57 lines
2.6 KiB
Text
57 lines
2.6 KiB
Text
# ai-bot configuration. Copy to ai-bot.env (chmod 600, gitignored) and fill in.
|
|
#
|
|
# The bot runs as a Synapse application service: it authenticates with the
|
|
# registration.yaml tokens (as_token/hs_token), which never expire — no token
|
|
# rotation, no stored password.
|
|
#
|
|
# Secrets (AS_TOKEN, HS_TOKEN, XAI_API_KEY) should live OUTSIDE this file in
|
|
# production — provide them as mounted files / Docker secrets via the *_FILE
|
|
# indirection (see the secrets block). They never belong in the client
|
|
# config.json or the Docker image (.dockerignore keeps .env out of the build).
|
|
|
|
# --- Matrix (non-secret) ---
|
|
HOMESERVER_URL=http://synapse:8008 # docker service name, NOT localhost
|
|
BOT_MXID=@ai:vojo.chat # must equal @<sender_localpart>:<server>
|
|
BOT_DISPLAY_NAME=Vojo AI # set on the bot profile at startup
|
|
AS_ADDR=:8009 # transaction-push listen addr (matches registration url)
|
|
|
|
# --- xAI (non-secret) ---
|
|
XAI_BASE_URL=https://api.x.ai/v1
|
|
# Verify the id on docs.x.ai before deploy (D2). Alternative: grok-4.3.
|
|
XAI_MODEL=grok-4.20-0309-non-reasoning
|
|
XAI_TEMPERATURE=0.6
|
|
MAX_OUTPUT_TOKENS=320
|
|
|
|
# --- Behaviour (non-secret) ---
|
|
ALLOWED_SERVERS=vojo.chat # comma-separated inviter-homeserver allowlist
|
|
MAX_CONTEXT_EVENTS=20
|
|
|
|
# --- Spend limiter (non-secret) ---
|
|
DAILY_USD_CEILING=10
|
|
PER_USER_DAILY_CAP=30
|
|
XAI_PRICE_INPUT_PER_M=1.25 # fallback per-1M prices that bound the hard ceiling
|
|
XAI_PRICE_CACHED_PER_M=0.20
|
|
XAI_PRICE_OUTPUT_PER_M=2.50
|
|
|
|
# --- Database (vojo_ai Postgres) ---
|
|
# Operational store (txn/event dedup, the daily spend ledger, the encrypted-warned
|
|
# set) — NOT message content (that lives in Synapse). A dedicated database+role on
|
|
# the shared Postgres, like each mautrix bridge. Inside the docker network the host
|
|
# is the `postgres` service. The DSN embeds the role password, so treat ai-bot.env
|
|
# as sensitive (chmod 600). Required.
|
|
AI_BOT_DATABASE_URL=postgres://vojo_ai:CHANGE_ME@postgres:5432/vojo_ai?sslmode=disable
|
|
|
|
# --- Paths (non-secret) ---
|
|
SYSTEM_PROMPT_PATH=prompts/system_ru.txt
|
|
STATE_DIR=/state
|
|
|
|
# --- SECRETS ---------------------------------------------------------------
|
|
# Preferred (prod): point at mounted read-only files / Docker secrets:
|
|
# AS_TOKEN_FILE=/run/secrets/as_token # = as_token in ai-registration.yaml
|
|
# HS_TOKEN_FILE=/run/secrets/hs_token # = hs_token in ai-registration.yaml
|
|
# XAI_API_KEY_FILE=/run/secrets/xai_api_key
|
|
#
|
|
# Simple (dev): inline here instead (mutually exclusive with the *_FILE form):
|
|
# AS_TOKEN=...
|
|
# HS_TOKEN=...
|
|
# XAI_API_KEY=xai-...
|