import os def _read_secret(env_var: str, secret_file_var: str, default: str) -> str: """Read a config value from env var, or from a Docker secrets file.""" value = os.environ.get(env_var) if value: return value secret_file = os.environ.get(secret_file_var) if secret_file: try: with open(secret_file) as f: return f.read().strip() except FileNotFoundError: pass return default class Config: DATABASE_URL: str = _read_secret( "DATABASE_URL", "DATABASE_URL_FILE", "postgresql+asyncpg://fabled:fabled@localhost:5432/fabledassistant", ) OLLAMA_URL: str = os.environ.get("OLLAMA_URL", "http://localhost:11434") OLLAMA_MODEL: str = os.environ.get("OLLAMA_MODEL", "qwen3:latest") # Lightweight model for background tasks (title generation, tag suggestions, # project summaries, RSS classification). Using a separate model keeps the # main model's KV cache intact between user messages, enabling prefix cache hits. OLLAMA_BACKGROUND_MODEL: str = os.environ.get("OLLAMA_BACKGROUND_MODEL", "qwen2.5:0.5b") # KV cache context window for generation. Keep this as small as practical — # a larger context forces more KV cache into CPU RAM, drastically slowing prefill. # 16384 covers ~30+ message conversations with our system prompt comfortably. OLLAMA_NUM_CTX: int = int(os.environ.get("OLLAMA_NUM_CTX", "16384")) SECRET_KEY: str = _read_secret("SECRET_KEY", "SECRET_KEY_FILE", "dev-secret-change-me") SECURE_COOKIES: bool = os.environ.get("SECURE_COOKIES", "").lower() in ("1", "true", "yes") LOG_LEVEL: str = os.environ.get("LOG_LEVEL", "INFO") LOG_RETENTION_DAYS: int = int(os.environ.get("LOG_RETENTION_DAYS", "90")) # Embedding model for semantic note search (served by Ollama) EMBEDDING_MODEL: str = os.environ.get("EMBEDDING_MODEL", "nomic-embed-text") # SMTP defaults (overridden by DB settings when configured via admin UI) SMTP_HOST: str = os.environ.get("SMTP_HOST", "") SMTP_PORT: int = int(os.environ.get("SMTP_PORT", "587")) SMTP_USERNAME: str = os.environ.get("SMTP_USERNAME", "") SMTP_PASSWORD: str = _read_secret("SMTP_PASSWORD", "SMTP_PASSWORD_FILE", "") SMTP_FROM_ADDRESS: str = os.environ.get("SMTP_FROM_ADDRESS", "") SMTP_FROM_NAME: str = os.environ.get("SMTP_FROM_NAME", "Fabled Assistant") SMTP_USE_TLS: bool = os.environ.get("SMTP_USE_TLS", "true").lower() in ("1", "true", "yes") BASE_URL: str = os.environ.get("BASE_URL", "http://localhost:5000").rstrip("/") TRUST_PROXY_HEADERS: bool = os.environ.get("TRUST_PROXY_HEADERS", "").lower() in ("1", "true", "yes") # OIDC / OAuth2 SSO (e.g. Authentik) OIDC_ISSUER: str = os.environ.get("OIDC_ISSUER", "") OIDC_CLIENT_ID: str = os.environ.get("OIDC_CLIENT_ID", "") OIDC_CLIENT_SECRET: str = _read_secret("OIDC_CLIENT_SECRET", "OIDC_CLIENT_SECRET_FILE", "") OIDC_SCOPES: str = os.environ.get("OIDC_SCOPES", "openid profile email") LOCAL_AUTH_ENABLED: bool = os.environ.get("LOCAL_AUTH_ENABLED", "true").lower() not in ("0", "false", "no") # SearXNG web search (external instance) SEARXNG_URL: str = os.environ.get("SEARXNG_URL", "") # Image cache — images fetched from the web are stored here and served locally IMAGE_CACHE_DIR: str = os.environ.get("IMAGE_CACHE_DIR", "/data/images") # Maximum size of a single image to cache (default 5 MB) IMAGE_MAX_BYTES: int = int(os.environ.get("IMAGE_MAX_BYTES", str(5 * 1024 * 1024))) # VAPID keys for browser push notifications VAPID_PRIVATE_KEY: str = os.environ.get("VAPID_PRIVATE_KEY", "") VAPID_PUBLIC_KEY: str = os.environ.get("VAPID_PUBLIC_KEY", "") VAPID_CLAIMS_SUB: str = os.environ.get("VAPID_CLAIMS_SUB", "mailto:admin@fabledassistant.local") # Voice (Speech-to-Speech) feature VOICE_ENABLED: bool = os.environ.get("VOICE_ENABLED", "").lower() in ("1", "true", "yes") STT_BACKEND: str = os.environ.get("STT_BACKEND", "faster-whisper") STT_MODEL: str = os.environ.get("STT_MODEL", "base.en") TTS_BACKEND: str = os.environ.get("TTS_BACKEND", "kokoro") @classmethod def oidc_enabled(cls) -> bool: return bool(cls.OIDC_ISSUER and cls.OIDC_CLIENT_ID and cls.OIDC_CLIENT_SECRET) @classmethod def searxng_enabled(cls) -> bool: return bool(cls.SEARXNG_URL) @classmethod def validate(cls) -> None: """Validate critical config values at startup. Raises ValueError on misconfiguration.""" errors: list[str] = [] if cls.OLLAMA_NUM_CTX < 512: errors.append(f"OLLAMA_NUM_CTX={cls.OLLAMA_NUM_CTX} is too small (minimum 512)") if cls.LOG_RETENTION_DAYS < 1: errors.append(f"LOG_RETENTION_DAYS={cls.LOG_RETENTION_DAYS} must be >= 1") if cls.IMAGE_MAX_BYTES < 1024: errors.append(f"IMAGE_MAX_BYTES={cls.IMAGE_MAX_BYTES} must be >= 1024") if not (1 <= cls.SMTP_PORT <= 65535): errors.append(f"SMTP_PORT={cls.SMTP_PORT} must be between 1 and 65535") if cls.oidc_enabled() and not cls.BASE_URL.startswith(("http://", "https://")): errors.append(f"BASE_URL='{cls.BASE_URL}' must start with http:// or https:// when OIDC is enabled") if cls.SECRET_KEY == "dev-secret-change-me" and cls.SECURE_COOKIES: errors.append( "SECRET_KEY is set to the insecure default but SECURE_COOKIES=true indicates " "a production deployment. Set SECRET_KEY or SECRET_KEY_FILE before starting." ) _valid_stt_models = {"tiny.en", "base.en", "small.en", "medium.en"} if cls.VOICE_ENABLED and cls.STT_MODEL not in _valid_stt_models: errors.append( f"STT_MODEL='{cls.STT_MODEL}' is not supported. " f"Valid values: {', '.join(sorted(_valid_stt_models))}" ) if errors: raise ValueError("Configuration errors:\n" + "\n".join(f" - {e}" for e in errors))