feat: support ADMIN_EMAIL and ADMIN_PASSWORD env vars for initial admin setup

Allow the first-boot admin account to be configured via ADMIN_EMAIL and ADMIN_PASSWORD environment variables. If both are set the account is created with those credentials; otherwise the existing random-password fallback is used. Documented across .env.example, docker-compose.yml, Helm chart (values.yaml, secret.yaml, deployment.yaml), and CLAUDE.md. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-01 23:09:57 +02:00
parent d73a5e223c
commit 50424fc574
6 changed files with 51 additions and 2 deletions
--- a/server/.env.example
+++ b/server/.env.example
@@ -26,3 +26,9 @@ OIDC_ADMIN_VALUE=app-trek-admins # Value of the OIDC claim that grants admin rol
 OIDC_DISCOVERY_URL= # Override the auto-constructed OIDC discovery endpoint. Useful for providers (e.g. Authentik) that expose it at a non-standard path. Example: https://auth.example.com/application/o/trek/.well-known/openid-configuration

 DEMO_MODE=false # Demo mode - resets data hourly
+
+# Initial admin account — only used on first boot when no users exist yet.
+# If both are set the admin account is created with these credentials.
+# If either is omitted a random password is generated and printed to the server log.
+# ADMIN_EMAIL=admin@trek.local
+# ADMIN_PASSWORD=changeme