diff --git a/.ci/.env.ci b/.ci/.env.ci index c63126c208..94995a20c3 100644 --- a/.ci/.env.ci +++ b/.ci/.env.ci @@ -88,9 +88,18 @@ SESSION_DRIVER=array # If you set either of these to 'redis', you might want to update these settings too # If you use Docker or similar, you can set REDIS_HOST_FILE, REDIS_PASSWORD_FILE or # REDIS_PORT_FILE to set the value from a file instead of from an environment variable + +# can be tcp, unix or http +REDIS_SCHEME=tcp + +# use only when using 'unix' for REDIS_SCHEME. Leave empty otherwise. +REDIS_PATH= + +# use only when using 'tcp' or 'http' for REDIS_SCHEME. Leave empty otherwise. REDIS_HOST=127.0.0.1 -REDIS_PASSWORD=null REDIS_PORT=6379 + +REDIS_PASSWORD=null # always use quotes and make sure redis db "0" and "1" exists. Otherwise change accordingly. REDIS_DB="0" REDIS_CACHE_DB="1" diff --git a/.ci/firefly-iii-standard.yml b/.ci/firefly-iii-standard.yml index c7837c4ddf..c863d43be6 100644 --- a/.ci/firefly-iii-standard.yml +++ b/.ci/firefly-iii-standard.yml @@ -1,9 +1,8 @@ parameters: - indentation: tab + indentation: spaces file_extensions: - php - - phpt exclude_files: - fixtures/* diff --git a/.deploy/heroku/.env.heroku b/.deploy/heroku/.env.heroku index 78d8067adb..b649b5a1ae 100644 --- a/.deploy/heroku/.env.heroku +++ b/.deploy/heroku/.env.heroku @@ -5,77 +5,118 @@ APP_ENV=heroku # Set to true if you want to see debug information in error screens. APP_DEBUG=false -# This should be your email address +# This should be your email address. +# If you use Docker or similar, you can set this variable from a file by using SITE_OWNER_FILE SITE_OWNER=heroku@example.com -# The encryption key for your database and sessions. Keep this very secure. -# If you generate a new one all existing data must be considered LOST. -# Change it to a string of exactly 32 chars or use command `php artisan key:generate` to generate it +# The encryption key for your sessions. Keep this very secure. +# If you generate a new one all existing attachments must be considered LOST. +# Change it to a string of exactly 32 chars or use something like `php artisan key:generate` to generate it. +# If you use Docker or similar, you can set this variable from a file by using APP_KEY_FILE APP_KEY=7ahyYVPVsmxjdhsweWCauGeJfwc92NP2 +# +# Firefly III will launch using this language (for new users and unauthenticated visitors) +# For a list of available languages: https://github.com/firefly-iii/firefly-iii/tree/main/resources/lang +# +# If text is still in English, remember that not everything may have been translated. +DEFAULT_LANGUAGE=en_US + +# The locale defines how numbers are formatted. +# by default this value is the same as whatever the language is. +DEFAULT_LOCALE=equal + # Change this value to your preferred time zone. # Example: Europe/Amsterdam +# For a list of supported time zones, see https://en.wikipedia.org/wiki/List_of_tz_database_time_zones TZ=UTC -# This variable must match your installation's external address but keep in mind that -# it's only used on the command line as a fallback value. -APP_URL=http://localhost - # TRUSTED_PROXIES is a useful variable when using Docker and/or a reverse proxy. +# Set it to ** and reverse proxies work just fine. TRUSTED_PROXIES=** # The log channel defines where your log entries go to. -# 'daily' is the default logging mode giving you 5 daily rotated log files in /storage/logs/. # Several other options exist. You can use 'single' for one big fat error log (not recommended). # Also available are 'syslog', 'errorlog' and 'stdout' which will log to the system itself. +# A rotating log option is 'daily', creates 5 files that (surprise) rotate. +# Default setting 'stack' will log to 'daily' and to 'stdout' at the same time. + +# - Docker + versions <= 4.8.1.8 and before: use "stdout" +# - Docker + versions > 4.8.1.8 : use "docker_out" +# - Docker + versions >= 5.1.1 : use "stack" +# - For everything else (als not Docker) : use 'stack' + LOG_CHANNEL=stdout # Log level. You can set this from least severe to most severe: # debug, info, notice, warning, error, critical, alert, emergency # If you set it to debug your logs will grow large, and fast. If you set it to emergency probably # nothing will get logged, ever. -APP_LOG_LEVEL=debug +APP_LOG_LEVEL=notice # Database credentials. Make sure the database exists. I recommend a dedicated user for Firefly III -# If you use SQLite, set connection to `sqlite` and remove the database, username and password settings. +# For other database types, please see the FAQ: https://docs.firefly-iii.org/support/faq +# If you use Docker or similar, you can set these variables from a file by appending them with _FILE +# Use "pgsql" for PostgreSQL +# Use "mysql" for MySQL and MariaDB. +# Use "sqlite" for SQLite. DB_CONNECTION=pgsql +# MySQL supports SSL. You can configure it here. +# If you use Docker or similar, you can set these variables from a file by appending them with _FILE +MYSQL_USE_SSL=false +MYSQL_SSL_VERIFY_SERVER_CERT=true +# You need to set at least of these options +MYSQL_SSL_CAPATH=/etc/ssl/certs/ +MYSQL_SSL_CA= +MYSQL_SSL_CERT= +MYSQL_SSL_KEY= +MYSQL_SSL_CIPHER= # PostgreSQL supports SSL. You can configure it here. +# If you use Docker or similar, you can set these variables from a file by appending them with _FILE PGSQL_SSL_MODE=prefer PGSQL_SSL_ROOT_CERT=null PGSQL_SSL_CERT=null PGSQL_SSL_KEY=null PGSQL_SSL_CRL_FILE=null - # If you're looking for performance improvements, you could install memcached. CACHE_DRIVER=file SESSION_DRIVER=file -# You can configure another file storage backend if you cannot use the local storage option. -# To set this up, fill in the following variables. The upload path is used to store uploaded -# files and the export path is to store exported data (before download). -SFTP_HOST= -SFTP_PORT= -SFTP_UPLOAD_PATH= -SFTP_EXPORT_PATH= +# If you set either of these to 'redis', you might want to update these settings too +# If you use Docker or similar, you can set REDIS_HOST_FILE, REDIS_PASSWORD_FILE or +# REDIS_PORT_FILE to set the value from a file instead of from an environment variable -# SFTP uses either the username/password combination or the private key to authenticate. -SFTP_USERNAME= -SFTP_PASSWORD= -SFTP_PRIV_KEY= +# can be tcp, unix or http +REDIS_SCHEME=tcp + +# use only when using 'unix' for REDIS_SCHEME. Leave empty otherwise. +REDIS_PATH= + +# use only when using 'tcp' or 'http' for REDIS_SCHEME. Leave empty otherwise. +REDIS_HOST=127.0.0.1 +REDIS_PORT=6379 + +REDIS_PASSWORD=null +# always use quotes and make sure redis db "0" and "1" exists. Otherwise change accordingly. +REDIS_DB="0" +REDIS_CACHE_DB="1" # Cookie settings. Should not be necessary to change these. +# If you use Docker or similar, you can set COOKIE_DOMAIN_FILE to set +# the value from a file instead of from an environment variable COOKIE_PATH="/" COOKIE_DOMAIN= COOKIE_SECURE=false # If you want Firefly III to mail you, update these settings -# For instructions, see: https://firefly-iii.readthedocs.io/en/latest/installation/mail.html -MAIL_DRIVER=log -MAIL_HOST=smtp.mailtrap.io +# For instructions, see: https://docs.firefly-iii.org/advanced-installation/email +# If you use Docker or similar, you can set these variables from a file by appending them with _FILE +MAIL_MAILER=log +MAIL_HOST=null MAIL_PORT=2525 MAIL_FROM=changeme@example.com MAIL_USERNAME=null @@ -83,11 +124,20 @@ MAIL_PASSWORD=null MAIL_ENCRYPTION=null # Other mail drivers: +# If you use Docker or similar, you can set these variables from a file by appending them with _FILE MAILGUN_DOMAIN= MAILGUN_SECRET= + + +# If you are on EU region in mailgun, use api.eu.mailgun.net, otherwise use api.mailgun.net +# If you use Docker or similar, you can set this variable from a file by appending it with _FILE +MAILGUN_ENDPOINT=api.mailgun.net + +# If you use Docker or similar, you can set these variables from a file by appending them with _FILE MANDRILL_SECRET= SPARKPOST_SECRET= + # Firefly III can send you the following messages SEND_REGISTRATION_MAIL=true SEND_ERROR_MESSAGE=true @@ -96,53 +146,85 @@ SEND_ERROR_MESSAGE=true SEND_REPORT_JOURNALS=true # Set a Mapbox API key here (see mapbox.com) so there might be a map available at various places. +# If you use Docker or similar, you can set this variable from a file by appending it with _FILE MAPBOX_API_KEY= +# The map will default to this location: +MAP_DEFAULT_LAT=51.983333 +MAP_DEFAULT_LONG=5.916667 +MAP_DEFAULT_ZOOM=6 + # Firefly III currently supports two provider for live Currency Exchange Rates: -# "fixer" is the default (for backward compatibility), and "ratesapi" is the new one. +# "fixer", and "ratesapi". # RatesApi.IO (see https://ratesapi.io) is a FREE and OPEN SOURCE live currency exchange rates, -# built compatible with Fixer.IO, based on data published by European Central Bank, and don't require API key. -CER_PROVIDER=fixer +# built compatible with Fixer.IO, based on data published by European Central Bank, and doesn't require API key. +CER_PROVIDER=ratesapi + # If you have select "fixer" as default currency exchange rates, # set a Fixer IO API key here (see https://fixer.io) to enable live currency exchange rates. # Please note that this WILL ONLY WORK FOR PAID fixer.io accounts because they severely limited # the free API up to the point where you might as well offer nothing. +# If you use Docker or similar, you can set this variable from a file by appending it with _FILE FIXER_API_KEY= -# If you wish to track your own behavior over Firefly III, set a valid analytics tracker ID here. -TRACKER_SITE_ID= -TRACKER_URL= - -# Most parts of the database are encrypted by default, but you can turn this off if you want to. -# This makes it easier to migrate your database. Not that some fields will never be decrypted. -USE_ENCRYPTION=true - # Firefly III has two options for user authentication. "eloquent" is the default, # and "ldap" for LDAP servers. # For full instructions on these settings please visit: -# https://firefly-iii.readthedocs.io/en/latest/installation/authentication.html +# https://docs.firefly-iii.org/advanced-installation/authentication +# If you use Docker or similar, you can set this variable from a file by appending it with _FILE LOGIN_PROVIDER=eloquent +# +# It's also possible to change the way users are authenticated. You could use Authelia for example. +# Authentication via the REMOTE_USER header is supported. Change the value below to "remote_user_guard". +# +# If you do this please read the documentation for instructions and warnings: +# https://docs.firefly-iii.org/advanced-installation/authentication +# +# This function is available in Firefly III v5.3.0 and higher. +AUTHENTICATION_GUARD=web + +# +# Likewise, it's impossible to log out users who's authentication is handled by an external system. +# Enter a custom URL here that will force a logout (your authentication provider can tell you). +# Setting this variable only works when AUTHENTICATION_GUARD != web +# +CUSTOM_LOGOUT_URI= + # LDAP connection configuration # OpenLDAP, FreeIPA or ActiveDirectory +# # If you use Docker or similar, you can set this variable from a file by appending it with _FILE ADLDAP_CONNECTION_SCHEME=OpenLDAP ADLDAP_AUTO_CONNECT=true # LDAP connection settings +# You can set the following variables from a file by appending them with _FILE: +# ADLDAP_CONTROLLERS, ADLDAP_PORT, ADLDAP_BASEDN ADLDAP_CONTROLLERS= ADLDAP_PORT=389 ADLDAP_TIMEOUT=5 ADLDAP_BASEDN="" ADLDAP_FOLLOW_REFFERALS=false + +# SSL/TLS settings ADLDAP_USE_SSL=false ADLDAP_USE_TLS=false +ADLDAP_SSL_CACERTDIR= +ADLDAP_SSL_CACERTFILE= +ADLDAP_SSL_CERTFILE= +ADLDAP_SSL_KEYFILE= +ADLDAP_SSL_CIPHER_SUITE= +ADLDAP_SSL_REQUIRE_CERT= +# You can set the following variables from a file by appending them with _FILE: ADLDAP_ADMIN_USERNAME= ADLDAP_ADMIN_PASSWORD= +# You can set the following variables from a file by appending them with _FILE: ADLDAP_ACCOUNT_PREFIX= ADLDAP_ACCOUNT_SUFFIX= + # LDAP authentication settings. ADLDAP_PASSWORD_SYNC=false ADLDAP_LOGIN_FALLBACK=false @@ -151,25 +233,76 @@ ADLDAP_DISCOVER_FIELD=distinguishedname ADLDAP_AUTH_FIELD=distinguishedname # Will allow SSO if your server provides an AUTH_USER field. +# You can set the following variables from a file by appending them with _FILE: +WINDOWS_SSO_ENABLED=false WINDOWS_SSO_DISCOVER=samaccountname WINDOWS_SSO_KEY=AUTH_USER # field to sync as local username. +# You can set the following variable from a file by appending it with _FILE: ADLDAP_SYNC_FIELD=userprincipalname -# You can disable the X-Frame-Options header if it interfears with tools like -# Organizr. This is at your own risk. +# You can disable the X-Frame-Options header if it interferes with tools like +# Organizr. This is at your own risk. Applications running in frames run the risk +# of leaking information to their parent frame. DISABLE_FRAME_HEADER=false +# You can disable the Content Security Policy header when you're using an ancient browser +# or any version of Microsoft Edge / Internet Explorer (which amounts to the same thing really) +# This leaves you with the risk of not being able to stop XSS bugs should they ever surface. +# This is at your own risk. +DISABLE_CSP_HEADER=false + +# If you wish to track your own behavior over Firefly III, set valid analytics tracker information here. +# Nobody uses this except for me on the demo site. But hey, feel free to use this if you want to. +# Do not prepend the TRACKER_URL with http:// or https:// +# The only tracker supported is Matomo. +# You can set the following variables from a file by appending them with _FILE: +TRACKER_SITE_ID= +TRACKER_URL= + +# +# Firefly III can collect telemetry on how you use Firefly III. This is opt-in. +# In order to allow this, change the following variable to true. +# To read more about this feature, go to this page: https://docs.firefly-iii.org/support/telemetry +SEND_TELEMETRY=false + +# You can fine tune the start-up of a Docker container by editing these environment variables. +# Use this at your own risk. Disabling certain checks and features may result in lost of inconsistent data. +# However if you know what you're doing you can significantly speed up container start times. +# Set each value to true to enable, or false to disable. + +# Check if the SQLite database exists. Can be skipped if you're not using SQLite. +# Won't significantly speed up things. +DKR_CHECK_SQLITE=true + +# Run database creation and migration commands. Disable this only if you're 100% sure the DB exists +# and is up to date. +DKR_RUN_MIGRATION=true + +# Run database upgrade commands. Disable this only when you're 100% sure your DB is up-to-date +# with the latest fixes (outside of migrations!) +DKR_RUN_UPGRADE=true + +# Verify database integrity. Includes all data checks and verifications. +# Disabling this makes Firefly III assume your DB is intact. +DKR_RUN_VERIFY=true + +# Run database reporting commands. When disabled, Firefly III won't go over your data to report current state. +# Disabling this should have no impact on data integrity or safety but it won't warn you of possible issues. +DKR_RUN_REPORT=true + +# Generate OAuth2 keys. +# When disabled, Firefly III won't attempt to generate OAuth2 Passport keys. This won't be an issue, IFF (if and only if) +# you had previously generated keys already and they're stored in your database for restoration. +DKR_RUN_PASSPORT_INSTALL=true + # Leave the following configuration vars as is. # Unless you like to tinker and know what you're doing. APP_NAME=FireflyIII ADLDAP_CONNECTION=default BROADCAST_DRIVER=log QUEUE_DRIVER=sync -REDIS_HOST=127.0.0.1 -REDIS_PASSWORD=null -REDIS_PORT=6379 CACHE_PREFIX=firefly SEARCH_RESULT_LIMIT=50 PUSHER_KEY= @@ -177,7 +310,18 @@ PUSHER_SECRET= PUSHER_ID= DEMO_USERNAME= DEMO_PASSWORD= -IS_SANDSTORM=false -IS_HEROKU=true -BUNQ_USE_SANDBOX=false -FFIII_LAYOUT=v1 +USE_ENCRYPTION=false +IS_HEROKU=false +FIREFLY_III_LAYOUT=v1 + +# +# If you have trouble configuring your Firefly III installation, DON'T BOTHER setting this variable. +# It won't work. It doesn't do ANYTHING. Don't believe the lies you read online. I'm not joking. +# This configuration value WILL NOT HELP. +# +# This variable is ONLY used in some of the emails Firefly III sends around. Nowhere else. +# So when configuring anything WEB related this variable doesn't do anything. Nothing +# +# If you're stuck I understand you get desperate but look SOMEWHERE ELSE. +# +APP_URL=http://localhost