txeo/cv-site
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
d5c90248cc2feba3c9a2b9de8d6dd78f6d480898
cv-site/.env.example
T
juanatsap 8205a22972 feat: Ollama adapter + chat rate limiter (30 req/hour) 
Ollama adapter (internal/chat/ollama.go):
- Implements model.LLM interface for ADK Go
- Talks to Ollama's OpenAI-compatible API (/v1/chat/completions)
- Full tool/function calling support (tested with Mistral Small 3.2)
- Converts ADK types to OpenAI format (messages, tools, tool_calls)
- Configurable via OLLAMA_HOST and OLLAMA_MODEL env vars

Multi-provider handler:
- MODEL_PROVIDER env: "gemini" (default) or "ollama"
- Gemini: requires GOOGLE_API_KEY (pay-as-you-go recommended)
- Ollama: connects to local or Tailscale-remote instance

Rate limiter:
- 30 requests/hour per IP on /api/chat endpoint
- Uses existing middleware.NewRateLimiter pattern

Tested: Ollama + Mistral Small 3.2 on M4 Pro 64GB — correct answers
2026-04-08 14:47:14 +01:00

107 lines
3.2 KiB
Bash
Raw Blame History

# Environment Configuration Example
# Copy this file to .env and customize as needed
# Server Configuration
PORT=1999
HOST=localhost
GO_ENV=development
# Template Configuration
TEMPLATE_DIR=templates
PARTIALS_DIR=templates/partials
TEMPLATE_HOT_RELOAD=true
# Data Configuration
DATA_DIR=data
# Server Timeouts (seconds)
READ_TIMEOUT=15
WRITE_TIMEOUT=15
# Security Configuration
# Allowed origins for API access (comma-separated domains)
# Prevents external sites from accessing your API/PDF endpoint
#
# DEFAULT: If empty, defaults to juan.andres.morenorub.io (the CV site domain)
# Plus localhost and 127.0.0.1 are always allowed in development
#
# For custom domains in production: ALLOWED_ORIGINS=yourdomain.com,www.yourdomain.com
# Multiple domains: ALLOWED_ORIGINS=domain1.com,domain2.com,www.domain1.com
ALLOWED_ORIGINS=
# Rate Limiter Configuration
# CRITICAL: Prevents IP spoofing attacks that bypass rate limiting
#
# BEHIND_PROXY: Set to true ONLY if behind a trusted reverse proxy (nginx, caddy, cloudflare)
# - Development (default): false - Uses RemoteAddr only, immune to header spoofing
# - Production behind proxy: true - Trusts X-Forwarded-For from proxy
#
# TRUSTED_PROXY_IP: Optional - IP address of your reverse proxy
# - If set, only X-Forwarded-For headers from this IP are trusted
# - Example: 127.0.0.1 (for local nginx), 10.0.0.1 (for load balancer)
# - Leave empty to trust X-Forwarded-For from any source (less secure)
#
# Security Impact:
# - BEHIND_PROXY=false (dev): Ignores all X-Forwarded-For headers, uses actual connection IP
# - BEHIND_PROXY=true (prod): Trusts proxy, extracts client IP from X-Forwarded-For
# - Logs all suspicious spoofing attempts for security monitoring
#
BEHIND_PROXY=false
TRUSTED_PROXY_IP=
# Email Configuration (Contact Form)
#
# Supported providers:
#
# DreamHost (port 465 - SSL):
# SMTP_HOST=smtp.dreamhost.com
# SMTP_PORT=465
# SMTP_USER=your-email@yourdomain.com
# SMTP_PASSWORD=your-email-password
# SMTP_FROM_EMAIL=your-email@yourdomain.com
#
# Gmail (port 587 - TLS):
# 1. Enable 2FA in your Google account
# 2. Go to https://myaccount.google.com/apppasswords
# 3. Generate an App Password
# SMTP_HOST=smtp.gmail.com
# SMTP_PORT=587
# SMTP_USER=your-email@gmail.com
# SMTP_PASSWORD=your-app-password-here
# SMTP_FROM_EMAIL=your-email@gmail.com
#
# Port 465 = SSL (direct TLS connection)
# Port 587 = TLS/STARTTLS (upgrades to TLS)
#
SMTP_HOST=smtp.dreamhost.com
SMTP_PORT=465
SMTP_USER=your-email@yourdomain.com
SMTP_PASSWORD=your-password
SMTP_FROM_EMAIL=your-email@yourdomain.com
CONTACT_EMAIL=recipient@example.com
# Chat AI Configuration
#
# MODEL_PROVIDER: "gemini" (default) or "ollama"
# MODEL_PROVIDER=gemini
#
# Gemini settings (when MODEL_PROVIDER=gemini):
# GOOGLE_API_KEY=your-google-api-key
# MODEL_NAME=gemini-2.5-flash
#
# Ollama settings (when MODEL_PROVIDER=ollama):
# OLLAMA_HOST=http://localhost:11434
# OLLAMA_MODEL=mistral-small3.2
# Production Settings
# Uncomment for production:
# GO_ENV=production
# TEMPLATE_HOT_RELOAD=false
# READ_TIMEOUT=30
# WRITE_TIMEOUT=30
# ALLOWED_ORIGINS=yourdomain.com,www.yourdomain.com
#
# Production behind reverse proxy:
# BEHIND_PROXY=true
# TRUSTED_PROXY_IP=127.0.0.1
Reference in New Issue View Git Blame Copy Permalink