diff options
| author | ertopogo <erwin.t.pombett@gmail.com> | 2026-03-13 00:33:28 +0100 |
|---|---|---|
| committer | ertopogo <erwin.t.pombett@gmail.com> | 2026-03-13 00:33:28 +0100 |
| commit | b34873f98052ac5fb4bf6731a25730075796d764 (patch) | |
| tree | 0b27ef2996894287aaf382b43956d6cf45352e94 /.env.photoprism-secure.example | |
Diffstat (limited to '.env.photoprism-secure.example')
| -rw-r--r-- | .env.photoprism-secure.example | 25 |
1 files changed, 25 insertions, 0 deletions
diff --git a/.env.photoprism-secure.example b/.env.photoprism-secure.example new file mode 100644 index 0000000..0d87242 --- /dev/null +++ b/.env.photoprism-secure.example @@ -0,0 +1,25 @@ +# IAM (Keycloak externe)
+OIDC_ISSUER=https://kc.arauco.online/realms/chiruca
+OIDC_AUDIENCE=media-access-api
+OIDC_JWKS_URL=https://kc.arauco.online/realms/chiruca/protocol/openid-connect/certs
+OIDC_CLIENT_ID=media-access-api
+OIDC_CLIENT_SECRET=CHANGE_ME_OIDC_CLIENT_SECRET
+
+# RBAC cumulatif
+RBAC_ROLE_PREFIX=media_reader:folder:
+RBAC_ROLE_ALL=media_reader:all
+
+# MinIO
+MINIO_ROOT_USER=minio
+MINIO_ROOT_PASSWORD=CHANGE_ME_MINIO_ROOT_PASSWORD
+S3_BUCKET=medias-private
+S3_REGION=us-east-1
+
+# API d'acces media
+MEDIA_ACCESS_API_IMAGE=ghcr.io/your-org/media-access-api:latest
+PRESIGN_TTL_SECONDS=120
+
+# Viewer BFF
+VIEWER_BFF_PORT=8082
+MEDIA_API_BASE_URL=http://media-access-api:8081
+CORS_ALLOWED_ORIGIN=https://photos.arauco.online
|