This directory contains template environment files for Docker services.
The .env.example files are safe templates. Never commit actual .env files to Git as they contain sensitive information like passwords and API keys.
docker/
├── authentik/
│ └── .env.example # Template for Authentik configuration
├── monitoring/
│ └── .env.example # Template for monitoring stack
├── nextcloud/
│ └── .env.example # Template for Nextcloud configuration
├── traefik/
│ └── .env.example # Template for Traefik configuration
└── README.md # This file
-
Copy templates to actual environment files:
for dir in docker/*/; do if [ -f "$dir/.env.example" ]; then cp "$dir/.env.example" "$dir/.env.local" fi done
-
Edit each
.env.localfile and replace placeholders:- Replace
REPLACE_WITH_YOUR_SECURE_VALUEwith actual values - Generate secure passwords:
openssl rand -base64 32 - Generate htpasswd hashes:
htpasswd -nb username password
- Replace
-
Create symlinks in docker-stack directory:
# From the docker-stack directory ln -sf ~/dotfiles/docker/authentik/.env.local authentik/.env ln -sf ~/dotfiles/docker/monitoring/.env.local monitoring/.env ln -sf ~/dotfiles/docker/nextcloud/.env.local nextcloud/.env ln -sf ~/dotfiles/docker/traefik/.env.local traefik/.env
PG_PASS- PostgreSQL passwordAUTHENTIK_SECRET_KEY- Application secret keyREDIS_PASS- Redis passwordDOMAIN- Your domain name
GRAFANA_PASSWORD- Grafana admin passwordDOMAIN- Your domain name
MYSQL_ROOT_PASSWORD- MySQL root passwordMYSQL_PASSWORD- MySQL user passwordREDIS_PASSWORD- Redis passwordNEXTCLOUD_ADMIN_PASSWORD- Nextcloud admin passwordDOMAIN- Your domain name
DOMAIN- Your domain nameACME_EMAIL- Email for Let's EncryptTRAEFIK_AUTH- Basic auth hash (htpasswd format)
Your actual environment files are backed up to ../docker-env-backup/ with timestamps.
- Keep
.env.localfiles secure and never commit them - Use strong, unique passwords for each service
- Regularly rotate secrets and passwords
- Backup environment files securely outside of version control