# ============================================================================= # MedAssist-ng Configuration # ============================================================================= # Copy this file to .env and adjust values for your setup # ============================================================================= # Container user/group IDs (for bind mount permissions) # Set to your host user's UID/GID: id -u && id -g PUID=1000 PGID=1000 PORT=3000 CORS_ORIGINS=http://localhost:4174 LOG_LEVEL=info # Timezone for scheduled reminders (e.g., Europe/Berlin, America/New_York) TZ=Europe/Berlin # ============================================================================= # Authentication (optional - disabled by default for easy setup) # ============================================================================= # Enable authentication (default: false = open access) AUTH_ENABLED=false # Allow new user registrations (auto-enabled when no users exist) # REGISTRATION_ENABLED=false # JWT Secrets - REQUIRED when AUTH_ENABLED=true # Generate with: openssl rand -hex 32 # JWT_SECRET= # REFRESH_SECRET= # COOKIE_SECRET= # Token TTL (optional - defaults shown) # ACCESS_TOKEN_TTL_MINUTES=15 # REFRESH_TOKEN_TTL_DAYS=7 # ============================================================================= # OIDC SSO (optional - for Pocket ID, Authelia, Authentik, etc.) # ============================================================================= # Enable OIDC authentication # OIDC_ENABLED=false # OIDC Provider URL (discovery endpoint will be auto-detected) # OIDC_ISSUER_URL=https://auth.example.com # Client credentials (from your OIDC provider) # OIDC_CLIENT_ID=medassist # OIDC_CLIENT_SECRET=your-client-secret # Callback URL (must match what's configured in your OIDC provider) # OIDC_REDIRECT_URI=https://medassist.example.com/api/auth/oidc/callback # OIDC scopes to request (default: openid profile email) # OIDC_SCOPES=openid profile email # Claim to use as username (options: preferred_username, email, sub) # OIDC_USERNAME_CLAIM=preferred_username # Auto-create users on first SSO login (default: true) # OIDC_AUTO_CREATE_USERS=true # Provider name for login button (e.g., "Pocket ID", "Authelia", "SSO") # OIDC_PROVIDER_NAME=SSO # SMTP (optional - for email notifications and password reset) SMTP_HOST= SMTP_PORT=587 SMTP_USER= SMTP_PASS= # Traditional password auth SMTP_TOKEN= # OAuth2/App token auth (takes precedence over SMTP_PASS) SMTP_FROM= SMTP_SECURE=false # Admin settings default value only - frontend settings (stored in settings.json) take precedence REMINDER_DAYS_BEFORE=7 # Admin settings (not editable in UI) REMINDER_HOUR=6 # 24h format (0-23), e.g. 6 = 6:00 AM, 18 = 6:00 PM REMINDER_MINUTES_BEFORE=15 # Minutes before intake to send reminder EXPIRY_WARNING_DAYS=30 # Days before expiry to show yellow warning