-
Notifications
You must be signed in to change notification settings - Fork 3
Expand file tree
/
Copy path.env.example
More file actions
84 lines (71 loc) · 2.82 KB
/
.env.example
File metadata and controls
84 lines (71 loc) · 2.82 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
# =============================================================================
# Lemonade-Nexus Environment Configuration
# =============================================================================
# Copy to .env and edit. Values shown are defaults where applicable.
# Boolean flags: set to any value to enable (e.g. SP_REQUIRE_TEE=1)
# =============================================================================
# --- Core ---
SP_DATA_ROOT=./data
SP_LOG_LEVEL=info
SP_JWT_SECRET=change-me-to-a-random-secret
# --- Network Ports ---
# All ports are configurable at runtime. Change these to avoid conflicts.
SP_HTTP_PORT=9100
SP_UDP_PORT=51940
SP_GOSSIP_PORT=9102
SP_STUN_PORT=3478
SP_RELAY_PORT=9103
SP_DNS_PORT=53
SP_PRIVATE_HTTP_PORT=9101
SP_BIND_ADDRESS=0.0.0.0
# --- Identity / Root Trust ---
# Hex-encoded Ed25519 public key of the root management server.
# Generate with: python3 scripts/generate_root_keypair.py
SP_ROOT_PUBKEY=
# --- WebAuthn ---
SP_RP_ID=lemonade-nexus.local
# --- Gossip / Mesh ---
# Comma-separated list of seed peers (host:port)
SP_SEED_PEERS=10.0.0.2:9102,10.0.0.3:9102
# --- TEE / Zero-Trust ---
# Enable TEE hardware attestation requirement for Tier 1
#SP_REQUIRE_TEE=1
# Override auto-detected TEE platform (sgx, tdx, sev-snp, secure-enclave)
#SP_TEE_PLATFORM=
# --- Binary Attestation ---
# Enable binary hash verification against signed release manifests
#SP_REQUIRE_ATTESTATION=1
# Base64 Ed25519 public key used to verify release manifest signatures.
# Generate with: python3 scripts/generate_release_signing_key.py
SP_RELEASE_SIGNING_PUBKEY=
# --- GitHub Manifest Fetching (older version support) ---
# GitHub API URL for fetching release manifests
#SP_GITHUB_RELEASES_URL=https://api.github.com/repos/OWNER/REPO/releases
# Fetch interval in seconds (default: 3600 = 1 hour)
#SP_MANIFEST_FETCH_INTERVAL=3600
# Minimum allowed binary version (rejects manifests below this)
#SP_MINIMUM_VERSION=1.0.0
# Optional GitHub token for private repos / higher rate limits
#SP_GITHUB_TOKEN=ghp_xxxxxxxxxxxxxxxxxxxx
# --- Enrollment Quorum ---
# Require Tier1 peer votes before fully enrolling new servers
#SP_REQUIRE_PEER_CONFIRMATION=1
# Fraction of Tier1 peers needed to approve (default: 0.5)
#SP_ENROLLMENT_QUORUM=0.5
# --- Root Key Rotation & Shamir Secret Sharing ---
# These are hardcoded protocol constants (not configurable):
# Rotation interval: 7 days (604800s)
# Shamir quorum: 75% of Tier1 peers (25% fault tolerance)
# Min Tier1 uptime: 90%
# Changes require democratic approval from Tier1 majority via governance protocol.
# --- ACME / TLS Certificates ---
# Provider: letsencrypt or zerossl
SP_ACME_PROVIDER=letsencrypt
# --- DNS ---
SP_DNS_PROVIDER=local
SP_DNS_BASE_DOMAIN=lemonade-nexus.io
#SP_DNS_NS_HOSTNAME=ns1.example.com
# --- Dynamic DNS ---
#SP_DDNS_ENABLED=1
SP_DDNS_DOMAIN=example.com
SP_DDNS_PASSWORD=