invoice-machine/.env.example at main · davidtorcivia/invoice-machine · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
# =============================================================================
# INVOICE MACHINE CONFIGURATION
# =============================================================================
# Copy this file to .env and customize for your environment

# -----------------------------------------------------------------------------
# APPLICATION
# -----------------------------------------------------------------------------

# External port mapping (Docker host port)
PORT=8080

# Application URL (used for PDF links, MCP config display, and email links)
# IMPORTANT: Set this to your public URL in production
APP_BASE_URL=http://localhost:8080

# Environment: development, staging, production
# Affects logging verbosity and default security settings
ENVIRONMENT=development

# Database URL (SQLite) - typically no need to change
DATABASE_URL=sqlite+aiosqlite:///./data/invoice_machine.db

# Data directory for database, PDFs, logos, and backups
# In Docker, this maps to /app/data inside the container
DATA_DIR=./data

# Trash retention (days before auto-purge)
TRASH_RETENTION_DAYS=90

# -----------------------------------------------------------------------------
# SECURITY
# -----------------------------------------------------------------------------

# Encryption key for SMTP credentials and other sensitive data
# REQUIRED in production. In development, a derived key is used with warnings.
#
# Generate a secure 32-byte key using one of these methods:
#
#   Python:
#     python -c "import secrets; print(secrets.token_hex(32))"
#
#   OpenSSL:
#     openssl rand -hex 32
#
#   PowerShell:
#     -join ((1..32) | ForEach-Object { "{0:x2}" -f (Get-Random -Maximum 256) })
#
# The key should be exactly 64 hex characters (32 bytes).
# Store it securely and NEVER commit it to version control.
# If you lose the key, encrypted credentials (SMTP passwords) will be unreadable.
#
# INVOICE_MACHINE_ENCRYPTION_KEY=your_64_character_hex_key_here

# CORS origins (comma-separated)
# IMPORTANT: In production, set to your actual domain only
CORS_ORIGINS=http://localhost:3000,http://localhost:8080

# Enable secure cookies (requires HTTPS)
# IMPORTANT: Set to true in production when behind HTTPS/reverse proxy
SECURE_COOKIES=false

# -----------------------------------------------------------------------------
# INVOICE DEFAULTS
# -----------------------------------------------------------------------------

# Default payment terms in days
DEFAULT_PAYMENT_TERMS_DAYS=30

# Default currency code (USD, EUR, GBP, CAD, AUD, JPY, etc.)
DEFAULT_CURRENCY_CODE=USD

# Default accent color for PDFs (hex format)
DEFAULT_ACCENT_COLOR=#16a34a

# -----------------------------------------------------------------------------
# FILE UPLOAD LIMITS
# -----------------------------------------------------------------------------

# Maximum logo file size in MB
MAX_LOGO_SIZE_MB=5

# =============================================================================
# PRODUCTION CONFIGURATION
# =============================================================================
# For production deployment behind HTTPS (e.g., Cloudflare Tunnel, nginx),
# create a .env file with these settings:
#
# # REQUIRED for production
# INVOICE_MACHINE_ENCRYPTION_KEY=your_64_character_hex_key_here
# APP_BASE_URL=https://invoices.yourdomain.com
# ENVIRONMENT=production
# SECURE_COOKIES=true
# CORS_ORIGINS=https://invoices.yourdomain.com
#
# # Optional: custom port and data location
# PORT=8085
# DATA_DIR=/var/lib/invoice-machine/data
#
# # Optional: adjust defaults
# DEFAULT_PAYMENT_TERMS_DAYS=14
# DEFAULT_CURRENCY_CODE=EUR
# TRASH_RETENTION_DAYS=30