# --- umt-tmdb-proxy configuration --------------------------------------- # Copy to .env and fill in. All values are read from the environment. # Where the server listens (inside the container / on the host). LISTEN_ADDR=:8080 # Externally reachable base URL of this proxy (no trailing slash). # This is also what users enter as "Proxy-URL" in the desktop app. PUBLIC_URL=https://tmdb.example.com # The single shared TMDB v3 API key the whole group will use. TMDB_API_KEY=your_tmdb_v3_key # --- Authentik / OIDC --------------------------------------------------- # Issuer is the OIDC provider URL from your Authentik application # (e.g. https://auth.example.com/application/o/watchlist-proxy/). OIDC_ISSUER=https://auth.example.com/application/o/watchlist-proxy/ OIDC_CLIENT_ID=your_client_id OIDC_CLIENT_SECRET=your_client_secret # Must exactly match a Redirect URI configured in Authentik. # Defaults to PUBLIC_URL + /callback if left empty. OIDC_REDIRECT_URL=https://tmdb.example.com/callback # Optional: restrict access to members of these Authentik groups # (comma-separated). Requires a "groups" scope/claim mapping in Authentik. # ALLOWED_GROUPS=watchlist,friends # A long random secret used to sign issued access tokens. KEEP IT PRIVATE. # Generate with: openssl rand -base64 48 SESSION_SECRET=change-me-to-a-long-random-string # How long an issued desktop-app token stays valid (in days). TOKEN_TTL_DAYS=90 # --- Library-Sync (optional) ------------------------------------------- # PostgreSQL-DSN für den verschlüsselten Bibliotheks-Sync. Leer lassen, um # den Sync zu deaktivieren (dann läuft der Server als reiner TMDB-Proxy). # Der Server speichert nur Chiffretext (Ende-zu-Ende, Zero-Knowledge). # Bei Nutzung von docker-compose.yml wird dies automatisch gesetzt. # DATABASE_URL=postgres://umt:change-me@db:5432/umt?sslmode=disable # Passwort des Postgres-Containers (nur für docker-compose.yml relevant). POSTGRES_PASSWORD=change-me