This repository was archived by the owner on Apr 6, 2026. It is now read-only.
forked from DreamLab-AI/nostr-rust-forum
-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy path.env.example
More file actions
119 lines (102 loc) · 5.2 KB
/
.env.example
File metadata and controls
119 lines (102 loc) · 5.2 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
# ===========================================
# Nostr BBS - Private Community Relay
# Docker-based Architecture: Node.js + PostgreSQL
# ===========================================
# ===========================================
# NOSTR RELAY CONFIGURATION
# ===========================================
# Private relay URL - Cloud Run deployment (whitelist-only, no federation)
# Local development: ws://localhost:8080
# Production: wss://nostr-relay-<PROJECT_NUMBER>.us-central1.run.app
VITE_RELAY_URL=ws://localhost:8080
# NO FEDERATED RELAYS - This is a private, internal-only relay
# All communication is point-to-point within the application
# No connections to external Nostr relays
# ===========================================
# ADMIN CONFIGURATION
# ===========================================
# Admin public key in HEX format (64 characters, NOT npub)
# This key is used for admin access to the application
# To get hex pubkey from mnemonic: login, then check localStorage 'nostr_bbs_keys'.publicKey
#
# SECURITY: This pubkey must also be added to the PostgreSQL whitelist:
# psql -d nostr_relay -c "INSERT INTO access_control (pubkey, cohorts, access_level) VALUES ('your-hex-pubkey', '{admin}', 'admin')"
#
# ⚠️ REQUIRED: You MUST set a valid admin pubkey before deployment!
# The application will deny admin access if this is not configured.
VITE_ADMIN_PUBKEY=
# Admin private key - STORED IN GCP SECRET MANAGER
# ⚠️ SECURITY: Do NOT store in .env file! Use Secret Manager instead.
# For production: gcloud secrets create admin-provkey --data-file=<(echo -n "nsec1...")
# For local dev only (rotate immediately after):
# ADMIN_PROVKEY=nsec1...
# Admin BIP-39 mnemonic - STORED IN GCP SECRET MANAGER
# ⚠️ SECURITY: Do NOT store in .env file! Use Secret Manager instead.
# For production: gcloud secrets create admin-mnemonic --data-file=<(echo -n "your 12 words")
# For local dev only (rotate immediately after):
# ADMIN_KEY="word1 word2 word3 ... word12"
# ===========================================
# APPLICATION CONFIGURATION
# ===========================================
VITE_APP_NAME=Nostr BBS
VITE_APP_VERSION=0.1.0
# Enable NDK debug logging (DO NOT enable in production)
VITE_NDK_DEBUG=false
# ===========================================
# DEVELOPMENT MODE (LOCAL ONLY)
# ===========================================
# Dev login buttons only appear when BOTH conditions are met:
# 1. Running in Vite dev server OR ?dev URL parameter
# 2. At least one of these credentials is set
#
# Generate new dev keys: npx @scure/bip39 generate
# NEVER commit real credentials - use throwaway dev keys only
# VITE_DEV_ADMIN_NSEC=nsec1...
# VITE_DEV_ADMIN_SEED=word1 word2 word3 ... word12
# ===========================================
# GOOGLE CLOUD PLATFORM CONFIGURATION
# ===========================================
# ⚠️ SECURITY: Never commit real credentials!
# For CI/CD, use GitHub Secrets instead:
# - GOOGLE_CLOUD_PROJECT
# - GCP_SERVICE_ACCOUNT_KEY (JSON key file for GitHub Actions)
# GCP Project ID (use your own project)
GOOGLE_CLOUD_PROJECT=
# ===========================================
# SEMANTIC SEARCH CONFIGURATION (GCP)
# ===========================================
# Embedding API Cloud Run URL (for client-side query embedding)
# Deploy from services/embedding-api/ to Cloud Run
# URL pattern: https://embedding-api-<PROJECT_NUMBER>.us-central1.run.app
VITE_EMBEDDING_API_URL=
# Google Cloud Storage URL for embeddings index (public read access)
# Bucket: nostr-bbs-vectors
# Create bucket: gsutil mb -c STANDARD -l us-central1 gs://nostr-bbs-vectors
# Enable public access: gsutil iam ch allUsers:objectViewer gs://nostr-bbs-vectors
VITE_GCS_EMBEDDINGS_URL=https://storage.googleapis.com/nostr-bbs-vectors
# ===========================================
# IMAGE UPLOAD CONFIGURATION (GCP)
# ===========================================
# Image upload API Cloud Run URL (for client-side image upload)
# Deploy from services/image-api/ to Cloud Run
# URL pattern: https://image-api-<PROJECT_NUMBER>.us-central1.run.app
VITE_IMAGE_API_URL=
# Link preview API Cloud Run URL (for OpenGraph metadata fetching)
# Deploy from services/link-preview-api/ to Cloud Run
# URL pattern: https://link-preview-api-<PROJECT_NUMBER>.us-central1.run.app
# Falls back to /api/proxy in development (requires SvelteKit server mode)
VITE_LINK_PREVIEW_API_URL=
# Google Cloud Storage bucket for uploaded images
# Bucket name: minimoonoir-images
# Create bucket: gcloud storage buckets create gs://minimoonoir-images --location=us-central1 --uniform-bucket-level-access
# Enable public access: gcloud storage buckets add-iam-policy-binding gs://minimoonoir-images --member=allUsers --role=roles/storage.objectViewer
VITE_IMAGE_BUCKET=minimoonoir-images
# ===========================================
# IMAGE ENCRYPTION CONFIGURATION
# ===========================================
# Enable client-side AES-256-GCM encryption for images in private channels/DMs
# When enabled, images are encrypted before upload using Web Crypto API
# Keys are distributed to recipients via NIP-44 encrypted event tags
# Server only stores opaque encrypted blobs - cannot view image content
# Default: false (public channels always use unencrypted for performance)
VITE_IMAGE_ENCRYPTION_ENABLED=true