Configuration

Table of Contents

1. Configuration Files
2. Environment Variables
   1. Core Settings
   2. AI / Transcription
   3. Email (Resend)
   4. Billing (Stripe)
   5. Cloud Storage (S3)
   6. Compliance
3. TOML Configuration
   1. Server Settings
   2. Database Settings
   3. Authentication Settings
   4. Transcription Settings
   5. Email Settings
   6. Storage Settings
   7. Compliance Settings
4. Feature Flags
5. Logging Configuration
6. Example .env File

---

Configuration Files

File	Purpose
config/default.toml	Main application configuration
.env	Environment variables (secrets)
ecosystem.config.js	PM2 process configuration

Environment Variables

Core Settings

Variable	Description	Default
DATABASE_URL	Aegis-DB connection URL	aegis://localhost:9091/default
JWT_SECRET	JWT signing key (required, 48+ chars)	-
SERVER_HOST	API server bind address	0.0.0.0
SERVER_PORT	API server port	8080
EXTERNAL_URL	Public URL for callbacks	http://localhost:8080
RUST_LOG	Log level	info

AI / Transcription

Variable	Description	Default
OLLAMA_URL	Ollama API endpoint	http://localhost:11434
WHISPER_MODEL_PATH	Path to Whisper model	./models/whisper/ggml-base.bin

Email (Resend)

Variable	Description	Default
RESEND_API_KEY	Resend API key	-
EMAIL_FROM	Sender email address	noreply@your-domain.com

Billing (Stripe)

Variable	Description	Default
STRIPE_SECRET_KEY	Stripe secret key	-
STRIPE_WEBHOOK_SECRET	Stripe webhook signing secret	-
STRIPE_PRICE_PRO	Pro plan price ID	-
STRIPE_PRICE_ENTERPRISE	Enterprise plan price ID	-

Cloud Storage (S3)

Variable	Description	Default
AWS_ACCESS_KEY_ID	AWS access key	-
AWS_SECRET_ACCESS_KEY	AWS secret key	-
AWS_REGION	S3 region	us-east-1
S3_BUCKET	S3 bucket name	-

Compliance

Variable	Description	Default
HIPAA_ENABLED	Enable HIPAA compliance mode	false
ENCRYPTION_KEY	Field-level encryption key (base64)	-

TOML Configuration

Server Settings

[server]
host = "0.0.0.0"
port = 8080
log_level = "info"
external_url = "https://your-domain.com"

[server.tls]
enabled = false
cert_file = "/path/to/cert.pem"
key_file = "/path/to/key.pem"

Database Settings

[database]
url = "aegis://localhost:9091/default"
pool_size = 10
timeout = 30

Authentication Settings

[auth]
jwt_secret = "${JWT_SECRET}"
access_token_expiry = 3600      # 1 hour
refresh_token_expiry = 2592000  # 30 days
max_login_attempts = 5
lockout_duration = 900          # 15 minutes

Transcription Settings

[transcription]
model = "whisper-base"
language = "en"
sample_rate = 16000
vad_threshold = 0.5
max_segment_length = 30

Email Settings

[email]
provider = "resend"
api_key = "${RESEND_API_KEY}"
from_address = "noreply@your-domain.com"
from_name = "NexusScribe"

Storage Settings

[storage]
provider = "local"  # or "s3"
local_path = "./data/uploads"

[storage.s3]
bucket = "${S3_BUCKET}"
region = "${AWS_REGION}"
access_key = "${AWS_ACCESS_KEY_ID}"
secret_key = "${AWS_SECRET_ACCESS_KEY}"

Compliance Settings

[compliance]
hipaa_enabled = false
audit_retention_days = 2190  # 6 years

[compliance.retention]
transcripts_days = 2555      # 7 years
recordings_days = 90
temp_files_hours = 24

Feature Flags

Build-time feature flags:

Flag	Description
--features vault	HashiCorp Vault integration
--features tls	Native TLS termination
--features hailo	Hailo NPU acceleration
--features saml	SSO/SAML authentication
--features compliance	Full compliance suite

Example:

cargo build --release --features "vault,tls,saml,compliance"

Logging Configuration

Set log levels via RUST_LOG:

# Basic
export RUST_LOG=info

# Detailed for specific modules
export RUST_LOG=nexus_scribe_web=debug,nexus_scribe_db=trace

# All debug
export RUST_LOG=debug

Example .env File

# Core
DATABASE_URL=aegis://localhost:9091/default
JWT_SECRET=your-secure-jwt-secret-minimum-48-characters-long
SERVER_HOST=0.0.0.0
SERVER_PORT=8080
EXTERNAL_URL=https://transcribe.your-domain.com

# AI
OLLAMA_URL=http://localhost:11434

# Email
RESEND_API_KEY=re_xxxxx
EMAIL_FROM=noreply@your-domain.com

# Logging
RUST_LOG=info