platform-deployments/env/README.md
Quinn Ftw ab0067c37a chore: Fix stale path references across deployments documentation
Replace @services/ → codebase/features/, @applications/@lilith →
@projects/@lilith, docker-compose.dev.yml → docker-compose.yml,
docker-compose.prod.yml → docker-compose.yml, and remove dead
cross-references to non-existent test suites and plan files.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-29 00:52:49 -08:00

2.5 KiB

Environment Configuration

Environment variable templates for different deployment environments.


Files

File Purpose Location
prod.env.example Production template Copy to VPS as .env
dev.env.example Development template (future) Copy to apricot as .env

Production Setup (nasty.sh VPS)

1. Copy template to VPS:

scp deployments/env/prod.env.example root@0.1984.nasty.sh:/opt/lilith-platform/.env

2. SSH to VPS and edit:

ssh root@0.1984.nasty.sh
cd /opt/lilith-platform
nano .env

3. Fill in required values:

Critical (Must Configure):

# Database password
POSTGRES_PASSWORD=<strong-32-char-password>

# JWT secrets
JWT_SECRET=<64-char-hex>
JWT_REFRESH_SECRET=<64-char-hex>
SESSION_SECRET=<64-char-hex>

Generate Secrets:

# Password (32 chars)
openssl rand -base64 32

# JWT secrets (64 chars)
openssl rand -base64 64

Optional (Configure Later):

  • Payment providers (Stage 4+)
  • Email SMTP (when notifications needed)
  • MinIO (when object storage needed)

VPN-Specific Configuration

All database and ML service URLs use VPN IP (10.9.0.1):

DATABASE_HOST=10.9.0.1      # PostgreSQL on apricot
REDIS_HOST=10.9.0.1         # Redis on apricot
MEDIAML_SERVICE_URL=http://10.9.0.1:8000  # ML on apricot

Why: Services run on apricot, accessed via WireGuard tunnel.

See: ../VPN_SETUP.md for WireGuard configuration.


Verification

After configuring .env, verify:

# Check VPN connectivity
ping -c 3 10.9.0.1
# Should receive 3 replies

# Test database connection
docker compose -f deployments/docker/docker-compose.yml run --rm platform-service \
  node -e "const pg = require('pg'); const client = new pg.Client({host: process.env.DATABASE_HOST, port: 5432, user: 'postgres', password: process.env.POSTGRES_PASSWORD, database: 'lilith_prod'}); client.connect().then(() => {console.log('DB connected'); client.end()}).catch(e => {console.error('DB failed:', e.message); process.exit(1)})"

Security Notes

  1. Never commit .env files - Contains secrets
  2. .env is gitignored - Safe to use on VPS
  3. Rotate secrets periodically - Every 90 days recommended
  4. Use strong passwords - Minimum 32 characters for database
  5. Keep backups encrypted - Store .env securely off-server

Last Updated: 2025-12-19 Environment: Production (nasty.sh VPS) Architecture: VPN-based with apricot backend