Files
provenance/deploy/.env.example
justin 828445a6b3 Add Cloudflare Tunnel connector (profile-gated) to the deploy stack
A cloudflared service (opt-in via the 'tunnel' compose profile, token from CLOUDFLARE_TUNNEL_TOKEN) connects the lab to Cloudflare. One public hostname -> http://caddy:80 is sufficient because Caddy does the internal path routing. Mirrors the drawbar tunnel setup.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Signed-off-by: Justin Paul <justin@jpaul.me>
2026-06-06 11:32:15 -04:00

60 lines
1.9 KiB
Bash

# Provenance configuration — copy to `.env` and fill in. Never commit `.env`.
# Everything is twelve-factor; no endpoints or secrets live in code.
# --- Core ---
APP_ENV=development
# --- Images (pulled from git.jpaul.io; CI pushes to the LAN registry) ---
# test-main = current main build; or pin a semver / test-sha-<sha> for rollback.
IMAGE_TAG=test-main
# --- Database (Postgres) ---
POSTGRES_USER=provenance
POSTGRES_PASSWORD=change-me
POSTGRES_DB=provenance
# Backend connection string (async driver). Host 'postgres' = compose service.
DATABASE_URL=postgresql+asyncpg://provenance:change-me@postgres:5432/provenance
# --- Object storage (S3-compatible / MinIO) ---
MINIO_ROOT_USER=provenance
MINIO_ROOT_PASSWORD=change-me-too
S3_ENDPOINT_URL=http://minio:9000
S3_BUCKET=provenance
S3_ACCESS_KEY=provenance
S3_SECRET_KEY=change-me-too
S3_REGION=us-east-1
# --- Edge (Caddy) ---
# Local: ':80' (http://localhost). Production: 'provenance.example.com' for auto-HTTPS.
# Behind a Cloudflare Tunnel, keep ':80' — Cloudflare terminates TLS and the
# tunnel forwards plain HTTP to caddy:80.
PROVENANCE_SITE_ADDRESS=:80
# --- Cloudflare Tunnel (optional) ---
# Enable by setting COMPOSE_PROFILES=tunnel and supplying the connector token
# from the Cloudflare dashboard. Public hostname -> http://caddy:80.
CLOUDFLARE_TUNNEL_TOKEN=
COMPOSE_PROFILES=
# --- Auth / sessions ---
SESSION_TTL_DAYS=30
TOKEN_TTL_HOURS=24
# Set false for local http; true (default) behind TLS.
COOKIE_SECURE=false
# Base URL used to build links in outbound email.
APP_BASE_URL=http://localhost
# Mailer: 'console' logs links to stdout (dev); 'smtp' uses the SMTP settings below.
MAILER=console
# --- Email (SMTP) — wired in a later phase ---
SMTP_HOST=
SMTP_PORT=587
SMTP_USERNAME=
SMTP_PASSWORD=
SMTP_FROM=
# --- Model providers — wired in Phase 4 (AI assistant). BYO key. ---
# ANTHROPIC_API_KEY=
# OPENAI_API_KEY=
# XAI_API_KEY=