forked from captainpragmatic/PRAHO
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy path.env.example.dev
More file actions
345 lines (274 loc) · 12.7 KB
/
.env.example.dev
File metadata and controls
345 lines (274 loc) · 12.7 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
# ===============================================================================
# PRAHO PLATFORM - LOCAL DEVELOPMENT CONFIGURATION
# ===============================================================================
# This file is for LOCAL DEVELOPMENT (make dev) — NOT for production servers.
#
# For deployment:
# Production: cp .env.example.prod .env.prod → make deploy-prod
# Staging: cp .env.example.staging .env.staging → make deploy-staging
#
# See docs/deployment/DEPLOYMENT.md for the full deployment guide.
#
# Copy this file to .env and customize values for your development environment
# ===============================================================================
# 🚀 DJANGO CORE CONFIGURATION
# ===============================================================================
# Django settings module (dev/test/prod)
DJANGO_SETTINGS_MODULE=config.settings.dev
# Secret key (generate new one for production!)
# python -c "from django.core.management.utils import get_random_secret_key; print(get_random_secret_key())"
DJANGO_SECRET_KEY=your-secret-key-here-change-in-production
# Debug mode (NEVER set to True in production)
DEBUG=True
# Allowed hosts (comma-separated, no spaces)
ALLOWED_HOSTS=localhost,127.0.0.1,pragmatichost.com,www.pragmatichost.com
# ===============================================================================
# 🗄️ DATABASE CONFIGURATION
# ===============================================================================
# PostgreSQL (recommended for production)
DATABASE_URL=postgresql://pragmatichost:password@localhost:5432/pragmatichost_crm
# SQLite fallback (development only)
# DATABASE_URL=sqlite:///db.sqlite3
# Database connection pool settings
DB_CONN_MAX_AGE=60
DB_CONN_HEALTH_CHECKS=True
# ===============================================================================
# 📧 EMAIL CONFIGURATION (Multi-Provider Support)
# ===============================================================================
# Email Provider Selection
# Options: smtp, amazon_ses, sendgrid, mailgun
EMAIL_PROVIDER=smtp
# -------------------------------------------------------------------------------
# SMTP Configuration (Default/Fallback)
# -------------------------------------------------------------------------------
EMAIL_HOST=smtp.gmail.com
EMAIL_PORT=587
EMAIL_USE_TLS=True
EMAIL_HOST_USER=your-email@pragmatichost.com
EMAIL_HOST_PASSWORD=your-app-password
EMAIL_TIMEOUT=30
# Default from address for system emails
DEFAULT_FROM_EMAIL=PRAHO Platform <noreply@pragmatichost.com>
SERVER_EMAIL=server@pragmatichost.com
# -------------------------------------------------------------------------------
# AWS SES Configuration (Recommended for Production)
# -------------------------------------------------------------------------------
# AWS credentials (can also use IAM roles on EC2)
# AWS_ACCESS_KEY_ID=your-aws-access-key
# AWS_SECRET_ACCESS_KEY=your-aws-secret-key
AWS_SES_REGION=eu-west-1
# AWS_SES_CONFIGURATION_SET=praho-tracking
# -------------------------------------------------------------------------------
# SendGrid Configuration
# -------------------------------------------------------------------------------
# SENDGRID_API_KEY=SG.your-sendgrid-api-key
# -------------------------------------------------------------------------------
# Mailgun Configuration
# -------------------------------------------------------------------------------
# MAILGUN_API_KEY=your-mailgun-api-key
# MAILGUN_SENDER_DOMAIN=mail.pragmatichost.com
# MAILGUN_API_URL=https://api.eu.mailgun.net/v3 # EU region
# -------------------------------------------------------------------------------
# Email Webhook Security
# -------------------------------------------------------------------------------
# Secret for validating webhook signatures from email providers
EMAIL_WEBHOOK_SECRET=your-webhook-secret-for-delivery-tracking
# -------------------------------------------------------------------------------
# Email Rate Limiting
# -------------------------------------------------------------------------------
EMAIL_MAX_PER_MINUTE=50
EMAIL_MAX_PER_HOUR=1000
EMAIL_MAX_PER_DAY=10000
EMAIL_BURST_SIZE=100
# -------------------------------------------------------------------------------
# Email Retry Configuration
# -------------------------------------------------------------------------------
EMAIL_MAX_RETRIES=3
EMAIL_RETRY_DELAY=60
# -------------------------------------------------------------------------------
# Email Deliverability Settings
# -------------------------------------------------------------------------------
EMAIL_SOFT_BOUNCE_THRESHOLD=3
# -------------------------------------------------------------------------------
# Email Template Caching
# -------------------------------------------------------------------------------
EMAIL_TEMPLATE_CACHE_TIMEOUT=3600
EMAIL_TEMPLATE_STRICT_MODE=false
# ===============================================================================
# 🗄️ CACHE CONFIGURATION
# ===============================================================================
# PRAHO uses Django's database cache by default (no Redis required).
# If you want Redis for caching, uncomment and configure:
# REDIS_URL=redis://localhost:6379/0
# ===============================================================================
# 💳 PAYMENT PROCESSING (Stripe)
# ===============================================================================
# Stripe configuration (get from https://dashboard.stripe.com/apikeys)
STRIPE_PUBLISHABLE_KEY=pk_test_your_stripe_publishable_key_here
STRIPE_SECRET_KEY=sk_test_your_stripe_secret_key_here
STRIPE_WEBHOOK_SECRET=whsec_your_stripe_webhook_secret_here
# Stripe configuration for Romanian market
STRIPE_CURRENCY=RON
STRIPE_COUNTRY=RO
# ===============================================================================
# 🖥️ HOSTING PROVIDER INTEGRATION
# ===============================================================================
# ✅ Virtualmin settings are now managed via the Settings UI!
# Visit: /app/settings/dashboard/ → Provisioning & Infrastructure
#
# Credentials are stored securely in the encrypted credential vault.
# Use: python manage.py setup_credential_vault to manage credentials.
# cPanel/WHM alternative (if using instead of Virtualmin)
# CPANEL_HOST=https://your-server.pragmatichost.com:2087
# CPANEL_USERNAME=root
# CPANEL_API_TOKEN=your-cpanel-token
# ===============================================================================
# 🇷🇴 ROMANIAN COMPLIANCE & LOCALIZATION
# ===============================================================================
# e-Factura API configuration (ANAF)
EFACTURA_API_URL=https://api.anaf.ro/prod/FCTEL/rest
EFACTURA_API_KEY=your-efactura-api-key
EFACTURA_CUI=your-company-cui-number
EFACTURA_ENVIRONMENT=TEST
# Romanian business information
COMPANY_NAME=PragmaticHost SRL
COMPANY_CUI=RO12345678
COMPANY_REG_COM=J40/1234/2023
COMPANY_ADDRESS=Str. Exemplu Nr. 1
COMPANY_CITY=București
COMPANY_COUNTRY=România
COMPANY_PHONE=+40.21.123.4567
COMPANY_EMAIL=contact@pragmatichost.com
# VAT configuration
ROMANIA_VAT_RATE=0.19
EU_VAT_VALIDATION=True
# GDPR compliance
GDPR_CONTACT_EMAIL=gdpr@pragmatichost.com
GDPR_DATA_RETENTION_DAYS=2555 # 7 years for Romanian tax law
# ===============================================================================
# 🔒 SECURITY CONFIGURATION
# ===============================================================================
# Security keys for AES-256-GCM encryption
# Generate with: python -c "import secrets, base64; print(base64.urlsafe_b64encode(secrets.token_bytes(32)).decode())"
DJANGO_ENCRYPTION_KEY=your-base64-encoded-32-byte-key-here
# 2FA and sensitive data encryption (REQUIRED for 2FA functionality)
# This key encrypts TOTP secrets and other sensitive user data at rest
# ===============================================================================
# 🔐 CREDENTIAL VAULT CONFIGURATION
# ===============================================================================
# Master encryption key for credential vault (AES-256-GCM)
# Generate with: python -c 'import secrets, base64; print(base64.urlsafe_b64encode(secrets.token_bytes(32)).decode())'
CREDENTIAL_VAULT_MASTER_KEY=your-base64-encoded-32-byte-key-here
# Vault configuration
CREDENTIAL_VAULT_ENABLED=true
CREDENTIAL_VAULT_DEFAULT_EXPIRY_DAYS=30
CREDENTIAL_VAULT_MAX_AGE_DAYS=90
# 2FA Configuration
TOTP_ISSUER_NAME="PRAHO Platform"
BACKUP_CODES_COUNT=8
TOTP_PERIOD=30
TOTP_DIGITS=6
TOTP_TIME_WINDOW=1 # ±30 seconds tolerance for clock drift
# Session security
SESSION_COOKIE_AGE=3600
SESSION_COOKIE_SECURE=False # Set to True in production with HTTPS
SESSION_COOKIE_HTTPONLY=True
SESSION_COOKIE_SAMESITE=Lax
# CSRF protection
CSRF_COOKIE_SECURE=False # Set to True in production with HTTPS
CSRF_COOKIE_HTTPONLY=True
# Content Security Policy
CSP_DEFAULT_SRC="'self'"
CSP_SCRIPT_SRC="'self' 'unsafe-inline' cdn.tailwindcss.com"
CSP_STYLE_SRC="'self' 'unsafe-inline' fonts.googleapis.com"
# ===============================================================================
# 📊 MONITORING & LOGGING
# ===============================================================================
# Sentry error tracking (production)
SENTRY_DSN=https://your-sentry-dsn@sentry.io/project-id
SENTRY_ENVIRONMENT=development
# Logging configuration
LOG_LEVEL=INFO
LOG_FORMAT=json # json or standard
# Performance monitoring
NEW_RELIC_LICENSE_KEY=your-newrelic-license-key
NEW_RELIC_APP_NAME=PRAHO Platform
# ===============================================================================
# ☁️ HETZNER CLOUD (Infrastructure Provisioning)
# ===============================================================================
# Hetzner Cloud API token for provisioning PRAHO management servers
# Get from: https://console.hetzner.cloud → Project → Security → API Tokens
# Also used as TF_VAR_hcloud_token for Terraform
# Hetzner Cloud API token is stored in the credential vault (encrypted).
# Add via the web UI: /infrastructure/providers/ → Create/Edit Provider
# For initial bootstrap only (token will be migrated to vault on first use):
# HCLOUD_TOKEN=your-token-here
# ===============================================================================
# 🚀 DEPLOYMENT & INFRASTRUCTURE
# ===============================================================================
# Cloud storage (Romanian providers preferred)
AWS_ACCESS_KEY_ID=your-aws-access-key
AWS_SECRET_ACCESS_KEY=your-aws-secret-key
AWS_STORAGE_BUCKET_NAME=pragmatichost-static
AWS_S3_REGION_NAME=eu-central-1 # Frankfurt - closest to Romania
# CDN configuration
# CDN configuration (optional)
CDN_URL=https://cdn.pragmatichost.com
# Backup configuration
BACKUP_S3_BUCKET=pragmatichost-backups
BACKUP_RETENTION_DAYS=90
# ===============================================================================
# 🧪 DEVELOPMENT & TESTING
# ===============================================================================
# Development features
DJANGO_DEBUG_TOOLBAR=True
ENABLE_SILK_PROFILING=False
# Testing configuration
TEST_RUNNER=pytest_django.test_runner.DiscoverRunner
COVERAGE_MINIMUM=90
# Feature flags for development
FEATURE_E_FACTURA_INTEGRATION=False
FEATURE_ADVANCED_REPORTING=False
FEATURE_MULTI_CURRENCY=False
# ===============================================================================
# 📱 FRONTEND & UI CONFIGURATION
# ===============================================================================
# Tailwind CSS build
TAILWIND_CSS_DEV_MODE=True
# HTMX configuration
HTMX_DEBUG=True
# Romanian localization
LANGUAGE_CODE=ro-RO
TIME_ZONE=Europe/Bucharest
USE_I18N=True
USE_L10N=True
USE_TZ=True
# Currency formatting
DEFAULT_CURRENCY=RON
CURRENCY_SYMBOL=lei
DECIMAL_PLACES=2
# ===============================================================================
# 🔧 OPTIONAL INTEGRATIONS
# ===============================================================================
# SMS notifications (Romanian providers)
SMS_API_URL=https://api.sms.ro/send
SMS_API_KEY=your-sms-api-key
SMS_FROM_NUMBER=PragmaticHost
# WhatsApp Business API (optional)
WHATSAPP_API_TOKEN=your-whatsapp-token
WHATSAPP_PHONE_NUMBER_ID=your-phone-number-id
# Slack notifications for team
SLACK_WEBHOOK_URL=https://hooks.slack.com/services/your/slack/webhook
# ===============================================================================
# 📋 ROMANIAN REGULATORY COMPLIANCE
# ===============================================================================
# ANAF (Romanian tax authority) integration
ANAF_API_URL=https://webservicesp.anaf.ro
ANAF_API_TOKEN=your-anaf-token
# Romanian banking integration (optional)
BCR_API_KEY=your-bcr-api-key
BT_API_KEY=your-bt-api-key
# Data residency (ensure Romanian customer data stays in EU)
DATA_RESIDENCY_REGION=eu-central-1
ENCRYPTION_AT_REST=True
AUDIT_LOG_RETENTION_YEARS=7