# Gondulf IndieAuth Server - Configuration File # Copy this file to .env and fill in your values # NEVER commit .env to version control! # ======================================== # REQUIRED SETTINGS # ======================================== # Secret key for cryptographic operations (JWT signing, session security) # MUST be at least 32 characters long # Generate with: python -c "import secrets; print(secrets.token_urlsafe(32))" GONDULF_SECRET_KEY= # Base URL of your Gondulf server # Development: http://localhost:8000 # Production: https://auth.example.com (MUST use HTTPS in production) GONDULF_BASE_URL=http://localhost:8000 # ======================================== # DATABASE CONFIGURATION # ======================================== # SQLite database location # Container (production): sqlite:////data/gondulf.db (absolute path, 4 slashes) # Development (relative): sqlite:///./data/gondulf.db (relative path, 3 slashes) # Note: Container uses /data volume mount for persistence GONDULF_DATABASE_URL=sqlite:////data/gondulf.db # ======================================== # SMTP CONFIGURATION # ======================================== # SMTP server for sending verification emails GONDULF_SMTP_HOST=localhost GONDULF_SMTP_PORT=587 # SMTP authentication (leave empty if not required) GONDULF_SMTP_USERNAME= GONDULF_SMTP_PASSWORD= # Sender email address GONDULF_SMTP_FROM=noreply@example.com # Use STARTTLS encryption (recommended: true for port 587) GONDULF_SMTP_USE_TLS=true # ======================================== # SMTP PROVIDER EXAMPLES # ======================================== # Gmail (requires app-specific password): # GONDULF_SMTP_HOST=smtp.gmail.com # GONDULF_SMTP_PORT=587 # GONDULF_SMTP_USERNAME=your-email@gmail.com # GONDULF_SMTP_PASSWORD=your-app-specific-password # GONDULF_SMTP_FROM=your-email@gmail.com # GONDULF_SMTP_USE_TLS=true # SendGrid: # GONDULF_SMTP_HOST=smtp.sendgrid.net # GONDULF_SMTP_PORT=587 # GONDULF_SMTP_USERNAME=apikey # GONDULF_SMTP_PASSWORD=your-sendgrid-api-key # GONDULF_SMTP_FROM=noreply@yourdomain.com # GONDULF_SMTP_USE_TLS=true # Mailgun: # GONDULF_SMTP_HOST=smtp.mailgun.org # GONDULF_SMTP_PORT=587 # GONDULF_SMTP_USERNAME=postmaster@yourdomain.mailgun.org # GONDULF_SMTP_PASSWORD=your-mailgun-password # GONDULF_SMTP_FROM=noreply@yourdomain.com # GONDULF_SMTP_USE_TLS=true # ======================================== # TOKEN AND CODE EXPIRY # ======================================== # Access token expiry in seconds # Default: 3600 (1 hour) # Range: 300 to 86400 (5 minutes to 24 hours) GONDULF_TOKEN_EXPIRY=3600 # Authorization and verification code expiry in seconds # Default: 600 (10 minutes) # Per IndieAuth spec, codes should expire quickly GONDULF_CODE_EXPIRY=600 # ======================================== # TOKEN CLEANUP (Phase 3) # ======================================== # Automatic token cleanup (not implemented in v1.0.0) # Set to false for manual cleanup only GONDULF_TOKEN_CLEANUP_ENABLED=false # Cleanup interval in seconds (if enabled) # Default: 3600 (1 hour), minimum: 600 (10 minutes) GONDULF_TOKEN_CLEANUP_INTERVAL=3600 # ======================================== # SECURITY SETTINGS # ======================================== # Redirect HTTP requests to HTTPS # Production: true (requires TLS termination at nginx or load balancer) # Development: false GONDULF_HTTPS_REDIRECT=true # Trust X-Forwarded-* headers from reverse proxy # Enable ONLY if behind trusted nginx/load balancer # Production with nginx: true # Direct exposure: false GONDULF_TRUST_PROXY=false # Set Secure flag on cookies (HTTPS only) # Production with HTTPS: true # Development (HTTP): false GONDULF_SECURE_COOKIES=true # ======================================== # LOGGING # ======================================== # Logging level: DEBUG, INFO, WARNING, ERROR, CRITICAL # Development: DEBUG # Production: INFO or WARNING GONDULF_LOG_LEVEL=INFO # Debug mode (enables detailed logging and disables security features) # NEVER enable in production! # Development: true # Production: false GONDULF_DEBUG=false # ======================================== # DEVELOPMENT CONFIGURATION EXAMPLE # ======================================== # Uncomment and use these settings for local development: # GONDULF_SECRET_KEY=dev-secret-key-change-in-production-minimum-32-characters-required # GONDULF_BASE_URL=http://localhost:8000 # GONDULF_DATABASE_URL=sqlite:///./data/gondulf.db # GONDULF_SMTP_HOST=mailhog # GONDULF_SMTP_PORT=1025 # GONDULF_SMTP_USE_TLS=false # GONDULF_HTTPS_REDIRECT=false # GONDULF_TRUST_PROXY=false # GONDULF_SECURE_COOKIES=false # GONDULF_DEBUG=true # GONDULF_LOG_LEVEL=DEBUG # ======================================== # PRODUCTION CONFIGURATION EXAMPLE # ======================================== # Example production configuration: # GONDULF_SECRET_KEY= # GONDULF_BASE_URL=https://auth.example.com # GONDULF_DATABASE_URL=sqlite:////data/gondulf.db # GONDULF_SMTP_HOST=smtp.sendgrid.net # GONDULF_SMTP_PORT=587 # GONDULF_SMTP_USERNAME=apikey # GONDULF_SMTP_PASSWORD= # GONDULF_SMTP_FROM=noreply@example.com # GONDULF_SMTP_USE_TLS=true # GONDULF_TOKEN_EXPIRY=3600 # GONDULF_CODE_EXPIRY=600 # GONDULF_HTTPS_REDIRECT=true # GONDULF_TRUST_PROXY=true # GONDULF_SECURE_COOKIES=true # GONDULF_DEBUG=false # GONDULF_LOG_LEVEL=INFO