Configuration#

Searpa is configured entirely through environment variables (in production) or a .env file (in development). The repository ships an .env.example documenting every variable; this page is the reference.

Core#

VariablePurposeNotes
SECRET_KEYDjango secret keyRequired in production. Long and random.
DEBUGDebug modeKeep False (the default) in production.
ALLOWED_HOSTSComma-separated hostnames the app will servee.g. search.example.com.
DATABASE_URLPostgreSQL connection URLe.g. postgres://user:pass@host:5432/searpa.
LOG_LEVELLogging verbosityDEBUG / INFO / WARNING / ERROR (default INFO).

Search providers#

These keys decide which engines, media tabs and knowledge cards are available. A provider with no key is simply hidden (not shown as broken). Full details on Search providers.

VariableEnables
BRAVE_API_KEYWeb, Images, News and Videos via Brave (the baseline).
BRAVE_SUGGEST_API_KEYAutocomplete suggestions (a separate Brave subscription).
MOJEEK_API_KEYThe Mojeek web engine.
MARGINALIA_API_KEYThe Marginalia web engine (public works out of the box).
TMDB_API_KEYThe film / TV knowledge card.
TRIPADVISOR_API_KEYThe places knowledge card.
STACKEXCHANGE_API_KEYA higher Stack Exchange quota for the Q&A card (optional).
PIXABAY_API_KEYPixabay images blended into the Images tab.
WORLDNEWS_API_KEYWorld News API articles blended into the News tab.

Translation#

VariablePurpose
LIBRETRANSLATE_URLURL of your LibreTranslate instance. Unset disables the Translate tab entirely.
LIBRETRANSLATE_API_KEYOnly if your LibreTranslate requires a key (LT_API_KEYS=true).
LIBRETRANSLATE_ORIGIN_COUNTRYTwo-letter country code for the flag shown next to “Translate” in Settings (default fr).

See Translation.

Public API rate limits#

Applied per API key (Django REST Framework throttle rates, <number>/<period>, where period is second / minute / hour / day). Both limits apply together. See the API rate limits page.

VariablePurposeDefault
API_THROTTLE_BURSTShort-term cap, shields upstream providers from a runaway client60/min
API_THROTTLE_SUSTAINEDDaily volume cap5000/day

Email (password reset)#

Used only to send password-reset messages, see Users & access.

VariablePurpose
EMAIL_BACKENDDjango email backend (SMTP, console, …).
EMAIL_HOST / EMAIL_PORTSMTP server.
EMAIL_USE_TLSTrue / False.
EMAIL_HOST_USER / EMAIL_HOST_PASSWORDSMTP credentials.
DEFAULT_FROM_EMAILThe “From” address on outgoing mail.

For a quick test without a real SMTP server, set EMAIL_BACKEND=django.core.mail.backends.console.EmailBackend to print emails to the container log.

The footer ships no privacy policy, terms or legal notice by default, that content is specific to whoever operates the instance and your jurisdiction. Add your own as Label=URL pairs separated by commas:

FOOTER_LINKS=Privacy=https://example.com/privacy,Legal notice=https://example.com/legal

Leave FOOTER_LINKS unset to show no extra footer links.