-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy path.env.example
More file actions
227 lines (199 loc) · 9.69 KB
/
Copy path.env.example
File metadata and controls
227 lines (199 loc) · 9.69 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
# krill-watch — environment configuration
# Copy this file to `.env` and fill in your keys.
# Never commit `.env` (it's in .gitignore).
# ============================================================
# Global Fishing Watch API
# Get your free API token at: https://globalfishingwatch.org/our-apis/tokens
# Required scopes: gateway:read
# ============================================================
GFW_API_KEY=
# ============================================================
# AISStream.io — Free real-time AIS WebSocket feed
# Sign up at: https://aisstream.io
# ============================================================
AISSTREAM_API_KEY=
# ============================================================
# NASA FIRMS — VIIRS thermal anomaly hot-spots (free, MAP_KEY)
# Used to surface fishing-vessel "lights at sea" detections in
# CCAMLR-48 when AIS coverage is sparse. Register the free
# MAP_KEY at: https://firms.modaps.eosdis.nasa.gov/api/area/
# Note: VIIRS is dark-only — useless during austral midsummer
# (no nighttime south of 60°S Dec–Feb), useful Apr–Sep.
# Limit: 5000 transactions / 10 min on the free tier.
# ============================================================
FIRMS_MAP_KEY=
# FIRMS_SOURCE=VIIRS_NOAA20_NRT
# FIRMS_BBOX=-70,-78,-20,-50
# FIRMS_DAY_RANGE=7
# FIRMS_TTL_SECONDS=1800
# ============================================================
# Optional notification webhooks (live alerts + offline batches)
# Leave empty to disable. The notifier silently no-ops if no
# webhook is configured.
# ============================================================
# Generic fallback (used when no per-mission URL is set):
DISCORD_WEBHOOK_URL=
SLACK_WEBHOOK_URL=
# Per-mission routing (optional — falls back to generic above).
# Lets CPWF route alerts to mission-specific Discord channels:
# DISCORD_WEBHOOK_URL_KRILL=
# DISCORD_WEBHOOK_URL_WHALING=
# DISCORD_WEBHOOK_URL_IUU_FISHING=
# SLACK_WEBHOOK_URL_KRILL=
# SLACK_WEBHOOK_URL_WHALING=
# SLACK_WEBHOOK_URL_IUU_FISHING=
# Discord channel for the weekly transhipment review notification (used by
# .github/workflows/weekly-report.yml and scripts/run_weekly_report.sh).
# Set as a GitHub Actions repo secret with the same name for the CI cron.
# DISCORD_WEBHOOK_URL_REPORTS=
# Discord channel for ops alerts (AIS-quiet watchdog, etc.). Falls back
# to DISCORD_WEBHOOK_URL_REPORTS, then DISCORD_WEBHOOK_URL.
# DISCORD_WEBHOOK_URL_OPS=
# AIS-quiet watchdog — pings ops when the feed has been silent. Off by
# default; set KRILL_AIS_WATCHDOG=1 to enable in production.
# KRILL_AIS_WATCHDOG=0
# KRILL_AIS_QUIET_HOURS=24
# KRILL_AIS_WATCHDOG_POLL_MINUTES=30
# FIRMS Discord alerter — pings ops on each new offshore detection.
# Off by default; enable in production with KRILL_FIRMS_ALERTER=1.
# KRILL_FIRMS_ALERTER=0
# KRILL_FIRMS_ALERT_POLL_MINUTES=60
# ============================================================
# Web deep links — used by the notifier to embed clickable
# vessel URLs in Discord/Slack alerts.
# ============================================================
WEB_BASE_URL=http://127.0.0.1:3000
WEB_DEFAULT_LOCALE=en
# ============================================================
# Production weekly-report runner (scripts/run_weekly_report.sh)
# ============================================================
# Absolute path to the production DuckDB:
# KRILL_DB_PATH=/var/lib/krill-watch/krill_watch.duckdb
# Where weekly reports are written (serve behind nginx for stable URLs):
# KRILL_REPORT_OUT_DIR=/var/lib/krill-watch/reports
# Public URL prefix where reports are served (used in the Discord deep link):
# KRILL_REPORT_PUBLIC_URL=https://krill-watch.example.org/reports/
# ============================================================
# Dev / debug
# ============================================================
# Allow /api/_dev/* endpoints in production (default: only when DISABLE_WORKERS=1)
# KRILL_ALLOW_DEV_ENDPOINTS=0
# ============================================================
# Tuning
# ============================================================
# Cache TTL for GFW responses, in seconds (default 6h)
CACHE_TTL_SECONDS=21600
# AIS gap thresholds (hours)
GAP_SUSPICIOUS_HOURS=6
GAP_CRITICAL_HOURS=24
# Default lookback window for analyses (days)
LOOKBACK_DAYS=90
# ============================================================
# CORS — comma-separated origin allowlist for the public API
# ============================================================
# In production this MUST be set; the wildcard fallback is dev-only.
# Example: KRILL_CORS_ORIGINS=https://krill-free.org,https://www.krill-free.org
# KRILL_CORS_ORIGINS=
# ============================================================
# Rate limiting (slowapi)
# ============================================================
# Per-IP caps applied to public endpoints. Tighten in prod if a
# scraper / abuse pattern shows up; loosen for partner integrations.
# Format follows slowapi (e.g. "30/5minutes", "100/hour", "5/hour").
# KRILL_RATE_LIMIT_FIRMS=30/5minutes
# KRILL_RATE_LIMIT_SANCTIONS=60/5minutes
# KRILL_RATE_LIMIT_OPERATOR_BG=60/5minutes
# KRILL_RATE_LIMIT_CONTRIBUTE=5/hour
# Storage backend — switch to redis://… when scaling beyond one machine
# RATELIMIT_STORAGE_URI=memory://
# ============================================================
# Sentry — error tracking on both runtimes
# Create a project at https://sentry.io. Both backend (FastAPI) and
# frontend (Next.js) can share the same DSN, or run on separate ones.
# Leave SENTRY_DSN empty to disable error tracking entirely.
# ============================================================
# Backend (FastAPI):
# SENTRY_DSN=
# SENTRY_ENVIRONMENT=production
# SENTRY_TRACES_SAMPLE_RATE=0.1
# Frontend (Next.js — must be NEXT_PUBLIC_ to ship to the browser):
# NEXT_PUBLIC_SENTRY_DSN=
# NEXT_PUBLIC_SENTRY_ENVIRONMENT=production
# NEXT_PUBLIC_SENTRY_TRACES_SAMPLE_RATE=0.1
# Frontend build-time (source-map upload). Optional — when absent we ship
# without uploaded maps, errors land in Sentry with line numbers from the
# minified bundle.
# SENTRY_ORG=
# SENTRY_PROJECT=
# SENTRY_AUTH_TOKEN=
# ============================================================
# Privacy-friendly analytics (optional — pick one or none)
# ============================================================
# Plausible takes precedence over Umami when both set.
# NEXT_PUBLIC_PLAUSIBLE_DOMAIN=krill-free.org
# NEXT_PUBLIC_PLAUSIBLE_SCRIPT_SRC=https://plausible.io/js/script.outbound-links.js
# NEXT_PUBLIC_UMAMI_WEBSITE_ID=
# NEXT_PUBLIC_UMAMI_SCRIPT_SRC=https://cloud.umami.is/script.js
# ============================================================
# DuckDB backup — scripts/backup_duckdb.py
# Runs nightly via .github/workflows/backup.yml. Configure the bucket on
# Backblaze B2 (cheapest), Cloudflare R2 (fastest), or AWS S3.
# ============================================================
# BACKUP_BUCKET=
# BACKUP_PREFIX=krill-watch/duckdb
# BACKUP_ENDPOINT_URL=https://s3.eu-central-003.backblazeb2.com
# BACKUP_REGION=eu-central-003
# BACKUP_ACCESS_KEY_ID=
# BACKUP_SECRET_ACCESS_KEY=
# ============================================================
# Auto-detected incident pages (P3 — Viralité)
# ============================================================
# Base URL of the Next.js front-end (the Python pipeline POSTs here
# to revalidate /incident/<slug> ISR pages):
NEXTJS_BASE_URL=http://localhost:3000
# Shared secret between FastAPI emitter and Next.js /api/revalidate.
# Generate with: python -c "import secrets;print(secrets.token_urlsafe(32))"
KRILL_REVALIDATE_SECRET=
# Internal secret for the pipeline → FastAPI POST /api/internal/incident
# (X-Internal header). Different from the revalidate secret so that an
# external client compromising the front-end cannot inject incidents.
KRILL_INTERNAL_SECRET=
# ============================================================
# Web (Next.js) — these are read by web/lib/* code at build/runtime
# ============================================================
# Public API base used by the browser (CSR fetches). Falls back to
# KRILL_WATCH_API for SSR. Must be reachable from end-user devices.
NEXT_PUBLIC_KRILL_WATCH_API=http://127.0.0.1:8000
# Server-side override for SSR fetches (Docker-internal hostname etc.):
# KRILL_WATCH_API=http://api:8000
# Canonical site URL — used in OG tags and absolute links:
NEXT_PUBLIC_SITE_URL=https://krill-free.org
# Build-time SHA stamped into vessel reports for traceability:
# KRILL_WATCH_GIT_SHA=
# ============================================================
# Contributions inbox (web → /api/contribute → server)
# ============================================================
# Discord webhook receiving incoming community contributions:
# KRILL_ADMIN_DISCORD_WEBHOOK=
# ============================================================
# OpenSanctions (sprint 1 — sanctions cross-check)
# ============================================================
# Optional API key (anonymous access works but is rate-limited):
# OPENSANCTIONS_API_KEY=
# OPENSANCTIONS_BASE_URL=https://api.opensanctions.org
# OPENSANCTIONS_CACHE_DIR=data/cache/opensanctions
# OPENSANCTIONS_TTL_SECONDS=86400
# OPENSANCTIONS_MIN_SCORE=0.7
# ============================================================
# Wikidata + Wikipedia (sprint 3 — operator background)
# ============================================================
# WIKIDATA_API=https://www.wikidata.org/w/api.php
# WIKIPEDIA_REST=https://en.wikipedia.org/api/rest_v1
# WIKI_CACHE_DIR=data/cache/wiki
# WIKI_TTL_SECONDS=604800
# WIKI_TIMEOUT_SECONDS=10
# ============================================================
# GFW cache freshness (offline / cache-only mode)
# ============================================================
# Max age (days) of cached GFW responses to serve when offline:
# GFW_CACHE_ONLY_MAX_AGE_DAYS=30