-
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy path.env.deploy.example
More file actions
148 lines (126 loc) · 5.75 KB
/
.env.deploy.example
File metadata and controls
148 lines (126 loc) · 5.75 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
# =============================================================================
# SyftHub Production Environment Configuration
# =============================================================================
# Copy this file to .env and fill in the values for your production deployment.
#
# Usage:
# cp .env.deploy.example /opt/syfthub/.env
# # Edit the file with your production values
# nano /opt/syfthub/.env
#
# IMPORTANT: Never commit the actual .env file to version control!
# =============================================================================
# =============================================================================
# DEPLOYMENT CONFIGURATION
# =============================================================================
# GitHub repository in org/repo format (e.g., your-org/syfthub)
# This is used to pull images from GitHub Container Registry
GITHUB_REPOSITORY=your-org/syfthub
# Docker image tag to deploy (set automatically by CI, defaults to latest)
# Format: short git SHA (e.g., abc1234) or 'latest'
IMAGE_TAG=latest
# =============================================================================
# APPLICATION SECRETS
# =============================================================================
# Secret key for JWT token signing and encryption
# Generate with: openssl rand -hex 32
SECRET_KEY=your-super-secret-key-change-this-in-production
# PostgreSQL database password
# Generate with: openssl rand -base64 24
DB_PASSWORD=your-secure-database-password
# Redis password for cache/session authentication
# Generate with: openssl rand -base64 24
REDIS_PASSWORD=your-secure-redis-password
# =============================================================================
# DOMAIN CONFIGURATION
# =============================================================================
# Production domain name (used for CORS and SSL configuration)
# Example: syfthub.example.com
DOMAIN=localhost
# =============================================================================
# NATS CONFIGURATION
# =============================================================================
# Authentication token for NATS server connections (REQUIRED)
# Generate with: openssl rand -hex 32
NATS_AUTH_TOKEN=your-secure-nats-auth-token
# =============================================================================
# JWT TOKEN CONFIGURATION (Optional)
# =============================================================================
# Access token expiration in minutes (default: 30)
ACCESS_TOKEN_EXPIRE_MINUTES=30
# Refresh token expiration in days (default: 7)
REFRESH_TOKEN_EXPIRE_DAYS=7
# =============================================================================
# MPP / TEMPO CONFIGURATION (Micropayment Protocol)
# =============================================================================
# Use Tempo testnet (moderato) instead of mainnet
# Set to false for production deployments
TEMPO_TESTNET=true
# Secret key for MPP payment signing (REQUIRED for MPP functionality)
# Generate with: openssl rand -hex 32
MPP_SECRET_KEY=
# =============================================================================
# NGROK TUNNEL CONFIGURATION (Optional)
# =============================================================================
# ngrok API key for tunnel credential provisioning
# Get from: https://dashboard.ngrok.com → API → New API Key
# When set, enables GET /api/v1/users/me/tunnel-credentials endpoint
# When unset, the endpoint returns 503 Service Unavailable
NGROK_API_KEY=
# =============================================================================
# LOGGING CONFIGURATION (Optional)
# =============================================================================
# Log level: debug, info, warning, error, critical (default: info)
LOG_LEVEL=info
# =============================================================================
# NOTES FOR VM SETUP
# =============================================================================
#
# 1. Create deployment directory:
# sudo mkdir -p /opt/syfthub
# sudo chown $USER:$USER /opt/syfthub
#
# 2. Copy required files (from deploy/ directory):
# - deploy/docker-compose.deploy.yml
# - deploy/nginx/nginx.prod.conf
# - deploy/nginx/ssl/cert.pem, key.pem (SSL certificates)
# - deploy/scripts/deploy.sh
# - .env (this file, filled in)
#
# 3. Create SSL certificates (for production):
# # Using Let's Encrypt:
# sudo certbot certonly --standalone -d your-domain.com
# sudo cp /etc/letsencrypt/live/your-domain.com/fullchain.pem /opt/syfthub/nginx/ssl/cert.pem
# sudo cp /etc/letsencrypt/live/your-domain.com/privkey.pem /opt/syfthub/nginx/ssl/key.pem
#
# # For development/testing (self-signed):
# openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
# -keyout nginx/ssl/key.pem \
# -out nginx/ssl/cert.pem \
# -subj "/CN=localhost"
#
# 4. Create log directory:
# sudo mkdir -p /var/log/syfthub
# sudo chown $USER:$USER /var/log/syfthub
#
# 5. Create backup directory:
# mkdir -p /opt/syfthub/backup
#
# =============================================================================
# GITHUB SECRETS REQUIRED
# =============================================================================
#
# Add these secrets to your GitHub repository settings:
#
# SSH_HOST - VM IP address or hostname
# SSH_USER - SSH username (e.g., ubuntu, deploy)
# SSH_PRIVATE_KEY - SSH private key (Ed25519 recommended)
# SSH_PORT - SSH port (optional, defaults to 22)
# NGROK_API_KEY - ngrok API key for tunnel credentials (optional)
#
# Generate SSH key pair:
# ssh-keygen -t ed25519 -C "github-actions-deploy" -f deploy_key
# # Add deploy_key.pub to VM's ~/.ssh/authorized_keys
# # Add deploy_key (private) as GitHub secret SSH_PRIVATE_KEY
#
# =============================================================================