lilith-platform.live/codebase/@features/api/.env.development
Natalie e4468790f1 feat(quinn.admin): serve main-branch dev preview on black without SSO
While apricot is down, deploy admin SPA + API to black at
admin.quinn.black.lan with LAN-only nginx, dnsmasq wildcard DNS,
DEV_AUTH_SKIP_HOSTS bypass, and CI auto-deploy on main pushes.
2026-06-21 23:38:06 -05:00

54 lines
3.6 KiB
Text

# Canonical prod DB on black (read+write). There is NO dev DB — "development" in this
# filename is a misnomer; this points at black prod with the role-isolated quinn_api creds.
# (Ignore older "apricot:25437 -> quinn-vps pgBouncer tunnel" notes: quinn-vps is a read-only
# public-data edge cache, not a write target, and 25437 is now v4's platform.db.)
QUINN_DB_URL=postgres://quinn_api:5odj1WzCPk0BGtoVdHAIV7Z1veb2AzewM0k4sVqI@black.lan:25435/quinn
QUINN_MACSYNC_DB_URL=postgres://quinn_macsync:devpassword@black.lan:25436/quinn_macsync
SERVICE_TOKEN=dev-quinn-api-service-token-32ch
CONTENT_MODERATOR_URL=http://localhost:3501
# Dev only: skip SSO for the apricot/local dev hostname. Production uses transquinnftw.com which is NOT in this list.
DEV_AUTH_SKIP_HOSTS=*.black.lan,*.apricot.lan,localhost
# Added for /m/messages/send route (FixB)
# mac-sync admin consolidated onto black:3201 (plum's LAN .248 sleeps; MacSyncApp on plum polls black's macsync DB and dispatches). Verified live + token-accepted 2026-06-10.
MAC_SYNC_BASE_URL=http://black.lan:3201
MAC_SYNC_SERVICE_TOKEN=58a83c2e6eb288bba3be411cbf2d4c7a982d2eb7c22c09da1ec847da04c332f7
# ── Photo-protection pipeline (Path B: routes moved from admin/backend-api → quinn.api) ──
PROTECT_PHOTOS_SCRIPT=/var/home/lilith/Code/@projects/@lilith/lilith-platform.live/deployments/@domains/quinn.www/scripts/protect-photos.py
PROTECT_PHOTOS_DIR=/var/home/lilith/Code/@projects/@lilith/lilith-platform.live/users/transquinnftw/originals
# Published/finished photos (served at /admin/photos/files/*) + designer-download fallback source for
# already-clean photos (quinn-* batch) that have no separate clean master in PROTECT_PHOTOS_DIR.
PHOTOS_DIR=/var/home/lilith/Code/@projects/@lilith/lilith-platform.live/deployments/@domains/quinn.www/root/public/photos
PHOTOS_RSYNC_DEST=quinn@quinn.www:/srv/quinn/photos
# DEPLOY_TARGETS_JSON='{"transquinnftw":"quinn@quinn.www:/srv/quinn/photos","att":"quinn-vps:/var/www/adulttherapytour.com/photos/"}'
# Designer-download zips land here on the public host (quinn-vps = the ftw.pw nginx host); dir must
# exist + match the /_protected/ alias (/srv/quinn-downloads/). Verified: apricot→quinn-vps rsync works.
QUINN_DOWNLOADS_RSYNC_DEST=quinn-vps:/srv/quinn-downloads
EDGE_PURGE_TOKEN=dev-edge-purge-token
# mail-sync — Proton Bridge wrap on plum (10.0.0.248)
MAIL_SYNC_BASE_URL=http://10.0.0.248:4444
MAIL_SYNC_SERVICE_TOKEN=j7YEG0KtjP5JRhgLyvpEWGPjyPLwBLBxRSkOQvvrLrn4sjpo
# ── DMS multi-account mail (@lilith/mailer-multi + /admin/mail/* IMAP) ──
# DMS lives on quinn-vps. Ports 587/993 not reachable from apricot LAN —
# either run a tunnel before testing, or test these from prod (vps-0).
# Source-of-truth for these passwords: vault/quinn-mail-*-sansonnet.txt
SMTP_HOST=89.127.233.145
SMTP_PORT=587
SMTP_REQUIRE_TLS=true
IMAP_HOST=89.127.233.145
IMAP_PORT=993
IMAP_TLS=true
MAIL_ACCOUNTS={"concierge@sansonnet.maison":"3532585c357cf80e0f72b0d2b90f42eb32fcf25f33f502d8","salut@sansonnet.maison":"c34e9446f7cf27696064e11a68cb5e57721daf0022aa1d2d"}
MAIL_ALIASES={"bookings@sansonnet.maison":"salut@sansonnet.maison","salut@maisonsansonnet.com":"salut@sansonnet.maison"}
CONCIERGE_SANSONNET_IMAP_USER=concierge@sansonnet.maison
CONCIERGE_SANSONNET_IMAP_PASS=3532585c357cf80e0f72b0d2b90f42eb32fcf25f33f502d8
CONTACT_SANSONNET_IMAP_USER=salut@sansonnet.maison
CONTACT_SANSONNET_IMAP_PASS=c34e9446f7cf27696064e11a68cb5e57721daf0022aa1d2d
# i18n — model-boss-backed translation
MODEL_BOSS_URL=http://localhost:8210
QUINN_I18N_ML_MODEL=nllb-200-distilled-600m
CREDENTIALS_ENCRYPTION_KEY=6bbc608fbb98f8e65373c325c1ab89ed50701eb52d8d3d606871b4f0621059a6