# Asteroid Radio Configuration Template # Copy this file to .env and customize for deployment # # SECURITY NOTE: Never commit .env files with real passwords to git! # ============================================================================ # SERVER CONFIGURATION # ============================================================================ # HTTP server port (default: 8080) ASTEROID_SERVER_PORT=8080 # Path to music library directory # If not set, defaults to music/library/ in the asteroid directory ASTEROID_MUSIC_PATH=/path/to/our/music/library # ============================================================================ # ICECAST STREAMING CONFIGURATION # ============================================================================ # Base URL for Icecast stream server # For production, this should be your public stream URL # Examples: # Development: http://localhost:8000 # Production: https://stream.asteroid.radio ASTEROID_STREAM_URL=http://localhost:8000 # Icecast admin credentials # CRITICAL: Change these from defaults for production! ICECAST_ADMIN_USER=admin ICECAST_ADMIN_PASSWORD=CHANGE_THIS_PASSWORD # Additional Icecast passwords (used by Docker containers) # These are for Liquidsoap source connection and relay ICECAST_SOURCE_PASSWORD=CHANGE_THIS_PASSWORD ICECAST_RELAY_PASSWORD=CHANGE_THIS_PASSWORD # ============================================================================ # DATABASE CONFIGURATION # ============================================================================ # Database backend to use: i-lambdalite or postgresql # i-lambdalite: Built-in file-based database (good for development) # postgresql: Production-grade database (recommended for production) ASTEROID_DB_BACKEND=i-lambdalite # PostgreSQL configuration (only needed if using postgresql backend) POSTGRES_HOST=localhost POSTGRES_PORT=5432 POSTGRES_DB=asteroid POSTGRES_USER=asteroid POSTGRES_PASSWORD=CHANGE_THIS_PASSWORD # ============================================================================ # TLS/HTTPS CONFIGURATION # ============================================================================ # Enable TLS/HTTPS (true/false, yes/no, 1/0) ASTEROID_TLS_ENABLED=false # Paths to TLS certificate and key files # Only needed if TLS is enabled ASTEROID_TLS_CERT=/path/to/certificate.pem ASTEROID_TLS_KEY=/path/to/private-key.pem # ============================================================================ # STREAM MANAGEMENT # ============================================================================ # Maximum number of tracks to keep in stream history ASTEROID_MAX_HISTORY=50 # ============================================================================ # PRODUCTION DEPLOYMENT NOTES # ============================================================================ # # 1. SECURITY CHECKLIST: # - Change all default passwords # - Enable TLS for production # - Use PostgreSQL instead of i-lambdalite # - Restrict Icecast/Liquidsoap to localhost (bind 127.0.0.1) # - Use HAproxy or nginx to front the application # # 2. DOCKER NETWORKING: # - Ensure Icecast only binds to 127.0.0.1:8000 # - Ensure Liquidsoap telnet only binds to 127.0.0.1:1234 # - Use docker-compose network isolation # # 3. ENVIRONMENT LOADING: # - Source this file in your shell: source .env # - Or use docker-compose env_file directive # - Or set in systemd service file # # 4. BACKUP: # - Backup PostgreSQL database regularly # - Backup music library # - Backup configuration files #