NoteDiscovery/documentation/ENVIRONMENT_VARIABLES.md

182 lines
5.6 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# 🔧 Environment Variables
NoteDiscovery supports environment variables to override configuration settings, allowing different behavior in different deployment environments (local, staging, production).
## 📋 Available Environment Variables
### Core Settings
| Variable | Type | Default | Description |
|----------|------|---------|-------------|
| `PORT` | integer | `8000` | HTTP port for the application (Docker, run.py) |
> **Note**: Advanced server settings (CORS origins, debug mode) are configured via `config.yaml` only, not via environment variables. See [config.yaml](#advanced-server-configuration) for details.
### Storage
| Variable | Type | Default | Description |
|----------|------|---------|-------------|
| `NOTES_DIR` | string | `./data` | Path to the notes vault |
| `PLUGINS_DIR` | string | `./plugins` | Path to the plugins directory |
The resolved paths are logged at startup so you can confirm what's in use:
```
INFO: Notes directory: /home/me/MyVault (from NOTES_DIR env var)
INFO: Plugins directory: ./plugins (from config.yaml)
```
#### Example: Pointing at an existing vault
```bash
# Local
NOTES_DIR=/home/me/MyVault python run.py
# Docker
docker run -e NOTES_DIR=/vault -v /home/me/MyVault:/vault ...
```
### Authentication
| Variable | Type | Default | Description |
|----------|------|---------|-------------|
| `AUTHENTICATION_ENABLED` | boolean | `config.yaml` | Enable/disable authentication |
| `AUTHENTICATION_PASSWORD` | string | `admin` | Password (hashed automatically at startup) |
| `AUTHENTICATION_SECRET_KEY` | string | `config.yaml` | Session secret key (for session security) |
| `AUTHENTICATION_API_KEY` | string | - | API key for external integrations (MCP, scripts) |
#### Example: Setting password via environment variable
```bash
# Docker
docker run -e AUTHENTICATION_ENABLED=true -e AUTHENTICATION_PASSWORD=mysecretpassword ...
# Docker Compose (in .env file or docker-compose.yml)
AUTHENTICATION_PASSWORD=mysecretpassword
```
### Demo Mode
| Variable | Type | Default | Description |
|----------|------|---------|-------------|
| `DEMO_MODE` | boolean | `false` | Enable demo mode (enables rate limiting and other demo restrictions) |
### Support
| Variable | Type | Default | Description |
|----------|------|---------|-------------|
| `ALREADY_DONATED` | boolean | `false` | Hides the support buttons in the Settings pane |
> ⚠️ **Disclaimer:** No verification exists. But legend says that setting this to `true` without donating causes your next `git push` to fail silently. Just once. When it matters most.
>
> Haven't donated yet? [☕ Buy me a coffee](https://ko-fi.com/gamosoft) - it takes 30 seconds and makes my day!
### Upload Limits
| Variable | Type | Default | Description |
|----------|------|---------|-------------|
| `UPLOAD_MAX_IMAGE_MB` | integer | `10` | Maximum image upload size in MB |
| `UPLOAD_MAX_AUDIO_MB` | integer | `50` | Maximum audio upload size in MB |
| `UPLOAD_MAX_VIDEO_MB` | integer | `100` | Maximum video upload size in MB |
| `UPLOAD_MAX_PDF_MB` | integer | `20` | Maximum PDF upload size in MB |
#### Example: Allowing larger video uploads
```bash
# Docker
docker run -e UPLOAD_MAX_VIDEO_MB=500 ...
# Docker Compose
environment:
- UPLOAD_MAX_VIDEO_MB=500
```
### User Interface
| Variable | Type | Default | Description |
|----------|------|---------|-------------|
| `AUTOSAVE_DELAY_MS` | integer | `1000` | Autosave debounce in milliseconds (applies to note typing and drawing autosave). Server-clamped to 25060000ms. |
#### Example: Slower autosave for very large notes
```bash
# Docker
docker run -e AUTOSAVE_DELAY_MS=5000 ...
# Docker Compose
environment:
- AUTOSAVE_DELAY_MS=5000
```
Equivalent in `config.yaml`:
```yaml
ui:
autosave_delay_ms: 5000
```
## 🎯 Configuration Priority
Configuration is loaded in this order (later overrides earlier):
1. **`config.yaml`** - Default configuration file
2. **Environment Variables** - Runtime overrides
3. **Command Line** - Highest priority (if applicable)
## 🔧 Advanced Server Configuration
The following settings are available in `config.yaml` only (not via environment variables):
### CORS (Cross-Origin Resource Sharing)
```yaml
server:
# List of allowed origins for CORS
# Default: ["*"] allows all origins (fine for self-hosted)
# Production: specify your domains
allowed_origins: ["*"]
# Examples for production:
# allowed_origins: ["http://localhost:8000", "https://yourdomain.com"]
# allowed_origins: ["https://*.yourdomain.com"] # Wildcard subdomain
```
**Security Note:**
- `["*"]` is **safe for self-hosted** deployments on private networks
- For **public deployments**, specify exact origins to prevent unauthorized API access
- This prevents CSRF attacks when authentication is enabled
### Debug Mode
```yaml
server:
# Enable detailed error messages in API responses
# Default: false (production-safe)
# Set to true for development/troubleshooting
debug: false
```
**⚠️ CRITICAL**: Never enable `debug: true` in production!
When `debug: true`:
- Full error stack traces are returned to users
- Internal paths and system details are exposed
- Security vulnerabilities may be revealed
When `debug: false` (recommended):
- Generic error messages are returned
- Full error details are logged server-side only
- Production-safe error handling
---
## 📚 Related Documentation
- **Authentication**: [AUTHENTICATION.md](AUTHENTICATION.md)
- **API Rate Limiting**: [API.md](API.md#rate-limiting)
---
**Pro Tip:** Use environment variables for **deployment-specific** settings, and `config.yaml` for **application defaults**. This keeps your configuration flexible and maintainable! 🎯