# ───────────────────────────────────────────────────────────────────────── # services/targo-hub — Node/Express middleware # Copy to `services/targo-hub/.env`, fill in the values, then # `node server.js` or `docker compose up -d` from /opt/targo-hub. # # Most of these are integration secrets; ask the team for the real # values. Anything left blank disables the corresponding feature # (e.g. no STRIPE_SECRET_KEY → Stripe billing endpoints return 503). # ───────────────────────────────────────────────────────────────────────── # ─── Core ──────────────────────────────────────────────────────────────── PORT=3300 HUB_PUBLIC_URL=https://msg.gigafibre.ca HUB_INTERNAL_TOKEN= # shared secret for hub→hub & flow auth JWT_SECRET= # 32+ chars random — signs magic links # ─── ERPNext ───────────────────────────────────────────────────────────── ERP_URL=http://erpnext-backend:8000 ERP_TOKEN= # api_key:api_secret with admin scope MAIL_FROM=noreply@gigafibre.ca # ─── Authentik (SSO) ───────────────────────────────────────────────────── # Used by /auth/users (invite, list, group sync) on the staff instance. AUTHENTIK_URL=https://auth.targo.ca AUTHENTIK_TOKEN= # API token, scope: write:user write:group # ─── Authentication adapters ───────────────────────────────────────────── # Used by /auth/sync-legacy to pull staff from the old MySQL DB. LEGACY_DB_HOST= LEGACY_DB_USER= LEGACY_DB_PASS= LEGACY_DB_NAME= # ─── Email (Mailjet via SMTP) ──────────────────────────────────────────── # Mailjet relay — same creds as ERPNext. Used for invites, voice-agent # transcripts, quotation sends, etc. SMTP_HOST=in-v3.mailjet.com SMTP_PORT=587 SMTP_USER= SMTP_PASS= # ─── Twilio (SMS + voice) ──────────────────────────────────────────────── TWILIO_ACCOUNT_SID= TWILIO_AUTH_TOKEN= TWILIO_API_KEY= TWILIO_API_SECRET= TWILIO_TWIML_APP_SID= TWILIO_FROM=+14382313838 # the Targo SMS number # ─── Stripe ────────────────────────────────────────────────────────────── STRIPE_SECRET_KEY= # sk_live_… or sk_test_… STRIPE_WEBHOOK_SECRET= # whsec_… for /payments/webhook signature # ─── Traccar (GPS) ─────────────────────────────────────────────────────── # Hub uses TRACCAR_TOKEN as Bearer; falls back to user/pass basic auth. TRACCAR_URL=https://gps.targo.ca TRACCAR_TOKEN= TRACCAR_USER= # ─── DocuSeal (e-signature) ────────────────────────────────────────────── DOCUSEAL_URL=https://docs.gigafibre.ca DOCUSEAL_API_KEY= # ─── Fonoster (voice/PBX) ──────────────────────────────────────────────── FONOSTER_API_URL=https://fn.targo.ca FONOSTER_EMAIL= FONOSTER_PASSWORD= FONOSTER_ALLOW_INSECURE=false FNIDENTITY_DB_URL=postgres://... # internal Fonoster identity DB ROUTR_DB_URL=postgres://... # internal Routr DB # ─── 3CX PBX poller (legacy, usually disabled) ─────────────────────────── PBX_ENABLED=0 PBX_URL= PBX_USER= PBX_PASS= PBX_POLL_INTERVAL=120 # ─── OLT SNMP poller ───────────────────────────────────────────────────── # Comma-separated list of "name:ip:vendor" entries (vendor = tplink|raisecom) OLT_LIST= OLT_POLL_INTERVAL=300 # ─── AI / voice agent ──────────────────────────────────────────────────── # Anthropic / OpenAI / Groq — pick one. AI_API_KEY is read by lib/ai.js. AI_API_KEY= AI_MODEL=claude-sonnet-4-5 DEFAULT_MODEM_PASS= # default password for ONT remote admin # ─── Oktopus (decommissioned) ──────────────────────────────────────────── # Set to 1 (default) to keep the integration disabled. Flip to 0 only # if you re-deploy the Oktopus stack and want the hub to talk to it. OKTOPUS_DISABLED=1 OKTOPUS_URL= OKTOPUS_USER= OKTOPUS_PASS= # ─── Customer portal ───────────────────────────────────────────────────── CLIENT_PORTAL_URL=https://targo.lovable.app # ─── Cache redis (optional) ────────────────────────────────────────────── CACHE_DB_URL=redis://localhost:6379