From a70906d049bd5905c6095b3ea4286c276ad69aab Mon Sep 17 00:00:00 2001
From: jpetree331 <jpetree331@gmail.com>
Date: Sun, 29 Mar 2026 18:53:40 -0400
Subject: [PATCH] docs: add config/.env.example for quick start

Covers all required and optional environment variables
with sensible defaults and inline setup instructions.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 config/.env.example | 56 +++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 56 insertions(+)
 create mode 100644 config/.env.example

diff --git a/config/.env.example b/config/.env.example
new file mode 100644
index 0000000..c467fcc
--- /dev/null
+++ b/config/.env.example
@@ -0,0 +1,56 @@
+# ============================================================
+# RedFlag .env Configuration
+# Copy this file to: config/.env
+# Then run: docker-compose up -d
+# ============================================================
+
+# --- PostgreSQL ---
+POSTGRES_DB=redflag
+POSTGRES_USER=redflag
+POSTGRES_PASSWORD=CHANGE_ME_pick_a_strong_db_password
+
+# --- Server ---
+REDFLAG_SERVER_HOST=0.0.0.0
+REDFLAG_SERVER_PORT=8080
+REDFLAG_DB_HOST=postgres
+REDFLAG_DB_PORT=5432
+REDFLAG_DB_NAME=redflag
+REDFLAG_DB_USER=redflag
+REDFLAG_DB_PASSWORD=CHANGE_ME_pick_a_strong_db_password
+
+# --- Admin Account ---
+REDFLAG_ADMIN_USER=admin
+REDFLAG_ADMIN_EMAIL=admin@example.com
+REDFLAG_ADMIN_PASSWORD=CHANGE_ME_pick_a_strong_admin_password
+REDFLAG_JWT_SECRET=CHANGE_ME_random_string_at_least_32_characters_long
+
+# --- Agent Registration ---
+REDFLAG_TOKEN_EXPIRY=24h
+REDFLAG_MAX_TOKENS=100
+REDFLAG_MAX_SEATS=50
+
+# --- Ed25519 Signing Key ---
+# Leave blank on first run. Go to http://localhost:8080/setup
+# and click "Generate Keys". Copy the private key here, then
+# restart the server. Without this, agents cannot receive
+# signed commands or upgrade themselves.
+REDFLAG_SIGNING_PRIVATE_KEY=
+
+# --- Public URL (optional) ---
+# Set this if you're behind a reverse proxy or using a domain.
+# Agents use this URL to connect. If unset, the server uses
+# its own hostname.
+# REDFLAG_PUBLIC_URL=https://redflag.example.com
+
+# --- Binary Storage ---
+# Where signed agent binaries are stored on disk.
+# Default is fine for Docker deployments.
+REDFLAG_BINARY_STORAGE_PATH=./binaries
+
+# --- TLS (optional) ---
+# REDFLAG_TLS_ENABLED=false
+# REDFLAG_TLS_CERT_FILE=/path/to/cert.pem
+# REDFLAG_TLS_KEY_FILE=/path/to/key.pem
+
+# --- Debug (disable in production) ---
+REDFLAG_DEBUG=false