chore: add deployment docs, model script, and finalize env config
CI / Build & Test (push) Failing after 5m53s
CI / Tidy (push) Successful in 9m37s

Phase 6 deployment infrastructure: finalize Dockerfile with OCI labels,
improve .env.example with grouped config keys, add scripts/pull-models.sh
for Mac-side model setup, and add docs/deploy.md covering the full
deployment topology, prerequisites, security model, and troubleshooting.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
2026-05-23 18:43:10 -04:00
parent 4759a06d1b
commit e119ed325b
5 changed files with 297 additions and 15 deletions
+24 -15
View File
@@ -1,32 +1,41 @@
# foreman configuration — all env vars are FOREMAN_* namespaced.
# Copy to .env and fill in values for local development.
# === foreman daemon configuration ===
# Listen address for the HTTP server (default: :8080)
# Listen address (default: :8080)
FOREMAN_ADDR=:8080
# Base URL of the Ollama target (required)
FOREMAN_OLLAMA_URL=http://mac.tail:11434
# Ollama target URL (required — the Mac's Tailscale address)
FOREMAN_OLLAMA_URL=http://100.x.x.x:11434
# Optional bearer token foreman sends to the Ollama target
# Outbound bearer token for Ollama target (optional)
FOREMAN_OLLAMA_TOKEN=
# Optional bearer token callers must present to foreman
FOREMAN_TOKEN=
# Inbound bearer token foreman requires of its callers (optional)
FOREMAN_TOKEN=change-me-to-a-secret
# Always-resident embedder model (e.g. nomic-embed-text, qwen3-embedding:0.6b)
# === Model configuration ===
# Always-resident embedding model (pinned in slot 1)
FOREMAN_EMBED_MODEL=nomic-embed-text
# Path to the SQLite database file (default: foreman.db)
FOREMAN_DB_PATH=foreman.db
# === Persistence ===
# How often to poll the target's /api/tags (default: 30s)
# SQLite database path (default: foreman.db)
FOREMAN_DB_PATH=/data/foreman.db
# === Polling ===
# Model polling interval (default: 30s)
FOREMAN_POLL_INTERVAL=30s
# Optional HMAC key for signing webhook payloads (ADR-0005)
# === Webhooks ===
# Webhook HMAC signing secret (optional — signs X-Foreman-Signature header)
FOREMAN_WEBHOOK_SECRET=
# Maximum retry attempts for a job before marking as failed (default: 3)
# === Job lifecycle ===
# Max retry attempts for failed jobs (default: 3)
FOREMAN_MAX_ATTEMPTS=3
# How long to retain completed/failed jobs before pruning (default: 24h)
# TTL for completed/failed jobs before pruning (default: 24h)
FOREMAN_JOB_TTL=24h