.env.example

# SPDX-FileCopyrightText: 2026 William Jin <AuraMindNest@outlook.com>
#
# SPDX-License-Identifier: BSL-1.0
#
# Copy to repo root as .env on the deploy server (e.g. /opt/cppa-weblate-plugin/.env).
# Used by docker/docker-compose.cd.yml (env_file + compose interpolation) and deploy.yml.
#
# Weblate Docker environment variables:
# https://docs.weblate.org/en/latest/admin/install/docker.html#docker-environment
#
# One-time host Postgres (as superuser; match POSTGRES_USER / POSTGRES_DB below):
#   CREATE USER weblate_app WITH PASSWORD 'same-as-POSTGRES_PASSWORD-below';
#   CREATE DATABASE weblate_db OWNER weblate_app;
# Ensure pg_hba.conf allows Docker bridge hosts to connect as that user.

# ---------------------------------------------------------------------------
# Compose-only (not passed into Weblate; used by docker-compose.cd.yml)
# ---------------------------------------------------------------------------

# Host port bound to 127.0.0.1; nginx proxies HTTPS /weblate/ to this port.
WEBLATE_PORT=8080

# External Docker network where shared Redis runs (required; compose fails if unset).
# List networks after starting boost-data-collector: docker network ls
REDIS_EXTERNAL_NETWORK=shared-redis-network

# ---------------------------------------------------------------------------
# Required secrets (compose fails if unset)
# ---------------------------------------------------------------------------

POSTGRES_PASSWORD=replace-with-strong-password
WEBLATE_ADMIN_PASSWORD=replace-with-strong-admin-password

# ---------------------------------------------------------------------------
# Weblate setup
# ---------------------------------------------------------------------------

WEBLATE_DEBUG=0
WEBLATE_LOGLEVEL=INFO
WEBLATE_SITE_TITLE=Example Weblate
WEBLATE_ADMIN_NAME=Weblate Admin
WEBLATE_ADMIN_EMAIL=admin@example.com
# Required in .env (loaded via env_file). Hostname users see (no scheme); must match
# WEBLATE_ALLOWED_HOSTS and your public nginx hostname. Replace example.com placeholders.
WEBLATE_SITE_DOMAIN=weblate.example.com
WEBLATE_SERVER_EMAIL=noreply@example.com
WEBLATE_DEFAULT_FROM_EMAIL=noreply@example.com
WEBLATE_MIN_PASSWORD_SCORE=0
WEBLATE_ALLOWED_HOSTS=weblate.example.com
WEBLATE_REGISTRATION_OPEN=0
WEBLATE_TIME_ZONE=UTC

# Subpath when nginx serves Weblate at https://<host>/weblate/ (see WEBLATE_URL_PREFIX).
WEBLATE_URL_PREFIX=/weblate

# WEBLATE_DATA_DIR=/app/data

# ---------------------------------------------------------------------------
# SSL / reverse proxy (required when TLS terminates at nginx)
# ---------------------------------------------------------------------------

WEBLATE_ENABLE_HTTPS=1
WEBLATE_IP_PROXY_HEADER=HTTP_X_FORWARDED_FOR
WEBLATE_SECURE_PROXY_SSL_HEADER=HTTP_X_FORWARDED_PROTO,https

# Optional: only if you see CSRF errors (not listed in official Docker env index).
# WEBLATE_CSRF_TRUSTED_ORIGINS=https://weblate.example.com

# ---------------------------------------------------------------------------
# Access control
# ---------------------------------------------------------------------------

# WEBLATE_REQUIRE_LOGIN=1

# ---------------------------------------------------------------------------
# LDAP auth (optional)
# ---------------------------------------------------------------------------

# WEBLATE_AUTH_LDAP_SERVER_URI=ldap://ldap.example.org
# WEBLATE_AUTH_LDAP_USER_DN_TEMPLATE=uid=%(user)s,ou=People,dc=example,dc=net
# WEBLATE_AUTH_LDAP_USER_ATTR_MAP=first_name:name,email:mail

# ---------------------------------------------------------------------------
# PostgreSQL (host)
# ---------------------------------------------------------------------------
# CD compose pins POSTGRES_HOST and POSTGRES_PORT in docker-compose.cd.yml
# (host.docker.internal, default 5432). Values below apply via env_file for user/db.

POSTGRES_USER=weblate_app
# Canonical name per Weblate Docker docs (POSTGRES_DATABASE is an alias some images accept).
POSTGRES_DB=weblate_db
POSTGRES_DATABASE=weblate_db
# Ignored in CD (compose pins host/port). Documented for reference / non-CD stacks.
# POSTGRES_HOST=host.docker.internal
# POSTGRES_PORT=5432

# Optional: POSTGRES_PASSWORD_FILE=/run/secrets/db_password

# Logical DB 1 avoids clashing with other apps on the same Redis (default for Weblate is 1).
REDIS_DB=1

# Reference only for CI / local overrides (not used by docker-compose.cd.yml):
# REDIS_HOST=redis
# REDIS_PORT=6379

# ---------------------------------------------------------------------------
# Mail server (production: required for notifications; env_file only)
# ---------------------------------------------------------------------------
# Set host, user, and password for your SMTP provider. For staging without mail,
# uncomment WEBLATE_EMAIL_BACKEND dummy backend below instead of real SMTP.

WEBLATE_EMAIL_HOST=smtp.example.com
WEBLATE_EMAIL_PORT=587
WEBLATE_EMAIL_HOST_USER=replace-with-smtp-user
WEBLATE_EMAIL_HOST_PASSWORD=replace-with-smtp-password
WEBLATE_EMAIL_USE_TLS=1
WEBLATE_EMAIL_USE_SSL=0
# WEBLATE_EMAIL_BACKEND=django.core.mail.backends.dummy.EmailBackend

# ---------------------------------------------------------------------------
# GitHub (production: required for VCS and add-or-update; env_file only)
# ---------------------------------------------------------------------------
# PAT needs repo scope for clone/push. Loaded via env_file; not validated at compose up.
# See pre-deploy checklist in docs/deployment-runbook.md for token rotation.

WEBLATE_GITHUB_HOST=api.github.com
WEBLATE_GITHUB_USERNAME=replace-with-github-username
WEBLATE_GITHUB_TOKEN=replace-with-github-pat

# WEBLATE_GITLAB_USERNAME=
# WEBLATE_GITLAB_HOST=
# WEBLATE_GITLAB_TOKEN=

# ---------------------------------------------------------------------------
# Social auth (optional)
# ---------------------------------------------------------------------------

# WEBLATE_SOCIAL_AUTH_GITHUB_KEY=
# WEBLATE_SOCIAL_AUTH_GITHUB_SECRET=
# WEBLATE_SOCIAL_AUTH_GOOGLE_OAUTH2_KEY=
# WEBLATE_SOCIAL_AUTH_GOOGLE_OAUTH2_SECRET=

# ---------------------------------------------------------------------------
# Monitoring / analytics (optional)
# ---------------------------------------------------------------------------

# SENTRY_DSN=
# SENTRY_ENVIRONMENT=
# WEBLATE_GOOGLE_ANALYTICS_ID=
# WEBLATE_MATOMO_SITE_ID=
# WEBLATE_MATOMO_URL=

# ---------------------------------------------------------------------------
# Nginx inside Weblate image
# ---------------------------------------------------------------------------

CLIENT_MAX_BODY_SIZE=1000M

# ---------------------------------------------------------------------------
# Celery (Weblate worker process count; loaded via env_file)
# ---------------------------------------------------------------------------
# Number of Celery worker processes in the Weblate container (not a separate broker setting).
# Default 1 for light staging; increase to 2-4 when add-or-update tasks queue up.
# Restart the stack after changing.

CELERY_SINGLE_PROCESS=1

# ---------------------------------------------------------------------------
# Boost endpoint plugin (production rate limits)
# ---------------------------------------------------------------------------
# Read at container boot by settings_override.py (DRF scoped throttles).
# Format: N/second|minute|hour|day

BOOST_ENDPOINT_THROTTLE_INFO=60/minute
BOOST_ENDPOINT_THROTTLE_ADD_OR_UPDATE=10/hour