Fix env files.

.ci/.env.ci

@@ -88,9 +88,18 @@ SESSION_DRIVER=array
 # If you set either of these to 'redis', you might want to update these settings too
 # If you use Docker or similar, you can set REDIS_HOST_FILE, REDIS_PASSWORD_FILE or
 # REDIS_PORT_FILE to set the value from a file instead of from an environment variable
+
+# can be tcp, unix or http
+REDIS_SCHEME=tcp
+
+# use only when using 'unix' for REDIS_SCHEME. Leave empty otherwise.
+REDIS_PATH=
+
+# use only when using 'tcp' or 'http' for REDIS_SCHEME. Leave empty otherwise.
 REDIS_HOST=127.0.0.1
-REDIS_PASSWORD=null
 REDIS_PORT=6379
+
+REDIS_PASSWORD=null
 # always use quotes and make sure redis db "0" and "1" exists. Otherwise change accordingly.
 REDIS_DB="0"
 REDIS_CACHE_DB="1"

.ci/firefly-iii-standard.yml

@@ -1,9 +1,8 @@
 parameters:
-    indentation: tab
+    indentation: spaces
 
     file_extensions:
         - php
-        - phpt
 
     exclude_files:
         - fixtures/*

.deploy/heroku/.env.heroku

@@ -5,77 +5,118 @@ APP_ENV=heroku
 # Set to true if you want to see debug information in error screens.
 APP_DEBUG=false
 
-# This should be your email address
+# This should be your email address.
+# If you use Docker or similar, you can set this variable from a file by using SITE_OWNER_FILE
 SITE_OWNER=heroku@example.com
 
-# The encryption key for your database and sessions. Keep this very secure.
-# If you generate a new one all existing data must be considered LOST.
-# Change it to a string of exactly 32 chars or use command `php artisan key:generate` to generate it
+# The encryption key for your sessions. Keep this very secure.
+# If you generate a new one all existing attachments must be considered LOST.
+# Change it to a string of exactly 32 chars or use something like `php artisan key:generate` to generate it.
+# If you use Docker or similar, you can set this variable from a file by using APP_KEY_FILE
 APP_KEY=7ahyYVPVsmxjdhsweWCauGeJfwc92NP2
 
+#
+# Firefly III will launch using this language (for new users and unauthenticated visitors)
+# For a list of available languages: https://github.com/firefly-iii/firefly-iii/tree/main/resources/lang
+#
+# If text is still in English, remember that not everything may have been translated.
+DEFAULT_LANGUAGE=en_US
+
+# The locale defines how numbers are formatted.
+# by default this value is the same as whatever the language is.
+DEFAULT_LOCALE=equal
+
 # Change this value to your preferred time zone.
 # Example: Europe/Amsterdam
+# For a list of supported time zones, see https://en.wikipedia.org/wiki/List_of_tz_database_time_zones
 TZ=UTC
 
-# This variable must match your installation's external address but keep in mind that
-# it's only used on the command line as a fallback value.
-APP_URL=http://localhost
-
 # TRUSTED_PROXIES is a useful variable when using Docker and/or a reverse proxy.
+# Set it to ** and reverse proxies work just fine.
 TRUSTED_PROXIES=**
 
 # The log channel defines where your log entries go to.
-# 'daily' is the default logging mode giving you 5 daily rotated log files in /storage/logs/.
 # Several other options exist. You can use 'single' for one big fat error log (not recommended).
 # Also available are 'syslog', 'errorlog' and 'stdout' which will log to the system itself.
+# A rotating log option is 'daily', creates 5 files that (surprise) rotate.
+# Default setting 'stack' will log to 'daily' and to 'stdout' at the same time.
+
+# - Docker + versions <= 4.8.1.8 and before: use "stdout"
+# - Docker + versions >  4.8.1.8           : use "docker_out"
+# - Docker + versions >=  5.1.1            : use "stack"
+# - For everything else (als not Docker)   : use 'stack'
+
 LOG_CHANNEL=stdout
 
 # Log level. You can set this from least severe to most severe:
 # debug, info, notice, warning, error, critical, alert, emergency
 # If you set it to debug your logs will grow large, and fast. If you set it to emergency probably
 # nothing will get logged, ever.
-APP_LOG_LEVEL=debug
+APP_LOG_LEVEL=notice
 
 # Database credentials. Make sure the database exists. I recommend a dedicated user for Firefly III
-# If you use SQLite, set connection to `sqlite` and remove the database, username and password settings.
+# For other database types, please see the FAQ: https://docs.firefly-iii.org/support/faq
+# If you use Docker or similar, you can set these variables from a file by appending them with _FILE
+# Use "pgsql" for PostgreSQL
+# Use "mysql" for MySQL and MariaDB.
+# Use "sqlite" for SQLite.
 DB_CONNECTION=pgsql
 
 
+# MySQL supports SSL. You can configure it here.
+# If you use Docker or similar, you can set these variables from a file by appending them with _FILE
+MYSQL_USE_SSL=false
+MYSQL_SSL_VERIFY_SERVER_CERT=true
+# You need to set at least of these options
+MYSQL_SSL_CAPATH=/etc/ssl/certs/
+MYSQL_SSL_CA=
+MYSQL_SSL_CERT=
+MYSQL_SSL_KEY=
+MYSQL_SSL_CIPHER=
 
 # PostgreSQL supports SSL. You can configure it here.
+# If you use Docker or similar, you can set these variables from a file by appending them with _FILE
 PGSQL_SSL_MODE=prefer
 PGSQL_SSL_ROOT_CERT=null
 PGSQL_SSL_CERT=null
 PGSQL_SSL_KEY=null
 PGSQL_SSL_CRL_FILE=null
 
-
 # If you're looking for performance improvements, you could install memcached.
 CACHE_DRIVER=file
 SESSION_DRIVER=file
 
-# You can configure another file storage backend if you cannot use the local storage option.
-# To set this up, fill in the following variables. The upload path is used to store uploaded
-# files and the export path is to store exported data (before download).
-SFTP_HOST=
-SFTP_PORT=
-SFTP_UPLOAD_PATH=
-SFTP_EXPORT_PATH=
+# If you set either of these to 'redis', you might want to update these settings too
+# If you use Docker or similar, you can set REDIS_HOST_FILE, REDIS_PASSWORD_FILE or
+# REDIS_PORT_FILE to set the value from a file instead of from an environment variable
 
-# SFTP uses either the username/password combination or the private key to authenticate.
-SFTP_USERNAME=
-SFTP_PASSWORD=
-SFTP_PRIV_KEY=
+# can be tcp, unix or http
+REDIS_SCHEME=tcp
+
+# use only when using 'unix' for REDIS_SCHEME. Leave empty otherwise.
+REDIS_PATH=
+
+# use only when using 'tcp' or 'http' for REDIS_SCHEME. Leave empty otherwise.
+REDIS_HOST=127.0.0.1
+REDIS_PORT=6379
+
+REDIS_PASSWORD=null
+# always use quotes and make sure redis db "0" and "1" exists. Otherwise change accordingly.
+REDIS_DB="0"
+REDIS_CACHE_DB="1"
 
 # Cookie settings. Should not be necessary to change these.
+# If you use Docker or similar, you can set COOKIE_DOMAIN_FILE to set
+# the value from a file instead of from an environment variable
 COOKIE_PATH="/"
 COOKIE_DOMAIN=
 COOKIE_SECURE=false
 
 # If you want Firefly III to mail you, update these settings
-# For instructions, see: https://firefly-iii.readthedocs.io/en/latest/installation/mail.html
-MAIL_DRIVER=log
-MAIL_HOST=smtp.mailtrap.io
+# For instructions, see: https://docs.firefly-iii.org/advanced-installation/email
+# If you use Docker or similar, you can set these variables from a file by appending them with _FILE
+MAIL_MAILER=log
+MAIL_HOST=null
 MAIL_PORT=2525
 MAIL_FROM=changeme@example.com
 MAIL_USERNAME=null
@@ -83,11 +124,20 @@ MAIL_PASSWORD=null
 MAIL_ENCRYPTION=null
 
 # Other mail drivers:
+# If you use Docker or similar, you can set these variables from a file by appending them with _FILE
 MAILGUN_DOMAIN=
 MAILGUN_SECRET=
+
+
+# If you are on EU region in mailgun, use api.eu.mailgun.net, otherwise use api.mailgun.net
+# If you use Docker or similar, you can set this variable from a file by appending it with _FILE
+MAILGUN_ENDPOINT=api.mailgun.net
+
+# If you use Docker or similar, you can set these variables from a file by appending them with _FILE
 MANDRILL_SECRET=
 SPARKPOST_SECRET=
 
+
 # Firefly III can send you the following messages
 SEND_REGISTRATION_MAIL=true
 SEND_ERROR_MESSAGE=true
@@ -96,53 +146,85 @@ SEND_ERROR_MESSAGE=true
 SEND_REPORT_JOURNALS=true
 
 # Set a Mapbox API key here (see mapbox.com) so there might be a map available at various places.
+# If you use Docker or similar, you can set this variable from a file by appending it with _FILE
 MAPBOX_API_KEY=
 
+# The map will default to this location:
+MAP_DEFAULT_LAT=51.983333
+MAP_DEFAULT_LONG=5.916667
+MAP_DEFAULT_ZOOM=6
+
 # Firefly III currently supports two provider for live Currency Exchange Rates:
-# "fixer" is the default (for backward compatibility), and "ratesapi" is the new one.
+# "fixer", and "ratesapi".
 # RatesApi.IO (see https://ratesapi.io) is a FREE and OPEN SOURCE live currency exchange rates,
-# built compatible with Fixer.IO, based on data published by European Central Bank, and don't require API key.
-CER_PROVIDER=fixer
+# built compatible with Fixer.IO, based on data published by European Central Bank, and doesn't require API key.
+CER_PROVIDER=ratesapi
+
 # If you have select "fixer" as default currency exchange rates,
 # set a Fixer IO API key here (see https://fixer.io) to enable live currency exchange rates.
 # Please note that this WILL ONLY WORK FOR PAID fixer.io accounts because they severely limited
 # the free API up to the point where you might as well offer nothing.
+# If you use Docker or similar, you can set this variable from a file by appending it with _FILE
 FIXER_API_KEY=
 
-# If you wish to track your own behavior over Firefly III, set a valid analytics tracker ID here.
-TRACKER_SITE_ID=
-TRACKER_URL=
-
-# Most parts of the database are encrypted by default, but you can turn this off if you want to.
-# This makes it easier to migrate your database. Not that some fields will never be decrypted.
-USE_ENCRYPTION=true
-
 # Firefly III has two options for user authentication. "eloquent" is the default,
 # and "ldap" for LDAP servers.
 # For full instructions on these settings please visit:
-# https://firefly-iii.readthedocs.io/en/latest/installation/authentication.html
+# https://docs.firefly-iii.org/advanced-installation/authentication
+# If you use Docker or similar, you can set this variable from a file by appending it with _FILE
 LOGIN_PROVIDER=eloquent
 
+#
+# It's also possible to change the way users are authenticated. You could use Authelia for example.
+# Authentication via the REMOTE_USER header is supported. Change the value below to "remote_user_guard".
+#
+# If you do this please read the documentation for instructions and warnings:
+# https://docs.firefly-iii.org/advanced-installation/authentication
+#
+# This function is available in Firefly III v5.3.0 and higher.
+AUTHENTICATION_GUARD=web
+
+#
+# Likewise, it's impossible to log out users who's authentication is handled by an external system.
+# Enter a custom URL here that will force a logout (your authentication provider can tell you).
+# Setting this variable only works when AUTHENTICATION_GUARD != web
+#
+CUSTOM_LOGOUT_URI=
+
 # LDAP connection configuration
 # OpenLDAP, FreeIPA or ActiveDirectory
+# # If you use Docker or similar, you can set this variable from a file by appending it with _FILE
 ADLDAP_CONNECTION_SCHEME=OpenLDAP
 ADLDAP_AUTO_CONNECT=true
 
 # LDAP connection settings
+# You can set the following variables from a file by appending them with _FILE:
+# ADLDAP_CONTROLLERS, ADLDAP_PORT, ADLDAP_BASEDN
 ADLDAP_CONTROLLERS=
 ADLDAP_PORT=389
 ADLDAP_TIMEOUT=5
 ADLDAP_BASEDN=""
 ADLDAP_FOLLOW_REFFERALS=false
+
+# SSL/TLS settings
 ADLDAP_USE_SSL=false
 ADLDAP_USE_TLS=false
+ADLDAP_SSL_CACERTDIR=
+ADLDAP_SSL_CACERTFILE=
+ADLDAP_SSL_CERTFILE=
+ADLDAP_SSL_KEYFILE=
+ADLDAP_SSL_CIPHER_SUITE=
+ADLDAP_SSL_REQUIRE_CERT=
 
+# You can set the following variables from a file by appending them with _FILE:
 ADLDAP_ADMIN_USERNAME=
 ADLDAP_ADMIN_PASSWORD=
 
+# You can set the following variables from a file by appending them with _FILE:
 ADLDAP_ACCOUNT_PREFIX=
 ADLDAP_ACCOUNT_SUFFIX=
 
+
 # LDAP authentication settings.
 ADLDAP_PASSWORD_SYNC=false
 ADLDAP_LOGIN_FALLBACK=false
@@ -151,25 +233,76 @@ ADLDAP_DISCOVER_FIELD=distinguishedname
 ADLDAP_AUTH_FIELD=distinguishedname
 
 # Will allow SSO if your server provides an AUTH_USER field.
+# You can set the following variables from a file by appending them with _FILE:
+WINDOWS_SSO_ENABLED=false
 WINDOWS_SSO_DISCOVER=samaccountname
 WINDOWS_SSO_KEY=AUTH_USER
 
 # field to sync as local username.
+# You can set the following variable from a file by appending it with _FILE:
 ADLDAP_SYNC_FIELD=userprincipalname
 
-# You can disable the X-Frame-Options header if it interfears with tools like
-# Organizr. This is at your own risk.
+# You can disable the X-Frame-Options header if it interferes with tools like
+# Organizr. This is at your own risk. Applications running in frames run the risk
+# of leaking information to their parent frame.
 DISABLE_FRAME_HEADER=false
 
+# You can disable the Content Security Policy header when you're using an ancient browser
+# or any version of Microsoft Edge / Internet Explorer (which amounts to the same thing really)
+# This leaves you with the risk of not being able to stop XSS bugs should they ever surface.
+# This is at your own risk.
+DISABLE_CSP_HEADER=false
+
+# If you wish to track your own behavior over Firefly III, set valid analytics tracker information here.
+# Nobody uses this except for me on the demo site. But hey, feel free to use this if you want to.
+# Do not prepend the TRACKER_URL with http:// or https://
+# The only tracker supported is Matomo.
+# You can set the following variables from a file by appending them with _FILE:
+TRACKER_SITE_ID=
+TRACKER_URL=
+
+#
+# Firefly III can collect telemetry on how you use Firefly III. This is opt-in.
+# In order to allow this, change the following variable to true.
+# To read more about this feature, go to this page: https://docs.firefly-iii.org/support/telemetry
+SEND_TELEMETRY=false
+
+# You can fine tune the start-up of a Docker container by editing these environment variables.
+# Use this at your own risk. Disabling certain checks and features may result in lost of inconsistent data.
+# However if you know what you're doing you can significantly speed up container start times.
+# Set each value to true to enable, or false to disable.
+
+# Check if the SQLite database exists. Can be skipped if you're not using SQLite.
+# Won't significantly speed up things.
+DKR_CHECK_SQLITE=true
+
+# Run database creation and migration commands. Disable this only if you're 100% sure the DB exists
+# and is up to date.
+DKR_RUN_MIGRATION=true
+
+# Run database upgrade commands. Disable this only when you're 100% sure your DB is up-to-date
+# with the latest fixes (outside of migrations!)
+DKR_RUN_UPGRADE=true
+
+# Verify database integrity. Includes all data checks and verifications.
+# Disabling this makes Firefly III assume your DB is intact.
+DKR_RUN_VERIFY=true
+
+# Run database reporting commands. When disabled, Firefly III won't go over your data to report current state.
+# Disabling this should have no impact on data integrity or safety but it won't warn you of possible issues.
+DKR_RUN_REPORT=true
+
+# Generate OAuth2 keys.
+# When disabled, Firefly III won't attempt to generate OAuth2 Passport keys. This won't be an issue, IFF (if and only if)
+# you had previously generated keys already and they're stored in your database for restoration.
+DKR_RUN_PASSPORT_INSTALL=true
+
 # Leave the following configuration vars as is.
 # Unless you like to tinker and know what you're doing.
 APP_NAME=FireflyIII
 ADLDAP_CONNECTION=default
 BROADCAST_DRIVER=log
 QUEUE_DRIVER=sync
-REDIS_HOST=127.0.0.1
-REDIS_PASSWORD=null
-REDIS_PORT=6379
 CACHE_PREFIX=firefly
 SEARCH_RESULT_LIMIT=50
 PUSHER_KEY=
@@ -177,7 +310,18 @@ PUSHER_SECRET=
 PUSHER_ID=
 DEMO_USERNAME=
 DEMO_PASSWORD=
-IS_SANDSTORM=false
-IS_HEROKU=true
-BUNQ_USE_SANDBOX=false
-FFIII_LAYOUT=v1
+USE_ENCRYPTION=false
+IS_HEROKU=false
+FIREFLY_III_LAYOUT=v1
+
+#
+# If you have trouble configuring your Firefly III installation, DON'T BOTHER setting this variable.
+# It won't work. It doesn't do ANYTHING. Don't believe the lies you read online. I'm not joking.
+# This configuration value WILL NOT HELP.
+#
+# This variable is ONLY used in some of the emails Firefly III sends around. Nowhere else.
+# So when configuring anything WEB related this variable doesn't do anything. Nothing
+#
+# If you're stuck I understand you get desperate but look SOMEWHERE ELSE.
+#
+APP_URL=http://localhost