docker-compose-nas/.env.example

# --- Docker Compose Settings ---
# Comma-separated list of optional service profiles to enable (e.g., lidarr,sabnzbd,adguardhome)
COMPOSE_PROFILES=
# Path separator for COMPOSE_FILE (use ';' for Windows)
COMPOSE_PATH_SEPARATOR=:
# Colon-separated list of compose files to use. Allows extending the base configuration.
COMPOSE_FILE=docker-compose.yml:adguardhome/docker-compose.yml:tandoor/docker-compose.yml:joplin/docker-compose.yml:homeassistant/docker-compose.yml:immich/docker-compose.yml

# --- Core System Settings ---
# Linux User ID. Find yours with `id -u`. Crucial for file permissions.
USER_ID=1000
# Linux Group ID. Find yours with `id -g`. Crucial for file permissions.
GROUP_ID=1000
# Your local timezone (e.g., America/New_York, Europe/London, Asia/Manila). See: https://en.wikipedia.org/wiki/List_of_tz_database_time_zones
TIMEZONE="America/New_York"

# --- Host Paths ---
# Base directory on host for storing service configuration files. '.' stores them in subdirectories within the project folder.
CONFIG_ROOT="."
# Main directory on host containing media libraries (movies, TV, music, books).
DATA_ROOT="/mnt/data"
# Directory on host for download clients (qBittorrent/SABnzbd). Should be on the same filesystem as DATA_ROOT for hardlinks.
DOWNLOAD_ROOT="/mnt/data/torrents"
# Upload location for Immich (if profile enabled)
IMMICH_UPLOAD_LOCATION="/mnt/data/photos"

# --- Tailscale Settings ---
# Required. Auth key from Tailscale Admin Console (Settings > Keys). Use a reusable or ephemeral key.
TAILSCALE_AUTHKEY=
# Desired hostname for this NAS within your Tailscale network.
TAILSCALE_HOSTNAME=tailscale-nas
# Required. Your Tailnet domain (e.g., your-tailnet-name.ts.net).
TAILSCALE_TAILNET_DOMAIN=your-tailnet.ts.net
# Optional tags to apply to the Tailscale node (e.g., tag:nas).
TAILSCALE_TAGS=tag:nas
# Enable Tailscale Funnel (public access) for HTTPS? Set to 'true' or 'false'. 'false' uses Serve (Tailnet only, recommended).
ENABLE_FUNNEL_HTTPS=false

# --- Primary Hostname ---
# Primary hostname used by Traefik for routing. Derived from Tailscale settings by default.
HOSTNAME=${TAILSCALE_HOSTNAME}.${TAILSCALE_TAILNET_DOMAIN}

# --- Application Credentials ---
# qBittorrent Web UI Credentials (change default!)
QBITTORRENT_USERNAME=admin
QBITTORRENT_PASSWORD=adminadmin
# Calibre-Web Credentials (if profile enabled)
CALIBRE_USERNAME=admin
CALIBRE_PASSWORD=admin123
# Immich Database Password (if profile enabled)
IMMICH_DB_PASSWORD=postgres

# --- Homepage Settings ---
HOMEPAGE_VAR_TITLE="Docker-Compose NAS"
HOMEPAGE_VAR_SEARCH_PROVIDER=google
HOMEPAGE_VAR_HEADER_STYLE=boxed
# Weather Widget (Optional)
HOMEPAGE_VAR_WEATHER_CITY=
HOMEPAGE_VAR_WEATHER_LAT=
HOMEPAGE_VAR_WEATHER_LONG=
HOMEPAGE_VAR_WEATHER_UNIT=metric

# --- Authelia Settings ---
# Generate strong random secrets for these using tools like `openssl rand -hex 32`
AUTHELIA_JWT_SECRET= # Example: your_strong_jwt_secret
AUTHELIA_SESSION_SECRET= # Example: your_strong_session_secret
AUTHELIA_STORAGE_ENCRYPTION_KEY= # Example: your_strong_storage_encryption_key
AUTHELIA_REDIS_PASSWORD= # Example: your_strong_redis_password

# Google OIDC Provider Settings (Get from Google Cloud Console - https://console.cloud.google.com/apis/credentials)
AUTHELIA_GOOGLE_OIDC_CLIENT_ID= # Example: your-google-client-id.apps.googleusercontent.com
AUTHELIA_GOOGLE_OIDC_CLIENT_SECRET= # Example: GOCSPX-your-google-client-secret

# Authelia Session Configuration
AUTHELIA_SESSION_DOMAIN=${TAILSCALE_HOSTNAME}.${TAILSCALE_TAILNET_DOMAIN}
AUTHELIA_DEFAULT_REDIRECT_URL=https://${TAILSCALE_HOSTNAME}.${TAILSCALE_TAILNET_DOMAIN}/home

# --- API Keys & Integration Tokens (Optional - Mainly for Homepage Widgets) ---
# Find API keys within each application's settings (usually Settings > General or Security)
SONARR_API_KEY=
RADARR_API_KEY=
LIDARR_API_KEY=
PROWLARR_API_KEY=
BAZARR_API_KEY=
JELLYFIN_API_KEY=
JELLYSEERR_API_KEY=
SABNZBD_API_KEY=
IMMICH_API_KEY=
HOMEASSISTANT_ACCESS_TOKEN=
# AdGuard Home Credentials (if profile enabled)
ADGUARD_USERNAME=
ADGUARD_PASSWORD=

# --- Optional Service Settings ---
# Decluttarr Settings (if profile enabled)
DECLUTTARR_TEST_RUN=True
DECLUTTARR_REMOVE_TIMER=60
DECLUTTARR_REMOVE_FAILED=True
DECLUTTARR_REMOVE_FAILED_IMPORTS=True
DECLUTTARR_REMOVE_METADATA_MISSING=True
DECLUTTARR_REMOVE_MISSING_FILES=True
DECLUTTARR_REMOVE_ORPHANS=True

# --- Other Hostnames (Optional Services) ---
# Set these if you need specific hostnames for these services (e.g., for Home Assistant integrations)
HOMEASSISTANT_HOSTNAME=
IMMICH_HOSTNAME=
ADGUARD_HOSTNAME=