-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathopencode-cf-auth-proxy.env.example
More file actions
60 lines (46 loc) · 2.74 KB
/
opencode-cf-auth-proxy.env.example
File metadata and controls
60 lines (46 loc) · 2.74 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
# OpenCode Plus Cloudflare Access gateway configuration.
# The gateway is disabled by default. Prefer Docker environment variables with
# OPENCODE_CF_AUTH_ENABLED=true; this file is a reference for the generated config.
# Gateway listen address. Expose this port from Docker/Unraid when using the gateway.
LISTEN_ADDR=0.0.0.0:4097
# Upstream OpenCode server. The bundled supervisor starts OpenCode on 4096 by default.
UPSTREAM_URL=http://127.0.0.1:4096
# Cloudflare Access audience tag for the protected application.
# Required unless CF_ACCESS_SKIP_AUD=true.
CF_ACCESS_AUD=replace-with-cloudflare-access-aud
CF_ACCESS_SKIP_AUD=false
# Optional issuer suffix check. Leave as the Cloudflare Access default unless you know you need another issuer.
TRUSTED_CF_ISSUER_SUFFIX=.cloudflareaccess.com
# Comma-separated email allowlist. Keep this aligned with your Cloudflare Access policy.
ALLOWED_EMAILS=you@example.com
# Basic auth credentials used by the gateway when proxying to OpenCode.
# Either set OPENCODE_BASIC_AUTH_B64 or set OPENCODE_BASIC_USER and OPENCODE_BASIC_PASSWORD.
OPENCODE_BASIC_USER=opencode
OPENCODE_BASIC_PASSWORD=replace-with-opencode-server-password
# OPENCODE_BASIC_AUTH_B64=base64-of-username-colon-password
# Optional redirect path for the root URL.
OPENCODE_ROOT_REDIRECT_PATH=/
# Optional OpenCode Plus UI injection. The asset dir lets you edit drawer.js/css
# live without rebuilding the Docker image after the gateway binary is installed.
OPENCODE_PLUS_UI_ENABLED=false
# OPENCODE_PLUS_UI_ASSET_DIR=/config/persist/opencode-plus-ui
# Runtime auth toggle state. This stores whether the gateway requires
# Cloudflare Access or passes through to the local OpenCode login.
OPENCODE_PLUS_AUTH_STATE_FILE=/config/persist/opencode-plus-auth-state.json
# Provider quota/status JSON consumed by the injected statusline chips.
OPENCODE_PLUS_QUOTA_URL=http://127.0.0.1:18765/quota
# Encrypted provider credential vault used by OpenCode Plus UI/quota integrations.
OPENCODE_PLUS_SECRETS_DIR=/config/persist/opencode-plus-secrets
# Non-secret OpenCode Plus runtime config, such as provider auth source preferences.
OPENCODE_PLUS_CONFIG_FILE=/config/persist/opencode-plus-config.json
# File mount manager state. Mounts are created below the active workspace's mounts/ directory.
OPENCODE_PLUS_MOUNTS_DIR=/config/persist/opencode-plus-mounts
# Optional PocketBase-backed Soul Sync readiness checks.
OPENCODE_PLUS_SOUL_DB_ENABLED=true
OPENCODE_PLUS_SOUL_PB_URL=http://pocketbase:8080
OPENCODE_PLUS_DEPLOYMENT_ID=opencode1
OPENCODE_PLUS_DEPLOYMENT_NAME=opencode1
# Optional local source checkout for the instance build/commit badge.
# OPENCODE_PLUS_SOURCE_REPO_DIR=/root/repos/opencode-plus
OPENCODE_CONFIG_FILE=/root/workspace/opencode.json
OPENCODE_PLUS_CLOUDFLARE_AUTH_DEFAULT=true