-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy path.env.example
More file actions
143 lines (108 loc) · 5.5 KB
/
.env.example
File metadata and controls
143 lines (108 loc) · 5.5 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
# Hypergoat Configuration
# Copy this file to .env and modify as needed
# =============================================================================
# Server Configuration
# =============================================================================
# Host to bind to (use 0.0.0.0 for Docker, 127.0.0.1 for local development)
HOST=127.0.0.1
# Port to listen on
PORT=8080
# =============================================================================
# Database Configuration
# =============================================================================
# Database connection URL
# SQLite: sqlite:data/hypergoat.db or sqlite::memory:
# PostgreSQL: postgres://user:pass@localhost:5432/hypergoat?sslmode=disable
DATABASE_URL=sqlite:data/hypergoat.db
# =============================================================================
# Security Configuration
# =============================================================================
# Secret key for session encryption (must be at least 64 characters)
# Generate with: openssl rand -base64 48
# IMPORTANT: This MUST be persistent across restarts or sessions will be invalidated
SECRET_KEY_BASE=CHANGE_ME_TO_A_RANDOM_64_CHARACTER_STRING_USE_OPENSSL_RAND
# Trust X-User-DID header from reverse proxy for authentication
# DANGEROUS: only enable when running behind a trusted reverse proxy
# TRUST_PROXY_HEADERS=false
# Allowed origins for CORS and WebSocket connections (comma-separated)
# Empty or unset = allow all origins. Set explicit origins in production.
# Examples: https://myapp.com,https://admin.myapp.com
# ALLOWED_ORIGINS=
# Admin DIDs (comma-separated) - users with admin access to the dashboard
# Example: did:plc:qc42fmqqlsmdq7jiypiiigww is daviddao.org
ADMIN_DIDS=did:plc:qc42fmqqlsmdq7jiypiiigww
# Domain DID for server identity (defaults to did:web:{HOST})
# DOMAIN_DID=
# =============================================================================
# OAuth Configuration
# =============================================================================
# External base URL for OAuth redirects and client metadata
# The redirect URI will be: ${EXTERNAL_BASE_URL}/oauth/callback
# Defaults to http://{HOST}:{PORT} if not set
# For loopback mode, use 127.0.0.1 (not localhost) per RFC 8252
# EXTERNAL_BASE_URL=http://127.0.0.1:8080
# OAuth signing key in multibase format (for JWT signing)
# Generate with the key generation utility
# OAUTH_SIGNING_KEY=
# OAuth loopback mode - enables local development without ngrok/tunnels
# When true, uses loopback client IDs: http://localhost/?redirect_uri=...&scope=...
# Set to "true" for local development, leave unset for production
# OAUTH_LOOPBACK_MODE=true
# =============================================================================
# Lexicon Configuration
# =============================================================================
# Directory to load lexicon JSON files from (default: testdata/lexicons)
# LEXICON_DIR=
# =============================================================================
# Jetstream Configuration
# =============================================================================
# Jetstream WebSocket URL (default: wss://jetstream2.us-west.bsky.network/subscribe)
# JETSTREAM_URL=
# Collections to subscribe to via Jetstream (comma-separated NSIDs)
# If not set, uses collections from registered lexicons
# JETSTREAM_COLLECTIONS=
# Disable Jetstream cursor tracking (useful in development to avoid
# backfilling events from previous sessions)
# Set to "true", "1", or "yes" to disable
# JETSTREAM_DISABLE_CURSOR=false
# =============================================================================
# Backfill Configuration
# =============================================================================
# Run backfill on server start
# BACKFILL_ON_START=false
# Collections to backfill (comma-separated, defaults to JETSTREAM_COLLECTIONS)
# BACKFILL_COLLECTIONS=
# Relay URL for discovering repos (com.atproto.sync.listReposByCollection)
# BACKFILL_RELAY_URL=https://relay1.us-west.bsky.network
# PLC directory URL for resolving DIDs
# BACKFILL_PLC_URL=https://plc.directory
# Concurrent requests per PDS during backfill
# BACKFILL_PDS_CONCURRENCY=4
# Global maximum concurrent HTTP requests (prevents overwhelming network)
# Higher = faster but more resource intensive
# BACKFILL_MAX_HTTP=50
# Maximum concurrent PDS workers (sliding window pattern)
# Each PDS is processed independently with up to MAX_PER_PDS concurrent requests
# BACKFILL_MAX_PDS_WORKERS=10
# Maximum concurrent requests per PDS during backfill
# Prevents overwhelming individual PDS servers
# BACKFILL_MAX_PER_PDS=6
# Maximum concurrent DID resolutions during discovery phase
# BACKFILL_MAX_REPOS=50
# Timeout per repo in milliseconds
# BACKFILL_REPO_TIMEOUT=60000
# =============================================================================
# PLC Directory
# =============================================================================
# PLC directory URL for DID resolution (default: https://plc.directory)
# PLC_DIRECTORY_URL=
# =============================================================================
# External Services (Defaults configured via Admin UI)
# =============================================================================
# These settings can also be configured through the Settings page (/settings)
#
# Defaults:
# - Relay URL: https://relay1.us-west.bsky.network
# - PLC Directory URL: https://plc.directory
# - Jetstream URL: wss://jetstream2.us-west.bsky.network/subscribe
# - OAuth Supported Scopes: atproto transition:generic