Initial commit — Stupid Simple Network Inventory

Application web d'inventaire réseau manuel avec FastAPI, Vue 3 et Docker. Inclut l'authentification JWT, la découverte ICMP, et la topologie en cards CSS. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-17 09:19:19 +02:00
commit 88cf6458d0
58 changed files with 10365 additions and 0 deletions
@@ -0,0 +1,47 @@
+# Stupid Simple Network Inventory — environment variables
+# Copy this file to .env and fill in the values.
+# NEVER commit .env to version control.
+
+# ── JWT Secret ───────────────────────────────────────────────────────���──────
+# Required in production. If unset, a random key is auto-generated and stored
+# in db_data/secret_key.txt (0600 permissions). All sessions are invalidated
+# when this key changes (key rotation).
+#
+# Generate a strong secret:
+#   python3 -c "import secrets; print(secrets.token_hex(32))"
+# Or use a Docker secret (recommended for production).
+SECRET_KEY=
+
+# ── Initial admin password ──────────────────────────────────────────────────
+# Set this before the first run to bypass the admin/admin bootstrap.
+# When set: admin is created with this password and must_change_password=0.
+# When unset: admin is created with password "admin" and must_change_password=1
+#             (forced password change on first login).
+#
+# This variable is only read when the users table is empty (first run).
+# It has no effect on subsequent starts.
+INITIAL_ADMIN_PASSWORD=
+
+# ── CORS allowed origins ─────────────────────────────────────────────────────
+# Comma-separated list of allowed origins, or "*" for all (default).
+# The app is designed for same-origin access via the Nginx reverse proxy.
+# Restrict this if you expose the API to multiple origins.
+#
+# Examples:
+#   ALLOWED_ORIGINS=*                           (default — permissive)
+#   ALLOWED_ORIGINS=https://inventory.example.com
+#   ALLOWED_ORIGINS=https://a.example.com,https://b.example.com
+#   ALLOWED_ORIGINS=                            (empty — disables CORS headers)
+ALLOWED_ORIGINS=*
+
+# ── Container user IDs ───────────────────────────────────────────────────────
+# UID and GID used to run the backend process inside the container.
+# Must match the host user owning ./db_data/ to allow read/write on the
+# bind-mounted volume without root privileges.
+#
+# Get your values:  id -u && id -g
+# Then create the data directory before the first run:
+#   mkdir -p db_data
+#
+DOCKER_UID=1000
+DOCKER_GID=1000