BetterCorp/BetterFrame
1
0
Fork 0
mirror of https://github.com/BetterCorp/BetterFrame.git synced 2026-05-26 17:56:34 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 10
BetterFrame/sec-config.yaml
Mitchell R 49d730cf7f
refactor: remove all process.env and envStr() from server code 
All runtime config now flows exclusively through BSB plugin config
(this.config.*) or shared module parameters. No more env var overrides.

Changes:
- Delete shared/env-overrides.ts (envStr/envBool/envInt helpers)
- version.ts: remove env var chain, keep only .bf-version file + "dev"
- firmware.ts: replace BF_FIRMWARE_SIGNING_KEY env with config.signingKeyPem
  parameter, remove tryParsePrivateKey helper
- secrets.ts: replace process.env.CREDENTIALS_DIRECTORY with
  config.systemdCredsDir
- mqtt-bridge.ts: accept MqttConfig object instead of reading process.env
- service-store: replace envStr calls with this.config.*, build pgUrl from
  config fields, add pgPoolMax config
- pg-adapter.ts: accept poolMax constructor param instead of env var
- service-admin-http: add firmwareSigningKey, firmwareImportApiKey,
  otaImportApiKey, systemdCredsDir config fields; pass to shared modules
- middleware.ts: replace tokenMatchesEnv with tokenMatchesExpected using
  deps.firmwareImportApiKey/otaImportApiKey
- service-api-http: add mqttUrl/mqttUsername/mqttPassword/mqttTopicPrefix
  config fields; pass to initMqttBridge
- service-coordinator-ws: replace envStr calls with this.config.*
- sec-config.yaml: add all new config fields with sensible defaults
- docker-compose.coolify.yml: remove all BF_* env vars from server service

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-05-23 13:22:44 +02:00

90 lines
2.6 KiB
YAML
Raw Blame History

# BSB runtime configuration for BetterFrame server.
#
# Profile: 'default' — single-host install where the server, node-red, and
# (optionally) one kiosk all run on the same Pi. For multi-kiosk deployments
# the server is the same; kiosks have their own runtime config.
#
# Override individual values via env: BSB_<plugin>_<key>=value (consult BSB
# docs for the exact env-override semantics for v9).
default:
observable:
observable-default:
plugin: observable-default
enabled: true
config: {}
events:
events-default:
plugin: events-default
enabled: true
services:
# ----- Data layer -----
service-store:
plugin: service-store
enabled: true
config:
driver: postgres
sqlitePath: /var/lib/betterframe/betterframe.db
pgHost: postgres
pgPort: 5432
pgDatabase: betterframe
pgUser: betterframe
pgPassword: betterframe
pgPoolMax: 10
# ----- Admin UI + API (includes secrets + auth config) -----
service-admin-http:
plugin: service-admin-http
enabled: true
config:
host: 127.0.0.1
port: 18080
# Secrets (was service-secrets)
dataDir: /var/lib/betterframe
# Auth (was service-auth)
sessionIdleSeconds: 43200 # 12h
sessionMaxSeconds: 2592000 # 30d
loginLockoutThreshold: 8
loginLockoutSeconds: 900 # 15m
argon2Memory: 65536 # KiB; tuned for Pi5 ~100ms
argon2TimeCost: 3
argon2Parallelism: 2
cookieName: betterframe_session
totpIssuer: BetterFrame
noderedUrl: http://127.0.0.1:1880
selfUrl: http://127.0.0.1:18080
systemdCredsDir: ""
firmwareSigningKey: ""
firmwareImportApiKey: ""
otaImportApiKey: ""
# ----- Kiosk-facing REST API -----
service-api-http:
plugin: service-api-http
enabled: true
config:
host: 127.0.0.1
port: 18081
codeTtlSeconds: 600 # 10m pairing code TTL
dataDir: /var/lib/betterframe
argon2Memory: 65536
argon2TimeCost: 3
argon2Parallelism: 2
noderedUrl: http://127.0.0.1:1880
mqttUrl: ""
mqttUsername: ""
mqttPassword: ""
mqttTopicPrefix: betterframe
# ----- Live kiosk WebSocket channel -----
service-coordinator-ws:
plugin: service-coordinator-ws
enabled: true
config:
host: 127.0.0.1
port: 18082
noderedUrl: http://127.0.0.1:1880
dataDir: /var/lib/betterframe
argon2Memory: 65536
argon2TimeCost: 3
argon2Parallelism: 2
Reference in a new issue View git blame Copy permalink