.env.hold.example at loom · evan.jarrett.net/at-container-registry

evan.jarrett.net / at-container-registry
A container registry that uses the AT Protocol for manifest storage and S3 for blob storage. atcr.io
docker container atproto go
at-container-registry / .env.hold.example
at loom 4.5 kB view raw
  1# ATCR Hold Service Configuration
  2# Copy this file to .env and fill in your values
  3
  4# ==============================================================================
  5# Required Configuration
  6# ==============================================================================
  7
  8# Hold service public URL (REQUIRED)
  9# The hostname becomes the hold name/record key
 10# Examples: https://hold1.atcr.io, http://127.0.0.1:8080
 11HOLD_PUBLIC_URL=http://127.0.0.1:8080
 12
 13# ==============================================================================
 14# Storage Configuration
 15# ==============================================================================
 16
 17# Storage driver type (s3, filesystem)
 18# Default: s3
 19#
 20# S3 Presigned URLs:
 21#   When using S3 storage, presigned URLs are automatically enabled for direct
 22#   client ↔ S3 transfers. This eliminates the hold service as a bandwidth
 23#   bottleneck, reducing hold bandwidth by ~99% for push/pull operations.
 24#   Falls back to proxy mode automatically for non-S3 drivers.
 25STORAGE_DRIVER=filesystem
 26
 27# S3 Access Credentials
 28AWS_ACCESS_KEY_ID=your_access_key
 29AWS_SECRET_ACCESS_KEY=your_secret_key
 30
 31# S3 Region
 32# Examples: us-east-1, us-west-2, eu-west-1
 33# For UpCloud: us-chi1, us-nyc1, de-fra1, uk-lon1, sg-sin1
 34# Default: us-east-1
 35AWS_REGION=us-east-1
 36
 37# S3 Bucket Name
 38S3_BUCKET=atcr-blobs
 39
 40# S3 Endpoint (for S3-compatible services like Storj, Minio, UpCloud)
 41# Examples:
 42#   - Storj: https://gateway.storjshare.io
 43#   - UpCloud: https://[bucket-id].upcloudobjects.com
 44#   - Minio: http://minio:9000
 45# Leave empty for AWS S3
 46# S3_ENDPOINT=https://gateway.storjshare.io
 47
 48# For filesystem driver:
 49# STORAGE_DRIVER=filesystem
 50# STORAGE_ROOT_DIR=/var/lib/atcr/hold
 51
 52# ==============================================================================
 53# Server Configuration
 54# ==============================================================================
 55
 56# Server listen address (default: :8080)
 57# HOLD_SERVER_ADDR=:8080
 58
 59# Allow public blob reads (pulls) without authentication
 60# Writes (pushes) always require crew membership via PDS
 61# Default: false
 62HOLD_PUBLIC=false
 63
 64# ==============================================================================
 65# Embedded PDS Configuration
 66# ==============================================================================
 67
 68# Directory path for embedded PDS carstore (SQLite database)
 69# Default: /var/lib/atcr-hold
 70# If empty, embedded PDS is disabled
 71#
 72# Note: This should be a directory path, NOT a file path
 73# Carstore creates db.sqlite3 inside this directory
 74#
 75# The embedded PDS makes the hold a proper ATProto user with:
 76# - did:web identity (derived from HOLD_PUBLIC_URL hostname)
 77# - DID document at /.well-known/did.json
 78# - XRPC endpoints for crew management
 79# - ATProto blob endpoints (wraps existing presigned URL logic)
 80HOLD_DATABASE_DIR=/var/lib/atcr-hold
 81
 82# Path to signing key (auto-generated on first run if missing)
 83# Default: {HOLD_DATABASE_DIR}/signing.key
 84# HOLD_KEY_PATH=/var/lib/atcr-hold/signing.key
 85
 86# ==============================================================================
 87# Bluesky Integration
 88# ==============================================================================
 89
 90# Enable Bluesky posts when users push container images (default: false)
 91# When enabled, the hold's embedded PDS will create posts announcing image pushes
 92# Synced to captain record's enableBlueskyPosts field on startup
 93# HOLD_BLUESKY_POSTS_ENABLED=false
 94
 95# ==============================================================================
 96# Registration (REQUIRED)
 97# ==============================================================================
 98
 99# Your ATProto DID (REQUIRED for registration)
100# Get your DID: https://bsky.social/xrpc/com.atproto.identity.resolveHandle?handle=yourhandle.bsky.social
101#
102# On first run with HOLD_OWNER set:
103#   1. Hold service will print an OAuth URL to the logs
104#   2. Visit the URL in your browser to authorize
105#   3. Hold service creates hold + crew records in your PDS
106#   4. Registration complete!
107#
108# On subsequent runs:
109#   - Hold service checks if already registered
110#   - Skips OAuth if records exist
111#
112HOLD_OWNER=did:plc:your-did-here
113
114# ==============================================================================
115# Logging Configuration
116# ==============================================================================
117
118# Log level: debug, info, warn, error (default: info)
119ATCR_LOG_LEVEL=debug
120
121# Log formatter: text, json (default: text)
122# ATCR_LOG_FORMATTER=text