Data Files

Data Files

Persistent runtime state uses:

• DATA_DIR (default data/) for database and legacy compatibility files
• LOG_DIR (default /logs) for runtime log files

File Inventory

File	Purpose
${DATA_DIR}/bot_data.db	Primary SQLite database for runtime and config state
${DATA_DIR}/ssl/	HTTPS certificate directory used by the built-in web listener
${DATA_DIR}/ssl/tls.crt	Built-in HTTPS certificate (generated self-signed if missing)
${DATA_DIR}/ssl/tls.key	Built-in HTTPS private key (generated self-signed if missing)
${LOG_DIR}/bot.log	Application/runtime logs
${LOG_DIR}/bot_log.log	Mirror of payloads sent (or attempted) to bot log channels
${LOG_DIR}/container_errors.log	Error-focused log file used by /logs command
${LOG_DIR}/web_gui_audit.log	Web GUI interaction audit entries (WEB_AUDIT ...)

SQLite Scope

bot_data.db stores core persistent entities, including:

• Invite/role mapping state
• Tag responses
• Firmware seen entries
• Web users and metadata
• Command permission overrides
• Additional runtime-managed configuration state

Legacy Import on Boot

Legacy files are imported at startup if present:

• access_role.txt
• role_codes.txt
• invite_roles.json
• tag_responses.json
• firmware_seen.json
• web_users.json
• command_permissions.json

Import strategy:

• Merge-only
• Never overwrites existing SQLite records
• Allows migration continuity while preserving newer DB data

File and Permission Hardening

When enabled (WEB_HARDEN_FILE_PERMISSIONS=true), application attempts:

• .env -> 0600
• data/ directory -> 0700
• bot_data.db -> 0600
• ${DATA_DIR}/ssl/ -> 0700
• TLS certificate/key -> 0600

When enabled (LOG_HARDEN_FILE_PERMISSIONS=true), application attempts:

• ${LOG_DIR} directory -> 0700
• ${LOG_DIR}/bot.log -> 0600
• ${LOG_DIR}/bot_log.log -> 0600
• ${LOG_DIR}/container_errors.log -> 0600
• ${LOG_DIR}/web_gui_audit.log -> 0600

Log Rotation and Retention

• Runtime logs rotate on a timed schedule (LOG_ROTATION_INTERVAL_DAYS, default 1).
• Retention is bounded by LOG_RETENTION_DAYS (default 90 days).
• Rotation is UTC-based and keeps only the latest retention window.

Backup Guidance

Minimum backup set:

• ${DATA_DIR}/bot_data.db
• ${LOG_DIR}/bot.log (optional for auditing)
• ${LOG_DIR}/bot_log.log (recommended for channel-post audit trails)
• ${LOG_DIR}/container_errors.log (optional for incident traces)
• ${LOG_DIR}/web_gui_audit.log (recommended for web admin activity auditing)

For reliable restore:

1. Stop container.
2. Restore DB and required files.
3. Start container.
4. Validate key workflows (login, command permissions, tag replies).

Performance Notes

• SQLite provides low-overhead persistence suitable for single-container deployments.
• WAL mode is used for better concurrency and durability tradeoff.
• Keep data volume on reliable storage to reduce corruption risk.

Related Pages

• Environment Variables
• Docker and Portainer Deploy
• Security Hardening