# BanGUI Backend — Environment Variables
# Copy this file to .env and fill in the values.
# Never commit .env to version control.

# Path to the BanGUI application SQLite database.
BANGUI_DATABASE_PATH=bangui.db

# Path to the fail2ban Unix domain socket.
BANGUI_FAIL2BAN_SOCKET=/var/run/fail2ban/fail2ban.sock

# Path to the fail2ban configuration directory used by the web UI.
BANGUI_FAIL2BAN_CONFIG_DIR=/config/fail2ban

# Shell command used to start fail2ban during recovery operations.
BANGUI_FAIL2BAN_START_COMMAND=fail2ban-client start

# Secret key used to sign session tokens. Use a long, random string.
# Generate with: python -c "import secrets; print(secrets.token_hex(64))"
BANGUI_SESSION_SECRET=replace-this-with-a-long-random-secret

# Session duration in minutes. Default: 60 minutes.
BANGUI_SESSION_DURATION_MINUTES=60

# Timezone for displaying timestamps in the UI (IANA tz name).
BANGUI_TIMEZONE=UTC

# Application log level: debug | info | warning | error | critical
BANGUI_LOG_LEVEL=info

# Comma-separated list of allowed CORS origins when the frontend is served
# from a different origin than the backend.
# Leave this blank in production when the UI is served from the same origin.
BANGUI_CORS_ALLOWED_ORIGINS=http://localhost:5173

# ---------------------------------------------------------------------------
# Pagination & display limits
# ---------------------------------------------------------------------------

# Maximum records per paginated response. Must be between 1 and 10000.
BANGUI_MAX_PAGE_SIZE=500

# Maximum IP lines returned in a blocklist source preview. Must be at least 1.
BANGUI_PREVIEW_MAX_LINES=100

# Number of days to retain historical ban records before archival cleanup.
BANGUI_HISTORY_RETENTION_DAYS=90