feat(07-01): create config/ folder and YAML example files
- Added backend.yaml.example with AI, DB, auth, and logging schema - Added frontend.yaml.example with API and feature flag schema - Added network.yaml.example with ports and SSL schema - Added docker.yaml.example with resource and volume schema - Added secrets.yaml.example as a template for sensitive data - All files include comprehensive comments documenting every variable
This commit is contained in:
110
config/backend.yaml.example
Normal file
110
config/backend.yaml.example
Normal file
@@ -0,0 +1,110 @@
|
||||
# =============================================================================
|
||||
# TFM aInventory - Backend Configuration Schema (v1.12.0)
|
||||
# =============================================================================
|
||||
# Purpose: Configuration for the FastAPI backend, database, AI, and logging.
|
||||
# Load order: system environment variables > config/backend.yaml > code defaults.
|
||||
# Required/Optional: Most are optional; defaults in code provide sensible behavior.
|
||||
# =============================================================================
|
||||
|
||||
# --- Database & Storage ---
|
||||
database:
|
||||
# Path to SQLite database file (relative to backend/ folder)
|
||||
# Default: data/inventory.db
|
||||
# Environment: BACKEND_DATABASE_SQLITE_PATH
|
||||
sqlite_path: "data/inventory.db"
|
||||
|
||||
# Keep database logs for performance auditing?
|
||||
# Default: true
|
||||
# Environment: BACKEND_DATABASE_WAL_MODE
|
||||
wal_mode: true
|
||||
|
||||
# How many days of audit logs to keep?
|
||||
# Default: 30
|
||||
# Environment: BACKEND_DATABASE_LOG_RETENTION_DAYS
|
||||
log_retention_days: 30
|
||||
|
||||
# --- AI & Vision Services ---
|
||||
ai:
|
||||
# Primary provider for image OCR and classification (gemini|claude)
|
||||
# Default: gemini
|
||||
# Environment: BACKEND_AI_PRIMARY_AI_PROVIDER
|
||||
primary_ai_provider: "gemini"
|
||||
|
||||
# Fallback provider if primary fails
|
||||
# Default: claude
|
||||
# Environment: BACKEND_AI_FALLBACK_PROVIDER
|
||||
fallback_provider: "claude"
|
||||
|
||||
# Gemini API Key (obtain from https://aistudio.google.com/)
|
||||
# Environment: BACKEND_AI_GEMINI_API_KEY or GEMINI_API_KEY
|
||||
gemini_api_key: "your-gemini-api-key"
|
||||
|
||||
# Claude API Key (obtain from Anthropic Console)
|
||||
# Environment: BACKEND_AI_CLAUDE_API_KEY or CLAUDE_API_KEY
|
||||
claude_api_key: "your-claude-api-key"
|
||||
|
||||
# --- Authentication & LDAP ---
|
||||
auth:
|
||||
# JWT Secret Key (min 32 chars)
|
||||
# Generate with: openssl rand -hex 32
|
||||
# Environment: BACKEND_AUTH_JWT_SECRET_KEY or JWT_SECRET_KEY
|
||||
jwt_secret_key: "change_me_in_production"
|
||||
|
||||
# LDAP Server address (optional)
|
||||
# Example: "ldap://192.168.1.100"
|
||||
# Environment: BACKEND_AUTH_LDAP_SERVER
|
||||
ldap_server: ""
|
||||
|
||||
# LDAP Base DN for user search
|
||||
# Example: "dc=example,dc=com"
|
||||
# Environment: BACKEND_AUTH_LDAP_BASE_DN
|
||||
ldap_base_dn: ""
|
||||
|
||||
# Path to store hashed passwords for offline use
|
||||
# Environment: BACKEND_AUTH_PASSWORD_CACHE_PATH
|
||||
password_cache_path: "data/.passwords"
|
||||
|
||||
# --- Logging & Diagnostics ---
|
||||
logging:
|
||||
# Log level (DEBUG|INFO|WARNING|ERROR)
|
||||
# Default: INFO
|
||||
# Environment: BACKEND_LOGGING_LOG_LEVEL or LOG_LEVEL
|
||||
log_level: "INFO"
|
||||
|
||||
# Log file rotation size in megabytes
|
||||
# Default: 10
|
||||
# Environment: BACKEND_LOGGING_LOG_ROTATION_SIZE_MB
|
||||
log_rotation_size_mb: 10
|
||||
|
||||
# Number of rotated log files to keep
|
||||
# Default: 5
|
||||
# Environment: BACKEND_LOGGING_LOG_ROTATION_COUNT
|
||||
log_rotation_count: 5
|
||||
|
||||
# --- Application ---
|
||||
application:
|
||||
# Directory for persistent data
|
||||
# Environment: BACKEND_APPLICATION_DATA_DIR or DATA_DIR
|
||||
data_dir: "./data"
|
||||
|
||||
# Directory for log files
|
||||
# Environment: BACKEND_APPLICATION_LOGS_DIR or LOGS_DIR
|
||||
logs_dir: "./logs"
|
||||
|
||||
# Comma-separated list of extra allowed CORS origins (IPs/FQDNs)
|
||||
# Environment: BACKEND_APPLICATION_CORS_ORIGINS or EXTRA_ALLOWED_ORIGINS
|
||||
cors_origins: "http://localhost:8917"
|
||||
|
||||
# --- Feature Flags ---
|
||||
features:
|
||||
# Enable AI image extraction and OCR?
|
||||
# Default: true
|
||||
ai_extraction_enabled: true
|
||||
|
||||
# Enable offline synchronization features?
|
||||
# Default: true
|
||||
offline_sync_enabled: true
|
||||
|
||||
# Enable detailed audit logging for each API request?
|
||||
# Default: true
|
||||
audit_logging_enabled: true
|
||||
61
config/docker.yaml.example
Normal file
61
config/docker.yaml.example
Normal file
@@ -0,0 +1,61 @@
|
||||
# =============================================================================
|
||||
# TFM aInventory - Docker Configuration Schema (v1.12.0)
|
||||
# =============================================================================
|
||||
# Purpose: Resource limits, image tags, and volume management for Docker.
|
||||
# =============================================================================
|
||||
|
||||
# --- Image Management ---
|
||||
images:
|
||||
# Backend container image name and tag
|
||||
# Default: backend:latest
|
||||
backend_image: "backend:latest"
|
||||
|
||||
# Frontend container image name and tag
|
||||
# Default: frontend:latest
|
||||
frontend_image: "frontend:latest"
|
||||
|
||||
# Proxy container image name and tag
|
||||
# Default: caddy:latest
|
||||
proxy_image: "caddy:latest"
|
||||
|
||||
# --- Resource Constraints ---
|
||||
resources:
|
||||
# CPU limit for the backend container
|
||||
# Default: 1.0 (1 core)
|
||||
backend_cpu_limit: "1.0"
|
||||
|
||||
# Memory limit for the backend container
|
||||
# Default: 1G
|
||||
backend_memory_limit: "1G"
|
||||
|
||||
# CPU limit for the frontend container
|
||||
# Default: 0.5 (0.5 core)
|
||||
frontend_cpu_limit: "0.5"
|
||||
|
||||
# Memory limit for the frontend container
|
||||
# Default: 512M
|
||||
frontend_memory_limit: "512M"
|
||||
|
||||
# --- Volume Management ---
|
||||
volumes:
|
||||
# Driver to use for data volume
|
||||
# Default: local
|
||||
data_volume_driver: "local"
|
||||
|
||||
# Driver to use for logs volume
|
||||
# Default: local
|
||||
logs_volume_driver: "local"
|
||||
|
||||
# Use named volumes instead of bind mounts for persistence?
|
||||
# Default: true
|
||||
use_named_volumes: true
|
||||
|
||||
# --- Networking ---
|
||||
network:
|
||||
# Internal Docker network name
|
||||
# Default: inventory-net
|
||||
network_name: "inventory-net"
|
||||
|
||||
# Internal Docker network driver
|
||||
# Default: bridge
|
||||
network_driver: "bridge"
|
||||
63
config/frontend.yaml.example
Normal file
63
config/frontend.yaml.example
Normal file
@@ -0,0 +1,63 @@
|
||||
# =============================================================================
|
||||
# TFM aInventory - Frontend Configuration Schema (v1.12.0)
|
||||
# =============================================================================
|
||||
# Purpose: Configuration for the Next.js frontend application.
|
||||
# =============================================================================
|
||||
|
||||
# --- API Connection ---
|
||||
api:
|
||||
# Base URL of the backend API
|
||||
# Default: http://localhost:8916
|
||||
# Environment: FRONTEND_API_BACKEND_URL or BACKEND_URL
|
||||
backend_url: "http://localhost:8916"
|
||||
|
||||
# API timeout in milliseconds
|
||||
# Default: 30000 (30 seconds)
|
||||
# Environment: FRONTEND_API_TIMEOUT_MS
|
||||
timeout_ms: 30000
|
||||
|
||||
# --- Feature Flags & PWA ---
|
||||
features:
|
||||
# Enable PWA service worker?
|
||||
# Default: true
|
||||
service_worker_enabled: true
|
||||
|
||||
# Enable offline functionality?
|
||||
# Default: true
|
||||
offline_enabled: true
|
||||
|
||||
# Enable AI image extraction UI features?
|
||||
# Default: true
|
||||
ai_extraction_ui_enabled: true
|
||||
|
||||
# --- PWA Branding ---
|
||||
pwa:
|
||||
# Application long name
|
||||
# Default: TFM aInventory
|
||||
app_name: "TFM aInventory"
|
||||
|
||||
# Application short name for home screen
|
||||
# Default: aInventory
|
||||
short_name: "aInventory"
|
||||
|
||||
# Initial URL to open on launch
|
||||
# Default: /
|
||||
start_url: "/"
|
||||
|
||||
# Display mode (standalone|browser|minimal-ui|fullscreen)
|
||||
# Default: standalone
|
||||
display_mode: "standalone"
|
||||
|
||||
# --- Feature Toggles ---
|
||||
toggles:
|
||||
# Enable built-in QR code scanner?
|
||||
# Default: true
|
||||
enable_qr_scanner: true
|
||||
|
||||
# Enable built-in barcode scanner?
|
||||
# Default: true
|
||||
enable_barcode_scanner: true
|
||||
|
||||
# Enable batch import functionality?
|
||||
# Default: true
|
||||
enable_batch_import: true
|
||||
73
config/network.yaml.example
Normal file
73
config/network.yaml.example
Normal file
@@ -0,0 +1,73 @@
|
||||
# =============================================================================
|
||||
# TFM aInventory - Network Configuration Schema (v1.12.0)
|
||||
# =============================================================================
|
||||
# Purpose: Network ports, SSL settings, and proxy configuration.
|
||||
# =============================================================================
|
||||
|
||||
# --- Port Assignments ---
|
||||
ports:
|
||||
# Host-side port for HTTP backend
|
||||
# Default: 8916
|
||||
# Environment: NETWORK_PORTS_BACKEND_PORT or BACKEND_PORT
|
||||
backend_port: 8916
|
||||
|
||||
# Host-side port for HTTP frontend
|
||||
# Default: 8917
|
||||
# Environment: NETWORK_PORTS_FRONTEND_PORT or FRONTEND_PORT
|
||||
frontend_port: 8917
|
||||
|
||||
# Host-side port for HTTPS backend (via Caddy)
|
||||
# Default: 8918
|
||||
# Environment: NETWORK_PORTS_BACKEND_SSL_PORT or BACKEND_SSL_PORT
|
||||
backend_ssl_port: 8918
|
||||
|
||||
# Host-side port for HTTPS frontend (via Caddy)
|
||||
# Default: 8919
|
||||
# Environment: NETWORK_PORTS_FRONTEND_SSL_PORT or FRONTEND_SSL_PORT
|
||||
frontend_ssl_port: 8919
|
||||
|
||||
# --- SSL & Security ---
|
||||
ssl:
|
||||
# Enable SSL/TLS termination via reverse proxy?
|
||||
# Default: true
|
||||
# Environment: NETWORK_SSL_ENABLED
|
||||
ssl_enabled: true
|
||||
|
||||
# Path to SSL certificate (if not using Caddy's auto-HTTPS)
|
||||
# Environment: NETWORK_SSL_CERTIFICATE_PATH
|
||||
certificate_path: ""
|
||||
|
||||
# Path to SSL private key
|
||||
# Environment: NETWORK_SSL_KEY_PATH
|
||||
key_path: ""
|
||||
|
||||
# --- Proxy (Caddy) Configuration ---
|
||||
proxy:
|
||||
# Caddy log level (debug|info|warn|error)
|
||||
# Default: info
|
||||
# Environment: NETWORK_PROXY_CADDY_LOG_LEVEL
|
||||
caddy_log_level: "info"
|
||||
|
||||
# Maximum timeout for reading requests in seconds
|
||||
# Default: 60
|
||||
# Environment: NETWORK_PROXY_READ_TIMEOUT_S
|
||||
proxy_read_timeout_s: 60
|
||||
|
||||
# Maximum request body size in MB
|
||||
# Default: 10
|
||||
# Environment: NETWORK_PROXY_MAX_REQUEST_SIZE_MB
|
||||
max_request_size_mb: 10
|
||||
|
||||
# --- CORS Policies ---
|
||||
cors:
|
||||
# Comma-separated list of allowed origins
|
||||
# Environment: NETWORK_CORS_ALLOWED_ORIGINS or EXTRA_ALLOWED_ORIGINS
|
||||
allowed_origins: "*"
|
||||
|
||||
# Allowed HTTP methods
|
||||
# Environment: NETWORK_CORS_ALLOWED_METHODS
|
||||
allowed_methods: "GET,POST,PUT,DELETE,OPTIONS"
|
||||
|
||||
# Allowed HTTP headers
|
||||
# Environment: NETWORK_CORS_ALLOWED_HEADERS
|
||||
allowed_headers: "Authorization,Content-Type,Accept"
|
||||
34
config/secrets.yaml.example
Normal file
34
config/secrets.yaml.example
Normal file
@@ -0,0 +1,34 @@
|
||||
# =============================================================================
|
||||
# TFM aInventory - Secrets Configuration Template (v1.12.0)
|
||||
# =============================================================================
|
||||
# Purpose: Sensitive configuration (API keys, passwords, secret keys).
|
||||
# Security: 'config/secrets.yaml' is ignored by Git. Do NOT commit actual secrets.
|
||||
# Setup: Copy this file to 'config/secrets.yaml' and fill in actual values.
|
||||
# =============================================================================
|
||||
|
||||
# --- JWT Secrets ---
|
||||
# Secret key used for signing JSON Web Tokens.
|
||||
# Generate a strong random key for production use:
|
||||
# python3 -c "import secrets; print(secrets.token_urlsafe(64))"
|
||||
# Environment override: BACKEND_AUTH_JWT_SECRET_KEY or JWT_SECRET_KEY
|
||||
JWT_SECRET_KEY: "CHANGE_ME_IN_PRODUCTION_MIN_32_CHARS"
|
||||
|
||||
# --- AI API Keys ---
|
||||
# Google Gemini API Key (Required for AI image processing)
|
||||
# Get one at: https://aistudio.google.com/
|
||||
# Environment override: BACKEND_AI_GEMINI_API_KEY or GEMINI_API_KEY
|
||||
GEMINI_API_KEY: "your-gemini-api-key"
|
||||
|
||||
# Anthropic Claude API Key (Required for fallback/enhanced processing)
|
||||
# Get one at: https://console.anthropic.com/
|
||||
# Environment override: BACKEND_AI_CLAUDE_API_KEY or CLAUDE_API_KEY
|
||||
CLAUDE_API_KEY: "your-claude-api-key"
|
||||
|
||||
# --- External Services ---
|
||||
# Database password (if using an external DB instead of SQLite)
|
||||
# Environment override: BACKEND_DATABASE_PASSWORD
|
||||
DATABASE_PASSWORD: ""
|
||||
|
||||
# LDAP password for the service account
|
||||
# Environment override: BACKEND_AUTH_LDAP_PASSWORD
|
||||
LDAP_PASSWORD: ""
|
||||
Reference in New Issue
Block a user