tinqs/studio
7
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity
Files
main
studio/services/admin/.env.example
T
ozan a81a450e7e feat: monorepo consolidation — merge CLI, bot, admin, team-tool, website, docs, runner, proxy 
Merged into tinqs/studio:
- cmd/tinqs-cli/    — tinqs-cli (Go binary, from bot/cli)
- cmd/tea/          — Gitea CLI tool (from tinqs/cli-tea)
- services/bot/     — Bot service (from tinqs-ltd/bot on git.arikigame.com)
- services/admin/   — Admin panel (from tinqs/admin)
- services/team-tool/ — Team Tool (from tinqs/team-tool)
- services/proxy/   — tinqs-proxy (from bot/proxy)
- web/landing/      — tinqs.com website (from tinqs/website)
- web/docs/         — Platform docs (from tinqs/docs)
- web/blog/         — Blog (placeholder)
- runner/           — Ephemeral CI runner (from tinqs/runner)

All source repos will be deleted after verification.
2026-05-22 04:55:50 +00:00

64 lines
3.4 KiB
Bash
Raw Permalink Blame History

# ── Gitea (headless git backend) ──────────────────────────────────────────────
# Server-side only — one ops-managed token for Next.js → Gitea REST API.
# Team members never create Gitea tokens; Tailscale identifies them to this app.
#
# Local dev (on tailnet): https://git.arikigame.com
# Local dev (off tailnet): leave blank — repo features will show errors
# Docker Compose (v2 host): https://git.arikigame.com (Gitea built-in TLS on :443)
# Local Gitea on :3000: http://host.docker.internal:3000
GITEA_URL=https://git.arikigame.com
GITEA_SERVICE_TOKEN=
# Legacy alias (optional): GITEA_TOKEN=
# ── PostgreSQL (optional in dev) ─────────────────────────────────────────────
# If unset or unreachable, the app still boots — repo browsing works.
# User persistence, orgs, and audit log require Postgres.
# Start with: docker compose up postgres -d
DATABASE_URL=postgresql://admin:admin@localhost:5432/admin_arikigame
# ── Auth ─────────────────────────────────────────────────────────────────────
# Dev auth bypass — set "true" for local dev without Tailscale.
# Production: "false" (only Tailscale identity headers count).
ALLOW_DEV_AUTH=true
# Fallback identity when Tailscale headers are absent (dev/staging only).
FALLBACK_USER_EMAIL=ozan@tinqs.com
FALLBACK_USER_NAME=Ozan
# Production without `tailscale serve` in front: host runs scripts/tailscale-whois-proxy.mjs
# so middleware can map tailnet client IP → login (see docs/TAILSCALE-PRODUCTION.md).
# TAILSCALE_WHOIS_PROXY_URL=http://host.docker.internal:39139
# ── Optional ─────────────────────────────────────────────────────────────────
# Gitea webhook secret (must match Gitea webhook config)
WEBHOOK_SECRET=
# Bootstrap: promote this email to admin on first visit
# BOOTSTRAP_ADMIN_EMAIL=ozan@tinqs.com
# Secondary portal password (if PORTAL_SECONDARY_REQUIRED=true)
# PORTAL_SECONDARY_REQUIRED=false
# PORTAL_SECONDARY_SECRET= (16+ chars)
# ── Infrastructure API (optional) ─────────────────────────────────────────────
# Tailscale API: device list + DNS (Bearer). Key from https://login.tailscale.com/admin/settings/keys
# TS_API_KEY=
# TS_TAILNET=tinqs.com
#
# GitHub API: org repo list + file checks for agent scan (fine-grained or classic PAT)
# GITHUB_TOKEN=
# ── AI Agent (per-repo chat — coming soon) ───────────────────────────────────
# Qwen: open-source default model via OpenAI-compatible API
# AGENT_QWEN_URL=http://localhost:11434/v1
# AGENT_QWEN_MODEL=qwen3:32b
#
# Anthropic: Sentinel chat + gateway tools (server-side only)
# ANTHROPIC_API_KEY=
# ── Gateway MCP (JSON-RPC at /api/mcp) ─────────────────────────────────────
# Shared secret for MCP clients (Cursor, automation). Same role as legacy private-gateway.
# MCP_STATIC_TOKEN=
# Optional: protect cron tick endpoints
# CRON_SECRET=
Reference in New Issue View Git Blame Copy Permalink