c1edef8abd
- backend: /api/magic/{register,devices,profile,release} + AdGuard provisioning + 24h cooldown
- prisma: magic_binding_fields migration (additive on UserDevice)
- mac-app: Phase 2 - Login + MacRegistration + Profile install
- marketing: landing section + /download/rebreakmagic + DMG
- lyra: forbidden phrases + RebreakMagic coach guidance
61 lines
2.1 KiB
Markdown
61 lines
2.1 KiB
Markdown
# Backend Environment Variables
|
|
|
|
Dieses Dokument listet alle ENV-Variablen die das Rebreak-Backend benötigt.
|
|
Alle Secrets werden via **Infisical** injected. NIEMALS `.env`-Files committen.
|
|
|
|
## Core / Database
|
|
- `DATABASE_URL` — PostgreSQL Connection-String (Supabase self-hosted)
|
|
- `ENCRYPTION_KEY` — AES-256 Key für sensible DB-Fields (z.B. mdmDnsToken)
|
|
|
|
## Admin / Cron
|
|
- `ADMIN_SECRET` — Shared Secret für Admin-Endpoints
|
|
- `CRON_SECRET` — Auth-Header für Cron-Trigger-Endpoints
|
|
- `HANDSHAKE_SECRET` — AdGuard→Backend DoH-Handshake
|
|
|
|
## LLM-Provider
|
|
- `OPENROUTER_API_KEY` / `NUXT_OPENROUTER_API_KEY`
|
|
- `OPENAI_API_KEY` / `NUXT_OPENAI_API_KEY`
|
|
- `GROQ_API_KEY` / `NUXT_GROQ_API_KEY`
|
|
- `GOOGLE_AI_API_KEY`
|
|
- `GEMINI_API_KEY`
|
|
|
|
## TTS-Provider
|
|
- `GOOGLE_API_KEY` / `NUXT_GOOGLE_API_KEY`
|
|
- `DEEPGRAM_API_KEY` / `NUXT_DEEPGRAM_API_KEY`
|
|
- `AZURE_TTS_KEY`, `AZURE_TTS_REGION`
|
|
- `CARTESIA_API_KEY`, `CARTESIA_VOICE_ID`
|
|
- `ELEVENLABS_API_KEY`, `ELEVENLABS_VOICE_ID`
|
|
|
|
## Supabase (Server-only)
|
|
- `SUPABASE_URL` — Default: `https://db-staging.rebreak.org`
|
|
- `SUPABASE_KEY` / `SUPABASE_ANON_KEY`
|
|
- `SUPABASE_SERVICE_KEY` / `SUPABASE_SERVICE_ROLE_KEY`
|
|
|
|
## Stripe
|
|
- `STRIPE_SECRET_KEY`
|
|
- `STRIPE_WEBHOOK_SECRET`
|
|
- `STRIPE_PUBLISHABLE_KEY` (public)
|
|
|
|
## Email / External APIs
|
|
- `RESEND_API_KEY`
|
|
- `BREVO_API_KEY` — Brevo Transactional API
|
|
- `HOOK_SEND_EMAIL_SECRETS` — Comma-separated Webhook-Secrets (Standard-Webhooks Format)
|
|
- `MAIL_SENDER_EMAIL` — Default: `welcome@rebreak.org`
|
|
|
|
## **RebreakMagic DNS-over-HTTPS (NEU 2026-06-01)**
|
|
- `ADGUARD_BASE_URL` — Default: `https://dns.rebreak.org`
|
|
- `ADGUARD_USER` — Admin-User für AdGuard Home REST API
|
|
- `ADGUARD_PASSWORD` — Admin-Password für AdGuard Home REST API
|
|
|
|
## OAuth
|
|
- `MS_OAUTH_CLIENT_ID` — Microsoft Azure App-Registrierung (PKCE, Public Client)
|
|
- `GOOGLE_OAUTH_CLIENT_ID` — Google Cloud Console iOS-App (PKCE S256)
|
|
|
|
## Bot-User-IDs
|
|
- `LYRA_BOT_USER_ID` — DB-User-UUID für Lyra-Bot-Posts
|
|
- `REBREAK_BOT_USER_ID` — DB-User-UUID für Rebreak-System-Posts
|
|
|
|
## Public (Client-readable)
|
|
- `APP_URL` — Default: `https://staging.rebreak.org`
|
|
- `API_BASE` — Default: `https://staging.rebreak.org`
|