From a97696fa23d309073dc65be7491072be73ba14f4 Mon Sep 17 00:00:00 2001 From: anti Date: Sat, 18 Apr 2026 05:37:50 -0400 Subject: [PATCH] chore: add env.config.example documenting DECNET env vars MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Reference template for .env / .env.local showing every variable that decnet/env.py consumes, with short rationale per section (system logging, embedded workers, profiling, API server, …). Copy to .env and fill in secrets; .env itself stays gitignored. --- env.config.example | 91 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 91 insertions(+) create mode 100644 env.config.example diff --git a/env.config.example b/env.config.example new file mode 100644 index 0000000..a6be174 --- /dev/null +++ b/env.config.example @@ -0,0 +1,91 @@ +# --------------------------------------------------------------------------- +# DECNET — environment variables consumed by decnet/env.py +# Loaded from .env.local (preferred) then .env at project root. +# --------------------------------------------------------------------------- + +# --------------------------------------------------------------------------- +# System logging +# --------------------------------------------------------------------------- +# Destination file for the RFC 5424 RotatingFileHandler. All microservice +# daemons append here. Ignored under pytest. +DECNET_SYSTEM_LOGS=decnet.system.log + +# --------------------------------------------------------------------------- +# Embedded workers (leave unset in normal deploys) +# --------------------------------------------------------------------------- +# Embed the profiler inside the API process. Leave unset when the standalone +# `decnet profiler --daemon` is running — otherwise two workers share the +# same DB cursor and events get skipped or double-processed. +DECNET_EMBED_PROFILER=false + +# Embed the MACVLAN sniffer inside the API process. Leave unset when +# `decnet sniffer --daemon` is running (which `decnet deploy` always does). +# Embedding both duplicates events and wastes CPU. +DECNET_EMBED_SNIFFER=false + +# --------------------------------------------------------------------------- +# Request profiling (Pyinstrument) +# --------------------------------------------------------------------------- +# Mount the Pyinstrument ASGI middleware on the FastAPI app. Produces +# per-request HTML flamegraphs under DECNET_PROFILE_DIR. Off by default. +DECNET_PROFILE_REQUESTS=false +DECNET_PROFILE_DIR=profiles + +# --------------------------------------------------------------------------- +# API server +# --------------------------------------------------------------------------- +DECNET_API_HOST=127.0.0.1 +DECNET_API_PORT=8000 +# REQUIRED. Must be ≥32 chars (HS256 / RFC 7518 §3.2) unless DECNET_DEVELOPER +# is true. Known-bad values (admin, secret, password, changeme, +# fallback-secret-key-change-me) are rejected at startup. +DECNET_JWT_SECRET= +# File the ingester tails for honeypot events. +DECNET_INGEST_LOG_FILE=/var/log/decnet/decnet.log + +# --------------------------------------------------------------------------- +# Ingester batching +# --------------------------------------------------------------------------- +# Rows per commit; larger batches reduce SQLite write-lock contention. +DECNET_BATCH_SIZE=100 +# Max wait (ms) before flushing a partial batch — bounds latency when idle. +DECNET_BATCH_MAX_WAIT_MS=250 + +# --------------------------------------------------------------------------- +# Web dashboard +# --------------------------------------------------------------------------- +DECNET_WEB_HOST=127.0.0.1 +DECNET_WEB_PORT=8080 +# Change BOTH of these — "admin" / "admin" is rejected at startup (unless +# running under pytest). +DECNET_ADMIN_USER=admin +DECNET_ADMIN_PASSWORD= +# "true" enables DEBUG logging and relaxes JWT/admin strength checks. +DECNET_DEVELOPER=false + +# --------------------------------------------------------------------------- +# Tracing (OpenTelemetry) +# --------------------------------------------------------------------------- +# Independent from DECNET_DEVELOPER so tracing can be toggled on its own. +DECNET_DEVELOPER_TRACING=false +DECNET_OTEL_ENDPOINT=http://localhost:4317 + +# --------------------------------------------------------------------------- +# Database +# --------------------------------------------------------------------------- +# sqlite | mysql +DECNET_DB_TYPE=sqlite +# Full SQLAlchemy URL. If set, the component vars below are ignored. +# DECNET_DB_URL=mysql+asyncmy://user:pass@host:3306/decnet +DECNET_DB_HOST=localhost +DECNET_DB_PORT=3306 +DECNET_DB_NAME=decnet +DECNET_DB_USER=decnet +DECNET_DB_PASSWORD= + +# --------------------------------------------------------------------------- +# CORS +# --------------------------------------------------------------------------- +# Comma-separated allowed origins for the dashboard API. Defaults to +# http://: (wildcard binds resolve to localhost). +# DECNET_CORS_ORIGINS=http://192.168.1.50:9090,https://dashboard.example.com