altagos.dev
forked from
lewis.moe/bspds-sandbox
PDS software with bells & whistles you didn’t even know you needed. will move this to its own account when ready.
1# =============================================================================
2# Server
3# =============================================================================
4SERVER_HOST=127.0.0.1
5SERVER_PORT=3000
6# The public-facing hostname of the PDS (used in DID documents, JWTs, etc.)
7PDS_HOSTNAME=localhost:3000
8# =============================================================================
9# Database
10# =============================================================================
11DATABASE_URL=postgres://postgres:postgres@localhost:5432/pds
12# Connection pool settings (defaults are good for most deployments)
13# DATABASE_MAX_CONNECTIONS=100
14# DATABASE_MIN_CONNECTIONS=10
15# DATABASE_ACQUIRE_TIMEOUT_SECS=30
16# =============================================================================
17# Blob Storage (S3-compatible)
18# =============================================================================
19S3_ENDPOINT=http://localhost:9000
20AWS_REGION=us-east-1
21S3_BUCKET=pds-blobs
22AWS_ACCESS_KEY_ID=minioadmin
23AWS_SECRET_ACCESS_KEY=minioadmin
24# =============================================================================
25# Valkey (for caching and distributed rate limiting)
26# =============================================================================
27# If not set, falls back to in-memory caching (single-node only)
28# VALKEY_URL=redis://localhost:6379
29# =============================================================================
30# Security Secrets
31# =============================================================================
32# These MUST be set in production (minimum 32 characters each)
33# In development, set TRANQUIL_PDS_ALLOW_INSECURE_SECRETS=1 to use defaults
34# Server-wide secret for OAuth token signing (HS256)
35# JWT_SECRET=your-secure-random-string-at-least-32-chars
36# Secret for DPoP proof validation
37# DPOP_SECRET=your-secure-random-string-at-least-32-chars
38# Key for encrypting user signing keys at rest (AES-256-GCM)
39# MASTER_KEY=your-secure-random-string-at-least-32-chars
40# Set this ONLY in development to allow default/weak secrets
41# TRANQUIL_PDS_ALLOW_INSECURE_SECRETS=1
42# =============================================================================
43# PLC Directory
44# =============================================================================
45# PLC_DIRECTORY_URL=https://plc.directory
46# PLC_TIMEOUT_SECS=10
47# PLC_CONNECT_TIMEOUT_SECS=5
48# Optional: rotation key for PLC operations (defaults to user's key)
49# PLC_ROTATION_KEY=did:key:...
50# =============================================================================
51# DID Resolution
52# =============================================================================
53# Cache TTL for resolved DID documents (default: 300 seconds)
54# DID_CACHE_TTL_SECS=300
55# =============================================================================
56# Relays
57# =============================================================================
58# Comma-separated list of relay URLs to notify via requestCrawl
59# CRAWLERS=https://bsky.network,https://relay.upcloud.world
60# =============================================================================
61# Firehose (subscribeRepos WebSocket)
62# =============================================================================
63# Buffer size for firehose broadcast channel
64# FIREHOSE_BUFFER_SIZE=10000
65# Disconnect slow consumers after this many events of lag
66# FIREHOSE_MAX_LAG=5000
67# =============================================================================
68# Notification Service
69# =============================================================================
70# Queue processing settings
71# NOTIFICATION_BATCH_SIZE=100
72# NOTIFICATION_POLL_INTERVAL_MS=1000
73# Email notifications (via sendmail/msmtp)
74# MAIL_FROM_ADDRESS=noreply@example.com
75# MAIL_FROM_NAME=My PDS
76# SENDMAIL_PATH=/usr/sbin/sendmail
77# Discord notifications (via webhook)
78# DISCORD_WEBHOOK_URL=https://discord.com/api/webhooks/...
79# Telegram notifications (via bot)
80# TELEGRAM_BOT_TOKEN=your-bot-token
81# Signal notifications (via signal-cli)
82# SIGNAL_CLI_PATH=/usr/local/bin/signal-cli
83# SIGNAL_SENDER_NUMBER=+1234567890
84# =============================================================================
85# Upload Limits
86# =============================================================================
87# Maximum blob/body size in bytes (default: 10GB)
88# This controls both the Axum body limit and blob upload limits.
89# Make sure your nginx client_max_body_size matches or exceeds this value.
90# MAX_BLOB_SIZE=10737418240
91# =============================================================================
92# Repository Import
93# =============================================================================
94# Set to "true" to accept repository imports
95# ACCEPTING_REPO_IMPORTS=false
96# Maximum import size in bytes (default: 100MB)
97# MAX_IMPORT_SIZE=104857600
98# Maximum blocks per import (default: 100000)
99# MAX_IMPORT_BLOCKS=100000
100# Skip verification during import (testing only)
101# SKIP_IMPORT_VERIFICATION=false
102# =============================================================================
103# Account Registration
104# =============================================================================
105# Require invite codes for registration
106# INVITE_CODE_REQUIRED=false
107# Comma-separated list of available user domains
108# AVAILABLE_USER_DOMAINS=example.com
109# Enable self-hosted did:web identities (default: true)
110# Hosting did:web requires a long-term commitment to serve DID documents.
111# Set to false if you don't want to offer this option.
112# ENABLE_SELF_HOSTED_DID_WEB=true
113# =============================================================================
114# Server Metadata (returned by describeServer)
115# =============================================================================
116# Privacy policy URL (optional)
117# PRIVACY_POLICY_URL=https://example.com/privacy
118# Terms of service URL (optional)
119# TERMS_OF_SERVICE_URL=https://example.com/terms
120# Contact email address (optional)
121# CONTACT_EMAIL=admin@example.com
122# =============================================================================
123# Rate Limiting
124# =============================================================================
125# Disable all rate limiting (testing only, NEVER in production)
126# DISABLE_RATE_LIMITING=1
127# =============================================================================
128# Account Deletion
129# =============================================================================
130# How often to check for scheduled account deletions (default: 3600 = 1 hour)
131# SCHEDULED_DELETE_CHECK_INTERVAL_SECS=3600
132# =============================================================================
133# Moderation / Report Service
134# =============================================================================
135# If configured, moderation reports will be proxied to this service
136# instead of being stored locally. The service should implement the
137# com.atproto.moderation.createReport endpoint (e.g., Bluesky's Ozone).
138# Both URL and DID must be set for proxying to be enabled.
139# REPORT_SERVICE_URL=https://mod.bsky.app
140# REPORT_SERVICE_DID=did:plc:ar7c4by46qjdydhdevvrndac
141# =============================================================================
142# Age Assurance Override
143# =============================================================================
144# Enable this if you have separately assured the ages of your users
145# (e.g., through your own age verification process). When enabled, the PDS
146# will return "assured" status for age assurance checks instead of proxying
147# to the appview. This helps migrated users avoid the age assurance
148# catch-22 on bsky.app.
149# PDS_AGE_ASSURANCE_OVERRIDE=1
150# =============================================================================
151# Miscellaneous
152# =============================================================================
153# Allow HTTP for proxy requests (development only)
154# ALLOW_HTTP_PROXY=1
155# Custom frontend directory (defaults to ./frontend/dist)
156# FRONTEND_DIR=/path/to/frontend/dist
157CARGO_MOMMYS_LITTLE=mister
158CARGO_MOMMYS_PRONOUNS=his
159CARGO_MOMMYS_ROLES=daddy
160CARGO_MOMMYS_EMOTES="🚛/🧱/🚜/🔩/🦺"
161CARGO_MOMMYS_MOODS=ominous