daarion-admin/microdao-daarion
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
ef3ff806450584c2946e78d94a6b694c1d77051d
microdao-daarion/ops/node2.env.example
Apple 7b8499dd8a node2: P0 vision restore + P1 security hardening + node-specific router config 
P0 — Vision:
- swapper_config_node2.yaml: add llava-13b as vision model (vision:true)
  /vision/models now returns non-empty list; inference verified ~3.5s
- ollama.url fixed to host.docker.internal:11434 (was localhost, broken in Docker)

P1 — Security:
- Remove NODES_NODA1_SSH_PASSWORD from .env and docker-compose.node2-sofiia.yml
- SSH ED25519 key generated, authorized on NODA1, mounted as /run/secrets/noda1_ssh_key
- sofiia-console reads key via NODES_NODA1_SSH_PRIVATE_KEY env var
- secrets/noda1_id_ed25519 added to .gitignore

P1 — Router:
- services/router/router-config.node2.yml: new node2-specific config
  replaces all 172.17.0.1:11434 → host.docker.internal:11434
- docker-compose.node2-sofiia.yml: mount router-config.node2.yml (not root config)

P1 — Ports:
- router (9102), swapper (8890), sofiia-console (8002): bind to 127.0.0.1
- gateway (9300): keep 0.0.0.0 (Telegram webhook requires public access)

Artifacts:
- ops/patch_node2_P0P1_20260227.md — change log
- ops/validation_node2_P0P1_20260227.md — all checks PASS
- ops/node2.env.example — safe env template (no secrets)
- ops/security_hardening_node2.md — SSH key migration guide + firewall
- ops/node2_models_pull.sh — model pull script for P0/P1

Made-with: Cursor
2026-02-27 01:27:38 -08:00

48 lines
2.8 KiB
Plaintext
Raw Blame History

# NODA2 Environment Template — SAFE (no secrets)
# Copy to .env and fill in your values
# Generated: 2026-02-27
# ─── Bot Tokens (required for agents) ────────────────────────────────────────
TELEGRAM_BOT_TOKEN=your_main_bot_token
SOFIIA_TELEGRAM_BOT_TOKEN=your_sofiia_bot_token
HELION_TELEGRAM_BOT_TOKEN=your_helion_bot_token
ONEOK_TELEGRAM_BOT_TOKEN=your_oneok_bot_token
# ─── LLM API Keys ─────────────────────────────────────────────────────────────
XAI_API_KEY=xai_your_key_here
GLM5_API_KEY=your_glm_key
COHERE_API_KEY=your_cohere_key
DEEPSEEK_API_KEY=your_deepseek_key
# ─── Service Keys ─────────────────────────────────────────────────────────────
NOTION_API_KEY=ntn_your_notion_key
AGENTMAIL_API_KEY=your_agentmail_key
SOFIIA_CONSOLE_API_KEY=generate_with_openssl_rand_hex_24
SUPERVISOR_API_KEY=generate_with_openssl_rand_hex_24
BROWSER_ENCRYPTION_KEY=generate_with_openssl_rand_hex_32
# ─── Database ─────────────────────────────────────────────────────────────────
POSTGRES_PASSWORD=your_postgres_password
ONEOK_ESPO_DB_ROOT_PASSWORD=your_espo_root_pw
ONEOK_ESPO_DB_PASSWORD=your_espo_pw
ONEOK_ESPO_ADMIN_PASSWORD=your_espo_admin_pw
ONEOK_ADAPTER_API_KEY=your_oneok_adapter_key
# ─── Gateway ──────────────────────────────────────────────────────────────────
GATEWAY_PORT=9300
# ─── URLs ─────────────────────────────────────────────────────────────────────
OLLAMA_URL=http://host.docker.internal:11434
OPENCODE_URL=http://host.docker.internal:9102
# ─── Node Operations (P1 Security: SSH key file, NOT password) ────────────────
# IMPORTANT: Do NOT set NODES_NODA1_SSH_PASSWORD here
# sofiia-console reads SSH key from: secrets/noda1_id_ed25519 (file mount)
# See: ops/security_hardening_node2.md for key generation guide
# ─── Optional ──────────────────────────────────────────────────────────────────
ENV=prod
CORS_ORIGINS=
LLAMA_SERVER_API_KEY=
ALERT_DATABASE_URL=
Reference in New Issue View Git Blame Copy Permalink