natalie.sh
forked from
lewis.moe/bspds-sandbox
PDS software with bells & whistles you didn’t even know you needed. will move this to its own account when ready.
1# =============================================================================
2# Server
3# =============================================================================
4SERVER_HOST=127.0.0.1
5SERVER_PORT=3000
6# The public-facing hostname of the PDS (used in DID documents, JWTs, etc.)
7PDS_HOSTNAME=localhost:3000
8# =============================================================================
9# Database
10# =============================================================================
11DATABASE_URL=postgres://postgres:postgres@localhost:5432/pds
12# Connection pool settings (defaults are good for most deployments)
13# DATABASE_MAX_CONNECTIONS=100
14# DATABASE_MIN_CONNECTIONS=10
15# DATABASE_ACQUIRE_TIMEOUT_SECS=30
16# =============================================================================
17# Blob Storage (S3-compatible)
18# =============================================================================
19S3_ENDPOINT=http://localhost:9000
20AWS_REGION=us-east-1
21S3_BUCKET=pds-blobs
22AWS_ACCESS_KEY_ID=minioadmin
23AWS_SECRET_ACCESS_KEY=minioadmin
24# =============================================================================
25# Backups (S3-compatible)
26# =============================================================================
27# Set to enable automatic repo backups to S3
28# BACKUP_S3_BUCKET=pds-backups
29# BACKUP_ENABLED=true
30# =============================================================================
31# Valkey (for caching and distributed rate limiting)
32# =============================================================================
33# If not set, falls back to in-memory caching (single-node only)
34# VALKEY_URL=redis://localhost:6379
35# =============================================================================
36# Security Secrets
37# =============================================================================
38# These MUST be set in production (minimum 32 characters each)
39# In development, set TRANQUIL_PDS_ALLOW_INSECURE_SECRETS=1 to use defaults
40# Server-wide secret for OAuth token signing (HS256)
41# JWT_SECRET=your-secure-random-string-at-least-32-chars
42# Secret for DPoP proof validation
43# DPOP_SECRET=your-secure-random-string-at-least-32-chars
44# Key for encrypting user signing keys at rest (AES-256-GCM)
45# MASTER_KEY=your-secure-random-string-at-least-32-chars
46# Set this ONLY in development to allow default/weak secrets
47# TRANQUIL_PDS_ALLOW_INSECURE_SECRETS=1
48# =============================================================================
49# PLC Directory
50# =============================================================================
51# PLC_DIRECTORY_URL=https://plc.directory
52# PLC_TIMEOUT_SECS=10
53# PLC_CONNECT_TIMEOUT_SECS=5
54# Optional: rotation key for PLC operations (defaults to user's key)
55# PLC_ROTATION_KEY=did:key:...
56# =============================================================================
57# DID Resolution
58# =============================================================================
59# Cache TTL for resolved DID documents (default: 300 seconds)
60# DID_CACHE_TTL_SECS=300
61# =============================================================================
62# Relays
63# =============================================================================
64# Comma-separated list of relay URLs to notify via requestCrawl
65# CRAWLERS=https://bsky.network,https://relay.upcloud.world
66# =============================================================================
67# Firehose (subscribeRepos WebSocket)
68# =============================================================================
69# Buffer size for firehose broadcast channel
70# FIREHOSE_BUFFER_SIZE=10000
71# Disconnect slow consumers after this many events of lag
72# FIREHOSE_MAX_LAG=5000
73# =============================================================================
74# Notification Service
75# =============================================================================
76# Queue processing settings
77# NOTIFICATION_BATCH_SIZE=100
78# NOTIFICATION_POLL_INTERVAL_MS=1000
79# Email notifications (via sendmail/msmtp)
80# MAIL_FROM_ADDRESS=noreply@example.com
81# MAIL_FROM_NAME=My PDS
82# SENDMAIL_PATH=/usr/sbin/sendmail
83# Discord notifications (via webhook)
84# DISCORD_WEBHOOK_URL=https://discord.com/api/webhooks/...
85# Telegram notifications (via bot)
86# TELEGRAM_BOT_TOKEN=your-bot-token
87# Signal notifications (via signal-cli)
88# SIGNAL_CLI_PATH=/usr/local/bin/signal-cli
89# SIGNAL_SENDER_NUMBER=+1234567890
90# =============================================================================
91# Upload Limits
92# =============================================================================
93# Maximum blob/body size in bytes (default: 10GB)
94# This controls both the Axum body limit and blob upload limits.
95# Make sure your nginx client_max_body_size matches or exceeds this value.
96# MAX_BLOB_SIZE=10737418240
97# =============================================================================
98# Repository Import
99# =============================================================================
100# Set to "true" to accept repository imports
101# ACCEPTING_REPO_IMPORTS=false
102# Maximum import size in bytes (default: 100MB)
103# MAX_IMPORT_SIZE=104857600
104# Maximum blocks per import (default: 100000)
105# MAX_IMPORT_BLOCKS=100000
106# Skip verification during import (testing only)
107# SKIP_IMPORT_VERIFICATION=false
108# =============================================================================
109# Account Registration
110# =============================================================================
111# Require invite codes for registration
112# INVITE_CODE_REQUIRED=false
113# Comma-separated list of available user domains
114# AVAILABLE_USER_DOMAINS=example.com
115# Enable self-hosted did:web identities (default: true)
116# Hosting did:web requires a long-term commitment to serve DID documents.
117# Set to false if you don't want to offer this option.
118# ENABLE_SELF_HOSTED_DID_WEB=true
119# =============================================================================
120# Server Metadata (returned by describeServer)
121# =============================================================================
122# Privacy policy URL (optional)
123# PRIVACY_POLICY_URL=https://example.com/privacy
124# Terms of service URL (optional)
125# TERMS_OF_SERVICE_URL=https://example.com/terms
126# Contact email address (optional)
127# CONTACT_EMAIL=admin@example.com
128# =============================================================================
129# Rate Limiting
130# =============================================================================
131# Disable all rate limiting (testing only, NEVER in production)
132# DISABLE_RATE_LIMITING=1
133# =============================================================================
134# Account Deletion
135# =============================================================================
136# How often to check for scheduled account deletions (default: 3600 = 1 hour)
137# SCHEDULED_DELETE_CHECK_INTERVAL_SECS=3600
138# =============================================================================
139# Moderation / Report Service
140# =============================================================================
141# If configured, moderation reports will be proxied to this service
142# instead of being stored locally. The service should implement the
143# com.atproto.moderation.createReport endpoint (e.g., Bluesky's Ozone).
144# Both URL and DID must be set for proxying to be enabled.
145# REPORT_SERVICE_URL=https://mod.bsky.app
146# REPORT_SERVICE_DID=did:plc:ar7c4by46qjdydhdevvrndac
147# =============================================================================
148# Age Assurance Override
149# =============================================================================
150# Enable this if you have separately assured the ages of your users
151# (e.g., through your own age verification process). When enabled, the PDS
152# will return "assured" status for age assurance checks instead of proxying
153# to the appview. This helps migrated users avoid the age assurance
154# catch-22 on bsky.app.
155# PDS_AGE_ASSURANCE_OVERRIDE=1
156# =============================================================================
157# Miscellaneous
158# =============================================================================
159# Allow HTTP for proxy requests (development only)
160# ALLOW_HTTP_PROXY=1
161# Custom frontend directory (defaults to ./frontend/dist)
162# FRONTEND_DIR=/path/to/frontend/dist
163CARGO_MOMMYS_LITTLE=mister
164CARGO_MOMMYS_PRONOUNS=his
165CARGO_MOMMYS_ROLES=daddy
166CARGO_MOMMYS_EMOTES="🚛/🧱/🚜/🔩/🦺"
167CARGO_MOMMYS_MOODS=ominous