-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy path.env.setup.example
More file actions
110 lines (92 loc) · 4.95 KB
/
Copy path.env.setup.example
File metadata and controls
110 lines (92 loc) · 4.95 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
# iblai infra setup-env — environment variables (single-server)
# Copy to .env (or .env.setup), fill in values, then run:
# iblai infra setup-env <name> -f .env # provisioned-name mode
# iblai infra setup-env -f .env # free-standing-server mode
# Never commit a populated .env to git — .gitignore blocks .env.* by default.
# ============================================================================
# REQUIRED FOR BOTH MODES
# ============================================================================
# AWS credentials (passed to ansible as extra_vars; embedded in /ibl/config.yml)
AWS_ACCESS_KEY_ID=AKIAIOSFODNN7EXAMPLE
AWS_SECRET_ACCESS_KEY=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
# GitHub PAT — needs read on iblai/iblai-cli-ops + iblai/iblai-prod-images
# (or your overrides via GITHUB_ORG / CLI_OPS_REPO / PROD_IMAGES_REPO below)
GIT_TOKEN=<your github personal access token — ghp_… or github_pat_…>
# Platform admin (created on the LMS + DM).
# NOTE: `ibl_admin` is reserved for system use (owns SPA OAuth records).
# Pick any other username — e.g. `platform_admin`, your name, etc.
ADMIN_USERNAME=platform_admin
ADMIN_EMAIL=admin@example.com
ADMIN_PASSWORD=change-me-min-8-chars
# ============================================================================
# REQUIRED ONLY IN FREE-STANDING MODE (omit `<name>` argument when running)
# ============================================================================
# Provisioned-name mode derives these from the project's state.json.
#
# PROJECT_NAME=mydeploy
# TARGET_HOST=203.0.113.42
# SSH_PRIVATE_KEY_PATH=~/.ssh/id_rsa
# BASE_DOMAIN=platform.example.com
# ============================================================================
# OPTIONAL — defaults shown
# ============================================================================
# AWS_DEFAULT_REGION=us-east-1 # provisioned mode reads from state if unset
# SSH_USER=ubuntu
# Versions
# EDX_VERSION=sumac
# PROD_IMAGES_TAG=main # the one release knob; cli-ops resolves from its pin
# CLI_OPS_RELEASE_TAG= # override only; unset = resolved from the
# # prod-images [tool.uv.sources] pin (fallback: main)
# Platform identity. Used by SSO roles to derive backend_name + platform_key,
# AND by ibl_tenant_platform to launch a tenant Platform via run_launch_steps
# (Platform + admin User + UserPlatformLink) when set to a non-default value.
# - Leave unset / blank → defaults to 'main' (system default tenant
# created by the platform itself, no extra launch)
# - PLATFORM_NAME=main → REJECTED ('main' is reserved as an explicit input)
# - PLATFORM_NAME=acme → launches an 'acme' tenant with admin user
# 'acmeadmin@<base_domain>' (password printed
# one-time at the end of setup)
# PLATFORM_NAME=acme
# Feature toggles
# ENABLE_AI=true
# CREATE_PLAYWRIGHT_PLATFORMS=false
# Override which private repos to install from (e.g. for forks / monorepos)
# GITHUB_ORG=iblai
# CLI_OPS_REPO=iblai-cli-ops
# PROD_IMAGES_REPO=iblai-prod-images
# OpenAI API key (only used if ENABLE_AI=true)
# OPENAI_API_KEY=sk-...
# Ansible playbook env identifier — leave default for single-server
# ENV_CONFIG=single-server
# ============================================================================
# OPTIONAL INTEGRATIONS — each block disabled unless its trigger key is set
# ============================================================================
# --- SMTP (outbound email) — trigger: SMTP_HOST ---
# SMTP_HOST=email-smtp.us-east-1.amazonaws.com
# SMTP_PORT=587
# SMTP_USERNAME=AKIAIOSFODNN7EXAMPLE
# SMTP_PASSWORD=ses-smtp-password
# SMTP_SENDER_EMAIL=noreply@example.com
# SMTP_USE_TLS=true
# SMTP_USE_SSL=false
# --- Stripe (billing) — trigger: STRIPE_SECRET_KEY ---
# Use STRIPE_MODE=test for sk_test_… keys, STRIPE_MODE=live for sk_live_… keys.
# STRIPE_SECRET_KEY=<your stripe secret key — sk_test_… or sk_live_…>
# STRIPE_PUB_KEY=<your stripe publishable key — pk_test_… or pk_live_…>
# STRIPE_MODE=test
# STRIPE_PRICING_TABLE_ID=<prctbl_…>
# STRIPE_PRICING_TABLE_ID_RETURNING=<prctbl_…>
# STRIPE_WEBHOOK_SECRET=<whsec_…>
# STRIPE_CONNECT_WEBHOOK_SECRET=<whsec_…>
# --- Google SSO — trigger: GOOGLE_SSO_CLIENT_ID ---
# GOOGLE_SSO_CLIENT_ID=<your google oauth client id — *.apps.googleusercontent.com>
# GOOGLE_SSO_CLIENT_SECRET=<your google oauth client secret>
# GOOGLE_SSO_ORGANIZATION=acme
# --- Microsoft SSO (Azure AD) — trigger: MICROSOFT_SSO_CLIENT_ID ---
# PREREQUISITE (client-side, in the Azure AD app registration): add this exact
# redirect URI, or Microsoft sign-in will fail with a redirect_uri mismatch:
# https://learn.<BASE_DOMAIN>/auth/complete/azuread-oauth2/
# MICROSOFT_SSO_CLIENT_ID=00000000-0000-0000-0000-000000000000
# MICROSOFT_SSO_CLIENT_SECRET=client-secret-value
# MICROSOFT_SSO_TENANT_ID=00000000-0000-0000-0000-000000000000
# MICROSOFT_SSO_ORGANIZATION=acme