# ============================================== # Mosaic Stack - Docker Swarm Configuration # ============================================== # Copy this file to .env for Docker Swarm deployment # ====================== # Application Ports (Internal) # ====================== API_PORT=3001 API_HOST=0.0.0.0 WEB_PORT=3000 # ====================== # Domain Configuration (Traefik) # ====================== # These domains must be configured in your DNS or /etc/hosts MOSAIC_API_DOMAIN=api.mosaicstack.dev MOSAIC_WEB_DOMAIN=mosaic.mosaicstack.dev MOSAIC_AUTH_DOMAIN=auth.mosaicstack.dev # ====================== # Web Configuration # ====================== # Use the Traefik domain for the API URL NEXT_PUBLIC_APP_URL=http://mosaic.mosaicstack.dev NEXT_PUBLIC_API_URL=http://api.mosaicstack.dev # ====================== # PostgreSQL Database # ====================== DATABASE_URL=postgresql://mosaic:REPLACE_WITH_SECURE_PASSWORD@postgres:5432/mosaic POSTGRES_USER=mosaic POSTGRES_PASSWORD=REPLACE_WITH_SECURE_PASSWORD POSTGRES_DB=mosaic POSTGRES_PORT=5432 # PostgreSQL Performance Tuning POSTGRES_SHARED_BUFFERS=256MB POSTGRES_EFFECTIVE_CACHE_SIZE=1GB POSTGRES_MAX_CONNECTIONS=100 # ====================== # Valkey Cache # ====================== VALKEY_URL=redis://valkey:6379 VALKEY_HOST=valkey VALKEY_PORT=6379 VALKEY_MAXMEMORY=256mb # Knowledge Module Cache Configuration KNOWLEDGE_CACHE_ENABLED=true KNOWLEDGE_CACHE_TTL=300 # ====================== # Authentication (Authentik OIDC) # ====================== # NOTE: Authentik services are COMMENTED OUT in docker-compose.swarm.yml by default # Uncomment those services if you want to run Authentik internally # Otherwise, use external Authentik by configuring OIDC_* variables below # External Authentik Configuration (default) OIDC_ENABLED=true OIDC_ISSUER=https://auth.example.com/application/o/mosaic-stack/ OIDC_CLIENT_ID=your-client-id-here OIDC_CLIENT_SECRET=your-client-secret-here OIDC_REDIRECT_URI=https://api.mosaicstack.dev/auth/callback/authentik # Internal Authentik Configuration (only needed if uncommenting Authentik services) # Authentik PostgreSQL Database AUTHENTIK_POSTGRES_USER=authentik AUTHENTIK_POSTGRES_PASSWORD=REPLACE_WITH_SECURE_PASSWORD AUTHENTIK_POSTGRES_DB=authentik # Authentik Server Configuration AUTHENTIK_SECRET_KEY=REPLACE_WITH_RANDOM_SECRET_MINIMUM_50_CHARS AUTHENTIK_ERROR_REPORTING=false AUTHENTIK_BOOTSTRAP_PASSWORD=REPLACE_WITH_SECURE_PASSWORD AUTHENTIK_BOOTSTRAP_EMAIL=admin@mosaicstack.dev AUTHENTIK_COOKIE_DOMAIN=.mosaicstack.dev # ====================== # JWT Configuration # ====================== JWT_SECRET=REPLACE_WITH_RANDOM_SECRET_MINIMUM_32_CHARS JWT_EXPIRATION=24h # ====================== # Encryption (Credential Security) # ====================== # Generate with: openssl rand -hex 32 ENCRYPTION_KEY=REPLACE_WITH_64_CHAR_HEX_STRING_GENERATE_WITH_OPENSSL_RAND_HEX_32 # ====================== # OpenBao Secrets Management # ====================== OPENBAO_ADDR=http://openbao:8200 OPENBAO_PORT=8200 # For development only - remove in production OPENBAO_DEV_ROOT_TOKEN_ID=root # ====================== # Ollama (Optional AI Service) # ====================== OLLAMA_ENDPOINT=http://ollama:11434 OLLAMA_PORT=11434 OLLAMA_EMBEDDING_MODEL=mxbai-embed-large # Semantic Search Configuration SEMANTIC_SEARCH_SIMILARITY_THRESHOLD=0.5 # ====================== # OpenAI API (Optional) # ====================== # OPENAI_API_KEY=sk-... # ====================== # Application Environment # ====================== NODE_ENV=production # ====================== # Gitea Integration (Coordinator) # ====================== GITEA_URL=https://git.mosaicstack.dev GITEA_BOT_USERNAME=mosaic GITEA_BOT_TOKEN=REPLACE_WITH_COORDINATOR_BOT_API_TOKEN GITEA_BOT_PASSWORD=REPLACE_WITH_COORDINATOR_BOT_PASSWORD GITEA_REPO_OWNER=mosaic GITEA_REPO_NAME=stack GITEA_WEBHOOK_SECRET=REPLACE_WITH_RANDOM_WEBHOOK_SECRET COORDINATOR_API_KEY=REPLACE_WITH_RANDOM_API_KEY_MINIMUM_32_CHARS # ====================== # Rate Limiting # ====================== RATE_LIMIT_TTL=60 RATE_LIMIT_GLOBAL_LIMIT=100 RATE_LIMIT_WEBHOOK_LIMIT=60 RATE_LIMIT_COORDINATOR_LIMIT=100 RATE_LIMIT_HEALTH_LIMIT=300 RATE_LIMIT_STORAGE=redis # ====================== # Orchestrator Configuration # ====================== ORCHESTRATOR_API_KEY=REPLACE_WITH_RANDOM_API_KEY_MINIMUM_32_CHARS CLAUDE_API_KEY=REPLACE_WITH_CLAUDE_API_KEY # ====================== # Logging & Debugging # ====================== LOG_LEVEL=info DEBUG=false