-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathnode.env.example
More file actions
55 lines (44 loc) · 2.38 KB
/
node.env.example
File metadata and controls
55 lines (44 loc) · 2.38 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
# Base dir for identity key, hub DB, operator key, TLS cert dir, invite-hash key.
TOWONEL_DATA_DIR=/var/lib/towonel
# Identity source: a key file (default ${TOWONEL_DATA_DIR}/node.key).
# TOWONEL_IDENTITY_KEY_PATH=/custom/node.key
TOWONEL_HUB_ENABLED=true
TOWONEL_HUB_LISTEN_ADDR=0.0.0.0:8443
TOWONEL_HUB_HEALTH_LISTEN_ADDR=0.0.0.0:9091
TOWONEL_HUB_PUBLIC_URL=https://hub.example.eu:8443
# TOWONEL_HUB_OPERATOR_API_KEY_PATH=/custom/operator.key
# Auto-generated to ${TOWONEL_DATA_DIR}/invite_hash.key when unset.
# Back it up; losing it invalidates every outstanding invite.
# TOWONEL_INVITE_HASH_KEY=<openssl rand -hex 32>
# TOWONEL_INVITE_HASH_KEY_PATH=/custom/invite_hash.key
# AEAD KEK sealing hub signing-key seeds in hub_signing_keys.
# Must be identical across every hub instance in a cluster.
# Auto-generated to ${TOWONEL_DATA_DIR}/hub_kek.key when unset.
# TOWONEL_HUB_KEK=<openssl rand -hex 32>
# TOWONEL_HUB_KEK_PATH=/custom/hub_kek.key
# Hub TLS via ACME-TLS-ALPN-01 on TOWONEL_HUB_LISTEN_ADDR. When unset, the
# hub serves plain HTTP and an external proxy (Caddy, etc.) terminates TLS.
# TOWONEL_HUB_TLS_ACME_EMAIL=ops@example.eu
# TOWONEL_HUB_TLS_CERT_DIR=/data/certs
# TOWONEL_HUB_TLS_ACME_STAGING=false
# Optional control link for remote edges (see README "Hub↔edge control link").
# When set, the hub accepts edge connections on this address and serves
# RouteSnapshot + signing-pubkey distribution + session events over TCP.
# TOWONEL_HUB_LINK_LISTEN_ADDR=0.0.0.0:51444
# TOWONEL_HUB_LINK_PSK=<openssl rand -hex 32> # match TOWONEL_EDGE_HUB_LINK_PSK on every edge
TOWONEL_HUB_DB_DRIVER=sqlite
# TOWONEL_HUB_DB_DSN=postgresql://user:pass@host/db
# TOWONEL_HUB_DB_MAX_OPEN_CONNS=25
# TOWONEL_HUB_DB_MAX_IDLE_CONNS=10
TOWONEL_TENANTS=[{"name":"alice","id":"<64 hex>","pq_public_key":"<base64url>","hostnames":["app.alice.test"]}]
TOWONEL_EDGE_ENABLED=true
TOWONEL_EDGE_LISTEN_ADDR=0.0.0.0:443
TOWONEL_EDGE_HEALTH_LISTEN_ADDR=0.0.0.0:9090
# Required for split hub/edge deployments (edge-only mode). Both must be set.
# TOWONEL_EDGE_HUB_LINK_ADDR=hub-a.internal:51444
# TOWONEL_EDGE_HUB_LINK_PSK=<same value as TOWONEL_HUB_LINK_PSK on the hub>
# Address agents/clients reach (the reverse proxy when one fronts the edge).
TOWONEL_EDGE_ADVERTISED_ADDRESSES=edge-a.example.eu:443
# UDP port for iroh QUIC. Default is 51820; override if it collides.
# TOWONEL_EDGE_IROH_PORT=51820
# TOWONEL_EDGE_LISTEN_WORKERS=4