portal/config/runtime.exs

import Config

# Runtime secrets — each release only requires its own secret key
if config_env() == :prod do
  # RELEASE_NAME is set by the Elixir release scripts at startup.
  # Each release only requires its own secret key.
  release = System.get_env("RELEASE_NAME", "")

  if release != "centralcloud_staff" do
    config :centralcloud_my, CentralcloudMy.Endpoint,
      secret_key_base: System.fetch_env!("MY_SECRET_KEY_BASE")
  end

  if release != "centralcloud_my" do
    config :centralcloud_staff, CentralcloudStaff.Endpoint,
      secret_key_base: System.fetch_env!("OPS_SECRET_KEY_BASE")
  end
end

config :centralcloud_core, :hostbill,
  base_url: System.get_env("HOSTBILL_URL", "https://portal.centralcloud.com"),
  api_id:   System.get_env("HOSTBILL_API_ID"),
  api_key:  System.get_env("HOSTBILL_API_KEY")

config :centralcloud_core, :dr_portal,
  base_url: System.get_env("DR_PORTAL_URL", "https://dr.centralcloud.com"),
  api_key:  System.get_env("DR_PORTAL_API_KEY")

config :centralcloud_core, :oncall,
  base_url: System.get_env("ONCALL_URL", "https://oncall.centralcloud.com"),
  token:    System.get_env("ONCALL_API_TOKEN")

config :centralcloud_core, :oidc,
  issuer:        System.get_env("AUTHENTIK_ISSUER", "https://sso.centralcloud.com/application/o/centralcloud/"),
  client_id:     System.get_env("OIDC_CLIENT_ID"),
  client_secret: System.get_env("OIDC_CLIENT_SECRET")

config :centralcloud_staff, :router_agent,
  url:     System.get_env("ROUTER_AGENT_URL", "http://router-agent.router-agent.svc:8642"),
  api_key: System.get_env("ROUTER_AGENT_API_KEY", "")

config :centralcloud_staff, :ops_engine,
  url: System.get_env("OPS_ENGINE_URL", "http://centralcloud-ops.centralcloud-ops.svc.cluster.local")

# Security monitoring — only available in centralcloud_my release
if config_env() == :prod and System.get_env("SECURITY_URL") do
  config :centralcloud_core, :security,
    url:        System.get_env("SECURITY_URL"),
    username:   System.get_env("SECURITY_USERNAME"),
    password:   System.get_env("SECURITY_PASSWORD"),
    verify_ssl: System.get_env("SECURITY_VERIFY_SSL", "true") != "false"
end
feat: add flake.nix, .envrc, fix config (runtime.exs), deps compile clean - flake.nix: Elixir 1.18.4 / OTP 27 / Node 22 dev shell - .envrc: use flake - config/config.exs: move fetch_env! to runtime.exs (compile-time safe) - config/runtime.exs: all secrets loaded at runtime via env vars - mix.lock: generated after mix deps.get - All 3 apps compile cleanly Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> 2026-05-09 19:55:48 +02:00			`import Config`

fix: runtime.exs OPS_SECRET_KEY_BASE optional, release.ex handles missing ecto_repos Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> 2026-05-09 20:49:09 +02:00			`# Runtime secrets — each release only requires its own secret key`
feat: add flake.nix, .envrc, fix config (runtime.exs), deps compile clean - flake.nix: Elixir 1.18.4 / OTP 27 / Node 22 dev shell - .envrc: use flake - config/config.exs: move fetch_env! to runtime.exs (compile-time safe) - config/runtime.exs: all secrets loaded at runtime via env vars - mix.lock: generated after mix deps.get - All 3 apps compile cleanly Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> 2026-05-09 19:55:48 +02:00			`if config_env() == :prod do`
fix: guard secret_key_base config by RELEASE_NAME Each release only requires its own secret key: - centralcloud_my needs MY_SECRET_KEY_BASE - centralcloud_staff needs OPS_SECRET_KEY_BASE RELEASE_NAME is set automatically by Elixir release scripts at startup. Fixes startup crash when staff release ran without MY_SECRET_KEY_BASE. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> 2026-05-11 13:57:07 +02:00			`# RELEASE_NAME is set by the Elixir release scripts at startup.`
			`# Each release only requires its own secret key.`
			`release = System.get_env("RELEASE_NAME", "")`
feat: add flake.nix, .envrc, fix config (runtime.exs), deps compile clean - flake.nix: Elixir 1.18.4 / OTP 27 / Node 22 dev shell - .envrc: use flake - config/config.exs: move fetch_env! to runtime.exs (compile-time safe) - config/runtime.exs: all secrets loaded at runtime via env vars - mix.lock: generated after mix deps.get - All 3 apps compile cleanly Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> 2026-05-09 19:55:48 +02:00
fix: guard secret_key_base config by RELEASE_NAME Each release only requires its own secret key: - centralcloud_my needs MY_SECRET_KEY_BASE - centralcloud_staff needs OPS_SECRET_KEY_BASE RELEASE_NAME is set automatically by Elixir release scripts at startup. Fixes startup crash when staff release ran without MY_SECRET_KEY_BASE. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> 2026-05-11 13:57:07 +02:00			`if release != "centralcloud_staff" do`
			`config :centralcloud_my, CentralcloudMy.Endpoint,`
			`secret_key_base: System.fetch_env!("MY_SECRET_KEY_BASE")`
			`end`

			`if release != "centralcloud_my" do`
			`config :centralcloud_staff, CentralcloudStaff.Endpoint,`
			`secret_key_base: System.fetch_env!("OPS_SECRET_KEY_BASE")`
fix: runtime.exs OPS_SECRET_KEY_BASE optional, release.ex handles missing ecto_repos Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> 2026-05-09 20:49:09 +02:00			`end`
feat: add flake.nix, .envrc, fix config (runtime.exs), deps compile clean - flake.nix: Elixir 1.18.4 / OTP 27 / Node 22 dev shell - .envrc: use flake - config/config.exs: move fetch_env! to runtime.exs (compile-time safe) - config/runtime.exs: all secrets loaded at runtime via env vars - mix.lock: generated after mix deps.get - All 3 apps compile cleanly Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> 2026-05-09 19:55:48 +02:00			`end`

			`config :centralcloud_core, :hostbill,`
			`base_url: System.get_env("HOSTBILL_URL", "https://portal.centralcloud.com"),`
			`api_id: System.get_env("HOSTBILL_API_ID"),`
			`api_key: System.get_env("HOSTBILL_API_KEY")`

			`config :centralcloud_core, :dr_portal,`
			`base_url: System.get_env("DR_PORTAL_URL", "https://dr.centralcloud.com"),`
			`api_key: System.get_env("DR_PORTAL_API_KEY")`

feat: build out centralcloud_ops staff portal with Grafana OnCall backend - Add CentralcloudCore.OnCall API client (alert groups, schedules, users, escalation chains) — talks to Grafana OnCall HTTP API v1 - Add centralcloud_ops application, endpoint, router, layouts - Add RequireStaff auth plug, SessionController, HealthController - Add DashboardLive: firing/acked alerts with ack/resolve actions, auto-refresh - Add IncidentsLive: filterable incident list by status - Add IncidentLive: incident detail with ack/resolve/silence actions - Add OnCallLive: schedule cards showing who is currently on-call - Add StakeholdersLive: HostBill client search + service view + comms panel - Wire ONCALL_URL / ONCALL_API_TOKEN env vars in config and runtime.exs Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> 2026-05-10 22:54:33 +02:00			`config :centralcloud_core, :oncall,`
			`base_url: System.get_env("ONCALL_URL", "https://oncall.centralcloud.com"),`
			`token: System.get_env("ONCALL_API_TOKEN")`

feat: add flake.nix, .envrc, fix config (runtime.exs), deps compile clean - flake.nix: Elixir 1.18.4 / OTP 27 / Node 22 dev shell - .envrc: use flake - config/config.exs: move fetch_env! to runtime.exs (compile-time safe) - config/runtime.exs: all secrets loaded at runtime via env vars - mix.lock: generated after mix deps.get - All 3 apps compile cleanly Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> 2026-05-09 19:55:48 +02:00			`config :centralcloud_core, :oidc,`
			`issuer: System.get_env("AUTHENTIK_ISSUER", "https://sso.centralcloud.com/application/o/centralcloud/"),`
			`client_id: System.get_env("OIDC_CLIENT_ID"),`
			`client_secret: System.get_env("OIDC_CLIENT_SECRET")`
feat: elixir 1.20-rc4 flake, AI ops chat (ChatLive + RouterAgent) - flake.nix: custom elixir_1_20_rc4 derivation via overrideAttrs on beamPackages.elixir_1_19 with headless OTP 28; nixos-25.11 pinned - mix.exs (ops + my): elixir ~> 1.20 - Dockerfile: note 1.19.5 stays until hexpm publishes 1.20 stable image - New: ChatLive — full-screen AI ops chat with SSE streaming, scroll hook, suggestion buttons, typing indicator, clear history - New: RouterAgent — streams OpenAI-compatible SSE from router-agent svc; configurable URL + API key via env; sends {:chunk,t}/:stream_done msgs to LiveView - Router: add live /chat route under auth pipeline - Layouts: AI Chat nav link + ScrollBottom JS hook inline - Application: Finch pool started for RouterAgent HTTP client - Priv/static: phoenix.min.js + phoenix_live_view.min.js bundled - Config: ROUTER_AGENT_URL / ROUTER_AGENT_API_KEY in dev.exs + runtime.exs Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> 2026-05-11 11:23:14 +02:00
refactor: rename centralcloud_ops → centralcloud_staff in portal The portal umbrella now has unambiguous app names: - centralcloud_staff: staff-facing UI (ops.centralcloud.com) - centralcloud_my: customer-facing UI (my.centralcloud.com) - centralcloud_core: shared library The infra/apps/centralcloud_ops backend engine retains its name. Config keys, session cookies, releases all updated accordingly. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> 2026-05-11 13:06:21 +02:00			`config :centralcloud_staff, :router_agent,`
feat: elixir 1.20-rc4 flake, AI ops chat (ChatLive + RouterAgent) - flake.nix: custom elixir_1_20_rc4 derivation via overrideAttrs on beamPackages.elixir_1_19 with headless OTP 28; nixos-25.11 pinned - mix.exs (ops + my): elixir ~> 1.20 - Dockerfile: note 1.19.5 stays until hexpm publishes 1.20 stable image - New: ChatLive — full-screen AI ops chat with SSE streaming, scroll hook, suggestion buttons, typing indicator, clear history - New: RouterAgent — streams OpenAI-compatible SSE from router-agent svc; configurable URL + API key via env; sends {:chunk,t}/:stream_done msgs to LiveView - Router: add live /chat route under auth pipeline - Layouts: AI Chat nav link + ScrollBottom JS hook inline - Application: Finch pool started for RouterAgent HTTP client - Priv/static: phoenix.min.js + phoenix_live_view.min.js bundled - Config: ROUTER_AGENT_URL / ROUTER_AGENT_API_KEY in dev.exs + runtime.exs Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> 2026-05-11 11:23:14 +02:00			`url: System.get_env("ROUTER_AGENT_URL", "http://router-agent.router-agent.svc:8642"),`
			`api_key: System.get_env("ROUTER_AGENT_API_KEY", "")`
fix: Dockerfile builds both centralcloud_staff and centralcloud_my - Fix broken reference to apps/centralcloud_ops (renamed to centralcloud_staff) - Add multi-target Dockerfile: --target my and --target staff - Both releases now built from one build stage (shared layer cache) - Add OPS_ENGINE_URL config in runtime.exs for staff → engine API calls docker build --target staff -t .../centralcloud-staff:VERSION . docker build --target my -t .../centralcloud-my:VERSION . Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> 2026-05-11 13:34:05 +02:00
			`config :centralcloud_staff, :ops_engine,`
			`url: System.get_env("OPS_ENGINE_URL", "http://centralcloud-ops.centralcloud-ops.svc.cluster.local")`
sf snapshot: uncommitted changes after 2133m inactivity 2026-05-13 01:30:33 +02:00
			`# Security monitoring — only available in centralcloud_my release`
			`if config_env() == :prod and System.get_env("SECURITY_URL") do`
			`config :centralcloud_core, :security,`
			`url: System.get_env("SECURITY_URL"),`
			`username: System.get_env("SECURITY_USERNAME"),`
			`password: System.get_env("SECURITY_PASSWORD"),`
			`verify_ssl: System.get_env("SECURITY_VERIFY_SSL", "true") != "false"`
			`end`