Skip to content
Coldrune

Server Configuration

The server is configured entirely via environment variables. Use a .env file or your system’s environment management.

Required

Section titled “Required”
VariableDescription
COLDRUNE_MASTER_KEYEncryption master key (64 hex chars). Generate: openssl rand -hex 32
SUPERADMIN_EMAIL_0First superadmin email. Add more with _1, _2, etc.
SMTP_HOSTSMTP server hostname. Set to log for dev mode.
SMTP_USERNAMESMTP auth username (not required if SMTP_HOST=log)
SMTP_PASSWORDSMTP auth password (not required if SMTP_HOST=log)
SMTP_FROMSender address, e.g. Coldrune <noreply@example.com>

Server

Section titled “Server”
VariableDescriptionDefault
COLDRUNE_DB_PATHSQLite database file pathcoldrune.db
COLDRUNE_HOSTBind address127.0.0.1
COLDRUNE_PORTBind port7100
SMTP_PORTSMTP server port587
CORS_ALLOWED_ORIGINSComma-separated allowed origins(empty, CORS disabled)

Backup (optional)

Section titled “Backup (optional)”

All backup variables are optional. If BACKUP_S3_ENDPOINT is not set, backup features are disabled.

VariableDescriptionDefault
BACKUP_S3_ENDPOINTS3-compatible endpoint URL(disabled)
BACKUP_S3_REGIONS3 regionus-east-1
BACKUP_S3_BUCKETBucket name(required if endpoint set)
BACKUP_S3_ACCESS_KEYS3 access key(required if endpoint set)
BACKUP_S3_SECRET_KEYS3 secret key(required if endpoint set)
BACKUP_SCHEDULE_HOURSAuto-backup interval in hours (0 = disabled)0
BACKUP_RETAIN_DAILY_DAYSKeep daily backups for N days7
BACKUP_RETAIN_WEEKLY_WEEKSKeep weekly backups for N weeks4

Key rotation

Section titled “Key rotation”
VariableDescription
COLDRUNE_NEW_MASTER_KEYNew master key for coldrune server rotate-key (optional, falls back to stdin)

Example .env

Section titled “Example .env”
# Server
COLDRUNE_DB_PATH=/var/lib/coldrune/coldrune.db
COLDRUNE_HOST=127.0.0.1
COLDRUNE_PORT=7100

# Encryption
COLDRUNE_MASTER_KEY=a1b2c3d4e5f6...  # 64 hex chars

# Superadmins
SUPERADMIN_EMAIL_0=admin@example.com

# SMTP (Postmark example)
SMTP_HOST=smtp.postmarkapp.com
SMTP_PORT=587
SMTP_USERNAME=your-server-token
SMTP_PASSWORD=your-server-token
SMTP_FROM=Coldrune <noreply@example.com>

# Backup to Hetzner Object Storage
BACKUP_S3_ENDPOINT=https://fsn1.your-objectstorage.com
BACKUP_S3_BUCKET=coldrune-backups
BACKUP_S3_ACCESS_KEY=your-access-key
BACKUP_S3_SECRET_KEY=your-secret-key
BACKUP_SCHEDULE_HOURS=24

Superadmins

Section titled “Superadmins”

Superadmin emails are indexed: SUPERADMIN_EMAIL_0, SUPERADMIN_EMAIL_1, SUPERADMIN_EMAIL_2, etc. On startup, users matching these emails are promoted to superadmin. Users removed from the list are demoted.

Superadmins bypass all organization role checks and ACL rules.