# ShadowBroker Backend — Environment Variables # Copy this file to .env and fill in your keys: # cp .env.example .env # ── Required Keys ────────────────────────────────────────────── # Without these, the corresponding data layers will be empty. OPENSKY_CLIENT_ID= # https://opensky-network.org/ — free account, OAuth2 client ID OPENSKY_CLIENT_SECRET= # OAuth2 client secret from your OpenSky dashboard AIS_API_KEY= # https://aisstream.io/ — free tier WebSocket key # ── Optional ─────────────────────────────────────────────────── # Override allowed CORS origins (comma-separated). Defaults to localhost + LAN auto-detect. # CORS_ORIGINS=http://192.168.1.50:3000,https://my-domain.com # Admin key — protects sensitive endpoints (API key management, system update). # If unset, endpoints are only accessible from localhost unless ALLOW_INSECURE_ADMIN=true. # Set this in production and enter the same key in Settings → Admin Key. # ADMIN_KEY=your-secret-admin-key-here # Allow insecure admin access without ADMIN_KEY (local dev only). # ALLOW_INSECURE_ADMIN=false # User-Agent for Nominatim geocoding requests (per OSM usage policy). # NOMINATIM_USER_AGENT=ShadowBroker/1.0 (https://github.com/BigBodyCobain/Shadowbroker) # LTA Singapore traffic cameras — leave blank to skip this data source. # LTA_ACCOUNT_KEY= # NASA FIRMS country-scoped fire data — enriches global CSV with conflict-zone hotspots. # Free MAP_KEY from https://firms.modaps.eosdis.nasa.gov/map/#d:24hrs;@0.0,0.0,3.0z # FIRMS_MAP_KEY= # Ukraine air raid alerts from alerts.in.ua — free token from https://alerts.in.ua/ # ALERTS_IN_UA_TOKEN= # Google Earth Engine service account for VIIRS change detection (optional). # Download JSON key from https://console.cloud.google.com/iam-admin/serviceaccounts # pip install earthengine-api # GEE_SERVICE_ACCOUNT_KEY= # ── Mesh / Reticulum (RNS) ───────────────────────────────────── # Full-node / participant-node posture for public Infonet sync. # MESH_NODE_MODE=participant # participant | relay | perimeter # MESH_BOOTSTRAP_DISABLED=false # MESH_BOOTSTRAP_MANIFEST_PATH=data/bootstrap_peers.json # MESH_BOOTSTRAP_SIGNER_PUBLIC_KEY= # MESH_RELAY_PEERS= # comma-separated operator-trusted sync/push peers # MESH_PEER_PUSH_SECRET=Mv63UvLfwqOEVWeRBXjA8MtFl2nEkkhUlLYVHiX1Zzo # transport auth for mesh peer push (default works out of the box) # MESH_SYNC_INTERVAL_S=300 # MESH_SYNC_FAILURE_BACKOFF_S=60 # # Enable Reticulum bridge for Infonet event gossip. # MESH_RNS_ENABLED=false # MESH_RNS_APP_NAME=shadowbroker # MESH_RNS_ASPECT=infonet # MESH_RNS_IDENTITY_PATH= # MESH_RNS_PEERS= # comma-separated destination hashes # MESH_RNS_DANDELION_HOPS=2 # MESH_RNS_DANDELION_DELAY_MS=400 # MESH_RNS_CHURN_INTERVAL_S=300 # MESH_RNS_MAX_PEERS=32 # MESH_RNS_MAX_PAYLOAD=8192 # MESH_RNS_PEER_BUCKET_PREFIX=4 # MESH_RNS_MAX_PEERS_PER_BUCKET=4 # MESH_RNS_PEER_FAIL_THRESHOLD=3 # MESH_RNS_PEER_COOLDOWN_S=300 # MESH_RNS_SHARD_ENABLED=false # MESH_RNS_SHARD_DATA_SHARDS=3 # MESH_RNS_SHARD_PARITY_SHARDS=1 # MESH_RNS_SHARD_TTL_S=30 # MESH_RNS_FEC_CODEC=xor # MESH_RNS_BATCH_MS=200 # MESH_RNS_COVER_INTERVAL_S=0 # MESH_RNS_COVER_SIZE=64 # MESH_RNS_IBF_WINDOW=256 # MESH_RNS_IBF_TABLE_SIZE=64 # MESH_RNS_IBF_MINHASH_SIZE=16 # MESH_RNS_IBF_MINHASH_THRESHOLD=0.25 # MESH_RNS_IBF_WINDOW_JITTER=32 # MESH_RNS_IBF_INTERVAL_S=120 # MESH_RNS_IBF_SYNC_PEERS=3 # MESH_RNS_IBF_QUORUM_TIMEOUT_S=6 # MESH_RNS_IBF_MAX_REQUEST_IDS=64 # MESH_RNS_IBF_MAX_EVENTS=64 # MESH_RNS_SESSION_ROTATE_S=0 # MESH_RNS_IBF_FAIL_THRESHOLD=3 # MESH_RNS_IBF_COOLDOWN_S=120 # MESH_VERIFY_INTERVAL_S=600 # MESH_VERIFY_SIGNATURES=false # ── Mesh DM Relay ────────────────────────────────────────────── # MESH_DM_TOKEN_PEPPER=change-me # ── Self Update ──────────────────────────────────────────────── # MESH_UPDATE_SHA256= # ── Wormhole (Local Agent) ───────────────────────────────────── # WORMHOLE_HOST=127.0.0.1 # WORMHOLE_PORT=8787 # WORMHOLE_RELOAD=false # WORMHOLE_TRANSPORT=direct # WORMHOLE_SOCKS_PROXY=127.0.0.1:9050 # WORMHOLE_SOCKS_DNS=true