tl;dr
GitHub Actions envs​
Terraform​
- Required Secret
TF_BACKEND_PG_CONN_STR- By default, Postgres connection URI, where .tfstate is stored. (Guide). - Required Variable
TF_ENABLED- Flag indicating whether to enable GitHub Actions workflow that will plan and apply Terraform infrastructure. More info.
CloudFlare​
- Secret
TF_VAR_CLOUDFLARE_API_TOKEN- API Token of your CloudFlare's personal account. Guide. - Secret
TF_VAR_CLOUDFLARE_ZONE_ID- Your CloudFlare's domain zone identifier. Guide.
Stripe​
- Secret
TF_VAR_STRIPE_API_KEY- Your Stripe's account API Key. Guide.
Supabase​
- Secret
TF_VAR_SUPABASE_ACCESS_TOKEN- Admin account access token to your Supabase project. Guide. - Secret
TF_VAR_SUPABASE_ORGANIZATION_ID- Identifier of the organization where changes will be happening. Guide.
MongoDB​
- Secret
TF_VAR_MONGODB_PUBLIC_KEY- Public Key of your MongoDB Atlas instance, on which changes will be applied. Guide. - Secret
TF_VAR_MONGODB_PRIVATE_KEY- Private Key of your MongoDB Atlas instance used for authentication purposes. Guide. - Secret
TF_VAR_MONGODB_ORGANIZATION_ID- Identifier of your MongoDB Atlas organization, on which databases will be configured. Guide.
Auth0 Free​
- Secret
TF_VAR_AUTH0_CLIENT_ID- Auth0's application client identifier used for applying Terraform changes. Guide. - Secret
TF_VAR_AUTH0_CLIENT_SECRET- Secret value of application client used for applying Terraform changes. Guide. - Variable
TF_VAR_AUTH0_DOMAIN- Identifier value (hostname/domain) of your Auth0 instance, i.e.xxxxxxx.eu.auth0.com. Guide.
Heroku​
- Secret
TF_VAR_HEROKU_API_KEY- An API Key of your Heroku account, used for authenticating to Heroku to apply Terraform changes. Guide.
Netlify​
- Secret
TF_VAR_NETLIFY_ACCESS_TOKEN- An Access Token of your Netlify account, used for authentication to Netlify to apply Terraform changes. Guide.
SendGrid Free​
- Secret
TF_VAR_SENDGRID_API_KEY- An API Key of your SendGrid SMTP server instance, used for applying Terraform changes and it's attached to any dependency that requires custom SMTP server (only if*.use_sendgrid=true) as well as to backend API instance. Guide
API Secret Envs​
- Secret
TF_VAR_API_SECRET_VARS- Map of key-value pair (string:string) in JSON format ({"FOO":"BAR"}) that will be attached to backend API instance as secrets. Guide. - Variable
TF_VAR_API_CONFIG_VARS- Map of key-value pair (string:string) in JSON format ({"FOO":"BAR"}) that will be attached to backend API instance as variables. Guide. - Variable
TF_VAR_UI_CONFIG_VARS- Map of key-value pair (string:string) in JSON format ({"FOO":"BAR"}) that will be attached to frontend UI instance as variables. Guide.
Full __env.tf reference​
info
The const segment of __enf.tf file is purely for runtyme-kit purposes. If it isn't necessary, you don't need to modify it at all.
__env.tf
locals {
const = {
null_cf_token = "0000000000000000000000000000000000000000" // 40 characters, a-z, A-Z, 0-9, hyphens and underscores
// https://www.twilio.com/docs/sendgrid/for-developers/sending-email/integrating-with-the-smtp-api
default_sendgrid_host = "smtp.sendgrid.net"
default_sendgrid_port = "465" // SSL
default_sendgrid_user = "apikey"
}
# ________________________________________
# | ____________________________________ |
# | | ============ Gateway ============= | |
# | |____________________________________| |
# |________________________________________|
// (required if Cloudflare and/or CORS enabled)
domain = {
// (required) Your project's domain value
root = "runtyme.co"
// (optional) Subdomains for your deployed applications on which they'll be accessible
// use '@' value, if it's root domain without any subdomain
// example:
// - ui = "@" ---> runtyme.co
// - ui = "something" ------> something.runtyme.co
sub = {
// (optional) Subdomain on which your API will be accessible
api = "api"
// (optional) Subdomain on which your UI will be accessible
ui = "ui-kit"
// (optional) Subdomain on which your Docs will be accessible
docs = "docs"
}
}
cloudflare = {
enabled = false
}
// (required if Cloudflare enabled)
cors = {
enabled = false
// (optional) Specify CORS allowed hosts to block browser requests from unknown hostnames
// Use '*' to allow all incoming traffic from browsers
// default: '*'
allowed_host = "*"
}
# ________________________________________
# | ____________________________________ |
# | | ============ Backend ============= | |
# | |____________________________________| |
# |________________________________________|
heroku = {
// might take couple of minutes when creating it
enabled = false
// (required) Name of deployed API that will be visible in Heroku dashboard
app_name = "runtyme-kit"
// (optional) Heroku region on which API will be deployed
// Available values: https://devcenter.heroku.com/articles/regions
// default: 'eu'
region = "eu"
// (optional) Number to replicas count of deployed API
// default: 1
replicas = 1
// (optional) Dyno type of deployed API
// Available values: https://devcenter.heroku.com/articles/dyno-types
// default: 'basic'
dyno_tier = "basic"
// (optional) List of buildpacks supported by Heroku, which should be used on your API instance container
// supported buildpacks: https://devcenter.heroku.com/articles/officially-supported-buildpacks
buildpacks = [
"heroku/go"
]
}
# ________________________________________
# | ____________________________________ |
# | | ============ Frontend ============ | |
# | |____________________________________| |
# |________________________________________|
netlify = {
enabled = false
// (required) Value of your Netlify's team name slug
team_name = "runtyme"
// (optional) If enabled, this will point to `domain.sub.ui` value and
// `domain.sub.ui`.`domain.root` will be used as access URL of this app
ui = {
// if disabled, all below values can be empty
enabled = false
// (required) Name of your Netlify's Site you want to configure here
name = "ui-runtyme"
// (required) Command that will be used to build your site on Netlify in order to deploy it
command = "npm run build"
// (required) Directory name of static files that are meant to be hosted, generated by `ui.command`
directory = "build"
// (required) Branch name of your UI Application repository that will be used by Netlify to build and deploy an instance of it
branch = "main"
// (optional) Enables Netlify's analytics feature for this site, default: false
// NOTE: Available only for non-free tiers, >Starter
analytics = false
// (optional) Enables real user performance monitoring, default: false
// NOTE: available only for non-free tiers, >Pro
user_metrics = false
}
// (optional) If enabled, this will point to `domain.sub.docs` value and
// `domain.sub.docs`.`domain.root` will be used as access URL of this app
docs = {
// if disabled, all below values can be empty
enabled = false
// (required) Name of your Netlify's Site you want to configure here
name = "docs-runtyme"
// (required) Command that will be used to build your site on Netlify in order to deploy it
command = "npm run build"
// (required) Directory name of static files that are meant to be hosted, generated by `ui.command`
directory = "build"
// (required) Branch name of your UI Application repository that will be used by Netlify to build and deploy an instance of it
branch = "main"
// (optional) Enables Netlify's analytics feature for this site, default: false
// NOTE: Available only for non-free tiers, >Starter
analytics = false
// (optional) Enables real user performance monitoring, default: false
// NOTE: available only for non-free tiers, >Pro
user_metrics = false
}
}
# ________________________________________
# | ____________________________________ |
# | | ============ Emails ============== | |
# | |____________________________________| |
# |________________________________________|
sendgrid = {
enabled = false
// (required) This is the email address the emails will be sent from
sender_email = "[email protected]"
// (required) Name displayed in the recipient's inbox
sender_name = "runtyme.co"
templates = {
account_delete_requested : {
name = "account_delete_requested"
subject = "[your_app] We've received your Account deletion request"
relative_path = "/_templates/emails/account_delete_requested.html"
}
}
}
# ________________________________________
# | ____________________________________ |
# | | ========== Persistence =========== | |
# | |____________________________________| |
# |________________________________________|
auth0 = {
enabled = false
// (required) Name of your project, it'll be visible on sign-in/sign-up page
project_name = "Runtyme Kit"
// (optional) By setting this to 'true' you forbid users to sign-up to your platform, this might be a case when
// you'd want to have users created from Stripe flow, or users being invited
// default: false
disable_signup = false
// (optional) This is the Site URL that will be used as base URL for a Magic Link
// default: https://localhost:3000, no wildards (*) allowed
site_url = "https://runtyme.co"
// (optional) Tell Auth0 here that this URL is safe to redirect users to after they attempt log out
after_logout_url = "https://runtyme.co/sign-in"
// optional
otp = {
// IMPORTANT: To enable Passwordless flow in Auth0's Universal Login page, `auth0.password.enabled` must be set to false
// otherwise Username + Password flow will be used by default
enabled = false
// (optional) Time after Magic Link will expire and will no longer be valid
// default: 3600 - 1h, Minimum: 60
expire_in = 3600
// (optional) Number of generated characters for OTP auth
// default: 6, Minimum: 4, Maximum: 40
code_length = 6
// (required) Subject of an email sent when passwordless flow is triggered
email_subject = "[your_app] Your Magic Link"
// (required) Contents of an email sent when passwordless flow is triggered
email_template_relative_path = "/_templates/emails/auth0/otp.html"
}
// optional
password = {
enabled = false
// (optional) Specific Auth0 password policy, available values: 'none', 'low', 'fair', 'good', 'excellent'
policy = "good"
// (optional) Passwords shorter than this value will be rejected as weak.
// default: 8, Minimum 1, Maximum 128, recommended 8 or more.
min_length = 8
}
// (optional)
// Possible values (and the name of it in Auth0 dashboard):
// - verify_email (Verification Email (Link))
// - verify_email_by_code (Verification Email (Code))
// - reset_email (Change Password (Link))
// - welcome_email (Welcome Email)
// - blocked_account (Blocked Account Email)
// - stolen_credentials (Password Breach Alert)
// - enrollment_email (Enroll in Multifactor Authentication)
// - mfa_oob_code (Verification Code for for Email MFA)
// - user_invitation (User Invitation)
email_templates = {
verify_email : {
subject = "[your_app] Verify your account"
template_relative_path = "/_templates/emails/auth0/verify-email.html"
}
reset_email : {
subject = "[your_app] Reset Your Password"
template_relative_path = "/_templates/emails/auth0/reset-password.html"
}
user_invitation : {
subject = "[your_app] You have been invited"
template_relative_path = "/_templates/emails/auth0/invite-user.html"
}
}
// (optional) Specify custom SMTP server for Auth0 emails
// NOTE: If empty, default shared Auth0 server will be used, not recommended for production application
smtp = {
// (optional) If set to 'true' AND 'sendgrid.enabled=true', configured SendGrid SMTP server will be used
// default: false
use_sendgrid = false
}
}
mongodb = {
// might take couple of minutes when creating it
enabled = false
// (required) Name of the project and the database instance
db_name = "rtservicedb"
// (required) Name of your API's connecting user, that will be authenticated to your MongoDB instance
db_user = "rt_user"
// (optional) Instance size of MongoDB Atlas, either `M0`, `M2`, `M5` - available values can be found here: https://www.mongodb.com/docs/atlas/reference/amazon-aws/#cluster-configuration-options
// default: 'M0'
// NOTE: `M0` - Is a Free Tier cluster with 0.5 GB storage, learn about differences here: https://www.mongodb.com/docs/atlas/reference/free-shared-limitations/
// NOTE: for anything more than `M5` tier, custom solution (modifying source code) is necessary
size = "M0"
// (optional) AWS region on which the MongoDB Atlas database cluster will be deployed on. Available values can be found here: https://www.mongodb.com/docs/atlas/reference/amazon-aws/#amazon-web-services--aws-
// default: 'EU_CENTRAL_1'
region = "EU_CENTRAL_1"
}
supabase = {
enabled = false
// (required) Name of the Supabase project under your organization account
// IMMUTABLE, cannot be changed after initialization
// Can be updated only in Supabase dashboard, if updated in dashboard, you have to update it here as well
project_name = "runtyme-kit"
// (optional) World region where Supabase instance will be deployed, available values: https://supabase.com/docs/guides/platform/regions
// defaults to 'eu-central-1'
region = "eu-central-1"
// (optional) Instance size of Supabase database, available values: https://supabase.com/docs/guides/platform/compute-add-ons
// NOTE: can be specified only in organization isn't a Free tier
// size = "nano"
auth = {
// NOTE: if supabase.enabled=false this will be automatically disabled
enabled = false
// (optional) By setting this to 'true' you forbid users to sign-up to your platform, this might be a case when
// you'd want to have users created from Stripe flow, or users being invited
// default: false
disable_signup = false
// (optional) This is the Site URL that will be used as base URL for a Magic Link
// default: https://localhost:3000, no wildards (*) allowed
site_url = "https://runtyme.co"
// (optional)
otp = {
// (optional) Time after Magic Link will expire and will no longer be valid
// default: 3600 - 1h, Maximum: 86400
expire_in = 3600
// (optional) Number of generated characters for OTP auth
// default: 6, Minimum: 6, Maximum: 10
code_length = 6
}
// (optional)
password = {
// (optional) Passwords shorter than this value will be rejected as weak.
// default: 8, Minimum 6, recommended 8 or more.
min_length = 8
// (optional) Passwords that do not have at least one of each will be rejected as weak.
// The value below is recommended
required_characters = "abcdefghijklmnopqrstuvwxyz:ABCDEFGHIJKLMNOPQRSTUVWXYZ:0123456789:!@#$%^&*()_+-=[]{};'\\\\:\"|<>?,./`~"
// (optional) Rejects the use of known or easy to guess passwords on sign up or password change. Powered by the HaveIBeenPwned.org Pwned Passwords API.
// ONLY ALLOWED FOR SUPABASE PRO TIER
// default: false
prevent_use_of_leaked_passwords = false
}
// (optional)
rate_limit = {
// (optional) Limit of emails being sent from current project per hour
// Available only if `smtp.use_sendgrid=true` and `sendgrid.enabled=true`
// default: 10
email_sent = 10
// (optional) Limit of refresh token operations performed by IP per 5 minutes
// default: 10
token_refresh = 10
// (optional) Limit of Magic Link verification emails being sent by IP per 5 minutes
// default: 10
verify = 10
// (optional) Limit of OTP verification operations performed by IP per 5 minutes
// default: 10
otp = 10
}
// (optional) Specify custom SMTP server for Supabase auth emails
// NOTE: If empty, default shared Supabase server will be used, not recommended for production application
// NOTE: Supabase only allows emailing to project owner email, if custom SMTP not specified, meaning anyone that is not you, won't receive any emails
smtp = {
// (optional) If set to 'true' AND 'sendgrid.enabled=true', configured SendGrid SMTP server will be used
// default: false
use_sendgrid = true
}
// (optional) You can override default Supabase templates related to Auth operations
email_template = {
// (optional) Supabase -> Dashboard -> [project_name] -> Authentication -> Email Templates -> Confirm signup
signup_subject = "[your_app] Confirm Your Signup"
signup_relative_path = "/_templates/emails/supabase/email-confirmation.html"
// (optional) Supabase -> Dashboard -> [project_name] -> Authentication -> Email Templates -> Invite user
invite_subject = "[your_app] You have been invited"
invite_relative_path = "/_templates/emails/supabase/invite-user.html"
// (optional) Supabase -> Dashboard -> [project_name] -> Authentication -> Email Templates -> Magic Link
magic_link_subject = "[your_app] Your Magic Link"
magic_link_template_relative_path = "/_templates/emails/supabase/magic-link.html"
// (optional) Supabase -> Dashboard -> [project_name] -> Authentication -> Email Templates -> Change Email Address
email_change_subject = "[your_app] Confirm Email Change"
email_change_template_relative_path = "/_templates/emails/supabase/change-email.html"
// (optional) Supabase -> Dashboard -> [project_name] -> Authentication -> Email Templates -> Reset Password
reset_password_subject = "[your_app] Reset Your Password"
reset_password_template_relative_path = "/_templates/emails/supabase/reset-password.html"
// (optional) Supabase -> Dashboard -> [project_name] -> Authentication -> Email Templates -> Reauthentication
re_authentication_subject = "[your_app] Confirm Reauthentication"
re_authentication_relative_path = "/_templates/emails/supabase/reauthenticate.html"
}
}
}
# ________________________________________
# | ____________________________________ |
# | | ============ Payments ============ | |
# | |____________________________________| |
# |________________________________________|
stripe = {
enabled = false
billing = {
// (optional) The messaging shown to customers in the portal.
headline = "Runtyme.co"
// (required) A link to the business's publicly available privacy policy.
privacy_policy_url = "https://runtyme.co/privacy-policy"
// (required) A link to the business's publicly available terms of service.
terms_of_service_url = "https://runtyme.co/terms-of-service"
// (optional) The default URL to redirect customers to when they click on the portal’s link to return to your website.
// This can be overriden when creating the session.
return_url = "https://runtyme.co/"
}
webhook = {
// NOTE: if stripe.enabled=false this will be automatically disabled
enabled = false
// (required) URL on which Stripe will send events using POST method
// standard value is: 'https://[domain.sub.api].[domain.root]/v1/webhooks/stripe/events'
// Leaving it here as a plain value for easy customization
url = "https://api.runtyme.co/v1/webhooks/stripe/events"
// (optional) Stripe's API version
version = "2024-06-20"
// (optional) List of enabled events that will be sent to the webhook
// default value is empty, use '[*]' if you want to enable all of them
// list of available events: https://docs.stripe.com/api/events/types
enabled_events = [
"customer.created",
"customer.subscription.created",
"customer.subscription.deleted",
"customer.subscription.updated"
]
}
products = [
{
// (required) The product’s name, meant to be displayable to the customer.
// Whenever this product is sold via a subscription, name will show up on associated invoice line item descriptions
name = "Standard"
// (optional) The product’s description, meant to be displayable to the customer.
// Use this field to optionally store a long form explanation of the product being sold for your own rendering purposes.
description = "Standard version of the product"
// (optional) A tax code ID. Supported values are listed in the TaxCode resource and at https://stripe.com/docs/tax/tax-categories.
tax_code = "txcd_10000000"
// (required) Key which will be used to identify products and prices on our Backend API
system_key = "subscription_standard"
// (optional) A list of up to 15 marketing features for this product. These are displayed in pricing tables.
marketing_features = [
"Access to elite community",
"Lifetime updates"
]
// (required) Three-letter ISO currency code, in lowercase - https://stripe.com/docs/currencies
price_currency = "usd"
// (required) A positive integer in cents (or 0 for a free price) representing how much to charge.
price_amount_in_cents = 990
// (optional) Essentially marking the product as a subscription, default: false
// If false, it means this product can be bought with one-time payment
recurring = true
// (optional) Specifies billing frequency. Either 'day', 'week', 'month' or 'year'.
// default: 'month'
recurring_interval = "month"
// (optional) Specifies whether to show this product during subscription updates in Stripe portal
// default: true
// NOTE: AT LEAST ONE PRODUCT HAS TO BE VISIBLE
show_in_portal = true
},
{
name = "Paused"
description = "Paused subscription"
system_key = "subscription_paused"
price_currency = "usd"
price_amount_in_cents = 100
recurring = true
recurring_interval = "month"
}
]
}
}