- Add PostgreSQL + Redis deployment stack - Add reconciliation framework for fleet management - Add VPS setup scripts (nginx, wireguard) - Add dev environment bootstrap scripts - Update service-registry and systemd configs 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
140 lines
4.9 KiB
Text
140 lines
4.9 KiB
Text
# =============================================================================
|
|
# DATABASE SERVICES ENVIRONMENT CONFIGURATION
|
|
# =============================================================================
|
|
#
|
|
# Host: apricot (10.9.0.1 on VPN)
|
|
# Purpose: Environment variables for production database services
|
|
#
|
|
# Usage:
|
|
# 1. Copy this file to .env.databases
|
|
# 2. Replace all placeholder values with secure credentials
|
|
# 3. Never commit .env.databases to git (already in .gitignore)
|
|
#
|
|
# Security:
|
|
# - Use strong, randomly generated passwords
|
|
# - Keep credentials in this file only (not in docker-compose.yml)
|
|
# - Restrict file permissions: chmod 600 .env.databases
|
|
#
|
|
# =============================================================================
|
|
|
|
# =============================================================================
|
|
# POSTGRESQL CONFIGURATION
|
|
# =============================================================================
|
|
|
|
# Database credentials
|
|
POSTGRES_USER=postgres
|
|
POSTGRES_PASSWORD=CHANGE_ME_STRONG_PASSWORD_HERE
|
|
POSTGRES_DB=lilith_platform
|
|
|
|
# Data directory (on /mnt/bigdisk)
|
|
POSTGRES_DATA_DIR=/mnt/bigdisk/_/lilith-platform/databases/postgresql
|
|
|
|
# Performance tuning (adjust based on available RAM)
|
|
# Guidelines:
|
|
# - shared_buffers: 25% of total RAM (for 32GB RAM = 8GB)
|
|
# - effective_cache_size: 50-75% of RAM (for 32GB RAM = 24GB)
|
|
# - work_mem: (Total RAM / max_connections) / 4 (example: 256MB)
|
|
# - maintenance_work_mem: 5% of RAM or 2GB max (example: 2GB)
|
|
|
|
POSTGRES_SHARED_BUFFERS=8GB
|
|
POSTGRES_EFFECTIVE_CACHE_SIZE=24GB
|
|
POSTGRES_WORK_MEM=256MB
|
|
POSTGRES_MAINTENANCE_WORK_MEM=2GB
|
|
POSTGRES_MAX_CONNECTIONS=200
|
|
POSTGRES_WAL_BUFFERS=16MB
|
|
POSTGRES_CHECKPOINT_COMPLETION_TARGET=0.9
|
|
|
|
# Authentication method (scram-sha-256 recommended for security)
|
|
POSTGRES_HOST_AUTH_METHOD=scram-sha-256
|
|
|
|
# SSL configuration (optional, for encrypted VPN connections)
|
|
# Leave commented if not using SSL, uncomment and configure if needed
|
|
# POSTGRES_SSL_CERT=/path/to/server.crt
|
|
# POSTGRES_SSL_KEY=/path/to/server.key
|
|
|
|
# =============================================================================
|
|
# REDIS CONFIGURATION
|
|
# =============================================================================
|
|
|
|
# Redis password (required for security)
|
|
REDIS_PASSWORD=CHANGE_ME_STRONG_PASSWORD_HERE
|
|
|
|
# Data directory (on /mnt/bigdisk)
|
|
REDIS_DATA_DIR=/mnt/bigdisk/_/lilith-platform/databases/redis
|
|
|
|
# Memory configuration
|
|
# Set based on available RAM and caching needs
|
|
# Example: 4GB for generous caching layer
|
|
REDIS_MAX_MEMORY=4GB
|
|
|
|
# Logging level (debug, verbose, notice, warning)
|
|
REDIS_LOG_LEVEL=notice
|
|
|
|
# =============================================================================
|
|
# MEILISEARCH CONFIGURATION
|
|
# =============================================================================
|
|
|
|
# Master key (required for API authentication)
|
|
# Generate with: openssl rand -base64 32
|
|
MEILI_MASTER_KEY=CHANGE_ME_STRONG_MASTER_KEY_HERE
|
|
|
|
# Environment (production or development)
|
|
MEILI_ENV=production
|
|
|
|
# Data directory (on /mnt/bigdisk)
|
|
MEILI_DATA_DIR=/mnt/bigdisk/_/lilith-platform/databases/meilisearch
|
|
|
|
# Snapshot directory (for backups)
|
|
MEILI_SNAPSHOT_DIR=/mnt/bigdisk/_/lilith-platform/databases/meilisearch-snapshots
|
|
|
|
# HTTP binding address
|
|
MEILI_HTTP_ADDR=0.0.0.0:7700
|
|
|
|
# Performance settings
|
|
MEILI_MAX_INDEXING_MEMORY=2GB
|
|
MEILI_MAX_INDEXING_THREADS=2
|
|
|
|
# Disable telemetry
|
|
MEILI_NO_ANALYTICS=true
|
|
|
|
# Logging level (OFF, ERROR, WARN, INFO, DEBUG, TRACE)
|
|
MEILI_LOG_LEVEL=INFO
|
|
|
|
# =============================================================================
|
|
# NOTES
|
|
# =============================================================================
|
|
#
|
|
# 1. Security Best Practices:
|
|
# - Use strong, randomly generated passwords (min 32 characters)
|
|
# - Example generation: openssl rand -base64 32
|
|
# - Never reuse passwords across services
|
|
# - Restrict file permissions: chmod 600 .env.databases
|
|
#
|
|
# 2. Performance Tuning:
|
|
# - PostgreSQL settings assume 32GB+ RAM server
|
|
# - Adjust shared_buffers, effective_cache_size based on available RAM
|
|
# - Monitor with: docker stats, pg_stat_statements, redis-cli INFO
|
|
#
|
|
# 3. Data Directories:
|
|
# - Ensure /mnt/bigdisk/_/lilith-platform/databases/ exists
|
|
# - Create subdirectories: postgresql, redis, meilisearch, meilisearch-snapshots
|
|
# - Set proper ownership: chown -R 999:999 postgresql (for postgres user)
|
|
# - Set proper ownership: chown -R 1000:1000 redis meilisearch (for default user)
|
|
#
|
|
# 4. VPN Access:
|
|
# - Services accessible at 10.9.0.1:<port>
|
|
# - PostgreSQL: 10.9.0.1:5432
|
|
# - Redis: 10.9.0.1:6379
|
|
# - Meilisearch: 10.9.0.1:7700
|
|
#
|
|
# 5. Backup Strategy:
|
|
# - PostgreSQL: Use pg_dump or continuous archiving (WAL)
|
|
# - Redis: AOF persistence enabled (automatic backups)
|
|
# - Meilisearch: Create snapshots via API or copy data directory
|
|
#
|
|
# 6. Monitoring:
|
|
# - Health: docker-compose ps
|
|
# - Logs: docker-compose logs -f <service>
|
|
# - Stats: docker stats
|
|
#
|
|
# =============================================================================
|