2026-05-17 08:57:58 +02:00
|
|
|
|
# Triton Manage Server environment template.
|
|
|
|
|
|
# Copy to .env in this directory; install.sh does that automatically.
|
|
|
|
|
|
#
|
2026-05-17 08:33:44 +00:00
|
|
|
|
# Generated values are filled by install.sh on first run.
|
|
|
|
|
|
# License configuration is completed via the setup wizard after install.
|
2026-05-17 08:57:58 +02:00
|
|
|
|
|
|
|
|
|
|
# ─── PostgreSQL (auto-generated) ─────────────────────────────────────────
|
|
|
|
|
|
POSTGRES_USER=triton
|
|
|
|
|
|
POSTGRES_PASSWORD=__GENERATED_BY_INSTALL_SH__
|
|
|
|
|
|
POSTGRES_DB=triton_manage
|
|
|
|
|
|
POSTGRES_PORT=5435
|
|
|
|
|
|
|
2026-05-17 08:33:44 +00:00
|
|
|
|
# ─── Manage Server core (auto-generated) ─────────────────────────────────
|
2026-05-17 08:57:58 +02:00
|
|
|
|
# 32-byte HS256 secret as 64 hex chars. Generated once at install.
|
|
|
|
|
|
# Rotating this invalidates every active session — users re-login.
|
|
|
|
|
|
TRITON_MANAGE_JWT_SIGNING_KEY=__GENERATED_BY_INSTALL_SH__
|
|
|
|
|
|
|
|
|
|
|
|
# ─── Listener ────────────────────────────────────────────────────────────
|
|
|
|
|
|
TRITON_MANAGE_LISTEN=:8082
|
|
|
|
|
|
TRITON_MANAGE_HOST_PORT=8082
|
|
|
|
|
|
|
|
|
|
|
|
# Agent gateway (mTLS). Hostname must be reachable from agents.
|
|
|
|
|
|
TRITON_MANAGE_GATEWAY_LISTEN=:8443
|
|
|
|
|
|
TRITON_MANAGE_GATEWAY_HOST_PORT=8443
|
|
|
|
|
|
TRITON_MANAGE_GATEWAY_HOSTNAME=manage.example.com
|
|
|
|
|
|
# Full URL pushed to enrolled agents. Defaults to https://${HOSTNAME}:${PORT}.
|
|
|
|
|
|
TRITON_MANAGE_GATEWAY_URL=
|
|
|
|
|
|
|
|
|
|
|
|
# Host LAN IP/hostname for "+ This machine" auto-registration. Required in
|
|
|
|
|
|
# containers because the auto-detect picks up the container's own IP.
|
|
|
|
|
|
TRITON_MANAGE_HOST_IP=
|
|
|
|
|
|
TRITON_MANAGE_HOST_HOSTNAME=
|
|
|
|
|
|
|
2026-05-17 08:33:44 +00:00
|
|
|
|
# ─── Workers (auto-generated) ────────────────────────────────────────────
|
2026-05-17 08:57:58 +02:00
|
|
|
|
# Shared secret presented by sshagent / portscan workers when claiming jobs.
|
|
|
|
|
|
TRITON_MANAGE_WORKER_KEY=__GENERATED_BY_INSTALL_SH__
|
|
|
|
|
|
|
|
|
|
|
|
# Concurrent scan jobs (1–50). Higher = more CPU + RAM.
|
|
|
|
|
|
TRITON_MANAGE_PARALLELISM=10
|
|
|
|
|
|
|
2026-05-17 08:33:44 +00:00
|
|
|
|
# ─── Credential vault (auto-generated) ───────────────────────────────────
|
2026-05-17 08:57:58 +02:00
|
|
|
|
# PostgreSQL AES-256-GCM vault. Back this up — losing the key makes
|
|
|
|
|
|
# all stored host credentials unreadable.
|
|
|
|
|
|
TRITON_VAULT_KEY=__GENERATED_BY_INSTALL_SH__
|
|
|
|
|
|
|
|
|
|
|
|
# ─── TLS (recommended for production) ────────────────────────────────────
|
|
|
|
|
|
# Two paths:
|
|
|
|
|
|
# A) Reverse proxy terminates TLS — leave these blank.
|
|
|
|
|
|
# B) Container terminates TLS — set CERT + KEY paths inside the container.
|
|
|
|
|
|
TRITON_MANAGE_TLS_CERT=
|
|
|
|
|
|
TRITON_MANAGE_TLS_KEY=
|
|
|
|
|
|
TLS_CERT_HOST_DIR=/etc/triton/tls
|
|
|
|
|
|
|
|
|
|
|
|
# ─── Sessions ────────────────────────────────────────────────────────────
|
|
|
|
|
|
TRITON_MANAGE_SESSION_TTL=24h
|
|
|
|
|
|
|
2026-05-21 06:58:26 +00:00
|
|
|
|
# ─── Image ───────────────────────────────────────────────────────────────
|
2026-05-31 12:41:05 +08:00
|
|
|
|
TRITON_MANAGE_IMAGE=forgejo.primatekun.tech/primatekuntech/triton-manage-server:latest
|
