Jason Woltje
ed92bb5402
Some checks failed
ci/woodpecker/push/woodpecker Pipeline failed
- Add setup-wizard.sh for interactive configuration - Add docker-compose.swarm.yml optimized for swarm deployment - Make CLAUDE_API_KEY optional based on AI_PROVIDER setting - Support multiple AI providers: Ollama, Claude API, OpenAI - Add BETTER_AUTH_SECRET to .env.example - Update deploy-swarm.sh to validate AI provider config - Add comprehensive documentation (DOCKER-SWARM.md, SWARM-QUICKREF.md) Changes: - AI_PROVIDER env var controls which AI backend to use - Ollama is default (no API key required) - Claude API and OpenAI require respective API keys - Deployment script validates based on selected provider - Removed Authentik services from swarm compose (using external) - Configured for upstream Traefik integration
148 lines
4.0 KiB
Plaintext
148 lines
4.0 KiB
Plaintext
# ==============================================
|
|
# Mosaic Stack - Docker Swarm Configuration
|
|
# ==============================================
|
|
# Copy this file to .env for Docker Swarm deployment
|
|
|
|
# ======================
|
|
# Application Ports (Internal)
|
|
# ======================
|
|
API_PORT=3001
|
|
API_HOST=0.0.0.0
|
|
WEB_PORT=3000
|
|
|
|
# ======================
|
|
# Domain Configuration (Traefik)
|
|
# ======================
|
|
# These domains must be configured in your DNS or /etc/hosts
|
|
MOSAIC_API_DOMAIN=api.mosaicstack.dev
|
|
MOSAIC_WEB_DOMAIN=mosaic.mosaicstack.dev
|
|
MOSAIC_AUTH_DOMAIN=auth.mosaicstack.dev
|
|
|
|
# ======================
|
|
# Web Configuration
|
|
# ======================
|
|
# Use the Traefik domain for the API URL
|
|
NEXT_PUBLIC_APP_URL=http://mosaic.mosaicstack.dev
|
|
NEXT_PUBLIC_API_URL=http://api.mosaicstack.dev
|
|
|
|
# ======================
|
|
# PostgreSQL Database
|
|
# ======================
|
|
DATABASE_URL=postgresql://mosaic:REPLACE_WITH_SECURE_PASSWORD@postgres:5432/mosaic
|
|
POSTGRES_USER=mosaic
|
|
POSTGRES_PASSWORD=REPLACE_WITH_SECURE_PASSWORD
|
|
POSTGRES_DB=mosaic
|
|
POSTGRES_PORT=5432
|
|
|
|
# PostgreSQL Performance Tuning
|
|
POSTGRES_SHARED_BUFFERS=256MB
|
|
POSTGRES_EFFECTIVE_CACHE_SIZE=1GB
|
|
POSTGRES_MAX_CONNECTIONS=100
|
|
|
|
# ======================
|
|
# Valkey Cache
|
|
# ======================
|
|
VALKEY_URL=redis://valkey:6379
|
|
VALKEY_HOST=valkey
|
|
VALKEY_PORT=6379
|
|
VALKEY_MAXMEMORY=256mb
|
|
|
|
# Knowledge Module Cache Configuration
|
|
KNOWLEDGE_CACHE_ENABLED=true
|
|
KNOWLEDGE_CACHE_TTL=300
|
|
|
|
# ======================
|
|
# Authentication (Authentik OIDC)
|
|
# ======================
|
|
OIDC_ENABLED=true
|
|
OIDC_ISSUER=http://auth.mosaicstack.dev/application/o/mosaic-stack/
|
|
OIDC_CLIENT_ID=your-client-id-here
|
|
OIDC_CLIENT_SECRET=your-client-secret-here
|
|
OIDC_REDIRECT_URI=http://api.mosaicstack.dev/auth/callback/authentik
|
|
|
|
# Authentik PostgreSQL Database
|
|
AUTHENTIK_POSTGRES_USER=authentik
|
|
AUTHENTIK_POSTGRES_PASSWORD=REPLACE_WITH_SECURE_PASSWORD
|
|
AUTHENTIK_POSTGRES_DB=authentik
|
|
|
|
# Authentik Configuration
|
|
AUTHENTIK_SECRET_KEY=REPLACE_WITH_RANDOM_SECRET_MINIMUM_50_CHARS
|
|
AUTHENTIK_ERROR_REPORTING=false
|
|
AUTHENTIK_BOOTSTRAP_PASSWORD=REPLACE_WITH_SECURE_PASSWORD
|
|
AUTHENTIK_BOOTSTRAP_EMAIL=admin@mosaicstack.dev
|
|
AUTHENTIK_COOKIE_DOMAIN=.mosaicstack.dev
|
|
|
|
# ======================
|
|
# JWT Configuration
|
|
# ======================
|
|
JWT_SECRET=REPLACE_WITH_RANDOM_SECRET_MINIMUM_32_CHARS
|
|
JWT_EXPIRATION=24h
|
|
|
|
# ======================
|
|
# Encryption (Credential Security)
|
|
# ======================
|
|
# Generate with: openssl rand -hex 32
|
|
ENCRYPTION_KEY=REPLACE_WITH_64_CHAR_HEX_STRING_GENERATE_WITH_OPENSSL_RAND_HEX_32
|
|
|
|
# ======================
|
|
# OpenBao Secrets Management
|
|
# ======================
|
|
OPENBAO_ADDR=http://openbao:8200
|
|
OPENBAO_PORT=8200
|
|
# For development only - remove in production
|
|
OPENBAO_DEV_ROOT_TOKEN_ID=root
|
|
|
|
# ======================
|
|
# Ollama (Optional AI Service)
|
|
# ======================
|
|
OLLAMA_ENDPOINT=http://ollama:11434
|
|
OLLAMA_PORT=11434
|
|
OLLAMA_EMBEDDING_MODEL=mxbai-embed-large
|
|
|
|
# Semantic Search Configuration
|
|
SEMANTIC_SEARCH_SIMILARITY_THRESHOLD=0.5
|
|
|
|
# ======================
|
|
# OpenAI API (Optional)
|
|
# ======================
|
|
# OPENAI_API_KEY=sk-...
|
|
|
|
# ======================
|
|
# Application Environment
|
|
# ======================
|
|
NODE_ENV=production
|
|
|
|
# ======================
|
|
# Gitea Integration (Coordinator)
|
|
# ======================
|
|
GITEA_URL=https://git.mosaicstack.dev
|
|
GITEA_BOT_USERNAME=mosaic
|
|
GITEA_BOT_TOKEN=REPLACE_WITH_COORDINATOR_BOT_API_TOKEN
|
|
GITEA_BOT_PASSWORD=REPLACE_WITH_COORDINATOR_BOT_PASSWORD
|
|
GITEA_REPO_OWNER=mosaic
|
|
GITEA_REPO_NAME=stack
|
|
GITEA_WEBHOOK_SECRET=REPLACE_WITH_RANDOM_WEBHOOK_SECRET
|
|
COORDINATOR_API_KEY=REPLACE_WITH_RANDOM_API_KEY_MINIMUM_32_CHARS
|
|
|
|
# ======================
|
|
# Rate Limiting
|
|
# ======================
|
|
RATE_LIMIT_TTL=60
|
|
RATE_LIMIT_GLOBAL_LIMIT=100
|
|
RATE_LIMIT_WEBHOOK_LIMIT=60
|
|
RATE_LIMIT_COORDINATOR_LIMIT=100
|
|
RATE_LIMIT_HEALTH_LIMIT=300
|
|
RATE_LIMIT_STORAGE=redis
|
|
|
|
# ======================
|
|
# Orchestrator Configuration
|
|
# ======================
|
|
ORCHESTRATOR_API_KEY=REPLACE_WITH_RANDOM_API_KEY_MINIMUM_32_CHARS
|
|
CLAUDE_API_KEY=REPLACE_WITH_CLAUDE_API_KEY
|
|
|
|
# ======================
|
|
# Logging & Debugging
|
|
# ======================
|
|
LOG_LEVEL=info
|
|
DEBUG=false
|