# CurrenciCombo orchestrator production env (Phoenix CT 8604 / any systemd host) # # Installed by scripts/deployment/install.sh to: # /etc/currencicombo/orchestrator.env # # Loaded by the currencicombo-orchestrator.service systemd unit via # EnvironmentFile=. Values that are committed here are safe defaults; # secrets are left blank and must be set before first boot. # # The portal is a statically built SPA (nginx), so it takes NO runtime env. # Any VITE_* vars needed at build time are baked into dist/ by # scripts/deployment/deploy-currencicombo-8604.sh before the rsync. ############################################################ # Server ############################################################ NODE_ENV=production PORT=8080 # Bind to loopback only when behind NPMplus on the same host; bind # 0.0.0.0 if NPMplus is on a different host (the CT 8604 case, so 0.0.0.0). HOST=0.0.0.0 ############################################################ # Postgres (local to the CT per install.sh) ############################################################ DATABASE_URL=postgresql://currencicombo:replace-me-on-install@127.0.0.1:5432/currencicombo ############################################################ # Redis (local to the CT per install.sh) ############################################################ REDIS_URL=redis://127.0.0.1:6379 ############################################################ # Event bus signing (REQUIRED). install.sh generates this on first run # via `openssl rand -hex 32` unless the file already exists. ############################################################ EVENT_SIGNING_SECRET= ############################################################ # API keys per role (REQUIRED). install.sh generates three random # initiator/settler/auditor keys on first run unless set. # Format: key1:role1,key2:role2,... ############################################################ API_KEYS= ############################################################ # Chain 138 — resolves EXT-CHAIN138-CI-RPC (already resolved). ############################################################ CHAIN_138_RPC_URL=https://rpc.public-0138.defi-oracle.io CHAIN_138_CHAIN_ID=138 # Leave empty to run mock notary. Populate after running # `contracts/scripts/deploy-notary-registry.ts` once. NOTARY_REGISTRY_ADDRESS= # Leave empty to run mock notary. Otherwise 0x-prefixed 32-byte hex. ORCHESTRATOR_PRIVATE_KEY= ############################################################ # External dependency blockers (leave blank → mock fallback + EXT-* log) # These are the exact IDs that the Proxmox # scripts/verify/check-external-dependencies.sh gate knows about. ############################################################ # EXT-DBIS-CORE — set when dbis_core is deployed and reachable. DBIS_CORE_URL= # EXT-FIN-GATEWAY — set when a real Alliance Access / FIN gateway is # provisioned. Leave blank to use PR R's in-process sandbox. FIN_SANDBOX_URL= # EXT-CC-* — the following four blockers are upstream-scaffold repos # (cc-payment-adapters, cc-audit-ledger, cc-shared-events, # cc-shared-schemas). They cannot be resolved from this repo; no # env var flips them. The orchestrator logs EXT-CC-* as active on boot. # Identity + controls matrix (not a blocker IDs per se — they ship # today via the cc-identity-core and cc-compliance-controls adapters # merged in PR V/W). Blank keeps the embedded v0 matrix + mock identity. CC_IDENTITY_URL= CC_CONTROLS_MATRIX_URL=