-
-
Notifications
You must be signed in to change notification settings - Fork 9
Expand file tree
/
Copy path.env.docker.example
More file actions
executable file
·74 lines (63 loc) · 2.42 KB
/
.env.docker.example
File metadata and controls
executable file
·74 lines (63 loc) · 2.42 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
# Canonical VPS environment template for docker-compose.yml
# Copy to `.env.docker` on the VPS or inject equivalent values from Coolify.
# --- Core runtime ---
PORT=8080
HOST=0.0.0.0
AAA_MCP_TRANSPORT=http
ARIFOS_CONSTITUTIONAL_MODE=AAA
ARIFOS_VERSION=2026.03.17
ARIFOS_MCP_PATH=/mcp
# Tool profile: public | internal | full | copilot | chatgpt | agnostic_public
# Use 'copilot' when connecting to Microsoft Copilot Studio for schema-safe surface.
ARIFOS_PUBLIC_TOOL_PROFILE=public
ARIFOS_PUBLIC_BASE_URL=https://arifosmcp.arif-fazil.com
ARIFOS_WIDGET_DOMAIN=https://arifosmcp.arif-fazil.com
arifosmcp_PATH=/mcp
ARIFOS_ENABLE_PHASE2_TOOLS=0
ARIFOS_CONTINUITY_TTL_SECONDS=900
# --- Required production secrets ---
# Preferred: forge a file-backed secret and mount /opt/arifos/secrets read-only
# Example:
# sudo mkdir -p /opt/arifos/secrets
# openssl rand -hex 32 | sudo tee /opt/arifos/secrets/governance.secret > /dev/null
# sudo chmod 600 /opt/arifos/secrets/governance.secret
ARIFOS_GOVERNANCE_SECRET_FILE=/opt/arifos/secrets/governance.secret
# Fallback only when file-backed secret is not available.
# Generate with: openssl rand -hex 32
ARIFOS_GOVERNANCE_SECRET=
# Optional rotation grace-period secret
ARIFOS_GOVERNANCE_SECRET_PREVIOUS_FILE=
ARIFOS_GOVERNANCE_SECRET_PREVIOUS=
# --- Microsoft Copilot Studio API key (optional) ---
# Set this to enable X-API-Key authentication for Copilot Studio integration.
# In Copilot Studio wizard: Authentication -> API Key -> Header -> X-API-Key
# Leave empty to disable auth guard (development/open access mode).
# Generate with: openssl rand -hex 32
COPILOT_API_KEY=
# --- Postgres / persistence ---
POSTGRES_DB=vault999
POSTGRES_USER=arifos_admin
POSTGRES_PASSWORD=CHANGE_ME_POSTGRES_PASSWORD
GRAFANA_PASSWORD=CHANGE_ME_GRAFANA_PASSWORD
WEBHOOK_SECRET=CHANGE_ME_WEBHOOK_SECRET
OPENCLAW_RESTART_TOKEN=CHANGE_ME_OPENCLAW_RESTART_TOKEN
# --- Grounding providers (recommended) ---
BRAVE_API_KEY=
JINA_API_KEY=
PPLX_API_KEY=
# --- Model providers (optional, set what you use) ---
OPENAI_API_KEY=
ANTHROPIC_API_KEY=
GOOGLE_API_KEY=
OPENROUTER_API_KEY=
VENICE_API_KEY=
# --- Self-ops / integrations (optional) ---
GITHUB_TOKEN=
FIRECRAWL_API_KEY=
BROWSERLESS_TOKEN=
OPENCLAW_GATEWAY_TOKEN=
# --- External Service Tokens (inject here, NEVER hardcode in docker-compose.yml) ---
# HuggingFace token (READ scope) — https://huggingface.co/settings/tokens
HF_TOKEN=
# Telegram bot token — from @BotFather
TELEGRAM_BOT_TOKEN=