danielroe.dev / synchub.to
mirror your GitHub repos to tangled.org automatically
1
Fork 0

Configure Feed

Select the types of activity you want to include in your feed.

synchub.to / .env.example
at main 4.8 kB View raw
Daniel Roe fix: move cron job to get request
b31645cb
1# Copy to `.env` and fill in. 2 3# --------------------------------------------------------------------------- 4# OG image URL signing secret. nuxt-og-image renders OG images on demand at 5# runtime; this HMAC secret signs the generated URLs so callers can't craft 6# arbitrary image-generation requests against the endpoint (which would burn 7# CPU and bandwidth). 8# 9# Generate with: npx nuxt-og-image generate-secret 10# (or any 32-byte hex string — the CLI just calls randomBytes(32).toString('hex')) 11# --------------------------------------------------------------------------- 12NUXT_OG_IMAGE_SECRET=<32-byte hex string> 13 14# --------------------------------------------------------------------------- 15# Public URL the app is reachable at. For local dev this is the loopback host 16# (note: 127.0.0.1, not localhost — required by the AT Proto OAuth spec for 17# the synthetic dev `client_id`). 18# --------------------------------------------------------------------------- 19NUXT_PUBLIC_URL=http://127.0.0.1:3000 20 21# --------------------------------------------------------------------------- 22# Database. Get a connection string from https://neon.tech (free tier is fine). 23# Copy the "pooled" connection string for serverless workloads. 24# --------------------------------------------------------------------------- 25NUXT_DATABASE_URL=postgres://user:password@host.neon.tech/dbname?sslmode=require 26 27# --------------------------------------------------------------------------- 28# AT Proto OAuth client signing key (ES256 private JWK). 29# Generate with: pnpm gen:jwk 30# Paste the full JSON object on a single line below. 31# --------------------------------------------------------------------------- 32NUXT_ATPROTO_PRIVATE_JWK={"kty":"EC","kid":"...","crv":"P-256","x":"...","y":"...","d":"..."} 33 34# --------------------------------------------------------------------------- 35# Application encryption key (KEK) — wraps SSH private keys and AT Proto 36# session blobs at rest. Base64-encoded 32 bytes. 37# Generate with: pnpm gen:encryption-key 38# --------------------------------------------------------------------------- 39NUXT_ENCRYPTION_KEY=<base64-encoded 32 bytes> 40 41# --------------------------------------------------------------------------- 42# Dashboard session password. Used by h3's `useSession` to seal the 43# `synchub-session` cookie. 32+ characters of entropy. 44# Generate with: pnpm gen:encryption-key (any sufficiently long random string 45# works; the base64 output of 32 random bytes is convenient). 46# --------------------------------------------------------------------------- 47NUXT_SESSION_PASSWORD=<32+ char random string> 48 49# --------------------------------------------------------------------------- 50# GitHub App credentials. After creating the App at 51# https://github.com/settings/apps/new, copy: 52# - The numeric App ID (top of the App settings page). 53# - The webhook secret you set during creation. 54# - A generated private key (.pem). On Vercel, store with literal "\n" in 55# place of newlines; locally, keep the real newlines. 56# - The Client ID and a generated client secret ("Client secrets" section). 57# These drive the user-to-server OAuth that proves a connecting user 58# actually administers the installation they're binding a tangled handle 59# to. Distinct from the private key above. Required for the /connect flow. 60# --------------------------------------------------------------------------- 61NUXT_GITHUB_APP_ID=<numeric app id> 62NUXT_GITHUB_WEBHOOK_SECRET=<webhook secret> 63NUXT_GITHUB_APP_CLIENT_ID=<github app client id, e.g. Iv1.abc123> 64NUXT_GITHUB_APP_CLIENT_SECRET=<github app client secret> 65NUXT_GITHUB_APP_PRIVATE_KEY="-----BEGIN RSA PRIVATE KEY----- 66... 67-----END RSA PRIVATE KEY----- 68" 69 70# URL for installing the GitHub App. Used to redirect returning sign-ins that 71# have an authenticated tangled identity but no GitHub install bound yet. 72# Find it on your GitHub App's "Public page" link, in the form 73# `https://github.com/apps/<app-slug>/installations/new`. 74NUXT_GITHUB_APP_INSTALL_URL=https://github.com/apps/synchub-to/installations/new 75 76# --------------------------------------------------------------------------- 77# Cron secret — protects the worker tick endpoint (`/api/jobs/run`) from 78# unauthenticated callers. Vercel auto-injects this as the `Authorization: 79# Bearer` header on cron invocations, so the name must be exactly CRON_SECRET 80# (not NUXT_-prefixed). Locally, `pnpm jobs:tick` reads the same var. 81# Generate with: pnpm gen:cron-secret 82# --------------------------------------------------------------------------- 83CRON_SECRET=<base64url-encoded 32 bytes> 84 85# Optional: per-invocation worker time budget in milliseconds. 86# Default 25_000. Set lower in dev so `pnpm jobs:tick` returns sooner when 87# the queue is empty. 88# NUXT_WORKER_BUDGET_MS=5000