medassist-ng/.env.example

# =============================================================================
# MedAssist-ng Configuration
# =============================================================================
# Copy this file to .env and adjust values for your setup
# =============================================================================

# Container user/group IDs (for bind mount permissions)
# Set to your host user's UID/GID: id -u && id -g
PUID=1000
PGID=1000

PORT=3000
# Docker Compose quickstart serves the frontend on http://localhost:4174.
# Local Vite development usually uses http://localhost:5173 or http://localhost:4173 instead.
CORS_ORIGINS=http://localhost:4174

# Server default timezone for scheduled reminders.
# Users can override this in Settings -> Timezone.
TZ=Europe/Berlin

# Public base URL used for notification action links.
# Required for intake reminder action buttons.
# Use an externally reachable HTTPS URL for remote/self-hosted access.
# PUBLIC_APP_URL=https://medassist.example.com
# If this uses a non-local host, include that origin in CORS_ORIGINS.
# Local Vite development automatically allows this hostname; set
# VITE_ALLOWED_HOSTS only when you need additional development hostnames.

# Log level: debug, info, warn, error, silent
LOG_LEVEL=info

# Rate limit: max requests per minute per IP (default: 100)
# Increase for development/testing environments
# RATE_LIMIT_MAX=100

# API documentation UI + OpenAPI JSON
# Docs are served on /docs and /docs/json.
# Default behavior: enabled outside production, disabled in production.
# Recommended:
#   development, staging: OPENAPI_DOCS_ENABLED=true
#   production: leave unset or set OPENAPI_DOCS_ENABLED=false
# OPENAPI_DOCS_ENABLED=true

# =============================================================================
# Authentication (optional - disabled by default for easy setup)
# =============================================================================
# Enable authentication (default: false = open access)
AUTH_ENABLED=false

# Allow new user registrations (auto-enabled when no users exist)
# REGISTRATION_ENABLED=false

# Disable username/password form login (useful for OIDC-only setups)
# FORM_LOGIN_ENABLED=true

# JWT Secrets - REQUIRED when AUTH_ENABLED=true
# Generate with: openssl rand -hex 32
# JWT_SECRET=
# REFRESH_SECRET=
# COOKIE_SECRET=

# Token TTL (optional - defaults shown)
# ACCESS_TOKEN_TTL_MINUTES=15
# REFRESH_TOKEN_TTL_DAYS=7

# =============================================================================
# OIDC SSO (optional - for Pocket ID, Authelia, Authentik, etc.)
# =============================================================================
# Enable OIDC authentication
# OIDC_ENABLED=false

# OIDC Provider URL (discovery endpoint will be auto-detected)
# OIDC_ISSUER_URL=https://auth.example.com

# Client credentials (from your OIDC provider)
# OIDC_CLIENT_ID=medassist
# OIDC_CLIENT_SECRET=your-client-secret

# Callback URL (must match what's configured in your OIDC provider)
# OIDC_REDIRECT_URI=https://medassist.example.com/api/auth/oidc/callback

# OIDC scopes to request (default: openid profile email)
# OIDC_SCOPES=openid profile email

# Claim to use as username (options: preferred_username, email, sub)
# OIDC_USERNAME_CLAIM=preferred_username

# Auto-create users on first SSO login (default: true)
# OIDC_AUTO_CREATE_USERS=true

# Provider name for login button (e.g., "Pocket ID", "Authelia", "SSO")
# OIDC_PROVIDER_NAME=SSO

# SMTP (optional - for email notifications and password reset)
SMTP_HOST=
SMTP_PORT=587
SMTP_USER=
SMTP_PASS=                              # Traditional password auth
SMTP_TOKEN=                             # OAuth2/App token auth (takes precedence over SMTP_PASS)
SMTP_FROM=
SMTP_SECURE=false

# Admin settings default value only - frontend settings (stored in settings.json) take precedence
REMINDER_DAYS_BEFORE=7

# Admin settings (not editable in UI)
REMINDER_HOUR=6                   # 24h format (0-23), e.g. 6 = 6:00 AM, 18 = 6:00 PM
REMINDER_MINUTES_BEFORE=15        # Minutes before intake to send reminder
EXPIRY_WARNING_DAYS=30            # Days before expiry to show yellow warning

# =============================================================================
# Default User Settings (applied when new user is created)
# =============================================================================
# These ENV values are only used as DEFAULTS when a new user is created.
# Once a user saves their settings in the app, these ENV values are ignored
# for that user - their saved preferences take precedence.
#
# Useful for server admins to pre-configure settings for all new users.
# =============================================================================

# Email notifications (requires SMTP config above)
# DEFAULT_EMAIL_ENABLED=false
# DEFAULT_NOTIFICATION_EMAIL=
# DEFAULT_EMAIL_STOCK_REMINDERS=true
# DEFAULT_EMAIL_INTAKE_REMINDERS=true
# DEFAULT_EMAIL_PRESCRIPTION_REMINDERS=true

# Push notifications (Shoutrrr URL)
# DEFAULT_SHOUTRRR_ENABLED=false
# DEFAULT_SHOUTRRR_URL=
# DEFAULT_SHOUTRRR_STOCK_REMINDERS=true
# DEFAULT_SHOUTRRR_INTAKE_REMINDERS=true
# DEFAULT_SHOUTRRR_PRESCRIPTION_REMINDERS=true

# Repeat/nagging reminders for missed doses
# DEFAULT_REPEAT_REMINDERS_ENABLED=false
# DEFAULT_REMINDER_REPEAT_INTERVAL_MINUTES=30
# DEFAULT_MAX_NAGGING_REMINDERS=5
# DEFAULT_SKIP_REMINDERS_FOR_TAKEN_DOSES=false

# Stock reminder settings
# DEFAULT_REPEAT_DAILY_REMINDERS=false

# Stock thresholds (days of supply)
# DEFAULT_LOW_STOCK_DAYS=30
# DEFAULT_NORMAL_STOCK_DAYS=90
# DEFAULT_HIGH_STOCK_DAYS=180

# UI defaults
# DEFAULT_LANGUAGE=en              # en or de
# DEFAULT_STOCK_CALCULATION_MODE=automatic  # automatic or manual
# DEFAULT_SHARE_MEDICATION_OVERVIEW=false  # Show medication overview on shared schedule links
# DEFAULT_UPCOMING_TODAY_ONLY=false
# DEFAULT_SHARE_SCHEDULE_TODAY_ONLY=false