env.example

# This example environment is intended to be used with the "run.sh" script. If
# sets up SODAR with iRODS, Davrods, HTTPS using a provided certificate and
# iRODS PAM authentication via SODAR.
#
# Steps required to run this configuration:
#
# 1) Run ./init.sh
# 2) Add "127.0.0.1 sodar.local" into your /etc/hosts file.
# 3) Place your certificate .crt and .key files in config/traefik/tls.
# 4) Place a generated dhparams.pem file into config/irods/etc.
# 5) Bring up the docker compose network with ./run.sh.
# 6) Create superuser (see documentation)
# 7) Browse to https://sodar.local and sign in with the superuser account

# Docker network settings
NETWORK_BRIDGE_NAME=br-sodar

# Image versions
# NOTE: For the latest SODAR development build, use "dev-0"
# NOTE: If using the SOPDAR dev build, use the latest dev branch commit of this repository!
SODAR_SERVER_VERSION=0.14.2-0
IRODS_VERSION=4.2.11-1
SSSD_VERSION=1.16.5-10

# Logging
SODAR_LOGGING_LEVEL=ERROR

# Enabled SODAR backend plugins
SODAR_ENABLED_BACKEND_PLUGINS=appalerts_backend,omics_irods,ontologyaccess_backend,sodar_cache,taskflow,timeline_backend

# Secret key used for HTTP sessions, CHANGE FOR PRODUCTION
SODAR_DJANGO_SECRET_KEY=CHANGEMEchangemeCHANGEMEchangemeCHANGEMEchangemeCH

# Default admin user for SODAR, user must exist
SODAR_PROJECTROLES_DEFAULT_ADMIN=admin

# Allow local (non-LDAP) users
SODAR_PROJECTROLES_ALLOW_LOCAL_USERS=1

# Allow anonymous users to view the site
# NOTE: Also allows anonymous access to projects with public guest access
SODAR_PROJECTROLES_ALLOW_ANONYMOUS=0

# Default base URL for SODAR API, CHANGE FOR PRODUCTION
SODAR_API_DEFAULT_HOST=https://sodar.local

# Admin users for error email sending etc. (optional)
# Provide in the format "name:email,name:email"
SODAR_ADMINS=

# UI related settings
SODAR_SITE_INSTANCE_TITLE=ACME SODAR
SODAR_SITE_SUBTITLE=Docker

#
# Email sending (optional)
#
SODAR_PROJECTROLES_SEND_EMAIL=0
SODAR_EMAIL_SENDER=sodar@example.com
SODAR_EMAIL_SUBJECT_PREFIX=[ACME SODAR]
SODAR_EMAIL_URL=smtp://mail.example.com
# Custom email header and footer
SODAR_PROJECTROLES_EMAIL_HEADER=
SODAR_PROJECTROLES_EMAIL_FOOTER=

#
# Primary LDAP connection (optional)
#
SODAR_ENABLE_LDAP=0
SODAR_LDAP_DEBUG=0
SODAR_AUTH_LDAP_SERVER_URI=
SODAR_AUTH_LDAP_BIND_PASSWORD=
SODAR_AUTH_LDAP_BIND_DN=
SODAR_AUTH_LDAP_USER_SEARCH_BASE=
# USERNAME_DOMAIN is required to distinguish the LDAP accounts from
# local ones (e.g. 'user@DOMAIN') Must be all upper-case.
SODAR_AUTH_LDAP_USERNAME_DOMAIN=
SODAR_AUTH_LDAP_DOMAIN_PRINTABLE=
SODAR_AUTH_LDAP_START_TLS=
#
# CA_CERT_FILE is required if TLS is used and your LDAP server's CA
# is not a public one. It may be also used to restrict the check on your
# LDAP server's certificate for security reasons to a specific CA.
#
# To use it:
# - Put the right CA certificate into ./config/ldap/ldap_ca_cert.pem
# - Set SODAR_AUTH_LDAP_CA_CERT_FILE to /etc/ssl/certs/ldap_ca_cert.pem
#
SODAR_AUTH_LDAP_CA_CERT_FILE=
#
# USER_FILTER defaults to '(sAMAccountName=%(user)s)'.
# That is fine for ActiveDirectory users.
# People with POSIX account setup may need '(uid=%(user)s)' instead.
#
SODAR_AUTH_LDAP_USER_FILTER=

#
# Secondary LDAP connection (optional; primary required to work)
#
SODAR_ENABLE_LDAP_SECONDARY=0
SODAR_AUTH_LDAP2_SERVER_URI=
SODAR_AUTH_LDAP2_BIND_PASSWORD=
SODAR_AUTH_LDAP2_BIND_DN=
SODAR_AUTH_LDAP2_USER_SEARCH_BASE=
SODAR_AUTH_LDAP2_USERNAME_DOMAIN=
SODAR_AUTH_LDAP2_DOMAIN_PRINTABLE=
SODAR_AUTH_LDAP2_START_TLS=
SODAR_AUTH_LDAP2_CA_CERT_FILE=
SODAR_AUTH_LDAP2_USER_FILTER=

# Additional LDAP settings
SODAR_LDAP_ALT_DOMAINS=

#
# iRODS configuration
#
SODAR_ENABLE_IRODS=1
IRODS_HOST=irods
# Fully qualified domain name for iRODS server, if applicable
IRODS_HOST_FQDN=sodar.local
IRODS_PORT=1247
IRODS_ZONE=sodarZone
# Service user credentials to use, will be set on first run
IRODS_USER=rods
# Service user password, CHANGE FOR PRODUCTION
IRODS_PASS=rods
# Path to iRODS server certificate for iRODS client config (optional)
IRODS_CERT_PATH=/etc/traefik/tls/server.crt
# iRODS authentication scheme
IRODS_AUTHENTICATION_SCHEME=PAM
# iRODS client SSL verification (set to none if self-signed cert)
IRODS_SSL_VERIFY_SERVER=none
# Secret keys used by iRODS, CHANGE FOR PRODUCTION
IRODS_ZONE_KEY=TEMPORARY_zone_key
IRODS_NEGOTIATION_KEY=TEMPORARY_32byte_negotiation_key
IRODS_CONTROL_PLANE_KEY=TEMPORARY__32byte_ctrl_plane_key
IRODS_PASSWORD_SALT=tempsalt

# iRODS server SSL settings
IRODS_CLIENT_SERVER_NEGOTIATION=request_server_negotiation
IRODS_CLIENT_SERVER_POLICY=CS_NEG_REFUSE
IRODS_SSL_CERTIFICATE_CHAIN_FILE=/etc/traefik/tls/server.crt
IRODS_SSL_CERTIFICATE_KEY_FILE=/etc/traefik/tls/server.key
IRODS_SSL_DH_PARAMS_FILE=/etc/irods/dhparams.pem

# Path for SODAR collections within zone (leave empty if in zone root)
IRODS_ROOT_PATH=
# Env overrides for backend iRODS connections (optional)
IRODS_ENV_BACKEND=irods_client_server_negotiation=off,irods_client_server_policy=CS_NEG_REFUSE,irods_ssl_verify_server=none,irods_authentication_scheme=native
# Env overrides for iRODS client config in SODAR (optional)
IRODS_ENV_CLIENT=irods_client_server_negotiation=off,irods_client_server_policy=CS_NEG_REFUSE,irods_ssl_verify_server=none,irods_authentication_scheme=PAM

# Set SSSD auth True if you are using SSSD and PAM
IRODS_SSSD_AUTH=0
# If SSSD/LDAP is not available, you can use internal SODAR auth for iRODS
IRODS_SODAR_AUTH=1
# Host for SODAR auth queries from iRODS if the former value is set true
IRODS_SODAR_API_HOST=http://sodar-web:8080
# Basic auth realm/prompt
SODAR_BASICAUTH_REALM="Please log in with your SODAR user name and password."

#
# SODAR Sample Sheets app settings
#
SODAR_SHEETS_IGV_OMIT_BAM=dragen_evidence.bam
SODAR_SHEETS_IGV_OMIT_VCF=cnv.vcf.gz,ploidy.vcf.gz,sv.vcf.gz

#
# SODAR Landing Zones app settings
#
SODAR_LANDINGZONES_DISABLE_FOR_USERS=0

#
# SODAR Taskflow settings
#
TASKFLOW_LOCK_RETRY_COUNT=2
TASKFLOW_LOCK_RETRY_INTERVAL=3
# iRODS connection timeout for taskflowbackend flows (in seconds)
TASKFLOW_IRODS_CONN_TIMEOUT=960

#
# WebDAV support
#
SODAR_IRODS_WEBDAV_ENABLED=1
SODAR_IRODS_WEBDAV_URL=https://sodar.local
SODAR_IRODS_WEBDAV_URL_ANON=https://sodar.local
SODAR_IRODS_WEBDAV_USER_ANON=ticket
SODAR_IRODS_WEBDAV_IGV_PROXY=0
DAVRODS_VERSION=latest
DAVRODS_ENABLE_TICKETS=1
DAVRODS_AUTH_NAME=Please log in.

#
# Sentry setup (optional)
#
SODAR_ENABLE_SENTRY=0
SODAR_SENTRY_DSN=https://xxx@sentry.host

#
# Postgres credentials
#
# Can remain as they are for docker based deployments
POSTGRES_HOST=postgres
POSTGRES_PORT=5432
POSTGRES_USERNAME=postgres
POSTGRES_PASSWORD=password