platform-codebase/infrastructure/docker/.env.databases.example
Quinn Ftw b5fe73edd0 feat(infra): database stack, reconciliation, and VPS setup scripts
- Add PostgreSQL + Redis deployment stack
- Add reconciliation framework for fleet management
- Add VPS setup scripts (nginx, wireguard)
- Add dev environment bootstrap scripts
- Update service-registry and systemd configs

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2025-12-26 00:37:52 -08:00

140 lines
4.9 KiB
Text

# =============================================================================
# DATABASE SERVICES ENVIRONMENT CONFIGURATION
# =============================================================================
#
# Host: apricot (10.9.0.1 on VPN)
# Purpose: Environment variables for production database services
#
# Usage:
# 1. Copy this file to .env.databases
# 2. Replace all placeholder values with secure credentials
# 3. Never commit .env.databases to git (already in .gitignore)
#
# Security:
# - Use strong, randomly generated passwords
# - Keep credentials in this file only (not in docker-compose.yml)
# - Restrict file permissions: chmod 600 .env.databases
#
# =============================================================================
# =============================================================================
# POSTGRESQL CONFIGURATION
# =============================================================================
# Database credentials
POSTGRES_USER=postgres
POSTGRES_PASSWORD=CHANGE_ME_STRONG_PASSWORD_HERE
POSTGRES_DB=lilith_platform
# Data directory (on /mnt/bigdisk)
POSTGRES_DATA_DIR=/mnt/bigdisk/_/lilith-platform/databases/postgresql
# Performance tuning (adjust based on available RAM)
# Guidelines:
# - shared_buffers: 25% of total RAM (for 32GB RAM = 8GB)
# - effective_cache_size: 50-75% of RAM (for 32GB RAM = 24GB)
# - work_mem: (Total RAM / max_connections) / 4 (example: 256MB)
# - maintenance_work_mem: 5% of RAM or 2GB max (example: 2GB)
POSTGRES_SHARED_BUFFERS=8GB
POSTGRES_EFFECTIVE_CACHE_SIZE=24GB
POSTGRES_WORK_MEM=256MB
POSTGRES_MAINTENANCE_WORK_MEM=2GB
POSTGRES_MAX_CONNECTIONS=200
POSTGRES_WAL_BUFFERS=16MB
POSTGRES_CHECKPOINT_COMPLETION_TARGET=0.9
# Authentication method (scram-sha-256 recommended for security)
POSTGRES_HOST_AUTH_METHOD=scram-sha-256
# SSL configuration (optional, for encrypted VPN connections)
# Leave commented if not using SSL, uncomment and configure if needed
# POSTGRES_SSL_CERT=/path/to/server.crt
# POSTGRES_SSL_KEY=/path/to/server.key
# =============================================================================
# REDIS CONFIGURATION
# =============================================================================
# Redis password (required for security)
REDIS_PASSWORD=CHANGE_ME_STRONG_PASSWORD_HERE
# Data directory (on /mnt/bigdisk)
REDIS_DATA_DIR=/mnt/bigdisk/_/lilith-platform/databases/redis
# Memory configuration
# Set based on available RAM and caching needs
# Example: 4GB for generous caching layer
REDIS_MAX_MEMORY=4GB
# Logging level (debug, verbose, notice, warning)
REDIS_LOG_LEVEL=notice
# =============================================================================
# MEILISEARCH CONFIGURATION
# =============================================================================
# Master key (required for API authentication)
# Generate with: openssl rand -base64 32
MEILI_MASTER_KEY=CHANGE_ME_STRONG_MASTER_KEY_HERE
# Environment (production or development)
MEILI_ENV=production
# Data directory (on /mnt/bigdisk)
MEILI_DATA_DIR=/mnt/bigdisk/_/lilith-platform/databases/meilisearch
# Snapshot directory (for backups)
MEILI_SNAPSHOT_DIR=/mnt/bigdisk/_/lilith-platform/databases/meilisearch-snapshots
# HTTP binding address
MEILI_HTTP_ADDR=0.0.0.0:7700
# Performance settings
MEILI_MAX_INDEXING_MEMORY=2GB
MEILI_MAX_INDEXING_THREADS=2
# Disable telemetry
MEILI_NO_ANALYTICS=true
# Logging level (OFF, ERROR, WARN, INFO, DEBUG, TRACE)
MEILI_LOG_LEVEL=INFO
# =============================================================================
# NOTES
# =============================================================================
#
# 1. Security Best Practices:
# - Use strong, randomly generated passwords (min 32 characters)
# - Example generation: openssl rand -base64 32
# - Never reuse passwords across services
# - Restrict file permissions: chmod 600 .env.databases
#
# 2. Performance Tuning:
# - PostgreSQL settings assume 32GB+ RAM server
# - Adjust shared_buffers, effective_cache_size based on available RAM
# - Monitor with: docker stats, pg_stat_statements, redis-cli INFO
#
# 3. Data Directories:
# - Ensure /mnt/bigdisk/_/lilith-platform/databases/ exists
# - Create subdirectories: postgresql, redis, meilisearch, meilisearch-snapshots
# - Set proper ownership: chown -R 999:999 postgresql (for postgres user)
# - Set proper ownership: chown -R 1000:1000 redis meilisearch (for default user)
#
# 4. VPN Access:
# - Services accessible at 10.9.0.1:<port>
# - PostgreSQL: 10.9.0.1:5432
# - Redis: 10.9.0.1:6379
# - Meilisearch: 10.9.0.1:7700
#
# 5. Backup Strategy:
# - PostgreSQL: Use pg_dump or continuous archiving (WAL)
# - Redis: AOF persistence enabled (automatic backups)
# - Meilisearch: Create snapshots via API or copy data directory
#
# 6. Monitoring:
# - Health: docker-compose ps
# - Logs: docker-compose logs -f <service>
# - Stats: docker stats
#
# =============================================================================