.env.hold.example at refactor · evan.jarrett.net/at-container-registry

evan.jarrett.net / at-container-registry
fork atom
A container registry that uses the AT Protocol for manifest storage and S3 for blob storage. atcr.io
docker container atproto go
fork atom
at-container-registry / .env.hold.example
at refactor 127 lines 4.8 kB view raw
wrap content
evan.jarrett.net deployment fixes. add open graph 2mo ago
044d408c
  1# ATCR Hold Service Configuration
  2# Copy this file to .env and fill in your values
  3
  4# ==============================================================================
  5# Required Configuration
  6# ==============================================================================
  7
  8# Hold service public URL (REQUIRED)
  9# The hostname becomes the hold name/record key
 10# Examples: https://hold1.atcr.io, http://127.0.0.1:8080
 11HOLD_PUBLIC_URL=http://127.0.0.1:8080
 12
 13# ==============================================================================
 14# Storage Configuration
 15# ==============================================================================
 16
 17# Storage driver type (s3, filesystem)
 18# Default: s3
 19#
 20# S3 Presigned URLs:
 21#   When using S3 storage, presigned URLs are automatically enabled for direct
 22#   client ↔ S3 transfers. This eliminates the hold service as a bandwidth
 23#   bottleneck, reducing hold bandwidth by ~99% for push/pull operations.
 24#   Falls back to proxy mode automatically for non-S3 drivers.
 25STORAGE_DRIVER=filesystem
 26
 27# S3 Access Credentials
 28AWS_ACCESS_KEY_ID=your_access_key
 29AWS_SECRET_ACCESS_KEY=your_secret_key
 30
 31# S3 Region
 32# For third-party S3 providers, this is ignored when S3_ENDPOINT is set,
 33# but must be a valid AWS region (e.g., us-east-1) to pass validation.
 34# Default: us-east-1
 35AWS_REGION=us-east-1
 36
 37# S3 Bucket Name
 38S3_BUCKET=atcr-blobs
 39
 40# S3 Endpoint (for S3-compatible services like Storj, Minio, UpCloud)
 41# Examples:
 42#   - Storj: https://gateway.storjshare.io
 43#   - UpCloud: https://[bucket-id].upcloudobjects.com
 44#   - Minio: http://minio:9000
 45# Leave empty for AWS S3
 46# S3_ENDPOINT=https://gateway.storjshare.io
 47
 48# For filesystem driver:
 49# STORAGE_DRIVER=filesystem
 50# STORAGE_ROOT_DIR=/var/lib/atcr/hold
 51
 52# ==============================================================================
 53# Server Configuration
 54# ==============================================================================
 55
 56# Server listen address (default: :8080)
 57# HOLD_SERVER_ADDR=:8080
 58
 59# Allow public blob reads (pulls) without authentication
 60# Writes (pushes) always require crew membership via PDS
 61# Default: false
 62HOLD_PUBLIC=false
 63
 64# ATProto relay endpoint for requesting crawl on startup
 65# This makes the hold's embedded PDS discoverable by the relay network
 66# Default: https://bsky.network (set to empty string to disable)
 67# HOLD_RELAY_ENDPOINT=https://bsky.network
 68
 69# ==============================================================================
 70# Embedded PDS Configuration
 71# ==============================================================================
 72
 73# Directory path for embedded PDS carstore (SQLite database)
 74# Default: /var/lib/atcr-hold
 75# If empty, embedded PDS is disabled
 76#
 77# Note: This should be a directory path, NOT a file path
 78# Carstore creates db.sqlite3 inside this directory
 79#
 80# The embedded PDS makes the hold a proper ATProto user with:
 81# - did:web identity (derived from HOLD_PUBLIC_URL hostname)
 82# - DID document at /.well-known/did.json
 83# - XRPC endpoints for crew management
 84# - ATProto blob endpoints (wraps existing presigned URL logic)
 85HOLD_DATABASE_DIR=/var/lib/atcr-hold
 86
 87# Path to signing key (auto-generated on first run if missing)
 88# Default: {HOLD_DATABASE_DIR}/signing.key
 89# HOLD_KEY_PATH=/var/lib/atcr-hold/signing.key
 90
 91# ==============================================================================
 92# Bluesky Integration
 93# ==============================================================================
 94
 95# Enable Bluesky posts when users push container images (default: false)
 96# When enabled, the hold's embedded PDS will create posts announcing image pushes
 97# Synced to captain record's enableBlueskyPosts field on startup
 98# HOLD_BLUESKY_POSTS_ENABLED=false
 99
100# ==============================================================================
101# Registration (REQUIRED)
102# ==============================================================================
103
104# Your ATProto DID (REQUIRED for registration)
105# Get your DID: https://bsky.social/xrpc/com.atproto.identity.resolveHandle?handle=yourhandle.bsky.social
106#
107# On first run with HOLD_OWNER set:
108#   1. Hold service will print an OAuth URL to the logs
109#   2. Visit the URL in your browser to authorize
110#   3. Hold service creates hold + crew records in your PDS
111#   4. Registration complete!
112#
113# On subsequent runs:
114#   - Hold service checks if already registered
115#   - Skips OAuth if records exist
116#
117HOLD_OWNER=did:plc:your-did-here
118
119# ==============================================================================
120# Logging Configuration
121# ==============================================================================
122
123# Log level: debug, info, warn, error (default: info)
124ATCR_LOG_LEVEL=debug
125
126# Log formatter: text, json (default: text)
127# ATCR_LOG_FORMATTER=text