-
Notifications
You must be signed in to change notification settings - Fork 2
Expand file tree
/
Copy path.env.example
More file actions
154 lines (135 loc) · 7.36 KB
/
.env.example
File metadata and controls
154 lines (135 loc) · 7.36 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
# ============================================================
# Nora — Environment Configuration
# ============================================================
# Copy this file to .env and replace all <REPLACE_...> values.
#
# Generate secrets with:
# node -e "console.log(require('crypto').randomBytes(32).toString('hex'))"
# ============================================================
# ── Required ─────────────────────────────────────────────────
JWT_SECRET=<REPLACE_WITH_RANDOM_SECRET> # min 32 chars — used to sign JWTs
ENCRYPTION_KEY=<REPLACE_WITH_64_HEX_CHARS> # 32-byte hex key for AES-256-GCM (run the command above)
# ── Bootstrap Admin Account (optional; created on first boot only when both are set securely) ──
DEFAULT_ADMIN_EMAIL=<REPLACE_WITH_BOOTSTRAP_ADMIN_EMAIL>
DEFAULT_ADMIN_PASSWORD=<REPLACE_WITH_STRONG_BOOTSTRAP_PASSWORD> # min 12 chars; no insecure defaults
# ── Database (defaults work with Docker Compose) ─────────────
DB_HOST=postgres
DB_USER=nora
DB_PASSWORD=<REPLACE_WITH_YOUR_DB_PASSWORD>
DB_NAME=nora
DB_PORT=5432
# ── Redis (defaults work with Docker Compose) ────────────────
REDIS_HOST=redis
REDIS_PORT=6379
PORT=4000
# ── Deployment Queue / Provisioner throughput ──────────────
# Higher values reduce time spent in "queued" under bursty deploy load, but
# increase image-pull/bootstrap pressure on the host.
DEPLOYMENT_WORKER_CONCURRENCY=6
# ── Access / URL ─────────────────────────────────────────────
# Local default:
# NGINX_CONFIG_FILE=nginx.conf
# NGINX_HTTP_PORT=8080
# NEXTAUTH_URL=http://localhost:8080
# Public domain:
# NGINX_CONFIG_FILE=nginx.public.conf
# NGINX_HTTP_PORT=80
# NEXTAUTH_URL=https://app.example.com
# CORS_ORIGINS=https://app.example.com
NGINX_CONFIG_FILE=nginx.conf
NGINX_HTTP_PORT=8080
# ── OAuth (disabled by default until provider verification is completed) ──
OAUTH_LOGIN_ENABLED=false
NEXT_PUBLIC_OAUTH_LOGIN_ENABLED=false
GOOGLE_CLIENT_ID=<REPLACE_WITH_GOOGLE_CLIENT_ID>
GOOGLE_CLIENT_SECRET=<REPLACE_WITH_GOOGLE_CLIENT_SECRET>
GITHUB_CLIENT_ID=<REPLACE_WITH_GITHUB_CLIENT_ID>
GITHUB_CLIENT_SECRET=<REPLACE_WITH_GITHUB_CLIENT_SECRET>
NEXTAUTH_SECRET=<REPLACE_WITH_RANDOM_SECRET> # used by NextAuth.js session encryption
NEXTAUTH_URL=http://localhost:8080 # set to your public https:// URL when exposed on a domain
# ── Release Tracking / Admin Upgrade Banner (optional) ──────
# Set NORA_CURRENT_VERSION from your deploy pipeline. If NORA_GITHUB_REPO
# is set, Nora will fetch the latest published GitHub release automatically
# and compare it against the running version.
#
# Typical GitHub release notes URL:
# https://github.com/<owner>/<repo>/releases/tag/v1.2.3
#
# Typical source-based self-hosted upgrade command:
# git pull --ff-only && docker compose up -d --build
NORA_CURRENT_VERSION=
NORA_CURRENT_COMMIT=
NORA_GITHUB_REPO=solomon2773/nora
NORA_GITHUB_TOKEN= # optional; helps with GitHub API rate limits
NORA_RELEASE_CACHE_TTL_MS=300000 # 5 minutes
NORA_LATEST_VERSION=
NORA_LATEST_PUBLISHED_AT=
NORA_RELEASE_NOTES_URL=
NORA_LATEST_SEVERITY=warning # info | warning | critical
NORA_UPGRADE_REQUIRED=false
NORA_AUTO_UPGRADE_ENABLED=false # reserved for a future updater service
NORA_INSTALL_METHOD=source # source | docker_image | custom
NORA_MANUAL_UPGRADE_COMMAND=git pull --ff-only && docker compose up -d --build
# Optional advanced override. Leave unset to use the built-in default steps.
NORA_MANUAL_UPGRADE_STEPS=
# ── System Banner / Testing Warning (optional) ───────────────
# Master switch for the admin-configured banner shown across /app and /admin.
# Banner copy and severity are managed from the admin settings page.
NORA_SYSTEM_BANNER_ENABLED=false
# ── Platform Mode ─────────────────────────────────────────────
# "selfhosted" (default) — operator sets max resource limits below;
# users pick vCPU/RAM/disk within those limits.
# "paas" — Stripe billing enabled; resources locked to plan tiers.
PLATFORM_MODE=selfhosted
# ── Self-hosted resource limits (only when PLATFORM_MODE=selfhosted) ─
MAX_VCPU=16
MAX_RAM_MB=32768
MAX_DISK_GB=500
MAX_AGENTS=50
# ── Billing / Stripe (only when PLATFORM_MODE=paas) ─────────
BILLING_ENABLED=false
STRIPE_SECRET_KEY=<REPLACE_WITH_STRIPE_SECRET_KEY> # sk_test_... or sk_live_...
STRIPE_WEBHOOK_SECRET=<REPLACE_WITH_STRIPE_WEBHOOK_SECRET> # whsec_...
STRIPE_PRICE_PRO=<REPLACE_WITH_STRIPE_PRICE_ID> # price_...
STRIPE_PRICE_ENTERPRISE=<REPLACE_WITH_STRIPE_PRICE_ID> # price_...
# ── Runtime families & deploy backends ───────────────────────
# High-level runtime contracts. Supported ids: openclaw, hermes.
# When set, Nora ensures each enabled runtime family has a default
# deploy backend available.
ENABLED_RUNTIME_FAMILIES=openclaw
#
# Low-level deploy backend ids. Keep using this for concrete OpenClaw
# paths such as k8s, proxmox, or nemoclaw. Supported ids:
# docker, k8s, proxmox, nemoclaw, hermes.
ENABLED_BACKENDS=docker
# Kubernetes backend (when ENABLED_BACKENDS includes k8s)
# Requires kubeconfig mounted into backend-api and worker-provisioner,
# or in-cluster Kubernetes environment variables.
K8S_NAMESPACE=openclaw-agents
K8S_EXPOSURE_MODE=cluster-ip
K8S_RUNTIME_NODE_PORT=
K8S_GATEWAY_NODE_PORT=
K8S_RUNTIME_HOST=
# ── Proxmox (when ENABLED_BACKENDS includes proxmox) ─────────
PROXMOX_API_URL=<REPLACE_WITH_PROXMOX_URL> # https://proxmox.local:8006/api2/json
PROXMOX_TOKEN_ID=<REPLACE_WITH_TOKEN_ID> # user@pam!tokenname
PROXMOX_TOKEN_SECRET=<REPLACE_WITH_TOKEN_SECRET>
PROXMOX_NODE=pve
PROXMOX_TEMPLATE=ubuntu-22.04-standard
# ── NemoClaw / NVIDIA (when ENABLED_BACKENDS includes nemoclaw) ──
NVIDIA_API_KEY= # from build.nvidia.com
NEMOCLAW_DEFAULT_MODEL=nvidia/nemotron-3-super-120b-a12b
# Default: Nora-built image layering tsx + sandbox-writable runtime dirs on
# top of the upstream OpenShell base (agent-runtime/Dockerfile.nemoclaw-agent).
# Built automatically by setup.sh when ENABLED_BACKENDS contains nemoclaw.
NEMOCLAW_SANDBOX_IMAGE=nora-nemoclaw-agent:local
# ── Security ─────────────────────────────────────────────────
CORS_ORIGINS=http://localhost:8080 # comma-separated; use your public origin when exposed on a domain
# ── LLM Key Storage: database (default) | env ───────────────
KEY_STORAGE=database
# ── Backups & TLS (optional) ─────────────────────────────────
TLS_CERT_PATH=
TLS_KEY_PATH=
AWS_S3_BUCKET=<REPLACE_WITH_S3_BUCKET_NAME>
AWS_ACCESS_KEY_ID=<REPLACE_WITH_AWS_ACCESS_KEY>
AWS_SECRET_ACCESS_KEY=<REPLACE_WITH_AWS_SECRET_KEY>