7f6ea29525
- Replace monolith docker-compose with full microservices stack - Services: traefik, db, redis, migrate, auth, ws-gateway, chat, batch-agent, billing - Traefik API gateway with ForwardAuth, ACME/Cloudflare DNS-01 (from Step 2) - Centralized migrations via 'migrate' service (run-once) - All services share .env via env_file + override DATABASE_URL/REDIS_URL - Health checks on db and redis; service dependency ordering - MinIO and Qdrant kept as optional (commented out) - .env.example: add JWT_PRIVATE_KEY, CF_DNS_API_TOKEN, ACME_EMAIL, POSTGRES_ vars
67 lines
3.8 KiB
Plaintext
67 lines
3.8 KiB
Plaintext
# ── Application ──────────────────────────────────────────────────────────────
|
|
ENV=dev
|
|
|
|
# ── Database ──────────────────────────────────────────────────────────────────
|
|
DATABASE_URL=postgresql+asyncpg://postgres:postgres@localhost:5432/adiuva
|
|
|
|
# ── Redis ─────────────────────────────────────────────────────────────────────
|
|
REDIS_URL=redis://localhost:6379/0
|
|
|
|
# ── Auth (JWT RS256) ──────────────────────────────────────────────────────────
|
|
# Generate keypair:
|
|
# openssl genpkey -algorithm RSA -out private.pem -pkeyopt rsa_keygen_bits:2048
|
|
# openssl rsa -in private.pem -pubout -out public.pem
|
|
# Paste PEM content with literal \n for newlines.
|
|
#
|
|
# Private key — ONLY used by the Auth Service (JWT signing).
|
|
JWT_PRIVATE_KEY=
|
|
# Public key — used by all services / Traefik ForwardAuth (JWT verification).
|
|
JWT_PUBLIC_KEY=
|
|
JWT_ACCESS_TOKEN_EXPIRE_MINUTES=30
|
|
JWT_REFRESH_TOKEN_EXPIRE_DAYS=30
|
|
|
|
# ── LLM ───────────────────────────────────────────────────────────────────────
|
|
# LiteLLM model identifiers — change to swap providers without code changes.
|
|
# Examples: gpt-4o, anthropic/claude-sonnet-4-20250514, gemini/gemini-pro, ollama/llama3
|
|
OPENAI_API_KEY=
|
|
ANTHROPIC_API_KEY=
|
|
GOOGLE_API_KEY=
|
|
LLM_MODEL=gpt-4o
|
|
|
|
# ── Stripe (leave empty to stub billing) ──────────────────────────────────────
|
|
STRIPE_SECRET_KEY=
|
|
STRIPE_WEBHOOK_SECRET=
|
|
|
|
# ── AWS / S3 ──────────────────────────────────────────────────────────────────
|
|
S3_BUCKET=adiuva
|
|
S3_REGION=us-east-1
|
|
S3_ENDPOINT_URL=
|
|
AWS_ACCESS_KEY_ID=
|
|
AWS_SECRET_ACCESS_KEY=
|
|
# For MinIO (homelab): S3_ENDPOINT_URL=http://minio:9000
|
|
|
|
# ── Vector Store ──────────────────────────────────────────────────────────────
|
|
# Pinecone is used when PINECONE_API_KEY is set; otherwise falls back to Qdrant.
|
|
PINECONE_API_KEY=
|
|
PINECONE_INDEX=adiuva
|
|
QDRANT_URL=
|
|
QDRANT_API_KEY=
|
|
# For local Qdrant (homelab): QDRANT_URL=http://qdrant:6333
|
|
|
|
# ── CORS ──────────────────────────────────────────────────────────────────────
|
|
# Comma-separated list parsed by Settings (override default if needed)
|
|
# CORS_ORIGINS=["app://.","http://localhost:3000"]
|
|
|
|
# ── Langfuse (observability) ─────────────────────────────────────────────────
|
|
LANGFUSE_SECRET_KEY=sk-lf-...
|
|
LANGFUSE_PUBLIC_KEY=pk-lf-...
|
|
LANGFUSE_HOST=https://cloud.langfuse.com # or self-hosted URL
|
|
|
|
# ── Cloudflare (Traefik ACME DNS-01 challenge) ───────────────────────────────
|
|
CF_DNS_API_TOKEN=
|
|
ACME_EMAIL=
|
|
|
|
# ── PostgreSQL (used by docker-compose) ──────────────────────────────────────
|
|
POSTGRES_USER=postgres
|
|
POSTGRES_PASSWORD=postgres
|
|
POSTGRES_DB=adiuva |