# LemonSec Environment Variables for Portainer # Copy these into Portainer's Environment Variables section when deploying # ============================================================================ # REQUIRED - Cloudflare DNS # ============================================================================ # Your Cloudflare account email CF_API_EMAIL=your-email@example.com # Cloudflare Global API Key (from https://dash.cloudflare.com/profile/api-tokens) # Note: DNS API Token can also be used as CF_DNS_API_TOKEN CF_API_KEY=your-cloudflare-global-api-key # ============================================================================ # REQUIRED - TrueNAS Configuration # ============================================================================ # IP address of your TrueNAS Scale VM TRUENAS_IP=192.168.1.100 # Port where Nextcloud is exposed on TrueNAS # Check: TrueNAS → Apps → Nextcloud → Node Port TRUENAS_NEXTCLOUD_PORT=9001 # ============================================================================ # REQUIRED - Authelia Secrets # Generate these with: openssl rand -hex 32 # Or use the setup script: ./setup.ps1 (on Windows) # ============================================================================ AUTHELIA_JWT_SECRET=change-me-generate-with-openssl-rand-hex-32 AUTHELIA_SESSION_SECRET=change-me-generate-with-openssl-rand-hex-32 AUTHELIA_STORAGE_KEY=change-me-generate-with-openssl-rand-hex-32 # ============================================================================ # OPTIONAL - CrowdSec # Generate after first deployment: # docker exec crowdsec cscli bouncers add traefik-bouncer # Then add the key here and redeploy # ============================================================================ CROWDSEC_API_KEY= # ============================================================================ # OPTIONAL - General Settings # ============================================================================ # Timezone TZ=Europe/Stockholm # Tailscale IP (for internal entrypoint binding) # Get with: tailscale ip -4 TAILSCALE_IP= # ============================================================================ # OPTIONAL - Grafana (if using monitoring profile) # ============================================================================ # GRAFANA_ADMIN_USER=admin # GRAFANA_ADMIN_PASSWORD=change-me # GRAFANA_OAUTH_SECRET=generate-with-authelia