fix(infra): align bot runtime config with terraform

docs/runbooks/iac-terraform.md

@@ -18,7 +18,7 @@ gcloud auth application-default login
 
 ```bash
 cp infra/terraform/terraform.tfvars.example infra/terraform/terraform.tfvars
-terraform -chdir=infra/terraform init
+terraform -chdir=infra/terraform init -backend-config="bucket=<terraform-state-bucket>"
 terraform -chdir=infra/terraform plan
 terraform -chdir=infra/terraform apply
 ```
@@ -35,10 +35,21 @@ bun run infra:validate
 After first apply, add secret versions:
 
 ```bash
+echo -n "<telegram-bot-token>" | gcloud secrets versions add telegram-bot-token --data-file=- --project <project_id>
 echo -n "<telegram-webhook-secret>" | gcloud secrets versions add telegram-webhook-secret --data-file=- --project <project_id>
 echo -n "<scheduler-shared-secret>" | gcloud secrets versions add scheduler-shared-secret --data-file=- --project <project_id>
 ```
 
+If you set optional secret IDs such as `database_url_secret_id` or
+`openai_api_key_secret_id`, add versions for those secrets too.
+
+Keep bot runtime config that is not secret in your `*.tfvars` file:
+
+- `bot_household_id`
+- `bot_household_chat_id`
+- `bot_purchase_topic_id`
+- optional `bot_parser_model`
+
 ## Environment strategy
 
 - Keep separate states for `dev` and `prod`.

infra/terraform/README.md

@@ -29,7 +29,7 @@ This directory contains baseline IaC for deploying the household bot platform on
 1. Initialize:
 
 ```bash
-terraform -chdir=infra/terraform init
+terraform -chdir=infra/terraform init -backend-config="bucket=<terraform-state-bucket>"
 ```
 
 2. Prepare variables:
@@ -53,10 +53,14 @@ terraform -chdir=infra/terraform apply
 5. Add secret values (after apply):
 
 ```bash
+echo -n "<telegram-bot-token>" | gcloud secrets versions add telegram-bot-token --data-file=- --project <project_id>
 echo -n "<value>" | gcloud secrets versions add telegram-webhook-secret --data-file=- --project <project_id>
 echo -n "<value>" | gcloud secrets versions add scheduler-shared-secret --data-file=- --project <project_id>
 ```
 
+If you configure optional secret IDs such as `database_url_secret_id` or
+`openai_api_key_secret_id`, add versions for those secrets as well.
+
 ## Environments
 
 Recommended approach:
@@ -64,6 +68,11 @@ Recommended approach:
 - Keep one state per environment (dev/prod) using separate backend configs or workspaces
 - Use `terraform.tfvars` per environment (`dev.tfvars`, `prod.tfvars`)
 - Keep `project_id` separate for dev/prod when possible
+- Keep non-secret bot config in `*.tfvars`:
+  - `bot_household_id`
+  - `bot_household_chat_id`
+  - `bot_purchase_topic_id`
+  - optional `bot_parser_model`
 
 ## CI validation
 

infra/terraform/locals.tf

@@ -19,7 +19,6 @@ locals {
     var.supabase_publishable_key_secret_id,
     var.database_url_secret_id,
     var.telegram_bot_token_secret_id,
-    var.telegram_bot_username_secret_id,
     var.openai_api_key_secret_id
   ]))
 

infra/terraform/main.tf

@@ -77,9 +77,23 @@ module "bot_api_service" {
   max_instance_count    = var.bot_max_instances
   labels                = local.common_labels
 
-  env = {
+  env = merge(
-    NODE_ENV = var.environment
+    {
-  }
+      NODE_ENV = var.environment
+    },
+    var.bot_household_id == null ? {} : {
+      HOUSEHOLD_ID = var.bot_household_id
+    },
+    var.bot_household_chat_id == null ? {} : {
+      TELEGRAM_HOUSEHOLD_CHAT_ID = var.bot_household_chat_id
+    },
+    var.bot_purchase_topic_id == null ? {} : {
+      TELEGRAM_PURCHASE_TOPIC_ID = tostring(var.bot_purchase_topic_id)
+    },
+    var.bot_parser_model == null ? {} : {
+      PARSER_MODEL = var.bot_parser_model
+    }
+  )
 
   secret_env = merge(
     {
@@ -98,9 +112,6 @@ module "bot_api_service" {
     var.telegram_bot_token_secret_id == null ? {} : {
       TELEGRAM_BOT_TOKEN = var.telegram_bot_token_secret_id
     },
-    var.telegram_bot_username_secret_id == null ? {} : {
-      TELEGRAM_BOT_USERNAME = var.telegram_bot_username_secret_id
-    },
     var.openai_api_key_secret_id == null ? {} : {
       OPENAI_API_KEY = var.openai_api_key_secret_id
     }

infra/terraform/terraform.tfvars.example

@@ -5,8 +5,13 @@ service_prefix = "household"
 
 artifact_repository_id = "household-bot"
 
-bot_api_image   = "europe-west1-docker.pkg.dev/my-gcp-project/household-bot/bot-api:latest"
+bot_api_image   = "europe-west1-docker.pkg.dev/my-gcp-project/household-bot/bot:latest"
-mini_app_image  = "europe-west1-docker.pkg.dev/my-gcp-project/household-bot/mini-app:latest"
+mini_app_image  = "europe-west1-docker.pkg.dev/my-gcp-project/household-bot/miniapp:latest"
+
+bot_household_id       = "11111111-1111-4111-8111-111111111111"
+bot_household_chat_id  = "-1001234567890"
+bot_purchase_topic_id  = 777
+bot_parser_model       = "gpt-4.1-mini"
 
 scheduler_cron     = "0 9 * * *"
 scheduler_timezone = "Asia/Tbilisi"

infra/terraform/variables.tf

@@ -78,14 +78,34 @@ variable "database_url_secret_id" {
 }
 
 variable "telegram_bot_token_secret_id" {
-  description = "Optional Secret Manager ID for TELEGRAM_BOT_TOKEN"
+  description = "Secret Manager ID for TELEGRAM_BOT_TOKEN"
+  type        = string
+  default     = "telegram-bot-token"
+}
+
+variable "bot_household_id" {
+  description = "Optional HOUSEHOLD_ID value for bot runtime"
   type        = string
   default     = null
   nullable    = true
 }
 
-variable "telegram_bot_username_secret_id" {
+variable "bot_household_chat_id" {
-  description = "Optional Secret Manager ID for TELEGRAM_BOT_USERNAME"
+  description = "Optional TELEGRAM_HOUSEHOLD_CHAT_ID value for bot runtime"
+  type        = string
+  default     = null
+  nullable    = true
+}
+
+variable "bot_purchase_topic_id" {
+  description = "Optional TELEGRAM_PURCHASE_TOPIC_ID value for bot runtime"
+  type        = number
+  default     = null
+  nullable    = true
+}
+
+variable "bot_parser_model" {
+  description = "Optional PARSER_MODEL override for bot runtime"
   type        = string
   default     = null
   nullable    = true