Environment Variables¶

Central configuration for CharlieHub infrastructure. All node IPs and shared configuration are defined in /opt/charliehub/.env.

Admin & Network Configuration¶

Core settings for the CharlieHub infrastructure.

Source of Truth¶

File: /opt/charliehub/.env

# Admin Contact
ADMIN_EMAIL=chpa35@gmail.com
LETSENCRYPT_EMAIL=charles.paumelle@gmail.com
ALERTS_FROM_EMAIL=alerts@charliehub.net

# Hub2 Network
HUB2_PUBLIC_IP=51.68.235.106
DOCKER_HOST_IP=172.18.0.1

# Primary Domain
PRIMARY_DOMAIN=charliehub.net

Node IP Addresses¶

All homelab node IPs are centrally defined to avoid duplication across services.

# UK Site - Gateways
UK_GATEWAY_IP=10.44.1.1

# UK Site - Proxmox Nodes
PX1_IP=10.44.1.10
PX2_IP=10.44.1.20
PX3_IP=10.44.1.30

# UK Site - Containers/VMs
CT1113_IP=10.44.1.113
CT1117_IP=10.44.1.117
CT1118_IP=10.44.1.118

# France Site - Gateways
FR_GATEWAY_IP=10.35.1.1

# France Site - Proxmox Nodes
PX5_IP=10.35.1.10

Usage by Service¶

Service	Variables Used	How
docker-compose.yml	`UK_GATEWAY_IP`, `FR_GATEWAY_IP`, `PX1_IP`, `HUB2_PUBLIC_IP`	Direct interpolation `${VAR}`
unifi-api	`UK_GATEWAY_IP`, `FR_GATEWAY_IP`	Via docker-compose environment
domain-manager	`PX1_IP`, `UK_GATEWAY_IP`	Via docker-compose environment
wan-watcher	`HUB2_PUBLIC_IP`	Via docker-compose environment
isp-monitor	`ADMIN_EMAIL`	Via environment in scripts
Prometheus targets	All node IPs	Manual (with comments referencing .env)
Alertmanager	`ADMIN_EMAIL`, `DOCKER_HOST_IP`	Manual (with comments referencing .env)
Traefik	`LETSENCRYPT_EMAIL`	Manual (with comments referencing .env)
postgres-exporter	DB credentials	Via docker-compose environment
redis-exporter	Redis addresses	Via docker-compose environment

Prometheus Service Discovery¶

Prometheus uses file-based service discovery for dynamic target management.

Directory Structure¶

monitoring/prometheus/
├── prometheus.yml              # Main config (references target files)
├── targets/
│   ├── hub2.yml               # hub2 target (172.18.0.1)
│   ├── proxmox-uk.yml         # px1, px2, px3
│   ├── proxmox-fr.yml         # px5
│   └── isp-monitor.yml        # ct1118
└── rules/
    ├── security-alerts.yml
    └── ceph-alerts.yml

Target File Format¶

# Example: monitoring/prometheus/targets/proxmox-uk.yml
# IPs defined in /opt/charliehub/.env (PX1_IP, PX2_IP, PX3_IP)
- targets: ['10.44.1.10:9100']
  labels:
    instance: 'px1-silverstone'
    site: 'uk'

- targets: ['10.44.1.20:9100']
  labels:
    instance: 'px2-monza'
    site: 'uk'

Adding a New Target¶

Edit the appropriate target file in monitoring/prometheus/targets/
Add the IP to /opt/charliehub/.env for reference
Prometheus auto-detects changes (no restart needed)

# Add to proxmox-uk.yml
- targets: ['10.44.1.40:9100']
  labels:
    instance: 'px4-monaco'
    site: 'uk'

Updating Node IPs¶

When a node IP changes:

1. Update the Central .env¶

# Edit /opt/charliehub/.env
PX1_IP=10.44.1.11  # Changed from .10 to .11

2. Update Prometheus Targets¶

# Edit monitoring/prometheus/targets/proxmox-uk.yml
- targets: ['10.44.1.11:9100']  # Update to match .env

3. Update Traefik Routes (if applicable)¶

Traefik dynamic configs don't support environment variables, so update manually:

# Edit traefik/config/dynamic/static-routes.yml

4. Restart Affected Services¶

cd /opt/charliehub
sudo docker compose up -d unifi-api domain-manager
# Prometheus auto-reloads target files

Service-Specific Environment Files¶

Some services have their own .env files that extend the root configuration:

Service	File	Purpose
domain-manager	`domain-manager/.env`	Proxmox API, OVH credentials
unifi-api	`unifi-api/.env`	UniFi controller credentials

These files include comments pointing to the central .env for IP addresses.

Secrets Management¶

Sensitive values in .env:

Variable	Service	Description
`CHARLIEHUB_DB_PASSWORD`	PostgreSQL	Database password
`AUTHELIA_JWT_SECRET`	Authelia	JWT signing secret
`DOMAIN_MANAGER_API_KEY`	Domain Manager	API authentication
`UNIFI_USERNAME/PASSWORD`	UniFi API	Controller credentials
`GRAFANA_ADMIN_PASSWORD`	Grafana	Admin login
`CODE_SERVER_PASSWORD`	Code Server	Web IDE password
`OVH_*`	WAN Watcher, DDNS	OVH API credentials

Security

The .env file contains secrets. It is gitignored and should never be committed. Back it up securely.

Docker Compose Variable Interpolation¶

Docker Compose automatically loads /opt/charliehub/.env and supports variable interpolation:

# docker-compose.yml
environment:
  - UNIFI_HOST_UK=https://${UK_GATEWAY_IP:-10.44.1.1}
  - PROXMOX_HOST=https://${PX1_IP:-10.44.1.10}:8006

The :- syntax provides a default value if the variable is not set.

Quick Reference¶

View Current IPs¶

grep "_IP=" /opt/charliehub/.env

Test Connectivity to All Nodes¶

for ip in 10.44.1.10 10.44.1.20 10.44.1.30 10.35.1.10; do
  ping -c 1 -W 2 $ip && echo "$ip: OK" || echo "$ip: FAILED"
done

Check Prometheus Targets¶

sudo docker exec charliehub_prometheus wget -qO- \
  http://localhost:9090/api/v1/targets | jq -r \
  '.data.activeTargets[] | "\(.labels.instance): \(.health)"'