chore: import upstream snapshot with attribution

This commit is contained in:
wehub-resource-sync
2026-07-13 13:32:57 +08:00
commit cd420f9332
4811 changed files with 884702 additions and 0 deletions
+166
View File
@@ -0,0 +1,166 @@
# Trigger.dev self-hosting environment variables
# - These are the default values for the self-hosting stack
# - You should change them to suit your needs, especially the secrets
# - See the docs for more information: https://trigger.dev/docs/self-hosting/overview
# Secrets
# - Do NOT use these defaults in production
# - Generate your own by running `openssl rand -hex 16` for each secret
SESSION_SECRET=2818143646516f6fffd707b36f334bbb
MAGIC_LINK_SECRET=44da78b7bbb0dfe709cf38931d25dcdd
ENCRYPTION_KEY=f686147ab967943ebbe9ed3b496e465a
MANAGED_WORKER_SECRET=447c29678f9eaf289e9c4b70d3dd8a7f
# Worker token
# - This is the token for the worker to connect to the webapp
# - When running the combined stack, this is set automatically during bootstrap
# - For the split setup, you will have to set this manually. The token is available in the webapp logs but will only be shown once.
# - See the docs for more information: https://trigger.dev/docs/self-hosting/docker
# TRIGGER_WORKER_TOKEN=
# Worker URLs
# - In split setups, uncomment and set to the public URL of your webapp
# TRIGGER_API_URL=https://trigger.example.com
# OTEL_EXPORTER_OTLP_ENDPOINT=https://trigger.example.com/otel
# Postgres
# - Do NOT use these defaults in production
# - Especially if you decide to expose the database to the internet
# POSTGRES_USER=postgres
POSTGRES_PASSWORD=unsafe-postgres-pw
# POSTGRES_DB=postgres
DATABASE_URL=postgresql://postgres:unsafe-postgres-pw@postgres:5432/main?schema=public&sslmode=disable
DIRECT_URL=postgresql://postgres:unsafe-postgres-pw@postgres:5432/main?schema=public&sslmode=disable
# Trigger image tag
# - This is the version of the webapp and worker images to use, they should be locked to a specific version in production
# - For example: TRIGGER_IMAGE_TAG=v4.5.0
TRIGGER_IMAGE_TAG=latest
# Webapp
# - These should generally be set to the same value
# - In production, these should be set to the public URL of your webapp, e.g. https://trigger.example.com
APP_ORIGIN=http://localhost:8030
LOGIN_ORIGIN=http://localhost:8030
API_ORIGIN=http://localhost:8030
DEV_OTEL_EXPORTER_OTLP_ENDPOINT=http://localhost:8030/otel
# You may need to set this when testing locally or when using the combined setup
# API_ORIGIN=http://webapp:3000
# Webapp - memory management
# - This sets the maximum memory allocation for Node.js heap in MiB (e.g. "4096" for 4GB)
# - It should be set according to your total webapp machine's memory or any container limits you have set
# - Setting this too high or low WILL cause crashes, inefficient memory utilization and high CPU usage
# - You should allow for some memory overhead, we suggest at least 20%, for example:
# - 2GB machine: NODE_MAX_OLD_SPACE_SIZE=1600
# - 4GB machine: NODE_MAX_OLD_SPACE_SIZE=3200
# - 6GB machine: NODE_MAX_OLD_SPACE_SIZE=4800
# - 8GB machine: NODE_MAX_OLD_SPACE_SIZE=6400
# NODE_MAX_OLD_SPACE_SIZE=8192
# ClickHouse
# - Do NOT use these defaults in production
CLICKHOUSE_USER=default
CLICKHOUSE_PASSWORD=password
CLICKHOUSE_URL=http://default:password@clickhouse:8123?secure=false
RUN_REPLICATION_CLICKHOUSE_URL=http://default:password@clickhouse:8123
# Docker Registry
# - When testing locally, the default values should be fine
# - When deploying to production, you will have to change these, especially the password and URL
# - See the docs for more information: https://trigger.dev/docs/self-hosting/docker#registry-setup
DOCKER_REGISTRY_URL=localhost:5000
DOCKER_REGISTRY_USERNAME=registry-user
DOCKER_REGISTRY_PASSWORD=very-secure-indeed
# When using an external registry you will have to change this
# On Docker Hub it should generally be the same as your username
DOCKER_REGISTRY_NAMESPACE=trigger
# Object store
# - You need to log into the Minio dashboard and create a bucket called "packets"
# - See the docs for more information: https://trigger.dev/docs/self-hosting/docker#object-storage
# Default provider (backward compatible - no protocol prefix)
OBJECT_STORE_ACCESS_KEY_ID=admin
OBJECT_STORE_SECRET_ACCESS_KEY=very-safe-password
# You will have to uncomment and configure this for production
# OBJECT_STORE_BASE_URL=http://localhost:9000
# OBJECT_STORE_REGION=auto
# OBJECT_STORE_SERVICE=s3
# OBJECT_STORE_DEFAULT_PROTOCOL=s3 # Optional: protocol to use for new uploads (e.g., "s3", "r2")
#
# Named providers (protocol-prefixed data) - optional for multi-provider support
# OBJECT_STORE_S3_BASE_URL=https://s3.amazonaws.com
# OBJECT_STORE_S3_ACCESS_KEY_ID=
# OBJECT_STORE_S3_SECRET_ACCESS_KEY=
# OBJECT_STORE_S3_REGION=us-east-1
# OBJECT_STORE_S3_SERVICE=s3
#
# OBJECT_STORE_R2_BASE_URL=https://{bucket}.{accountId}.r2.cloudflarestorage.com
# OBJECT_STORE_R2_ACCESS_KEY_ID=
# OBJECT_STORE_R2_SECRET_ACCESS_KEY=
# OBJECT_STORE_R2_REGION=auto
# OBJECT_STORE_R2_SERVICE=s3
# Credentials to access the Minio dashboard at http://localhost:9001
# - You should change these credentials and not use them for the `OBJECT_STORE_` env vars above
# - Instead, setup a non-root user with access the "packets" bucket
# MINIO_ROOT_USER=admin
# MINIO_ROOT_PASSWORD=very-safe-password
# Realtime streams
# - Realtime streams power AI-agent token streaming and run streams
# - They default to v2, backed by the bundled s2-lite service (open-source S2, https://s2.dev)
# - To fall back to the Redis-backed v1 streams, set REALTIME_STREAMS_DEFAULT_VERSION=v1
# REALTIME_STREAMS_DEFAULT_VERSION=v2
# The bundled s2-lite creates whatever basin you set here (min 8 characters)
# REALTIME_STREAMS_S2_BASIN=trigger-realtime
# REALTIME_STREAMS_S2_ENDPOINT=http://s2/v1
# REALTIME_STREAMS_S2_SKIP_ACCESS_TOKENS=true
# To use a hosted S2 (https://s2.dev) instead of the bundled s2-lite:
# - point the endpoint at your basin, disable token-skipping, and set an access token
# REALTIME_STREAMS_S2_SKIP_ACCESS_TOKENS=false
# REALTIME_STREAMS_S2_ACCESS_TOKEN=
# Pin the s2-lite image in production (full image reference, digest recommended)
# S2_IMAGE=ghcr.io/s2-streamstore/s2:latest@sha256:d6ded5ca7dd619fa7c946f06e39a98f9c95c6883c8bb884e5eaa129f232c920c
# Other image tags
# - These are the versions of the other images to use
# - You should lock these to a specific version in production
# POSTGRES_IMAGE_TAG=14
# REDIS_IMAGE_TAG=7
# ELECTRIC_IMAGE_TAG=1.0.13
# CLICKHOUSE_IMAGE_TAG=latest
# REGISTRY_IMAGE_TAG=2
# MINIO_IMAGE_TAG=latest
# DOCKER_PROXY_IMAGE_TAG=latest
# TRAEFIK_IMAGE_TAG=v3.4
# Publish IPs
# - These are the IPs to publish the services to
# - Setting to 127.0.0.1 makes the service only accessible locally
# - When deploying to production, you will have to change these, depending on your setup
# WEBAPP_PUBLISH_IP=0.0.0.0
# POSTGRES_PUBLISH_IP=127.0.0.1
# REDIS_PUBLISH_IP=127.0.0.1
# ELECTRIC_PUBLISH_IP=127.0.0.1
# CLICKHOUSE_PUBLISH_IP=127.0.0.1
# REGISTRY_PUBLISH_IP=127.0.0.1
# MINIO_PUBLISH_IP=127.0.0.1
# Restart policy
# - Applies to all services, adjust as needed
# RESTART_POLICY=unless-stopped
# Docker logging
# - See the official docs: https://docs.docker.com/engine/logging/configure/
# LOGGING_DRIVER=local
# LOGGING_MAX_SIZE=20m
# LOGGING_MAX_FILES=5
# LOGGING_COMPRESS=true
# Traefik
# - Reverse proxy settings only serve as an example and require further configuration
# - See the partial overrides in docker-compose.traefik.yml for more details
# TRAEFIK_ENTRYPOINT=websecure
# TRAEFIK_HTTP_PUBLISH_IP=0.0.0.0
# TRAEFIK_HTTPS_PUBLISH_IP=0.0.0.0
# TRAEFIK_DASHBOARD_PUBLISH_IP=127.0.0.1