path: root/codex-lb.env

# codex-lb environment configuration
# Loaded by /usr/lib/systemd/system/codex-lb.service via EnvironmentFile=.
# Full reference: https://github.com/Soju06/codex-lb#configuration
# Values left commented out fall back to upstream defaults.

# --- Server binding (read by app/cli.py) ---
# Bind to 127.0.0.1 by default; switch to 0.0.0.0 to expose the dashboard.
HOST=127.0.0.1
PORT=2455
# SSL_CERTFILE=/etc/codex-lb/server.crt
# SSL_KEYFILE=/etc/codex-lb/server.key

# --- Database ---
# SQLite (default). Use 4 slashes for an absolute path.
CODEX_LB_DATABASE_URL=sqlite+aiosqlite:////var/lib/codex-lb/store.db
# Optional PostgreSQL example:
# CODEX_LB_DATABASE_URL=postgresql+asyncpg://codex_lb:codex_lb@127.0.0.1:5432/codex_lb
CODEX_LB_DATABASE_MIGRATE_ON_STARTUP=true
CODEX_LB_DATABASE_SQLITE_PRE_MIGRATE_BACKUP_ENABLED=true
CODEX_LB_DATABASE_SQLITE_PRE_MIGRATE_BACKUP_MAX_FILES=5

# --- Encryption at rest ---
# File holding the data-at-rest encryption key. The first start auto-generates
# this file if it does not exist. Required for multi-replica deployments.
# To rotate, stop the service, replace the file, then restart.
#   sudo -u codex-lb openssl rand -base64 32 > /var/lib/codex-lb/encryption.key
CODEX_LB_ENCRYPTION_KEY_FILE=/var/lib/codex-lb/encryption.key

# --- Dashboard bootstrap ---
# A first-run token is auto-generated and printed to the journal if no
# dashboard password is configured. Set this to use a fixed token instead.
# CODEX_LB_DASHBOARD_BOOTSTRAP_TOKEN=

# --- Upstream ChatGPT ---
CODEX_LB_UPSTREAM_BASE_URL=https://chatgpt.com/backend-api
CODEX_LB_UPSTREAM_CONNECT_TIMEOUT_SECONDS=30
CODEX_LB_PROXY_REQUEST_BUDGET_SECONDS=600
CODEX_LB_STREAM_IDLE_TIMEOUT_SECONDS=300

# --- OAuth / token refresh ---
CODEX_LB_AUTH_BASE_URL=https://auth.openai.com
CODEX_LB_OAUTH_CLIENT_ID=app_EMoamEEZ73f0CkXaXp7hrann
CODEX_LB_OAUTH_SCOPE="openid profile email"
CODEX_LB_OAUTH_TIMEOUT_SECONDS=30
CODEX_LB_OAUTH_REDIRECT_URI=http://localhost:1455/auth/callback
# Bind the OAuth callback listener to localhost (default). Set to 0.0.0.0 only
# if you intentionally expose the callback - codex-lb must be on the same host
# as the browser that performs the OAuth login.
CODEX_LB_OAUTH_CALLBACK_HOST=127.0.0.1
# Do not change the OAuth callback port. OpenAI dislikes changes.
CODEX_LB_OAUTH_CALLBACK_PORT=1455
CODEX_LB_TOKEN_REFRESH_TIMEOUT_SECONDS=30
CODEX_LB_TOKEN_REFRESH_INTERVAL_DAYS=8

# --- Usage tracking ---
CODEX_LB_USAGE_FETCH_TIMEOUT_SECONDS=10
CODEX_LB_USAGE_FETCH_MAX_RETRIES=2
CODEX_LB_USAGE_REFRESH_ENABLED=true
CODEX_LB_USAGE_REFRESH_INTERVAL_SECONDS=60
CODEX_LB_STICKY_SESSION_CLEANUP_ENABLED=true
CODEX_LB_STICKY_SESSION_CLEANUP_INTERVAL_SECONDS=300

# --- Firewall / reverse-proxy trust ---
# Enable only when codex-lb sits behind a trusted reverse proxy.
CODEX_LB_FIREWALL_TRUST_PROXY_HEADERS=false
CODEX_LB_FIREWALL_TRUSTED_PROXY_CIDRS=127.0.0.1/32,::1/128

# --- Dashboard authentication ---
# Modes: standard | trusted_header | disabled
CODEX_LB_DASHBOARD_AUTH_MODE=standard
CODEX_LB_DASHBOARD_AUTH_PROXY_HEADER=Remote-User

# --- Observability ---
CODEX_LB_LOG_FORMAT=text
CODEX_LB_METRICS_ENABLED=false
CODEX_LB_METRICS_PORT=9090
CODEX_LB_OTEL_ENABLED=false
CODEX_LB_OTEL_EXPORTER_ENDPOINT=

# --- Conversation archive (opt-in; stores request/response bodies as gzip JSONL) ---
CODEX_LB_CONVERSATION_ARCHIVE_ENABLED=false
CODEX_LB_CONVERSATION_ARCHIVE_DIR=/var/lib/codex-lb/conversation-archive

# --- Multi-replica primitives (opt-in) ---
CODEX_LB_LEADER_ELECTION_ENABLED=false
CODEX_LB_LEADER_ELECTION_TTL_SECONDS=30
CODEX_LB_CIRCUIT_BREAKER_ENABLED=false
CODEX_LB_CIRCUIT_BREAKER_FAILURE_THRESHOLD=5
CODEX_LB_CIRCUIT_BREAKER_RECOVERY_TIMEOUT_SECONDS=60
CODEX_LB_BACKPRESSURE_MAX_CONCURRENT_REQUESTS=0

# --- Shutdown / HTTP tuning ---
CODEX_LB_SHUTDOWN_DRAIN_TIMEOUT_SECONDS=30
CODEX_LB_HTTP_CONNECTOR_LIMIT=100
CODEX_LB_HTTP_CONNECTOR_LIMIT_PER_HOST=50