lewis.moe / bspds-sandbox
this repo has no description
fork atom
bspds-sandbox / .env.example
at ed3879161d69c7374df33f682095bd5c64de2389 7.4 kB view raw
1# ============================================================================= 2# Server 3# ============================================================================= 4SERVER_HOST=127.0.0.1 5SERVER_PORT=3000 6# The public-facing hostname of the PDS (used in DID documents, JWTs, etc.) 7PDS_HOSTNAME=localhost:3000 8# ============================================================================= 9# Database 10# ============================================================================= 11DATABASE_URL=postgres://postgres:postgres@localhost:5432/pds 12# Connection pool settings (defaults are good for most deployments) 13# DATABASE_MAX_CONNECTIONS=100 14# DATABASE_MIN_CONNECTIONS=10 15# DATABASE_ACQUIRE_TIMEOUT_SECS=30 16# ============================================================================= 17# Blob Storage (S3-compatible) 18# ============================================================================= 19S3_ENDPOINT=http://localhost:9000 20AWS_REGION=us-east-1 21S3_BUCKET=pds-blobs 22AWS_ACCESS_KEY_ID=minioadmin 23AWS_SECRET_ACCESS_KEY=minioadmin 24# ============================================================================= 25# Valkey (for caching and distributed rate limiting) 26# ============================================================================= 27# If not set, falls back to in-memory caching (single-node only) 28# VALKEY_URL=redis://localhost:6379 29# ============================================================================= 30# Security Secrets 31# ============================================================================= 32# These MUST be set in production (minimum 32 characters each) 33# In development, set TRANQUIL_PDS_ALLOW_INSECURE_SECRETS=1 to use defaults 34# Server-wide secret for OAuth token signing (HS256) 35# JWT_SECRET=your-secure-random-string-at-least-32-chars 36# Secret for DPoP proof validation 37# DPOP_SECRET=your-secure-random-string-at-least-32-chars 38# Key for encrypting user signing keys at rest (AES-256-GCM) 39# MASTER_KEY=your-secure-random-string-at-least-32-chars 40# Set this ONLY in development to allow default/weak secrets 41# TRANQUIL_PDS_ALLOW_INSECURE_SECRETS=1 42# ============================================================================= 43# PLC Directory 44# ============================================================================= 45# PLC_DIRECTORY_URL=https://plc.directory 46# PLC_TIMEOUT_SECS=10 47# PLC_CONNECT_TIMEOUT_SECS=5 48# Optional: rotation key for PLC operations (defaults to user's key) 49# PLC_ROTATION_KEY=did:key:... 50# ============================================================================= 51# DID Resolution 52# ============================================================================= 53# Cache TTL for resolved DID documents (default: 300 seconds) 54# DID_CACHE_TTL_SECS=300 55# ============================================================================= 56# Relays 57# ============================================================================= 58# Comma-separated list of relay URLs to notify via requestCrawl 59# CRAWLERS=https://bsky.network,https://relay.upcloud.world 60# ============================================================================= 61# Firehose (subscribeRepos WebSocket) 62# ============================================================================= 63# Buffer size for firehose broadcast channel 64# FIREHOSE_BUFFER_SIZE=10000 65# Disconnect slow consumers after this many events of lag 66# FIREHOSE_MAX_LAG=5000 67# ============================================================================= 68# Notification Service 69# ============================================================================= 70# Queue processing settings 71# NOTIFICATION_BATCH_SIZE=100 72# NOTIFICATION_POLL_INTERVAL_MS=1000 73# Email notifications (via sendmail/msmtp) 74# MAIL_FROM_ADDRESS=noreply@example.com 75# MAIL_FROM_NAME=My PDS 76# SENDMAIL_PATH=/usr/sbin/sendmail 77# Discord notifications (via webhook) 78# DISCORD_WEBHOOK_URL=https://discord.com/api/webhooks/... 79# Telegram notifications (via bot) 80# TELEGRAM_BOT_TOKEN=your-bot-token 81# Signal notifications (via signal-cli) 82# SIGNAL_CLI_PATH=/usr/local/bin/signal-cli 83# SIGNAL_SENDER_NUMBER=+1234567890 84# ============================================================================= 85# Upload Limits 86# ============================================================================= 87# Maximum blob/body size in bytes (default: 10GB) 88# This controls both the Axum body limit and blob upload limits. 89# Make sure your nginx client_max_body_size matches or exceeds this value. 90# MAX_BLOB_SIZE=10737418240 91# ============================================================================= 92# Repository Import 93# ============================================================================= 94# Set to "true" to accept repository imports 95# ACCEPTING_REPO_IMPORTS=false 96# Maximum import size in bytes (default: 100MB) 97# MAX_IMPORT_SIZE=104857600 98# Maximum blocks per import (default: 100000) 99# MAX_IMPORT_BLOCKS=100000 100# Skip verification during import (testing only) 101# SKIP_IMPORT_VERIFICATION=false 102# ============================================================================= 103# Account Registration 104# ============================================================================= 105# Require invite codes for registration 106# INVITE_CODE_REQUIRED=false 107# Comma-separated list of available user domains 108# AVAILABLE_USER_DOMAINS=example.com 109# ============================================================================= 110# Server Metadata (returned by describeServer) 111# ============================================================================= 112# Privacy policy URL (optional) 113# PRIVACY_POLICY_URL=https://example.com/privacy 114# Terms of service URL (optional) 115# TERMS_OF_SERVICE_URL=https://example.com/terms 116# Contact email address (optional) 117# CONTACT_EMAIL=admin@example.com 118# ============================================================================= 119# Rate Limiting 120# ============================================================================= 121# Disable all rate limiting (testing only, NEVER in production) 122# DISABLE_RATE_LIMITING=1 123# ============================================================================= 124# Account Deletion 125# ============================================================================= 126# How often to check for scheduled account deletions (default: 3600 = 1 hour) 127# SCHEDULED_DELETE_CHECK_INTERVAL_SECS=3600 128# ============================================================================= 129# Moderation / Report Service 130# ============================================================================= 131# If configured, moderation reports will be proxied to this service 132# instead of being stored locally. The service should implement the 133# com.atproto.moderation.createReport endpoint (e.g., Bluesky's Ozone). 134# Both URL and DID must be set for proxying to be enabled. 135# REPORT_SERVICE_URL=https://mod.bsky.app 136# REPORT_SERVICE_DID=did:plc:ar7c4by46qjdydhdevvrndac 137# ============================================================================= 138# Miscellaneous 139# ============================================================================= 140# Allow HTTP for proxy requests (development only) 141# ALLOW_HTTP_PROXY=1 142# Custom frontend directory (defaults to ./frontend/dist) 143# FRONTEND_DIR=/path/to/frontend/dist 144CARGO_MOMMYS_LITTLE=mister 145CARGO_MOMMYS_PRONOUNS=his 146CARGO_MOMMYS_ROLES=daddy 147CARGO_MOMMYS_EMOTES="🚛/🧱/🚜/🔩/🦺" 148CARGO_MOMMYS_MOODS=ominous