mirror of
https://github.com/aljazceru/enclava.git
synced 2025-12-17 07:24:34 +01:00
133 lines
4.1 KiB
Plaintext
133 lines
4.1 KiB
Plaintext
# ===================================
|
|
# ENCLAVA MINIMAL CONFIGURATION
|
|
# ===================================
|
|
# Only essential environment variables that CANNOT have defaults
|
|
# Other settings should be configurable through the app UI
|
|
|
|
# ===================================
|
|
# INFRASTRUCTURE (Required)
|
|
# ===================================
|
|
DATABASE_URL=postgresql://enclava_user:enclava_pass@enclava-postgres:5432/enclava_db
|
|
REDIS_URL=redis://enclava-redis:6379
|
|
|
|
# ===================================
|
|
# SECURITY CRITICAL (Required)
|
|
# ===================================
|
|
JWT_SECRET=your-super-secret-jwt-key-here-change-in-production
|
|
PRIVATEMODE_API_KEY=your-privatemode-api-key-here
|
|
|
|
# Admin user (created on first startup only)
|
|
ADMIN_EMAIL=admin@example.com
|
|
ADMIN_PASSWORD=admin123
|
|
|
|
# ===================================
|
|
# ADDITIONAL SECURITY SETTINGS (Optional but recommended)
|
|
# ===================================
|
|
# JWT Algorithm (default: HS256)
|
|
# JWT_ALGORITHM=HS256
|
|
|
|
# Token expiration times (in minutes)
|
|
# ACCESS_TOKEN_EXPIRE_MINUTES=30
|
|
# REFRESH_TOKEN_EXPIRE_MINUTES=10080
|
|
# SESSION_EXPIRE_MINUTES=1440
|
|
|
|
# API Key prefix (default: en_)
|
|
# API_KEY_PREFIX=en_
|
|
|
|
# Security thresholds (0.0-1.0)
|
|
# API_SECURITY_RISK_THRESHOLD=0.8
|
|
# API_SECURITY_WARNING_THRESHOLD=0.6
|
|
# API_SECURITY_ANOMALY_THRESHOLD=0.7
|
|
|
|
# IP security (comma-separated for multiple IPs)
|
|
# API_BLOCKED_IPS=
|
|
# API_ALLOWED_IPS=
|
|
|
|
# ===================================
|
|
# APPLICATION BASE URL (Required - derives all URLs and CORS)
|
|
# ===================================
|
|
BASE_URL=localhost
|
|
# Frontend derives: APP_URL=http://localhost, API_URL=http://localhost, WS_URL=ws://localhost
|
|
# Backend derives: CORS_ORIGINS=["http://localhost"]
|
|
|
|
# ===================================
|
|
# DOCKER NETWORKING (Required for containers)
|
|
# ===================================
|
|
BACKEND_INTERNAL_PORT=8000
|
|
FRONTEND_INTERNAL_PORT=3000
|
|
# Hosts are fixed: enclava-backend, enclava-frontend
|
|
# Upstreams derive: enclava-backend:8000, enclava-frontend:3000
|
|
|
|
# ===================================
|
|
# QDRANT (Required for RAG)
|
|
# ===================================
|
|
QDRANT_HOST=enclava-qdrant
|
|
QDRANT_PORT=6333
|
|
QDRANT_URL=http://enclava-qdrant:6333
|
|
|
|
# ===================================
|
|
# OPTIONAL PRIVATEMODE SETTINGS (Have defaults)
|
|
# ===================================
|
|
# PRIVATEMODE_CACHE_MODE=none # Optional: defaults to 'none'
|
|
# PRIVATEMODE_CACHE_SALT= # Optional: defaults to empty
|
|
|
|
# ===================================
|
|
# OPTIONAL CONFIGURATION (All have sensible defaults)
|
|
# ===================================
|
|
|
|
# Application Settings
|
|
# APP_NAME=Enclava
|
|
# APP_DEBUG=false
|
|
# APP_LOG_LEVEL=INFO
|
|
# APP_HOST=0.0.0.0
|
|
# APP_PORT=8000
|
|
|
|
# Security Features
|
|
# API_SECURITY_ENABLED=true
|
|
# API_THREAT_DETECTION_ENABLED=true
|
|
# API_IP_REPUTATION_ENABLED=true
|
|
# API_ANOMALY_DETECTION_ENABLED=true
|
|
# API_RATE_LIMITING_ENABLED=true
|
|
# API_SECURITY_HEADERS_ENABLED=true
|
|
|
|
# Content Security Policy
|
|
# API_CSP_HEADER=default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'
|
|
|
|
# Rate Limiting (requests per minute/hour)
|
|
# API_RATE_LIMIT_AUTHENTICATED_PER_MINUTE=300
|
|
# API_RATE_LIMIT_AUTHENTICATED_PER_HOUR=5000
|
|
# API_RATE_LIMIT_API_KEY_PER_MINUTE=1000
|
|
# API_RATE_LIMIT_API_KEY_PER_HOUR=20000
|
|
# API_RATE_LIMIT_PREMIUM_PER_MINUTE=5000
|
|
# API_RATE_LIMIT_PREMIUM_PER_HOUR=100000
|
|
|
|
# Request Size Limits (in bytes)
|
|
# API_MAX_REQUEST_BODY_SIZE=10485760 # 10MB
|
|
# API_MAX_REQUEST_BODY_SIZE_PREMIUM=52428800 # 50MB
|
|
# MAX_UPLOAD_SIZE=10485760 # 10MB
|
|
|
|
# Monitoring
|
|
# PROMETHEUS_ENABLED=true
|
|
# PROMETHEUS_PORT=9090
|
|
|
|
# Logging
|
|
# LOG_FORMAT=json
|
|
# LOG_LEVEL=INFO
|
|
# LOG_LLM_PROMPTS=false
|
|
|
|
# Module Configuration
|
|
# MODULES_CONFIG_PATH=config/modules.yaml
|
|
|
|
# Plugin Configuration
|
|
# PLUGINS_DIR=/plugins
|
|
# PLUGINS_CONFIG_PATH=config/plugins.yaml
|
|
# PLUGIN_REPOSITORY_URL=https://plugins.enclava.com
|
|
# PLUGIN_ENCRYPTION_KEY=
|
|
|
|
# ===================================
|
|
# SUMMARY
|
|
# ===================================
|
|
# Required: DATABASE_URL, REDIS_URL, JWT_SECRET, ADMIN_EMAIL, ADMIN_PASSWORD, BASE_URL
|
|
# Recommended: PRIVATEMODE_API_KEY, QDRANT_HOST, QDRANT_PORT
|
|
# Optional: All other settings have secure defaults
|
|
# =================================== |