# ============================================================================= # GNSS Guard Server Configuration # ============================================================================= # Copy this file to .env.prod and configure for your environment # Example: cp env.example .env.prod # ============================================================================= # SERVER SETTINGS # ============================================================================= # Host to bind to (127.0.0.1 when behind Nginx proxy) GNSS_SERVER_HOST=127.0.0.1 # Port to bind to GNSS_SERVER_PORT=8000 # Enable debug mode (set to false in production) GNSS_SERVER_DEBUG=false # ============================================================================= # DATABASE (PostgreSQL RDS) - REQUIRED! # ============================================================================= # The server will NOT start without a valid database URL! # Full database connection URL # Format: postgresql://USER:PASSWORD@HOST:PORT/DATABASE GNSS_SERVER_DATABASE_URL=postgresql://gnss_admin:your-password@your-rds-endpoint.rds.amazonaws.com:5432/gnss_guard # ============================================================================= # SECURITY # ============================================================================= # Secret key for session encryption (generate with: python -c "import secrets; print(secrets.token_urlsafe(32))") GNSS_SERVER_SECRET_KEY=change-this-to-a-random-secret-key # Session expiration in minutes (default: 24 hours) GNSS_SERVER_SESSION_EXPIRE_MINUTES=1440 # ============================================================================= # WEB UI AUTHENTICATION (REQUIRED - no defaults!) # ============================================================================= # These credentials are used to login to the web dashboard. # The server will NOT start without these being set! # Username for web dashboard login (REQUIRED) GNSS_SERVER_WEB_USERNAME=your_username_here # Password for web dashboard login (REQUIRED) # Requirements: # - At least 12 characters long # - Cannot be common passwords like 'password', 'admin', 'test' # Generate a secure password: python -c "import secrets; print(secrets.token_urlsafe(16))" GNSS_SERVER_WEB_PASSWORD=your_secure_password_here # ============================================================================= # DOMAIN (for SSL/HTTPS) # ============================================================================= # Server domain name (for Let's Encrypt SSL) GNSS_SERVER_DOMAIN=gnss.yourdomain.com # ============================================================================= # VALIDATION # ============================================================================= # Staleness threshold in seconds (data older than this is considered stale) GNSS_SERVER_STALE_THRESHOLD_SECONDS=60 # ============================================================================= # ASSET OFFLINE DETECTION # ============================================================================= # Seconds without updates before an asset is considered offline (default: 120) # Triggers Telegram notification when asset goes offline/online GNSS_SERVER_ASSET_OFFLINE_SECONDS=120 # ============================================================================= # DATA RETENTION # ============================================================================= # Days to keep validation history (default: 90) GNSS_SERVER_VALIDATION_HISTORY_DAYS=90 # ============================================================================= # TELEGRAM NOTIFICATIONS (Optional) # ============================================================================= # Server-side Telegram notifications for all assets. # Each asset can override the chat_id to send to a different chat/group. # Telegram bot token (from @BotFather) GNSS_SERVER_TELEGRAM_BOT_TOKEN= # Default Telegram chat ID (negative for groups) # Individual assets can override this in the database GNSS_SERVER_TELEGRAM_CHAT_ID= # ============================================================================= # SSL (for Docker deployment with Traefik) # ============================================================================= # Email for Let's Encrypt certificate notifications LETSENCRYPT_EMAIL=admin@yourdomain.com