROTOCOL=http://

# The FERNET_SECRET is used for API Token storage in postgresql
# in Python use from cryptography import Fernet; Fernet.generate_key()
FERNET_SECRET = hRjuISXQoWd2kQBT8g-2LkmLw4jdv8NCGXUE_GfFZ1w=

# Set up host names
# localhost is ok for development, but you should set this to the real hostname
# if running a remote development server or definitely for production
RUNESTONE_HOST = localhost
# for production where you run a front end load balancer
# LOAD_BALANCER_HOST = localhost

# If you want nginx to install a certificate
# CERTBOT_EMAIL = myemail@foo.com

# --- Caddy reverse proxy (alternative to nginx) ---
# The caddy service (projects/caddy) is a drop-in replacement for nginx that
# gives you HTTPS with no certbot setup. The address below controls how it
# listens. Leave it commented out (or set to :80) for plain HTTP, same as nginx.
#
#   :80                          -> HTTP only (default, parity with nginx)
#   https://localhost            -> local dev HTTPS using Caddy's internal CA.
#                                   Your browser won't trust this cert until you
#                                   install Caddy's root, otherwise you'll get a
#                                   security warning. Trust steps are in
#                                   projects/caddy/README.md.
#   https://books.yourschool.edu -> automatic, publicly-trusted Let's Encrypt
#                                   cert. Requires ports 80 and 443 reachable
#                                   from the internet so the ACME challenge works.
#
# CADDY_SITE_ADDRESS=https://localhost

# For setting production (or development) runtime parameters
# any UVICORN options can be set as an environment variable using the UVICORN_ prefix
# for gunicorn we can add additional runtime parameters with the GUNICORN_CMD_ARGS variable
# for uvicorn in production recommend 2 * cores + 1
UVICORN_WORKERS=5
GUNICORN_CMD_ARGS="--workers=3 --log-level 'debug'"

# Set the log level - for production set this to info or higher
LOG_LEVEL=DEBUG

# Anonymous usage telemetry
# -------------------------
# The book server sends a small, ANONYMOUS weekly check-in to runestone.academy
# so the project can count installs worldwide and the books they serve.
# It contains NO personal data (no usernames, emails, answers, or grades) and
# NO IP-based location -- only a random per-install id, the version, the books
# served, bucketed counts, and the self-declared region/institution below.
# Preview exactly what is sent with: rsmanage telemetry
# If you have any questions feel free to talk with us on our Discord
# Opt out completely by setting this to false:
TELEMETRY_ENABLED=true
# Optional, high-level, self-declared location and institution (left blank =
# "unspecified"; location is NEVER derived from your IP):
# TELEMETRY_REGION=US
# TELEMETRY_INSTITUTION=Example University