# API Server configuration # Copy to .env and adjust. The server also reads plain environment variables. # Address the API Server listens on API_ADDR=:8080 # PocketBase base URL (no trailing slash) POCKETBASE_URL=http://10.2.1.10:8028 # PocketBase superuser credentials. The API Server is the ONLY thing that talks # to PocketBase, so it authenticates as a superuser and enforces ownership in # application logic. Lock all collection API rules to superuser-only. PB_ADMIN_EMAIL=admin@example.com PB_ADMIN_PASSWORD=change-me # Secret used to sign client JWTs (use a long random string in production) JWT_SECRET=dev-insecure-change-me-please # Access token lifetime (Go duration: 30m, 24h, 168h ...) JWT_ACCESS_TTL=24h # How long a message/call may stay unprocessed before it's marked Failed. # A device must pull it (Pending) and report a result (Processed) within this # window, else the background sweeper fails it. MESSAGE_TTL=5m # CORS allowed origins for the Web App (comma separated, or * for any) CORS_ALLOW_ORIGINS=*