thirteenft/.env-dist

# The docker image to use:
THIRTEENFT_IMAGE=ghcr.io/wasi-master/13ft:0.3.2

# The domain name for the thirteenft service:
THIRTEENFT_TRAEFIK_HOST=13ft.example.com

# The name of this instance. If there is only one instance, use 'default'.
THIRTEENFT_INSTANCE=

# Filter access by IP address source range (CIDR):
##Disallow all access: 0.0.0.0/32
##Allow all access: 0.0.0.0/0
THIRTEENFT_IP_SOURCERANGE=0.0.0.0/0

# HTTP Basic Authentication:
# Use `make config` to fill this in properly, or set this to blank to disable.
THIRTEENFT_HTTP_AUTH=

# OAUTH2
# Set to `true` to use OpenID/OAuth2 authentication via the
# traefik-forward-auth service in d.rymcg.tech.
# Using OpenID/OAuth2 will require login to access your app,
# but it will not affect what a successfully logged-in person can do in your
# app. If your app has built-in authentication and can check the user
# header that traefik-forward-auth sends, then your app can limit what the
# logged-in person can do in the app. But if your app can't check the user
# header, or if your app doesn't have built-in authentication at all, then
# any person with an account on your Gitea server can log into your app and
# have full access.
THIRTEENFT_OAUTH2=
# In addition to Oauth2 authentication, you can configure basic authorization
# by entering which authorization group can log into your app. You create
# groups of email addresses in the `traefik` folder by running `make groups`. 
THIRTEENFT_OAUTH2_AUTHORIZED_GROUP=

# Mutual TLS (mTLS):
# Set true or false. If true, all clients must present a certificate signed by Step-CA:
THIRTEENFT_MTLS_AUTH=false
# Enter a comma separated list of client domains allowed to connect via mTLS.
# Wildcards are allowed and encouraged on a per-app basis:
THIRTEENFT_MTLS_AUTHORIZED_CERTS=*.clients.thirteenft.example.com