platform-deployments/env/prod.env.example
Quinn Ftw fc6f1db9ec chore(config): 🔧 Update .env.example payment/production env vars for consistency
Co-Authored-By: Lilith Autocommit <noreply@atlilith.com>
2026-02-19 00:57:53 -08:00

157 lines
6.2 KiB
Text

# Production Environment Configuration - nasty.sh VPS
# Copy to .env on VPS and fill in actual values
# ==============================================================================
# VPN Configuration
# ==============================================================================
APRICOT_VPN_IP=10.9.0.1
# ==============================================================================
# Database Configuration (on apricot via VPN)
# ==============================================================================
DATABASE_HOST=10.9.0.1
DATABASE_PORT=5432
DATABASE_NAME=lilith_prod
DATABASE_USER=postgres
POSTGRES_PASSWORD=<generate-strong-password>
# ==============================================================================
# Redis Configuration (on apricot via VPN)
# ==============================================================================
REDIS_HOST=10.9.0.1
REDIS_PORT=6379
# ==============================================================================
# ML Services (on apricot via VPN)
# ==============================================================================
MEDIAML_SERVICE_URL=http://10.9.0.1:8000
ML_MODERATION_URL=http://10.9.0.1:8001
ML_CONTENT_GEN_URL=http://10.9.0.1:8002
ML_SERVICE_TIMEOUT_MS=30000
# ==============================================================================
# Application Configuration
# ==============================================================================
NODE_ENV=production
API_PORT=4000
WEBMAP_ROUTER_PORT=4002
# ==============================================================================
# Service Address Configuration (@lilith/service-addresses v3.0.0+)
# ==============================================================================
LILITH_SERVICES_PATH=./deployments/services/features
# Note: ports are defined within individual service YAML files at deployments/services/
LILITH_STRICT_VALIDATION=true
# ==============================================================================
# Security - JWT & Sessions
# ==============================================================================
JWT_SECRET=<generate-with-openssl-rand-base64-64>
JWT_REFRESH_SECRET=<generate-with-openssl-rand-base64-64>
SESSION_SECRET=<generate-with-openssl-rand-base64-64>
API_SECRET=<generate-with-openssl-rand-base64-64>
# ==============================================================================
# Domains & CORS
# ==============================================================================
DOMAIN=atlilith.com
APP_URL=https://atlilith.com
COOKIE_DOMAIN=.atlilith.com
COOKIE_SECURE=true
COOKIE_SAME_SITE=lax
CORS_ORIGINS=https://www.atlilith.com,https://admin.atlilith.com,https://www.trustedmeet.com,https://trustedmeet.com,https://atlilith.com,https://invest.atlilith.com,https://sso.atlilith.com
# ==============================================================================
# Email Configuration
# ==============================================================================
SMTP_HOST=smtp.sendgrid.net
SMTP_PORT=587
SMTP_USER=apikey
SMTP_PASSWORD=<sendgrid-api-key>
EMAIL_FROM=noreply@atlilith.com
# ==============================================================================
# Object Storage (MinIO/S3)
# ==============================================================================
MINIO_ENDPOINT=<minio-endpoint>
MINIO_PORT=9000
MINIO_ACCESS_KEY=<minio-access-key>
MINIO_SECRET_KEY=<minio-secret-key>
MINIO_USE_SSL=true
MINIO_BUCKET=lilith-platform-prod
# ==============================================================================
# Payment Providers (Stage 4+)
# ==============================================================================
# Segpay (Card Payments)
SEGPAY_API_URL=https://api.segpay.com/v1
SEGPAY_MERCHANT_ID=<merchant-id>
SEGPAY_API_KEY=<api-key>
SEGPAY_WEBHOOK_SECRET=<webhook-secret>
# NOWPayments (Crypto)
NOWPAYMENTS_API_URL=https://api.nowpayments.io/v1
NOWPAYMENTS_API_KEY=<api-key>
NOWPAYMENTS_IPN_SECRET=<ipn-secret>
# ==============================================================================
# Feature Flags
# ==============================================================================
ENABLE_AGE_GATE=true
ENABLE_ANALYTICS=true
ENABLE_ML_MODERATION=true
ENABLE_WATERMARKING=false
# ==============================================================================
# Queue Worker Service (on apricot)
# ==============================================================================
QUEUE_REDIS_HOST=10.9.0.1
QUEUE_REDIS_PORT=6388
QUEUE_REDIS_PASSWORD=<generate-with-openssl-rand-base64-32>
QUEUE_WORKER_API_PORT=3080
QUEUE_WORKER_WS_PORT=3081
# ==============================================================================
# Redis Authentication (per-service)
# ==============================================================================
# SSO Redis
SSO_REDIS_PASSWORD=<generate-with-openssl-rand-base64-32>
# Marketplace Redis
MARKETPLACE_REDIS_PASSWORD=<generate-with-openssl-rand-base64-32>
# Messaging Redis
MESSAGING_REDIS_PASSWORD=<generate-with-openssl-rand-base64-32>
# Analytics Redis
ANALYTICS_REDIS_PASSWORD=<generate-with-openssl-rand-base64-32>
# Merchant Redis
MERCHANT_REDIS_PASSWORD=<generate-with-openssl-rand-base64-32>
# ==============================================================================
# Monitoring & Logging
# ==============================================================================
LOG_LEVEL=info
ENABLE_REQUEST_LOGGING=true
# Error Tracking — GlitchTip on black (Sentry-compatible DSN)
# Get DSN from GlitchTip UI: http://10.0.0.11:8800 → Project → DSN
SENTRY_DSN=<glitchtip-dsn-from-project-settings>
SENTRY_ENVIRONMENT=production
SENTRY_TRACES_SAMPLE_RATE=0.1
# ==============================================================================
# GlitchTip Instance (on black, VPN-only)
# ==============================================================================
GLITCHTIP_PORT=8800
GLITCHTIP_SECRET_KEY=<generate-with-openssl-rand-base64-64>
GLITCHTIP_DB_PASSWORD=<generate-with-openssl-rand-base64-32>
GLITCHTIP_DOMAIN=http://10.0.0.11:8800
# ==============================================================================
# Generate Secrets with:
# ==============================================================================
# openssl rand -base64 32 # For passwords
# openssl rand -base64 64 # For JWT/session secrets