-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathsample.env
More file actions
235 lines (193 loc) · 10.3 KB
/
sample.env
File metadata and controls
235 lines (193 loc) · 10.3 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
# ============================================================================
# infernetprotocol.com — Next.js 16 + Tailwind 4 + Supabase Cloud
# ============================================================================
#
# Copy to `.env` for local dev, set as deployment env vars in
# production. Never commit a populated env file — `.gitignore` excludes
# both `.env` and `.env.local`.
#
# Variables prefixed with `NEXT_PUBLIC_` are bundled into the browser by
# Next.js and visible to anyone with devtools. Treat them as public.
# Everything else is server-side only — never prefix a secret with NEXT_PUBLIC_.
#
# Sections:
# 1. Runtime
# 2. Site / branding (PWA + OG cards)
# 3. Supabase Cloud
# 4. Auth & accounts (IPIP-0003)
# 5. Inference (NVIDIA NIM fallback for /chat)
# 6. Payments (CoinPayPortal — IPIP-0004)
# 7. Optional integrations (RunPod, analytics, observability, future relay)
# ============================================================================
# ----------------------------------------------------------------------------
# 1. Runtime
# ----------------------------------------------------------------------------
NODE_ENV=production
PORT=8080
# Public canonical URL the site is served on. Used for:
# - Magic-link redirect URLs (Supabase Auth)
# - OG / Twitter card meta
# - Sitemap.xml, robots.txt, llms.txt
# - PWA manifest start_url
# - The CLI's default control plane (apps/cli/commands/init.js)
NEXT_PUBLIC_APP_URL=https://infernetprotocol.com
# ----------------------------------------------------------------------------
# 2. Site / branding (browser-bundled)
# ----------------------------------------------------------------------------
NEXT_PUBLIC_SITE_NAME=Infernet Protocol
NEXT_PUBLIC_SITE_TAGLINE=Decentralized GPU inference. Bitcoin for AI.
NEXT_PUBLIC_SITE_DESCRIPTION=A peer-to-peer GPU inference marketplace. Operators run one CLI command and start earning crypto. Clients pay in any supported coin. No native token, no rent extraction.
# Default OG / Twitter card image (1200x630 PNG). Override per-page with metadata.
NEXT_PUBLIC_OG_IMAGE_URL=https://infernetprotocol.com/og-image.png
NEXT_PUBLIC_TWITTER_HANDLE=@infernetproto
# PWA — must match `app/manifest.ts` (or `public/manifest.json`)
NEXT_PUBLIC_PWA_NAME=Infernet
NEXT_PUBLIC_PWA_SHORT_NAME=Infernet
NEXT_PUBLIC_PWA_THEME_COLOR=#0a0a0a
NEXT_PUBLIC_PWA_BACKGROUND_COLOR=#0a0a0a
# Mobile app store badges — leave blank to hide. Used by the install CTA.
NEXT_PUBLIC_APP_STORE_URL=
NEXT_PUBLIC_PLAY_STORE_URL=
# ----------------------------------------------------------------------------
# 3. Supabase Cloud
# ----------------------------------------------------------------------------
# Get these from https://supabase.com/dashboard/project/<id>/settings/api
#
# Project URL → `SUPABASE_URL` and `NEXT_PUBLIC_SUPABASE_URL`
# anon (public) key → `NEXT_PUBLIC_SUPABASE_ANON_KEY` (browser-safe)
# service_role key → `SUPABASE_SERVICE_ROLE_KEY` (server-only)
# Server-side
SUPABASE_URL=https://your-project-ref.supabase.co
SUPABASE_SERVICE_ROLE_KEY=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.your-service-role-jwt
SUPABASE_SCHEMA=public
# Browser-side (bundled into the JS the user downloads — must be the anon key,
# never the service_role key)
NEXT_PUBLIC_SUPABASE_URL=https://your-project-ref.supabase.co
NEXT_PUBLIC_SUPABASE_ANON_KEY=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.your-anon-jwt
# Optional: direct Postgres URL (for running migrations from CI, ad-hoc psql,
# Drizzle/Prisma if you add one later). Get from Supabase dashboard →
# Database → Connection String → URI. Keep server-side only.
# DATABASE_URL=postgresql://postgres:<password>@db.<ref>.supabase.co:5432/postgres
# Default page size for list endpoints (/api/jobs, /api/nodes, etc.)
INFERNET_DEFAULT_PAGE_SIZE=25
# ----------------------------------------------------------------------------
# 3a. DB encryption (IPIP-0025)
# ----------------------------------------------------------------------------
# AES-256-GCM key used to encrypt prompt/response content before it hits
# Supabase. Protects conversation data if Supabase credentials are leaked.
#
# Generate:
# node -e "console.log(require('crypto').randomBytes(32).toString('hex'))"
#
# If unset: data is stored plaintext (backwards-compatible, not recommended).
# If set: all input_spec, job_events.data, and result fields are encrypted.
# Rotation: re-encrypt existing rows before rotating (no helper yet — planned).
INFERNET_DB_ENCRYPTION_KEY=
# ----------------------------------------------------------------------------
# 4. Auth & accounts (IPIP-0003)
# ----------------------------------------------------------------------------
# CLI device-code login secret — HMAC key the server uses to sign the bearer
# JWTs handed back to `infernet auth login`. 32 random bytes, hex-encoded.
# Rotate quarterly; rotation invalidates all outstanding CLI tokens.
#
# Generate this and the other random secrets in one shot:
# node tooling/generate-secrets.mjs >> .env
INFERNET_CLI_SESSION_SECRET=
# Email / magic-link delivery is configured at the SUPABASE PROJECT LEVEL,
# not in this .env. For Supabase Cloud:
# Dashboard → Authentication → Providers → Email
# Dashboard → Authentication → Email Templates → SMTP
# For self-hosted Supabase: edit `supabase/config.toml` `[auth.email]`.
# Nothing in this app wires SMTP directly — we delegate to Supabase Auth.
# ----------------------------------------------------------------------------
# 5. Inference (NVIDIA NIM fallback)
# ----------------------------------------------------------------------------
# When the P2P network has no live providers for a chat job, /api/chat falls
# back to NVIDIA's hosted OpenAI-compatible endpoint so the public playground
# never breaks during the bootstrap phase. Leave NVIDIA_NIM_API_KEY blank to
# disable the fallback entirely (jobs with no provider will error with 503).
#
# Get an API key from https://build.nvidia.com → free tier exists.
NVIDIA_NIM_API_KEY=
NVIDIA_NIM_API_URL=https://integrate.api.nvidia.com/v1
NVIDIA_NIM_DEFAULT_MODEL=meta/llama-3.3-70b-instruct
# ----------------------------------------------------------------------------
# 6. Payments (CoinPayPortal — IPIP-0004)
# ----------------------------------------------------------------------------
# Multi-currency payment rails. Supports BTC, BCH, ETH, SOL, POL, BNB, XRP,
# ADA, DOGE, USDT (multi-chain), USDC (multi-chain), Lightning. Operators
# configure payouts per coin/network via `infernet payout set`.
#
# Get keys from your CoinPayPortal dashboard.
# Rotate WEBHOOK_SECRET quarterly — leak = forged transaction confirmations.
COINPAYPORTAL_API_KEY=
COINPAYPORTAL_API_BASE_URL=https://api.coinpayportal.com/v1
COINPAYPORTAL_WEBHOOK_SECRET=
# IPIP-0007 — CPR (CoinPay Reputation Protocol) issuer credentials.
# One-time setup: register Infernet as a reputation issuer (either via
# the `coinpay` CLI or `POST /api/cpr/issuers` with a CoinPay admin key)
# to obtain the issuer API key. Each completed job writes a signed
# Receipt to CPR using this credential.
# coinpay reputation issuer create \
# --did did:web:infernetprotocol.com \
# --name "Infernet Protocol"
CPR_API_BASE_URL=https://coinpayportal.com/api/reputation
CPR_ISSUER_API_KEY=
# Ed25519 verification key the platform uses to sign Receipts and
# expose at /.well-known/did.json. Multibase-encoded (e.g. z6Mk...).
# Generate via `node tooling/generate-secrets.mjs`; the matching
# private key (DID_PRIVATE_KEY_BASE64) is emitted alongside — store
# THAT in a secret manager, not in this file on a shared box.
DID_VERIFICATION_KEY=
DID_PRIVATE_KEY_BASE64=
# Bearer token for /api/cron/* drain endpoints (IPIP-0007 phase 3).
# 32 random bytes hex; generated by tooling/generate-secrets.mjs.
# Whichever scheduler hits the drain endpoint (Vercel Cron, GitHub
# Actions cron, Supabase pg_cron, etc.) sends this as the Bearer.
CRON_SECRET=
# Public webhook URL — set this to the canonical webhook endpoint on your
# deployment, then point CoinPayPortal at it from their dashboard.
# COINPAYPORTAL_WEBHOOK_URL=https://infernetprotocol.com/api/webhooks/coinpayportal
# ----------------------------------------------------------------------------
# 7. Optional integrations
# ----------------------------------------------------------------------------
# /deploy — one-click GPU node provisioning. Currently uses a per-session
# user-supplied RunPod key (no server-side secret needed). Uncomment if you
# wire a server-side default later.
# RUNPOD_API_KEY=
# /api/v1/search — centralized search proxy used by `infernet train data`.
# Operators auth with their Nostr keypair; the platform holds this single
# upstream key and enforces a per-pubkey daily quota.
VALUESERP_API_KEY=
SEARCH_DAILY_LIMIT=50
SEARCH_BURST_PER_MIN=10
# Analytics — Plausible. Set domain to enable.
# NEXT_PUBLIC_PLAUSIBLE_DOMAIN=infernetprotocol.com
# Vercel Analytics — auto-detected when deployed on Vercel; no env needed.
# Sentry / error tracking
# SENTRY_DSN=
# NEXT_PUBLIC_SENTRY_DSN=
# Self-hosted Nostr relay (IPIP-0003 phase 5, deferred). Reserved for when
# the relay actually exists; clients can already override their relay list
# locally via their config.
# NEXT_PUBLIC_INFERNET_RELAY_URL=wss://relay.infernetprotocol.com
# CORS allow-list for /api/* — comma-separated origins. Default `*` lets any
# origin call the public read routes; tighten in production if you want to
# restrict the browser-side surface.
# CORS_ORIGINS=https://infernetprotocol.com,https://app.infernetprotocol.com
# ============================================================================
# Local development overrides
# ============================================================================
# Put these in `.env` (gitignored) instead of editing this template.
# Typical local setup:
#
# NODE_ENV=development
# NEXT_PUBLIC_APP_URL=http://localhost:8080
# SUPABASE_URL=http://127.0.0.1:54321
# NEXT_PUBLIC_SUPABASE_URL=http://127.0.0.1:54321
# SUPABASE_SERVICE_ROLE_KEY=<from `supabase status` after `supabase start`>
# NEXT_PUBLIC_SUPABASE_ANON_KEY=<from `supabase status`>
#
# `supabase start` (Supabase CLI) runs Postgres + Auth + Realtime + Storage
# in Docker locally, with default keys printed to stdout — paste them here.
# ============================================================================