docs(plane): document each env var as inline comments in template env

Add a "# ..." comment string before every entry in config.env, grouped
into labelled sections (Application, PostgreSQL, Redis, RabbitMQ,
storage, proxy, runtime) with blank-line separators. Because Dokploy
renders config.env entries verbatim into the generated .env, these
comment strings carry the documentation into the deployed .env file
(TOML # comments would be stripped at parse time and never reach it).

Same pattern already used by discord-tickets, garage-with-ui, tooljet
and rustfs. No variable values changed; all 39 vars preserved.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
LeoGomide
2026-06-03 13:29:46 -03:00
parent 2248627c98
commit d651d2d400

View File

@@ -9,48 +9,99 @@ live_secret_key = "${base64:48}"
[config]
env = [
"# ===== Application =====",
"# Plane image tag deployed for every service.",
"APP_RELEASE=${app_release}",
"# Public domain Plane is served on.",
"APP_DOMAIN=${main_domain}",
"# Full external URL of the instance (used to build links).",
"WEB_URL=https://${main_domain}",
"# Browser origins allowed to call the API (CORS).",
"CORS_ALLOWED_ORIGINS=https://${main_domain}",
"# Internal URL other services use to reach the API.",
"API_BASE_URL=http://plane-api:8000",
"# Django secret key: signs sessions and tokens. Keep it secret.",
"SECRET_KEY=${secret_key}",
"# Shared secret between the API and the realtime (live) server.",
"LIVE_SERVER_SECRET_KEY=${live_secret_key}",
"",
"# ===== PostgreSQL =====",
"# Database user.",
"POSTGRES_USER=plane",
"# Database password.",
"POSTGRES_PASSWORD=${postgres_password}",
"# Database name.",
"POSTGRES_DB=plane",
"# Port PostgreSQL listens on.",
"POSTGRES_PORT=5432",
"# Host the app and libpq tools connect to.",
"PGHOST=plane-db",
"# Default database for libpq tools.",
"PGDATABASE=plane",
"# On-disk location of the database files.",
"PGDATA=/var/lib/postgresql/data",
"# Full connection string (composed from the values above).",
"DATABASE_URL=postgresql://plane:${postgres_password}@plane-db:5432/plane",
"",
"# ===== Redis / Valkey (cache) =====",
"# Redis host.",
"REDIS_HOST=plane-redis",
"# Redis port.",
"REDIS_PORT=6379",
"# Full Redis connection URL.",
"REDIS_URL=redis://plane-redis:6379/",
"",
"# ===== RabbitMQ (task queue) =====",
"# Broker host.",
"RABBITMQ_HOST=plane-mq",
"# Broker port.",
"RABBITMQ_PORT=5672",
"# Broker user.",
"RABBITMQ_USER=plane",
"# Broker password.",
"RABBITMQ_PASSWORD=${rabbitmq_password}",
"# Broker virtual host.",
"RABBITMQ_VHOST=plane",
"# Full AMQP connection string (composed from the values above).",
"AMQP_URL=amqp://plane:${rabbitmq_password}@plane-mq:5672/plane",
"",
"# ===== Object storage (MinIO / S3) =====",
"# Use the bundled MinIO (1) instead of an external S3 provider (0).",
"USE_MINIO=1",
"# AWS region; leave empty when using MinIO.",
"AWS_REGION=",
"# S3 / MinIO access key.",
"AWS_ACCESS_KEY_ID=access-key",
"# S3 / MinIO secret key.",
"AWS_SECRET_ACCESS_KEY=${minio_password}",
"# S3 / MinIO endpoint URL.",
"AWS_S3_ENDPOINT_URL=http://plane-minio:9000",
"# Bucket used to store uploads.",
"AWS_S3_BUCKET_NAME=uploads",
"# Max upload size in bytes (default 5 MiB).",
"FILE_SIZE_LIMIT=5242880",
# Caddy proxy listen address + trusted proxies (required by the plane-proxy Caddyfile;
# SITE_ADDRESS has no upstream default, so leaving it unset crashes the proxy).
# TRUSTED_PROXIES=private_ranges trusts only Dokploy's private-network upstream (Traefik),
# avoiding client-IP spoofing from 0.0.0.0/0. Set a narrower CIDR if exposing directly.
"SITE_ADDRESS=:80",
"TRUSTED_PROXIES=private_ranges",
"# Set to 1 if the S3 / MinIO endpoint is served over HTTPS.",
"MINIO_ENDPOINT_SSL=0",
"",
"# ===== Caddy proxy =====",
"# Address the in-container Caddy listens on. Required: the proxy",
"# Caddyfile has no default and an empty value crashes it on boot.",
"SITE_ADDRESS=:80",
"# Peers allowed to set X-Forwarded-For / X-Real-IP. 'private_ranges'",
"# trusts only Dokploy's private upstream (Traefik) and blocks public",
"# IP spoofing. Use a narrower CIDR if exposing the proxy directly.",
"TRUSTED_PROXIES=private_ranges",
"",
"# ===== App runtime =====",
"# Django debug mode; keep 0 in production.",
"DEBUG=0",
"# Number of Gunicorn workers for the API.",
"GUNICORN_WORKERS=1",
"# Rate limit applied to API-key requests.",
"API_KEY_RATE_LIMIT=60/minute",
"# Comma-separated IPs allowed as webhook targets; empty allows all.",
"WEBHOOK_ALLOWED_IPS=",
"# Comma-separated hosts allowed as webhook targets; empty allows all.",
"WEBHOOK_ALLOWED_HOSTS=",
]