Files
chicken_babies_site/.env.example
Phillip Tarrant 78dd1ac243 feat: phase 0 foundation — FastAPI scaffold + /healthz
Scaffold app/ package, pinned requirements.txt, multi-stage Dockerfile,
docker-compose.yml, and .env.example. Add typed pydantic-settings loader
with full env contract and a production validator that refuses the
dev-sentinel SECRET_KEY. Wire structlog with an APP_ENV-driven renderer
(console in dev, JSON in prod). Ship a minimal unauthenticated /healthz
returning {status, version, commit_sha} with commit SHA fed through a
GIT_COMMIT_SHA build arg.

Also mark Phase 0 complete in docs/ROADMAP.md.
2026-04-21 14:44:41 -05:00

49 lines
2.0 KiB
Plaintext

# ---------------------------------------------------------------------------
# Chicken Babies R Us — environment contract
#
# Copy this file to `.env` and fill in the real values locally. The .env file
# is gitignored. This file (.env.example) is the public contract and MUST
# contain only placeholder / safe-default values — never real secrets.
# ---------------------------------------------------------------------------
# --- Runtime mode -----------------------------------------------------------
# development | production
APP_ENV=development
# --- Signing / sessions -----------------------------------------------------
# itsdangerous signer for cookies / CSRF tokens.
# Generate locally with: python -c "import secrets; print(secrets.token_urlsafe(48))"
# The string below is a DEV-ONLY sentinel; the app refuses to start in
# production if SECRET_KEY still matches this value.
SECRET_KEY=dev-insecure-change-me
# --- Database ---------------------------------------------------------------
DATABASE_URL=sqlite:///data/app.db
# --- Email (Resend) ---------------------------------------------------------
RESEND_API_KEY=
RESEND_FROM=no-reply@chickenbabies.example
# --- Admin allowlist / contact routing --------------------------------------
# Comma-separated list of emails allowed to request admin magic links.
ADMIN_EMAILS=
# Inbox that the public contact form messages get routed to.
ADMIN_CONTACT_EMAIL=
# --- hCaptcha ---------------------------------------------------------------
HCAPTCHA_SITE_KEY=
HCAPTCHA_SECRET=
# --- Reverse proxy / Uvicorn ------------------------------------------------
# Caddy's LAN IP (comma-separated allowed). Only headers from these IPs are
# trusted for X-Forwarded-For / X-Forwarded-Proto.
FORWARDED_ALLOW_IPS=127.0.0.1
# --- Session / auth tuning --------------------------------------------------
SESSION_MAX_DAYS=30
MAGIC_LINK_TTL_MIN=15
# --- Build metadata ---------------------------------------------------------
# Injected at Docker build time. Surfaced by /healthz. Optional in dev.
GIT_COMMIT_SHA=unknown