chore: add deployment docs, model script, and finalize env config
Phase 6 deployment infrastructure: finalize Dockerfile with OCI labels, improve .env.example with grouped config keys, add scripts/pull-models.sh for Mac-side model setup, and add docs/deploy.md covering the full deployment topology, prerequisites, security model, and troubleshooting. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
+24
-15
@@ -1,32 +1,41 @@
|
||||
# foreman configuration — all env vars are FOREMAN_* namespaced.
|
||||
# Copy to .env and fill in values for local development.
|
||||
# === foreman daemon configuration ===
|
||||
|
||||
# Listen address for the HTTP server (default: :8080)
|
||||
# Listen address (default: :8080)
|
||||
FOREMAN_ADDR=:8080
|
||||
|
||||
# Base URL of the Ollama target (required)
|
||||
FOREMAN_OLLAMA_URL=http://mac.tail:11434
|
||||
# Ollama target URL (required — the Mac's Tailscale address)
|
||||
FOREMAN_OLLAMA_URL=http://100.x.x.x:11434
|
||||
|
||||
# Optional bearer token foreman sends to the Ollama target
|
||||
# Outbound bearer token for Ollama target (optional)
|
||||
FOREMAN_OLLAMA_TOKEN=
|
||||
|
||||
# Optional bearer token callers must present to foreman
|
||||
FOREMAN_TOKEN=
|
||||
# Inbound bearer token foreman requires of its callers (optional)
|
||||
FOREMAN_TOKEN=change-me-to-a-secret
|
||||
|
||||
# Always-resident embedder model (e.g. nomic-embed-text, qwen3-embedding:0.6b)
|
||||
# === Model configuration ===
|
||||
|
||||
# Always-resident embedding model (pinned in slot 1)
|
||||
FOREMAN_EMBED_MODEL=nomic-embed-text
|
||||
|
||||
# Path to the SQLite database file (default: foreman.db)
|
||||
FOREMAN_DB_PATH=foreman.db
|
||||
# === Persistence ===
|
||||
|
||||
# How often to poll the target's /api/tags (default: 30s)
|
||||
# SQLite database path (default: foreman.db)
|
||||
FOREMAN_DB_PATH=/data/foreman.db
|
||||
|
||||
# === Polling ===
|
||||
|
||||
# Model polling interval (default: 30s)
|
||||
FOREMAN_POLL_INTERVAL=30s
|
||||
|
||||
# Optional HMAC key for signing webhook payloads (ADR-0005)
|
||||
# === Webhooks ===
|
||||
|
||||
# Webhook HMAC signing secret (optional — signs X-Foreman-Signature header)
|
||||
FOREMAN_WEBHOOK_SECRET=
|
||||
|
||||
# Maximum retry attempts for a job before marking as failed (default: 3)
|
||||
# === Job lifecycle ===
|
||||
|
||||
# Max retry attempts for failed jobs (default: 3)
|
||||
FOREMAN_MAX_ATTEMPTS=3
|
||||
|
||||
# How long to retain completed/failed jobs before pruning (default: 24h)
|
||||
# TTL for completed/failed jobs before pruning (default: 24h)
|
||||
FOREMAN_JOB_TTL=24h
|
||||
|
||||
Reference in New Issue
Block a user