admin/honeyDueAPI
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
ca818e84785b741b2f2151d0dfa74a68874d0e51
honeyDueAPI/deploy-k3s-dev/config.yaml.example
Trey t 34553f3bec Add K3s dev deployment setup for single-node VPS 
Mirrors the prod deploy-k3s/ setup but runs all services in-cluster
on a single node: PostgreSQL (replaces Neon), MinIO S3-compatible
storage (replaces B2), Redis, API, worker, and admin.

Includes fully automated setup scripts (00-init through 04-verify),
server hardening (SSH, fail2ban, ufw), Let's Encrypt TLS via Traefik,
network policies, RBAC, and security contexts matching prod.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-30 21:30:39 -05:00

104 lines
2.8 KiB
Plaintext
Raw Blame History

# config.yaml — single source of truth for honeyDue K3s DEV deployment
# Copy to config.yaml, fill in all empty values, then run scripts in order.
# This file is gitignored — never commit it with real values.
# --- Server ---
server:
host: "" # Server IP or SSH config alias
user: root # SSH user
ssh_key: ~/.ssh/id_ed25519
# --- Domains ---
domains:
api: devapi.myhoneydue.com
admin: devadmin.myhoneydue.com
base: dev.myhoneydue.com
# --- Container Registry (GHCR) ---
registry:
server: ghcr.io
namespace: "" # GitHub username or org
username: "" # GitHub username
token: "" # PAT with read:packages, write:packages
# --- Database (in-cluster PostgreSQL) ---
database:
name: honeydue_dev
user: honeydue
# password goes in secrets/postgres_password.txt
max_open_conns: 10
max_idle_conns: 5
max_lifetime: "600s"
# --- Email (Fastmail) ---
email:
host: smtp.fastmail.com
port: 587
user: "" # Fastmail email address
from: "honeyDue DEV <noreply@myhoneydue.com>"
use_tls: true
# --- Push Notifications ---
push:
apns_key_id: ""
apns_team_id: ""
apns_topic: com.tt.honeyDue
apns_production: false
apns_use_sandbox: true # Sandbox for dev
# --- Object Storage (in-cluster MinIO — S3-compatible, replaces B2) ---
storage:
minio_root_user: honeydue # MinIO access key
# minio_root_password goes in secrets/minio_root_password.txt
bucket: honeydue-dev
max_file_size: 10485760
allowed_types: "image/jpeg,image/png,image/gif,image/webp,application/pdf"
# --- Worker Schedules (UTC hours) ---
worker:
task_reminder_hour: 14
overdue_reminder_hour: 15
daily_digest_hour: 3
# --- Feature Flags ---
features:
push_enabled: true
email_enabled: false # Disabled for dev by default
webhooks_enabled: false
onboarding_emails_enabled: false
pdf_reports_enabled: true
worker_enabled: true
# --- Redis ---
redis:
password: "" # Set a strong password
# --- Admin Panel ---
admin:
basic_auth_user: "" # HTTP basic auth username
basic_auth_password: "" # HTTP basic auth password
# --- TLS ---
tls:
mode: letsencrypt # "letsencrypt" or "cloudflare"
letsencrypt_email: "" # Required if mode=letsencrypt
# If mode=cloudflare, create secrets/cloudflare-origin.crt and .key
# --- Apple Auth / IAP (optional) ---
apple_auth:
client_id: ""
team_id: ""
iap_key_id: ""
iap_issuer_id: ""
iap_bundle_id: ""
iap_key_path: ""
iap_sandbox: true
# --- Google Auth / IAP (optional) ---
google_auth:
client_id: ""
android_client_id: ""
ios_client_id: ""
iap_package_name: ""
iap_service_account_path: ""
Reference in New Issue View Git Blame Copy Permalink