# ───────────────────────────────────────────────────────────────────────────── # zROC Environment Variables # Copy to .env and fill in your values. # Generated automatically by: zroc-setup (first-boot wizard) # ───────────────────────────────────────────────────────────────────────────── # ── Zerto ZVM — Site 1 ──────────────────────────────────────────────────────── ZVM_HOST=192.168.50.60 ZVM_USERNAME=admin ZVM_PASSWORD=changeme # Optional — needed for VRA CPU/memory metrics VCENTER_HOST=vcenter.local VCENTER_USER=administrator@vsphere.local VCENTER_PASSWORD=changeme # ── Zerto ZVM — Site 2 (uncomment to enable) ───────────────────────────────── # ZVM2_HOST=192.168.60.60 # ZVM2_USERNAME=admin # ZVM2_PASSWORD=changeme # VCENTER2_HOST=vcenter2.local # VCENTER2_USER=administrator@vsphere.local # VCENTER2_PASSWORD=changeme # ── zROC UI ─────────────────────────────────────────────────────────────────── # Public-facing URL of the appliance (used for OIDC redirect URIs) PUBLIC_URL=https://192.168.50.100 # Session secret — generate with: openssl rand -hex 32 SESSION_SECRET=REPLACE_WITH_RANDOM_SECRET # ── Authentik ───────────────────────────────────────────────────────────────── # PostgreSQL password — generate with: openssl rand -hex 24 AUTHENTIK_PG_PASS=REPLACE_WITH_PG_PASSWORD # Authentik secret key — generate with: openssl rand -hex 48 AUTHENTIK_SECRET_KEY=REPLACE_WITH_AUTHENTIK_SECRET # OIDC client credentials (generated by Authentik blueprint, copied here by setup wizard) AUTHENTIK_CLIENT_ID=zroc-dashboard AUTHENTIK_CLIENT_SECRET=REPLACE_AFTER_BLUEPRINT_RUNS ZROC_OIDC_CLIENT_ID=zroc-dashboard ZROC_OIDC_CLIENT_SECRET=REPLACE_AFTER_BLUEPRINT_RUNS # Admin API token (generated by Authentik blueprint, retrieved by setup wizard) AUTHENTIK_ADMIN_TOKEN=REPLACE_AFTER_BLUEPRINT_RUNS # Passed into blueprint to set redirect URI ZROC_PUBLIC_URL=https://192.168.50.100 # ── Grafana ─────────────────────────────────────────────────────────────────── GRAFANA_PASSWORD=zertodata # Optional: Grafana OIDC (integrates Grafana login with Authentik) GRAFANA_OIDC_ENABLED=false # GRAFANA_CLIENT_ID=grafana # GRAFANA_CLIENT_SECRET= # ── Prometheus ──────────────────────────────────────────────────────────────── # Internal only — not directly accessible from outside the stack PROMETHEUS_URL=http://prometheus:9090