# ============================================================================= # KoolBot Environment Configuration # ============================================================================= # Copy this file to .env and fill in your values: # cp .env.example .env # # Get your credentials from: https://discord.com/developers/applications # ============================================================================= # Discord Bot Credentials (Required) # Get from Discord Developer Portal → Your Application DISCORD_TOKEN=your_bot_token_here CLIENT_ID=your_application_id_here GUILD_ID=your_server_id_here # Database Configuration (Required) # For Docker Compose, leave as-is. The hostname "mongodb" refers to the container. MONGODB_URI=mongodb://mongodb:27017/koolbot # Environment Settings (Optional) # Set DEBUG=true before startup for detailed logging during troubleshooting. # DEBUG is launch-time environment configuration (not a runtime setting). DEBUG=false NODE_ENV=production # ============================================================================= # Web UI (Optional but recommended — this is the only admin surface) # ============================================================================= # The Web UI replaces every admin slash command (/config set, /permissions, # /setup, /announce, /poll, /reactrole, /notice, /dbtrunk, /vc, /botstats). # In Discord, run `/config` to receive a one-time DM sign-in link. # # See WEBUI.md for full setup, reverse-proxy guidance, and Caddy / nginx / # Traefik examples. # Master switch. When false (default), /admin/* routes are not mounted and # `/config` in Discord replies "the web UI is disabled". WEBUI_ENABLED=false # Public URL the bot uses to build the DM'd sign-in link. Must be reachable # from the admin's browser. Examples: # - Local-only: http://localhost:3000 # - Reverse proxy: https://bot.example.com # No trailing slash needed. # # Cookie-Secure note: the Web UI marks its session cookie `Secure` whenever # NODE_ENV=production. Plain-HTTP sign-in (the localhost example above) only # works reliably when NODE_ENV is NOT production — set NODE_ENV=development # while testing locally, or terminate TLS in front of the bot. WEBUI_BASE_URL=http://localhost:3000 # HMAC key for token hashes and signed cookies. Generate with: # openssl rand -base64 32 # Rotating this invalidates every existing session and outstanding link. # Treat this like DISCORD_TOKEN — anyone who reads it can forge cookies. WEBUI_SESSION_SECRET=replace-me-with-openssl-rand-base64-32 # Optional tuning (defaults shown). # Magic-link TTL from issuance, in minutes. Short windows reduce blast radius # if a link leaks before redemption. WEBUI_SESSION_TTL_MINUTES=10 # Hard cap on a redeemed session, in hours, measured from the moment the link # is redeemed. Bounds the sliding inactivity window so a long-running session # can't outlive this ceiling even with continuous activity. WEBUI_SESSION_LIFETIME_HOURS=24 # Sliding inactivity window for the post-redemption cookie, in minutes. # Hard-capped at the session's server-side expiresAt. WEBUI_INACTIVITY_TIMEOUT_MINUTES=30 # Reverse proxy hop count. Set to 1 when running behind Caddy/nginx/Traefik # terminating TLS in front of the bot. Required for accurate rate-limiting # by client IP. Leave unset for direct access. # WEBUI_TRUST_PROXY=1 # ============================================================================= # Prometheus / OpenMetrics (Optional) # ============================================================================= # Exposes GET /metrics on port 3000 (alongside /health) for Prometheus or any # OpenMetrics-compatible collector. Disabled by default — the endpoint returns # 404 until METRICS_ENABLED=true. See WEBUI.md for the metric list, a scrape # config, and suggested Grafana panels. METRICS_ENABLED=false # Optional bearer token. When set, every scrape must send # `Authorization: Bearer ` or it receives 401. Leave blank to rely on # network-level ACLs (e.g. only your Prometheus host can reach port 3000). # Generate one with: openssl rand -base64 32 # METRICS_TOKEN= # ============================================================================= # How to get your Discord credentials: # ============================================================================= # 1. Go to https://discord.com/developers/applications # 2. Create or select your application # 3. DISCORD_TOKEN: Bot tab → Reset Token → Copy token # 4. CLIENT_ID: General Information → Application ID # 5. GUILD_ID: Your Discord Server → Right-click server icon → Copy ID # (Enable Developer Mode in Discord: User Settings → Advanced → Developer Mode) # # Note: All other bot settings are configured through the Web UI after the # bot starts. See README.md for setup instructions and WEBUI.md for details. # =============================================================================