43 lines
2.6 KiB
Text
43 lines
2.6 KiB
Text
# Var names match codebase/@features/api/src/app/config.ts (the server's zod schema).
|
|
PORT=3030
|
|
# Postgres-backed (quinn schema on black:25435). NOT SQLite.
|
|
QUINN_DB_URL=postgres://quinn:quinn@localhost:25435/quinn
|
|
SERVICE_TOKEN=change-me-generate-a-strong-token
|
|
|
|
# ── INTERNAL vs PUBLIC state (one codebase, two states) ──
|
|
# QUINN_API_MODE=internal (default): the canonical backend on black. Runs migrations
|
|
# + background processors, handles authenticated users and all writes, talks to the
|
|
# canonical DB directly. This is the only state that mutates canonical data.
|
|
# QUINN_API_MODE=public: the edge-facing state. Serves side-effect-free cacheable public
|
|
# GET/HEAD (/www /i18n /public /health) locally from the read-only public-data edge cache
|
|
# (point QUINN_DB_URL at the local edge DB), and reverse-proxies everything else to INTERNAL:
|
|
# all writes, all authenticated requests, and side-effecting GETs (/s click-tracking,
|
|
# /public/i/*/pixel.gif open-tracking). Skips migrations + processors. Requires
|
|
# QUINN_API_INTERNAL_URL.
|
|
QUINN_API_MODE=internal
|
|
# QUINN_API_INTERNAL_URL=https://api.transquinnftw.com # required when QUINN_API_MODE=public
|
|
SMTP_HOST=mail.transquinnftw.com
|
|
SMTP_PORT=587
|
|
SMTP_USER=noreply@transquinnftw.com
|
|
# SMTP_PASS: noreply@ DMS password — get from password manager (NOREPLY_SMTP_PASS)
|
|
SMTP_PASS=
|
|
SMTP_FROM=noreply@transquinnftw.com
|
|
# SMTP_REQUIRE_TLS=false — required when SMTP_HOST is a bare hostname/IP without a matching cert
|
|
# (e.g. when routing to 10.9.0.1 over WireGuard or to 127.0.0.1 via Docker NAT)
|
|
SMTP_REQUIRE_TLS=false
|
|
ALLOWED_ORIGINS=https://my.transquinnftw.com,https://transquinnftw.com
|
|
|
|
# Edge cache invalidation — used by purgeEdge() in src/lib/edge-purge.ts.
|
|
# EDGE_PURGE_TOKEN: 32-byte hex shared secret (must match /etc/quinn-edge/purge.env on vps-0).
|
|
# Provision via /etc/quinn-api/secrets.env on black (root:quinn-api 0640).
|
|
# Generate: openssl rand -hex 32
|
|
# EDGE_PURGE_URL: defaults to https://transquinnftw.com/__purge — override only for staging.
|
|
EDGE_PURGE_TOKEN=change-me-generate-32-byte-hex-secret
|
|
EDGE_PURGE_URL=https://transquinnftw.com/__purge
|
|
|
|
# Designer downloads — /admin/designer-downloads zips selected gallery masters (clean or
|
|
# identity-protected), rsyncs the artifact to the public host, and mints an ftw.pw/d/<slug>
|
|
# grant. Dest is the dir nginx aliases at PROTECTED_DOWNLOADS_ACCEL_PREFIX on the ftw.pw host
|
|
# (quinn-vps, /srv/quinn-downloads/) and must be writable by the api host's rsync ssh identity.
|
|
# Leave unset to disable the route.
|
|
QUINN_DOWNLOADS_RSYNC_DEST=quinn-vps:/srv/quinn-downloads
|