5.0 KiB
🔧 Environment Variables
NoteDiscovery supports environment variables to override configuration settings, allowing different behavior in different deployment environments (local, staging, production).
📋 Available Environment Variables
Core Settings
| Variable | Type | Default | Description |
|---|---|---|---|
PORT |
integer | 8000 |
HTTP port for the application (Docker, run.py) |
Note: Advanced server settings (CORS origins, debug mode) are configured via
config.yamlonly, not via environment variables. See config.yaml for details.
Authentication
| Variable | Type | Default | Description |
|---|---|---|---|
AUTHENTICATION_ENABLED |
boolean | config.yaml |
Enable/disable authentication |
AUTHENTICATION_PASSWORD |
string | admin |
Password (hashed automatically at startup) |
AUTHENTICATION_SECRET_KEY |
string | config.yaml |
Session secret key (for session security) |
AUTHENTICATION_API_KEY |
string | - | API key for external integrations (MCP, scripts) |
Example: Setting password via environment variable
# Docker
docker run -e AUTHENTICATION_ENABLED=true -e AUTHENTICATION_PASSWORD=mysecretpassword ...
# Docker Compose (in .env file or docker-compose.yml)
AUTHENTICATION_PASSWORD=mysecretpassword
Demo Mode
| Variable | Type | Default | Description |
|---|---|---|---|
DEMO_MODE |
boolean | false |
Enable demo mode (enables rate limiting and other demo restrictions) |
Support
| Variable | Type | Default | Description |
|---|---|---|---|
ALREADY_DONATED |
boolean | false |
Hides the support buttons in the Settings pane |
⚠️ Disclaimer: No verification exists. But legend says that setting this to
truewithout donating causes your nextgit pushto fail silently. Just once. When it matters most.Haven't donated yet? ☕ Buy me a coffee - it takes 30 seconds and makes my day!
Upload Limits
| Variable | Type | Default | Description |
|---|---|---|---|
UPLOAD_MAX_IMAGE_MB |
integer | 10 |
Maximum image upload size in MB |
UPLOAD_MAX_AUDIO_MB |
integer | 50 |
Maximum audio upload size in MB |
UPLOAD_MAX_VIDEO_MB |
integer | 100 |
Maximum video upload size in MB |
UPLOAD_MAX_PDF_MB |
integer | 20 |
Maximum PDF upload size in MB |
Example: Allowing larger video uploads
# Docker
docker run -e UPLOAD_MAX_VIDEO_MB=500 ...
# Docker Compose
environment:
- UPLOAD_MAX_VIDEO_MB=500
User Interface
| Variable | Type | Default | Description |
|---|---|---|---|
AUTOSAVE_DELAY_MS |
integer | 1000 |
Autosave debounce in milliseconds (applies to note typing and drawing autosave). Server-clamped to 250–60000ms. |
Example: Slower autosave for very large notes
# Docker
docker run -e AUTOSAVE_DELAY_MS=5000 ...
# Docker Compose
environment:
- AUTOSAVE_DELAY_MS=5000
Equivalent in config.yaml:
ui:
autosave_delay_ms: 5000
🎯 Configuration Priority
Configuration is loaded in this order (later overrides earlier):
config.yaml- Default configuration file- Environment Variables - Runtime overrides
- Command Line - Highest priority (if applicable)
🔧 Advanced Server Configuration
The following settings are available in config.yaml only (not via environment variables):
CORS (Cross-Origin Resource Sharing)
server:
# List of allowed origins for CORS
# Default: ["*"] allows all origins (fine for self-hosted)
# Production: specify your domains
allowed_origins: ["*"]
# Examples for production:
# allowed_origins: ["http://localhost:8000", "https://yourdomain.com"]
# allowed_origins: ["https://*.yourdomain.com"] # Wildcard subdomain
Security Note:
["*"]is safe for self-hosted deployments on private networks- For public deployments, specify exact origins to prevent unauthorized API access
- This prevents CSRF attacks when authentication is enabled
Debug Mode
server:
# Enable detailed error messages in API responses
# Default: false (production-safe)
# Set to true for development/troubleshooting
debug: false
⚠️ CRITICAL: Never enable debug: true in production!
When debug: true:
- Full error stack traces are returned to users
- Internal paths and system details are exposed
- Security vulnerabilities may be revealed
When debug: false (recommended):
- Generic error messages are returned
- Full error details are logged server-side only
- Production-safe error handling
📚 Related Documentation
- Authentication: AUTHENTICATION.md
- API Rate Limiting: API.md
Pro Tip: Use environment variables for deployment-specific settings, and config.yaml for application defaults. This keeps your configuration flexible and maintainable! 🎯