git/metabuilder
1
0
Fork 0
mirror of https://github.com/johndoe6345789/metabuilder.git synced 2026-04-26 14:54:55 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
main
metabuilder/frontends/emailclient/deployment/.env.example
johndoe6345789 862cc29457 various changes
2026-03-09 22:30:41 +00:00

353 lines
11 KiB
Plaintext
Raw Permalink Blame History

# Phase 8 Email Client - Environment Configuration Template
# Copy to .env.local for development or .env.prod for production
# DO NOT commit actual secrets to version control
# Last Updated: 2026-01-24
# Status: Template for Phase 8 (Environment & Secrets Management)
# ============================================================================
# GENERAL ENVIRONMENT
# ============================================================================
ENVIRONMENT=development
NODE_ENV=development
LOG_LEVEL=debug
LOG_FORMAT=json
# ============================================================================
# DATABASE CONFIGURATION
# ============================================================================
# PostgreSQL primary database for email metadata, user accounts, credentials
POSTGRES_HOST=postgres
POSTGRES_PORT=5432
POSTGRES_USER=emailclient
POSTGRES_PASSWORD=changeme_development_password
POSTGRES_DB=emailclient_db
DATABASE_URL=postgresql://emailclient:changeme_development_password@postgres:5432/emailclient_db
# Database connection pooling
DATABASE_POOL_MIN=2
DATABASE_POOL_MAX=20
DATABASE_IDLE_TIMEOUT=30000
DATABASE_CONNECTION_TIMEOUT=5000
# ============================================================================
# REDIS CONFIGURATION
# ============================================================================
# Redis: Cache, sessions, Celery message broker, rate limiting
REDIS_HOST=redis
REDIS_PORT=6379
REDIS_PASSWORD=
REDIS_DB=0
REDIS_URL=redis://redis:6379/0
# Redis TTL defaults (seconds)
REDIS_CACHE_TTL=3600
REDIS_SESSION_TTL=86400
# ============================================================================
# CELERY & ASYNC JOBS CONFIGURATION
# ============================================================================
# Celery broker: message queue for background jobs (sync, send, parse)
CELERY_BROKER_URL=redis://redis:6379/1
# Celery result backend: store job results
CELERY_RESULT_BACKEND=redis://redis:6379/2
# Celery configuration
CELERY_TIMEZONE=UTC
CELERY_TASK_SERIALIZER=json
CELERY_ACCEPT_CONTENT=json
CELERY_RESULT_SERIALIZER=json
# Number of concurrent workers
CELERY_WORKER_CONCURRENCY=4
CELERY_WORKER_PREFETCH_MULTIPLIER=4
CELERY_WORKER_MAX_TASKS_PER_CHILD=1000
# Task timeouts
CELERY_TASK_SOFT_TIME_LIMIT=300
CELERY_TASK_TIME_LIMIT=600
# Enable task routing
CELERY_TASK_ROUTING_ENABLED=true
# ============================================================================
# JWT & SECURITY
# ============================================================================
# Generate JWT secret with: python -c "import secrets; print(secrets.token_urlsafe(32))"
# or: openssl rand -base64 32
JWT_SECRET=your-jwt-secret-key-change-in-production
JWT_ALGORITHM=HS256
JWT_EXPIRATION_HOURS=24
JWT_REFRESH_EXPIRATION_DAYS=7
# Generate encryption key with: openssl rand -base64 32
# Used for encrypting stored email account credentials
ENCRYPTION_KEY=your-encryption-key-change-in-production
ENCRYPTION_ALGORITHM=aes-256-gcm
# CORS: Allowed origins for API requests
CORS_ORIGINS=localhost:3000,localhost:3001,emailclient.local:3000
CORS_CREDENTIALS=true
CORS_METHODS=GET,POST,PUT,DELETE,PATCH,OPTIONS
CORS_ALLOWED_HEADERS=Content-Type,Authorization,X-Tenant-ID,X-Request-ID
# Security headers
SECURITY_STRICT_TRANSPORT_SECURITY=true
SECURITY_CONTENT_SECURITY_POLICY=default-src 'self'
SECURITY_X_FRAME_OPTIONS=DENY
SECURITY_X_CONTENT_TYPE_OPTIONS=nosniff
# ============================================================================
# FLASK / PYTHON EMAIL SERVICE
# ============================================================================
# Flask development vs production
FLASK_ENV=development
FLASK_DEBUG=1
FLASK_APP=app:create_app
# Flask server binding
FLASK_HOST=0.0.0.0
FLASK_PORT=5000
API_PORT=5000
# Gunicorn production server configuration
GUNICORN_WORKERS=4
GUNICORN_THREADS=2
GUNICORN_WORKER_CLASS=gthread
GUNICORN_TIMEOUT=120
GUNICORN_GRACEFUL_TIMEOUT=30
GUNICORN_KEEPALIVE=5
GUNICORN_MAX_REQUESTS=1000
GUNICORN_MAX_REQUESTS_JITTER=100
# ============================================================================
# EMAIL SERVICE - IMAP/SMTP/POP3
# ============================================================================
# IMAP Configuration
IMAP_HOST=dovecot
IMAP_PORT=143
IMAP_PORT_SSL=993
IMAP_TIMEOUT=30
IMAP_POOL_SIZE=10
IMAP_USE_SSL=false
IMAP_USE_TLS=true
IMAP_CHECK_CERTIFICATE=true
IMAP_IDLE_ENABLED=true
IMAP_IDLE_TIMEOUT=300
# SMTP Configuration
SMTP_HOST=postfix
SMTP_PORT=25
SMTP_PORT_TLS=587
SMTP_PORT_SSL=465
SMTP_TIMEOUT=30
SMTP_POOL_SIZE=5
SMTP_USE_TLS=false
SMTP_USE_SSL=false
SMTP_CHECK_CERTIFICATE=true
# POP3 Configuration (optional)
POP3_HOST=dovecot
POP3_PORT=110
POP3_PORT_SSL=995
POP3_TIMEOUT=30
POP3_USE_SSL=false
POP3_USE_TLS=true
POP3_DELETE_AFTER_SYNC=false
# Email sync configuration
EMAIL_SYNC_INTERVAL_MINUTES=5
EMAIL_SYNC_BATCH_SIZE=100
EMAIL_SYNC_MAX_RETRIES=3
EMAIL_SYNC_RETRY_DELAY_SECONDS=60
EMAIL_SYNC_FULL_REFRESH_DAYS=7
# Email parsing & processing
EMAIL_MAX_SIZE_MB=25
EMAIL_ATTACHMENT_MAX_SIZE_MB=100
EMAIL_TOTAL_ATTACHMENTS_MAX_SIZE_MB=500
EMAIL_INLINE_IMAGE_CONVERSION=true
EMAIL_HTML_SANITIZATION=true
EMAIL_TEXT_EXTRACTION=true
# ============================================================================
# MAIL SERVERS - POSTFIX & DOVECOT
# ============================================================================
# Postfix SMTP relay configuration
POSTFIX_HOST=postfix
POSTFIX_DOMAIN=emailclient.local
POSTFIX_HOSTNAME=emailclient.local
POSTFIX_MYNETWORKS=127.0.0.0/8 10.0.0.0/8
POSTFIX_RELAYHOST=
POSTFIX_RELAYHOST_USERNAME=
POSTFIX_RELAYHOST_PASSWORD=
POSTFIX_ALLOWED_SENDER_DOMAINS=example.com localhost emailclient.local
POSTFIX_MESSAGE_SIZE_LIMIT=26214400
# Dovecot IMAP/POP3 server configuration
DOVECOT_HOST=dovecot
DOVECOT_DOMAIN=emailclient.local
DOVECOT_PROTOCOLS=imap pop3
DOVECOT_MAIL_HOME=/var/mail
DOVECOT_USER_DB=static
DOVECOT_PASS_DB=static
DOVECOT_QUOTA_ENABLED=true
DOVECOT_QUOTA_MB=1000
DOVECOT_SSL_ENABLED=false
DOVECOT_TLS_ENABLED=true
DOVECOT_TLS_CERT_PATH=/etc/dovecot/certs/dovecot.crt
DOVECOT_TLS_KEY_PATH=/etc/dovecot/private/dovecot.key
# ============================================================================
# TLS/SSL CERTIFICATES
# ============================================================================
# Let's Encrypt automatic certificate management (optional)
LETSENCRYPT_EMAIL=admin@example.com
DOMAIN=emailclient.local
ENABLE_LETSENCRYPT=false
LETSENCRYPT_ENVIRONMENT=staging
# Self-signed certificates (development)
TLS_CERT_PATH=/etc/ssl/certs/emailclient.crt
TLS_KEY_PATH=/etc/ssl/private/emailclient.key
TLS_CA_CERT_PATH=/etc/ssl/certs/ca-certificates.crt
# ============================================================================
# FEATURE FLAGS
# ============================================================================
ENABLE_IMAP_SYNC=true
ENABLE_IMAP_IDLE=true
ENABLE_SMTP_SEND=true
ENABLE_POP3_SYNC=true
ENABLE_CELERY_TASKS=true
ENABLE_EMAIL_PARSING=true
ENABLE_ATTACHMENT_STORAGE=true
ENABLE_FULL_TEXT_SEARCH=false
ENABLE_ENCRYPTION_AT_REST=true
ENABLE_AUDIT_LOGGING=true
ENABLE_TWO_FACTOR_AUTH=false
ENABLE_OAUTH2_LOGIN=false
# ============================================================================
# RATE LIMITING
# ============================================================================
RATE_LIMIT_ENABLED=true
RATE_LIMIT_REQUESTS_PER_MINUTE=60
RATE_LIMIT_REQUESTS_PER_HOUR=1000
RATE_LIMIT_REQUESTS_PER_DAY=10000
# Rate limits by endpoint
RATE_LIMIT_LOGIN_REQUESTS_PER_MINUTE=5
RATE_LIMIT_REGISTER_REQUESTS_PER_MINUTE=3
RATE_LIMIT_API_REQUESTS_PER_MINUTE=60
RATE_LIMIT_SYNC_REQUESTS_PER_MINUTE=10
# ============================================================================
# ATTACHMENT & STORAGE
# ============================================================================
# Local filesystem storage (development)
ATTACHMENT_STORAGE_TYPE=filesystem
ATTACHMENT_STORAGE_PATH=/var/emailclient/attachments
# S3/blob storage (production)
# S3_BUCKET_NAME=emailclient-attachments
# S3_REGION=us-east-1
# S3_ACCESS_KEY_ID=
# S3_SECRET_ACCESS_KEY=
# S3_ENDPOINT=
# ============================================================================
# MULTI-TENANT CONFIGURATION
# ============================================================================
TENANT_ID_HEADER=X-Tenant-ID
DEFAULT_TENANT_ID=default
ENABLE_MULTI_TENANT=true
MULTI_TENANT_ISOLATION=true
# ============================================================================
# LOGGING & OBSERVABILITY
# ============================================================================
# Log level: DEBUG, INFO, WARNING, ERROR, CRITICAL
LOG_LEVEL=INFO
LOG_FORMAT=json
LOG_FILE=/app/logs/email-service.log
LOG_MAX_SIZE_MB=100
LOG_BACKUP_COUNT=10
LOG_COLORIZE=false
# Request/Response logging
LOG_REQUEST_BODY=false
LOG_RESPONSE_BODY=false
LOG_SLOW_QUERY_MS=1000
LOG_SLOW_REQUEST_MS=5000
# Structured logging fields
LOG_INCLUDE_TIMESTAMP=true
LOG_INCLUDE_REQUEST_ID=true
LOG_INCLUDE_TENANT_ID=true
LOG_INCLUDE_USER_ID=true
LOG_INCLUDE_DURATION_MS=true
# Performance monitoring
MONITOR_SYNC_PERFORMANCE=true
MONITOR_API_RESPONSE_TIMES=true
MONITOR_CELERY_TASKS=true
# ============================================================================
# HEALTH CHECKS & READINESS PROBES
# ============================================================================
HEALTH_CHECK_ENABLED=true
HEALTH_CHECK_PATH=/health
HEALTH_CHECK_INTERVAL_SECONDS=30
HEALTH_CHECK_TIMEOUT_SECONDS=5
HEALTH_CHECK_RETRIES=3
READINESS_CHECK_ENABLED=true
READINESS_CHECK_PATH=/ready
READINESS_CHECK_INTERVAL_SECONDS=10
READINESS_CHECK_TIMEOUT_SECONDS=5
READINESS_CHECK_RETRIES=3
# ============================================================================
# EXTERNAL INTEGRATIONS (Optional)
# ============================================================================
# Sentry error tracking
SENTRY_DSN=
SENTRY_ENVIRONMENT=development
SENTRY_TRACES_SAMPLE_RATE=0.1
# Datadog monitoring
DATADOG_API_KEY=
DATADOG_ENVIRONMENT=development
# OAuth2 providers (for future multi-account linking)
# GOOGLE_OAUTH_CLIENT_ID=
# GOOGLE_OAUTH_CLIENT_SECRET=
# MICROSOFT_OAUTH_CLIENT_ID=
# MICROSOFT_OAUTH_CLIENT_SECRET=
# ============================================================================
# DEVELOPMENT SETTINGS
# ============================================================================
DEBUG_MODE=true
DEBUG_TOOLBAR_ENABLED=false
MOCK_EMAIL_SERVERS=false
SEED_TEST_DATA=true
TEST_EMAIL_ACCOUNT=testuser@example.com
TEST_EMAIL_PASSWORD=testpassword
# ============================================================================
# CONTAINER ORCHESTRATION
# ============================================================================
# Docker/Kubernetes resource limits
CONTAINER_MEMORY_LIMIT=1024
CONTAINER_MEMORY_REQUEST=512
CONTAINER_CPU_LIMIT=1000
CONTAINER_CPU_REQUEST=100
# ============================================================================
# NOTES
# ============================================================================
# 1. All password fields MUST be changed in production
# 2. JWT_SECRET and ENCRYPTION_KEY must be generated securely
# 3. Keep .env and .env.prod files out of version control
# 4. Use .env.local for development, .env.prod for production
# 5. See SECRETS_MANAGEMENT.md for detailed security guidelines
# 6. Rotate secrets regularly in production environments
# 7. Use AWS Secrets Manager, HashiCorp Vault, or similar in production
# 8. Never log passwords, JWT tokens, or sensitive data
Reference in New Issue View Git Blame Copy Permalink