157 lines
6.2 KiB
Text
157 lines
6.2 KiB
Text
# Production Environment Configuration - nasty.sh VPS
|
|
# Copy to .env on VPS and fill in actual values
|
|
|
|
# ==============================================================================
|
|
# VPN Configuration
|
|
# ==============================================================================
|
|
APRICOT_VPN_IP=10.9.0.1
|
|
|
|
# ==============================================================================
|
|
# Database Configuration (on apricot via VPN)
|
|
# ==============================================================================
|
|
DATABASE_HOST=10.9.0.1
|
|
DATABASE_PORT=5432
|
|
DATABASE_NAME=lilith_prod
|
|
DATABASE_USER=postgres
|
|
POSTGRES_PASSWORD=<generate-strong-password>
|
|
|
|
# ==============================================================================
|
|
# Redis Configuration (on apricot via VPN)
|
|
# ==============================================================================
|
|
REDIS_HOST=10.9.0.1
|
|
REDIS_PORT=6379
|
|
|
|
# ==============================================================================
|
|
# ML Services (on apricot via VPN)
|
|
# ==============================================================================
|
|
MEDIAML_SERVICE_URL=http://10.9.0.1:8000
|
|
ML_MODERATION_URL=http://10.9.0.1:8001
|
|
ML_CONTENT_GEN_URL=http://10.9.0.1:8002
|
|
ML_SERVICE_TIMEOUT_MS=30000
|
|
|
|
# ==============================================================================
|
|
# Application Configuration
|
|
# ==============================================================================
|
|
NODE_ENV=production
|
|
API_PORT=4000
|
|
WEBMAP_ROUTER_PORT=4002
|
|
|
|
# ==============================================================================
|
|
# Service Address Configuration (@lilith/service-addresses v3.0.0+)
|
|
# ==============================================================================
|
|
LILITH_SERVICES_PATH=./deployments/services/features
|
|
# Note: ports are defined within individual service YAML files at deployments/services/
|
|
LILITH_STRICT_VALIDATION=true
|
|
|
|
# ==============================================================================
|
|
# Security - JWT & Sessions
|
|
# ==============================================================================
|
|
JWT_SECRET=<generate-with-openssl-rand-base64-64>
|
|
JWT_REFRESH_SECRET=<generate-with-openssl-rand-base64-64>
|
|
SESSION_SECRET=<generate-with-openssl-rand-base64-64>
|
|
API_SECRET=<generate-with-openssl-rand-base64-64>
|
|
|
|
# ==============================================================================
|
|
# Domains & CORS
|
|
# ==============================================================================
|
|
DOMAIN=atlilith.com
|
|
APP_URL=https://atlilith.com
|
|
COOKIE_DOMAIN=.atlilith.com
|
|
COOKIE_SECURE=true
|
|
COOKIE_SAME_SITE=lax
|
|
|
|
CORS_ORIGINS=https://www.atlilith.com,https://admin.atlilith.com,https://www.trustedmeet.com,https://trustedmeet.com,https://atlilith.com,https://invest.atlilith.com,https://sso.atlilith.com
|
|
|
|
# ==============================================================================
|
|
# Email Configuration
|
|
# ==============================================================================
|
|
SMTP_HOST=smtp.sendgrid.net
|
|
SMTP_PORT=587
|
|
SMTP_USER=apikey
|
|
SMTP_PASSWORD=<sendgrid-api-key>
|
|
EMAIL_FROM=noreply@atlilith.com
|
|
|
|
# ==============================================================================
|
|
# Object Storage (MinIO/S3)
|
|
# ==============================================================================
|
|
MINIO_ENDPOINT=<minio-endpoint>
|
|
MINIO_PORT=9000
|
|
MINIO_ACCESS_KEY=<minio-access-key>
|
|
MINIO_SECRET_KEY=<minio-secret-key>
|
|
MINIO_USE_SSL=true
|
|
MINIO_BUCKET=lilith-platform-prod
|
|
|
|
# ==============================================================================
|
|
# Payment Providers (Stage 4+)
|
|
# ==============================================================================
|
|
# Segpay (Card Payments)
|
|
SEGPAY_API_URL=https://api.segpay.com/v1
|
|
SEGPAY_MERCHANT_ID=<merchant-id>
|
|
SEGPAY_API_KEY=<api-key>
|
|
SEGPAY_WEBHOOK_SECRET=<webhook-secret>
|
|
|
|
# NOWPayments (Crypto)
|
|
NOWPAYMENTS_API_URL=https://api.nowpayments.io/v1
|
|
NOWPAYMENTS_API_KEY=<api-key>
|
|
NOWPAYMENTS_IPN_SECRET=<ipn-secret>
|
|
|
|
# ==============================================================================
|
|
# Feature Flags
|
|
# ==============================================================================
|
|
ENABLE_AGE_GATE=true
|
|
ENABLE_ANALYTICS=true
|
|
ENABLE_ML_MODERATION=true
|
|
ENABLE_WATERMARKING=false
|
|
|
|
# ==============================================================================
|
|
# Queue Worker Service (on apricot)
|
|
# ==============================================================================
|
|
QUEUE_REDIS_HOST=10.9.0.1
|
|
QUEUE_REDIS_PORT=6388
|
|
QUEUE_REDIS_PASSWORD=<generate-with-openssl-rand-base64-32>
|
|
QUEUE_WORKER_API_PORT=3080
|
|
QUEUE_WORKER_WS_PORT=3081
|
|
|
|
# ==============================================================================
|
|
# Redis Authentication (per-service)
|
|
# ==============================================================================
|
|
# SSO Redis
|
|
SSO_REDIS_PASSWORD=<generate-with-openssl-rand-base64-32>
|
|
|
|
# Marketplace Redis
|
|
MARKETPLACE_REDIS_PASSWORD=<generate-with-openssl-rand-base64-32>
|
|
|
|
# Messaging Redis
|
|
MESSAGING_REDIS_PASSWORD=<generate-with-openssl-rand-base64-32>
|
|
|
|
# Analytics Redis
|
|
ANALYTICS_REDIS_PASSWORD=<generate-with-openssl-rand-base64-32>
|
|
|
|
# Merchant Redis
|
|
MERCHANT_REDIS_PASSWORD=<generate-with-openssl-rand-base64-32>
|
|
|
|
# ==============================================================================
|
|
# Monitoring & Logging
|
|
# ==============================================================================
|
|
LOG_LEVEL=info
|
|
ENABLE_REQUEST_LOGGING=true
|
|
|
|
# Error Tracking — GlitchTip on black (Sentry-compatible DSN)
|
|
# Get DSN from GlitchTip UI: http://10.0.0.11:8800 → Project → DSN
|
|
SENTRY_DSN=<glitchtip-dsn-from-project-settings>
|
|
SENTRY_ENVIRONMENT=production
|
|
SENTRY_TRACES_SAMPLE_RATE=0.1
|
|
|
|
# ==============================================================================
|
|
# GlitchTip Instance (on black, VPN-only)
|
|
# ==============================================================================
|
|
GLITCHTIP_PORT=8800
|
|
GLITCHTIP_SECRET_KEY=<generate-with-openssl-rand-base64-64>
|
|
GLITCHTIP_DB_PASSWORD=<generate-with-openssl-rand-base64-32>
|
|
GLITCHTIP_DOMAIN=http://10.0.0.11:8800
|
|
|
|
# ==============================================================================
|
|
# Generate Secrets with:
|
|
# ==============================================================================
|
|
# openssl rand -base64 32 # For passwords
|
|
# openssl rand -base64 64 # For JWT/session secrets
|