lilith-platform.live/deployments/@domains/quinn.api/.env.example
autocommit e3e1c2abec chore(quinn.api): 🔧 Update required env vars in .env.example for quinn.api deployment
Co-Authored-By: Lilith Autocommit <noreply@atlilith.com>
2026-06-08 03:19:15 -07:00

43 lines
2.6 KiB
Text

# Var names match codebase/@features/api/src/app/config.ts (the server's zod schema).
PORT=3030
# Postgres-backed (quinn schema on black:25435). NOT SQLite.
QUINN_DB_URL=postgres://quinn:quinn@localhost:25435/quinn
SERVICE_TOKEN=change-me-generate-a-strong-token
# ── INTERNAL vs PUBLIC state (one codebase, two states) ──
# QUINN_API_MODE=internal (default): the canonical backend on black. Runs migrations
# + background processors, handles authenticated users and all writes, talks to the
# canonical DB directly. This is the only state that mutates canonical data.
# QUINN_API_MODE=public: the edge-facing state. Serves side-effect-free cacheable public
# GET/HEAD (/www /i18n /public /health) locally from the read-only public-data edge cache
# (point QUINN_DB_URL at the local edge DB), and reverse-proxies everything else to INTERNAL:
# all writes, all authenticated requests, and side-effecting GETs (/s click-tracking,
# /public/i/*/pixel.gif open-tracking). Skips migrations + processors. Requires
# QUINN_API_INTERNAL_URL.
QUINN_API_MODE=internal
# QUINN_API_INTERNAL_URL=https://api.transquinnftw.com # required when QUINN_API_MODE=public
SMTP_HOST=mail.transquinnftw.com
SMTP_PORT=587
SMTP_USER=noreply@transquinnftw.com
# SMTP_PASS: noreply@ DMS password — get from password manager (NOREPLY_SMTP_PASS)
SMTP_PASS=
SMTP_FROM=noreply@transquinnftw.com
# SMTP_REQUIRE_TLS=false — required when SMTP_HOST is a bare hostname/IP without a matching cert
# (e.g. when routing to 10.9.0.1 over WireGuard or to 127.0.0.1 via Docker NAT)
SMTP_REQUIRE_TLS=false
ALLOWED_ORIGINS=https://my.transquinnftw.com,https://transquinnftw.com
# Edge cache invalidation — used by purgeEdge() in src/lib/edge-purge.ts.
# EDGE_PURGE_TOKEN: 32-byte hex shared secret (must match /etc/quinn-edge/purge.env on vps-0).
# Provision via /etc/quinn-api/secrets.env on black (root:quinn-api 0640).
# Generate: openssl rand -hex 32
# EDGE_PURGE_URL: defaults to https://transquinnftw.com/__purge — override only for staging.
EDGE_PURGE_TOKEN=change-me-generate-32-byte-hex-secret
EDGE_PURGE_URL=https://transquinnftw.com/__purge
# Designer downloads — /admin/designer-downloads zips selected gallery masters (clean or
# identity-protected), rsyncs the artifact to the public host, and mints an ftw.pw/d/<slug>
# grant. Dest is the dir nginx aliases at PROTECTED_DOWNLOADS_ACCEL_PREFIX on the ftw.pw host
# (quinn-vps, /srv/quinn-downloads/) and must be writable by the api host's rsync ssh identity.
# Leave unset to disable the route.
QUINN_DOWNLOADS_RSYNC_DEST=quinn-vps:/srv/quinn-downloads