platform-deployments/env
Quinn Ftw 2ef6c80094 infra(analytics): 🧱 Update Docker Compose and env templates for production analytics services
Co-Authored-By: Lilith Autocommit <noreply@atlilith.com>
2026-04-04 06:07:48 -07:00
..
analytics-infra.prod.env.example infra(analytics): 🧱 Update Docker Compose and env templates for production analytics services 2026-04-04 06:07:48 -07:00
platform-analytics-api.prod.env.example infra(analytics): 🧱 Update Docker Compose and env templates for production analytics services 2026-04-04 06:07:48 -07:00
prod.env.example chore(config): 🔧 Update .env.example payment/production env vars for consistency 2026-02-19 00:57:53 -08:00
README.md

Environment Configuration

Environment variable templates for different deployment environments.


Files

File Purpose Location
prod.env.example Production template Copy to VPS as .env
dev.env.example Development template (future) Copy to apricot as .env

Production Setup (nasty.sh VPS)

1. Copy template to VPS:

scp deployments/env/prod.env.example root@0.1984.nasty.sh:/opt/lilith-platform/.env

2. SSH to VPS and edit:

ssh root@0.1984.nasty.sh
cd /opt/lilith-platform
nano .env

3. Fill in required values:

Critical (Must Configure):

# Database password
POSTGRES_PASSWORD=<strong-32-char-password>

# JWT secrets
JWT_SECRET=<64-char-hex>
JWT_REFRESH_SECRET=<64-char-hex>
SESSION_SECRET=<64-char-hex>

Generate Secrets:

# Password (32 chars)
openssl rand -base64 32

# JWT secrets (64 chars)
openssl rand -base64 64

Optional (Configure Later):

  • Payment providers (Stage 4+)
  • Email SMTP (when notifications needed)
  • MinIO (when object storage needed)

VPN-Specific Configuration

All database and ML service URLs use VPN IP (10.9.0.1):

DATABASE_HOST=10.9.0.1      # PostgreSQL on apricot
REDIS_HOST=10.9.0.1         # Redis on apricot
MEDIAML_SERVICE_URL=http://10.9.0.1:8000  # ML on apricot

Why: Services run on apricot, accessed via WireGuard tunnel.

See: ../VPN_SETUP.md for WireGuard configuration.


Verification

After configuring .env, verify:

# Check VPN connectivity
ping -c 3 10.9.0.1
# Should receive 3 replies

# Test database connection
docker compose -f deployments/docker/docker-compose.yml run --rm platform-service \
  node -e "const pg = require('pg'); const client = new pg.Client({host: process.env.DATABASE_HOST, port: 5432, user: 'postgres', password: process.env.POSTGRES_PASSWORD, database: 'lilith_prod'}); client.connect().then(() => {console.log('DB connected'); client.end()}).catch(e => {console.error('DB failed:', e.message); process.exit(1)})"

Security Notes

  1. Never commit .env files - Contains secrets
  2. .env is gitignored - Safe to use on VPS
  3. Rotate secrets periodically - Every 90 days recommended
  4. Use strong passwords - Minimum 32 characters for database
  5. Keep backups encrypted - Store .env securely off-server

Last Updated: 2025-12-19 Environment: Production (nasty.sh VPS) Architecture: VPN-based with apricot backend