diff --git a/services/aurora-service/README.md b/services/aurora-service/README.md index 18d89ab0..6498f9a6 100644 --- a/services/aurora-service/README.md +++ b/services/aurora-service/README.md @@ -64,6 +64,26 @@ cd services/aurora-service ./launchd/install-launchd.sh ``` +Optional Kling setup via Keychain: + +```bash +cd services/aurora-service +./launchd/configure-kling-keychain.sh +``` + +The script stores credentials in macOS Keychain (`daarion.kling.access_key`, `daarion.kling.secret_key`) and restarts launchd service. `start-native-macos.sh` reads Keychain-backed values automatically when `KLING_*` env vars are not set. + +Alternative: create `${HOME}/.sofiia/aurora.env` (chmod `600`) with: + +```bash +KLING_ACCESS_KEY=... +KLING_SECRET_KEY=... +KLING_BASE_URL=https://api.klingai.com +KLING_TIMEOUT=60 +``` + +`install-launchd.sh` sets `AURORA_ENV_FILE=${HOME}/.sofiia/aurora.env` by default. + Useful commands: ```bash diff --git a/services/aurora-service/launchd/configure-kling-keychain.sh b/services/aurora-service/launchd/configure-kling-keychain.sh new file mode 100755 index 00000000..4396a08e --- /dev/null +++ b/services/aurora-service/launchd/configure-kling-keychain.sh @@ -0,0 +1,31 @@ +#!/usr/bin/env bash +set -euo pipefail + +ROOT_DIR="$(cd "$(dirname "$0")/.." && pwd)" +ACCESS_SERVICE="${KLING_KEYCHAIN_ACCESS_SERVICE:-daarion.kling.access_key}" +SECRET_SERVICE="${KLING_KEYCHAIN_SECRET_SERVICE:-daarion.kling.secret_key}" + +if [ -z "${KLING_ACCESS_KEY:-}" ]; then + read -r -s -p "KLING access key: " KLING_ACCESS_KEY + echo +fi +if [ -z "${KLING_SECRET_KEY:-}" ]; then + read -r -s -p "KLING secret key: " KLING_SECRET_KEY + echo +fi + +if [ -z "${KLING_ACCESS_KEY}" ] || [ -z "${KLING_SECRET_KEY}" ]; then + echo "[aurora-kling] both keys are required" + exit 1 +fi + +security add-generic-password -U -a "${USER}" -s "${ACCESS_SERVICE}" -w "${KLING_ACCESS_KEY}" >/dev/null +security add-generic-password -U -a "${USER}" -s "${SECRET_SERVICE}" -w "${KLING_SECRET_KEY}" >/dev/null + +echo "[aurora-kling] stored in keychain services:" +echo " - ${ACCESS_SERVICE}" +echo " - ${SECRET_SERVICE}" + +"${ROOT_DIR}/launchd/install-launchd.sh" + +echo "[aurora-kling] aurora launchd restarted with keychain-backed kling credentials" diff --git a/services/aurora-service/launchd/install-launchd.sh b/services/aurora-service/launchd/install-launchd.sh index d5ffe856..67794542 100755 --- a/services/aurora-service/launchd/install-launchd.sh +++ b/services/aurora-service/launchd/install-launchd.sh @@ -9,6 +9,7 @@ PLIST_PATH="${LAUNCH_AGENTS_DIR}/${LABEL}.plist" START_SCRIPT="${ROOT_DIR}/start-native-macos.sh" PORT_VALUE="${PORT:-9401}" +AURORA_ENV_FILE_VALUE="${AURORA_ENV_FILE:-${HOME}/.sofiia/aurora.env}" DATA_DIR_VALUE="${AURORA_DATA_DIR:-${HOME}/.sofiia/aurora-data}" MODELS_DIR_VALUE="${AURORA_MODELS_DIR:-${DATA_DIR_VALUE}/models}" PUBLIC_BASE_URL_VALUE="${AURORA_PUBLIC_BASE_URL:-http://127.0.0.1:${PORT_VALUE}}" @@ -73,6 +74,8 @@ cat > "${PLIST_PATH}" <1 PORT ${PORT_VALUE} + AURORA_ENV_FILE + ${AURORA_ENV_FILE_VALUE} AURORA_DATA_DIR ${DATA_DIR_VALUE} AURORA_MODELS_DIR diff --git a/services/aurora-service/start-native-macos.sh b/services/aurora-service/start-native-macos.sh new file mode 100755 index 00000000..3a6a5748 --- /dev/null +++ b/services/aurora-service/start-native-macos.sh @@ -0,0 +1,76 @@ +#!/usr/bin/env bash +set -euo pipefail + +ROOT_DIR="$(cd "$(dirname "$0")" && pwd)" +VENV_DIR="${ROOT_DIR}/.venv-macos" +PORT="${PORT:-9401}" +AURORA_ENV_FILE="${AURORA_ENV_FILE:-${HOME}/.sofiia/aurora.env}" +cd "${ROOT_DIR}" + +if [ ! -x "${VENV_DIR}/bin/python" ]; then + echo "[aurora-native] venv is missing. Run ./setup-native-macos.sh first." + exit 1 +fi + +source "${VENV_DIR}/bin/activate" + +# Optional local env file for secrets/runtime overrides. +if [ -f "${AURORA_ENV_FILE}" ]; then + set -a + # shellcheck disable=SC1090 + source "${AURORA_ENV_FILE}" + set +a +fi + +export AURORA_DATA_DIR="${AURORA_DATA_DIR:-${HOME}/.sofiia/aurora-data}" +export AURORA_MODELS_DIR="${AURORA_MODELS_DIR:-${AURORA_DATA_DIR}/models}" +export AURORA_PUBLIC_BASE_URL="${AURORA_PUBLIC_BASE_URL:-http://127.0.0.1:${PORT}}" +export AURORA_CORS_ORIGINS="${AURORA_CORS_ORIGINS:-*}" + +# Apple Silicon acceleration profile. +export AURORA_FORCE_CPU="${AURORA_FORCE_CPU:-false}" +export AURORA_PREFER_MPS="${AURORA_PREFER_MPS:-true}" +export AURORA_ENABLE_VIDEOTOOLBOX="${AURORA_ENABLE_VIDEOTOOLBOX:-true}" + +_read_keychain_secret() { + local service_name="$1" + security find-generic-password -s "${service_name}" -w 2>/dev/null || true +} + +_read_first_keychain_secret() { + local value="" + local service="" + for service in "$@"; do + value="$(_read_keychain_secret "${service}")" + if [ -n "${value}" ]; then + printf '%s' "${value}" + return 0 + fi + done + return 1 +} + +if [ -z "${KLING_ACCESS_KEY:-}" ]; then + KLING_ACCESS_KEY="$(_read_first_keychain_secret "daarion.kling.access_key" "kling.access_key" "KLING_ACCESS_KEY" || true)" +fi +if [ -z "${KLING_SECRET_KEY:-}" ]; then + KLING_SECRET_KEY="$(_read_first_keychain_secret "daarion.kling.secret_key" "kling.secret_key" "KLING_SECRET_KEY" || true)" +fi +export KLING_ACCESS_KEY="${KLING_ACCESS_KEY:-}" +export KLING_SECRET_KEY="${KLING_SECRET_KEY:-}" +export KLING_BASE_URL="${KLING_BASE_URL:-https://api.klingai.com}" +export KLING_TIMEOUT="${KLING_TIMEOUT:-60}" + +mkdir -p "${AURORA_DATA_DIR}" "${AURORA_MODELS_DIR}" + +echo "[aurora-native] starting on 127.0.0.1:${PORT}" +echo "[aurora-native] data: ${AURORA_DATA_DIR}" +echo "[aurora-native] models: ${AURORA_MODELS_DIR}" +echo "[aurora-native] force_cpu=${AURORA_FORCE_CPU} prefer_mps=${AURORA_PREFER_MPS} videotoolbox=${AURORA_ENABLE_VIDEOTOOLBOX}" +if [ -n "${KLING_ACCESS_KEY}" ] && [ -n "${KLING_SECRET_KEY}" ]; then + echo "[aurora-native] kling: configured" +else + echo "[aurora-native] kling: credentials missing" +fi + +exec uvicorn app.main:app --host 127.0.0.1 --port "${PORT}"