# Copy to .env (gitignored), fill in, then bootstrap-local.sh + verify-local.sh # pick it up automatically. # # cp .env.example .env # vim .env # NB: $EDITOR is unset by default in many shells # ↑ use the editor name directly # ---- R720 SSH target --------------------------------------------------------- # If you use an SSH config Host alias (e.g. `srv-102v` in ~/.ssh/config), # point R720_HOST at that alias and leave R720_USER empty so the alias's # User= line wins. R720_HOST=srv-102v R720_USER=senke # ---- Incus remote (laptop-side) ---------------------------------------------- # Name of the incus remote on YOUR LAPTOP that points at the R720's # Incus daemon. Run `incus remote list` to confirm. The # community.general.incus connection plugin uses this remote to reach # containers via the R720's Incus API (TLS authenticated). # Set up once with : # incus remote add https://:8443 --token # Override default by exporting VEZA_INCUS_REMOTE_NAME in your shell # or appending here. # VEZA_INCUS_REMOTE_NAME=srv-102v # ---- Forgejo API (for secret + variable provisioning) ------------------------ # First-run, before HAProxy + LE certs are up : use the LAN IP on port 3000 # directly. Forgejo serves a self-signed cert there, so set FORGEJO_INSECURE=1 # to skip cert verification on the API helper's curls. FORGEJO_API_URL=https://10.0.20.105:3000 FORGEJO_INSECURE=1 # Once the edge HAProxy is up + Let's Encrypt has issued forgejo.talas.group : # FORGEJO_API_URL=https://forgejo.talas.group # FORGEJO_INSECURE=0 # Owner = the path segment between forgejo.talas.group/ and /veza in the URL # of your repo. Run `git remote -v` to confirm — usually `senke` (user) or # `talas` (org). FORGEJO_OWNER=senke FORGEJO_REPO=veza # Forgejo personal access token with scopes : # write:admin — for runner registration token # write:repository — for repo secrets/variables # write:package — for the registry token created on the fly # Generate at $FORGEJO_API_URL/-/user/settings/applications FORGEJO_ADMIN_TOKEN=