diff --git a/.env.example b/.env.example index f847119..6bfcb0e 100644 --- a/.env.example +++ b/.env.example @@ -1,35 +1,30 @@ -# Database +# ─── Database ──────────────────────────────────────────── DATABASE_URL="postgresql://postgres:postgres@localhost:5432/hp_prod_tracker?schema=public" +DB_PASSWORD=postgres # Change in production -# Auth.js -AUTH_SECRET="" # Generate with: npx auth secret -AUTH_GOOGLE_ID="" -AUTH_GOOGLE_SECRET="" -AUTH_MICROSOFT_ENTRA_ID_ID="" -AUTH_MICROSOFT_ENTRA_ID_SECRET="" -AUTH_MICROSOFT_ENTRA_ID_TENANT_ID="" +# ─── Auth (Microsoft Entra ID SSO) ────────────────────── +AUTH_SECRET="" # Generate with: openssl rand -base64 32 +AUTH_MICROSOFT_ENTRA_ID_ID="" # Azure AD Application (Client) ID +AUTH_MICROSOFT_ENTRA_ID_SECRET="" # Azure AD Client Secret +AUTH_MICROSOFT_ENTRA_ID_TENANT_ID="" # Azure AD Directory (Tenant) ID -# App +# ─── Dev Auth Bypass (local development only) ─────────── +# Set to "true" to skip SSO and auto-login as dev admin user. +# Ignored when NODE_ENV=production. +DEV_BYPASS_AUTH="true" +DEV_USER_ID="dev-user-001" + +# ─── App ───────────────────────────────────────────────── NEXT_PUBLIC_APP_URL="http://localhost:3000" -# Claude AI (AI Chat Assistant — primary provider) -# Used for the chat interface. Falls back to Ollama if unavailable. -# Get your key at: https://console.anthropic.com/ +# ─── Claude AI (chat assistant — primary provider) ────── ANTHROPIC_API_KEY="" -# Optional: override the default model (cheapest & latest = claude-haiku-4-5-20251001) -# Pricing: $1/1M input tokens, $5/1M output tokens -# Other options: claude-sonnet-4-6 ($3/$15), claude-opus-4-6 ($5/$25) # ANTHROPIC_MODEL="claude-haiku-4-5-20251001" -# Cron / Scheduler -CRON_SECRET="" # Secret for /api/cron/* endpoints. Generate with: openssl rand -hex 32 +# ─── Cron / Scheduler ─────────────────────────────────── +CRON_SECRET="" # Generate with: openssl rand -hex 32 -# Video uploads — override storage directory (default: /data/uploads in prod, ./data/uploads in dev) -# VIDEO_UPLOADS_DIR="/data/uploads" - -# Ollama (AI — embeddings, search, chat fallback) -# Local Ollama instance for embeddings, LLM summarization, and chat fallback. -# No data leaves the network. Zero ongoing AI costs. +# ─── Ollama (AI — embeddings, search, chat fallback) ──── OLLAMA_HOST="http://localhost:11434" OLLAMA_EMBED_MODEL="nomic-embed-text" OLLAMA_LLM_MODEL="qwen3:1.7b" diff --git a/.gitignore b/.gitignore index 9af7beb..13f88a4 100644 --- a/.gitignore +++ b/.gitignore @@ -25,9 +25,6 @@ # database backups backup_*.sql -# deployment repo (separate git repo for Bitbucket) -/deploy/ - # debug npm-debug.log* yarn-debug.log* diff --git a/docker-compose.yml b/docker-compose.yml index 6c7f70d..32aaad7 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -5,7 +5,7 @@ services: restart: unless-stopped environment: POSTGRES_USER: postgres - POSTGRES_PASSWORD: postgres + POSTGRES_PASSWORD: ${DB_PASSWORD:-postgres} POSTGRES_DB: hp_prod_tracker ports: - "5432:5432" @@ -43,7 +43,7 @@ services: # count: 1 # capabilities: [gpu] - # ─── Next.js app (production) ────────────────────────── + # ─── Next.js app ─────────────────────────────────────── app: build: context: . @@ -52,7 +52,7 @@ services: ports: - "3000:3000" environment: - DATABASE_URL: postgresql://postgres:postgres@db:5432/hp_prod_tracker?schema=public + DATABASE_URL: postgresql://postgres:${DB_PASSWORD:-postgres}@db:5432/hp_prod_tracker?schema=public OLLAMA_HOST: http://ollama:11434 OLLAMA_EMBED_MODEL: nomic-embed-text OLLAMA_LLM_MODEL: qwen3:1.7b @@ -76,21 +76,6 @@ services: timeout: 5s retries: 3 start_period: 30s - profiles: - - production - - # ─── Cloudflare Tunnel (HTTPS access without port forwarding) ── - tunnel: - image: cloudflare/cloudflared:latest - restart: unless-stopped - command: tunnel run - environment: - TUNNEL_TOKEN: ${CLOUDFLARE_TUNNEL_TOKEN} - depends_on: - app: - condition: service_healthy - profiles: - - production volumes: pgdata: