triton-install/license-server/env.template

# Triton License Server environment template.
# Copy to .env in this directory; install.sh does that automatically.
#
# Required values are flagged. Generated values get auto-filled by install.sh
# when run without flags.

# ─── PostgreSQL (auto-generated) ─────────────────────────────────────────
POSTGRES_USER=triton
POSTGRES_PASSWORD=__GENERATED_BY_INSTALL_SH__   # openssl rand -hex 24
POSTGRES_DB=triton_license
POSTGRES_PORT=5436                              # localhost-bound

# ─── License Server core (REQUIRED) ──────────────────────────────────────
# Ed25519 keypair as 128 hex chars (seed||pub). Generated once at install
# time. Back this up — losing it forces every customer to re-activate.
TRITON_LICENSE_SERVER_SIGNING_KEY=__GENERATED_BY_INSTALL_SH__

# Initial superadmin seeded on first boot. After login, rotate this.
TRITON_LICENSE_SERVER_ADMIN_EMAIL=admin@example.com
TRITON_LICENSE_SERVER_ADMIN_PASSWORD=__GENERATED_BY_INSTALL_SH__

# ─── Listener ────────────────────────────────────────────────────────────
TRITON_LICENSE_SERVER_LISTEN=:8081
TRITON_LICENSE_SERVER_HOST_PORT=8081           # host port to publish

# ─── TLS (recommended for production) ────────────────────────────────────
# Two paths:
#   A) Reverse proxy terminates TLS — leave these blank, set ALLOW_INSECURE=1.
#   B) Container terminates TLS — set CERT + KEY (paths inside container)
#      and mount your /etc/triton/tls directory via TLS_CERT_HOST_DIR.
TRITON_LICENSE_SERVER_TLS_CERT=
TRITON_LICENSE_SERVER_TLS_KEY=
TRITON_LICENSE_SERVER_ALLOW_INSECURE=
TLS_CERT_HOST_DIR=/etc/triton/tls

# ─── Operations ──────────────────────────────────────────────────────────
# Hours after which a license is considered stale (offline grace window).
# 336h = 14 days. Increase for longer offline tolerance.
TRITON_LICENSE_SERVER_STALE_THRESHOLD=336h

# Public URL of this server. Used in invite emails and pushed to clients
# during validation. Leave blank if no email/external clients yet.
TRITON_LICENSE_SERVER_PUBLIC_URL=

# ─── Email (optional) ────────────────────────────────────────────────────
# Resend.com keys for sending platform-admin invites + temp passwords.
# Leave blank to disable email — invites are still issued, the password
# just isn't auto-mailed.
RESEND_API_KEY=
RESEND_FROM_EMAIL=

# ─── Worker binaries ─────────────────────────────────────────────────────
# Host directory bind-mounted into the container at /data/binaries.
# Binaries (triton-agent, triton-sshagent, triton-portscan) are stored as
# files — not in the DB — so this directory must survive container rebuilds.
# Created automatically by install.sh if it does not exist.
TRITON_LICENSE_SERVER_HOST_BIN_DIR=/opt/triton/binaries

# ─── Image ───────────────────────────────────────────────────────────────
# Override to pin a specific build. Default tracks :latest from ghcr.io.
TRITON_LICENSE_IMAGE=ghcr.io/amiryahaya/triton-licenseserver:latest
feat: initial installer scripts for manage server and license server 2026-05-17 08:57:58 +02:00			`# Triton License Server environment template.`
			`# Copy to .env in this directory; install.sh does that automatically.`
			`#`
			`# Required values are flagged. Generated values get auto-filled by install.sh`
			`# when run without flags.`

			`# ─── PostgreSQL (auto-generated) ─────────────────────────────────────────`
			`POSTGRES_USER=triton`
			`POSTGRES_PASSWORD=__GENERATED_BY_INSTALL_SH__ # openssl rand -hex 24`
			`POSTGRES_DB=triton_license`
			`POSTGRES_PORT=5436 # localhost-bound`

			`# ─── License Server core (REQUIRED) ──────────────────────────────────────`
			`# Ed25519 keypair as 128 hex chars (seed\|\|pub). Generated once at install`
			`# time. Back this up — losing it forces every customer to re-activate.`
			`TRITON_LICENSE_SERVER_SIGNING_KEY=__GENERATED_BY_INSTALL_SH__`

			`# Initial superadmin seeded on first boot. After login, rotate this.`
			`TRITON_LICENSE_SERVER_ADMIN_EMAIL=admin@example.com`
			`TRITON_LICENSE_SERVER_ADMIN_PASSWORD=__GENERATED_BY_INSTALL_SH__`

			`# ─── Listener ────────────────────────────────────────────────────────────`
			`TRITON_LICENSE_SERVER_LISTEN=:8081`
			`TRITON_LICENSE_SERVER_HOST_PORT=8081 # host port to publish`

			`# ─── TLS (recommended for production) ────────────────────────────────────`
			`# Two paths:`
			`# A) Reverse proxy terminates TLS — leave these blank, set ALLOW_INSECURE=1.`
			`# B) Container terminates TLS — set CERT + KEY (paths inside container)`
			`# and mount your /etc/triton/tls directory via TLS_CERT_HOST_DIR.`
			`TRITON_LICENSE_SERVER_TLS_CERT=`
			`TRITON_LICENSE_SERVER_TLS_KEY=`
			`TRITON_LICENSE_SERVER_ALLOW_INSECURE=`
			`TLS_CERT_HOST_DIR=/etc/triton/tls`

			`# ─── Operations ──────────────────────────────────────────────────────────`
			`# Hours after which a license is considered stale (offline grace window).`
			`# 336h = 14 days. Increase for longer offline tolerance.`
			`TRITON_LICENSE_SERVER_STALE_THRESHOLD=336h`

			`# Public URL of this server. Used in invite emails and pushed to clients`
			`# during validation. Leave blank if no email/external clients yet.`
			`TRITON_LICENSE_SERVER_PUBLIC_URL=`

			`# ─── Email (optional) ────────────────────────────────────────────────────`
			`# Resend.com keys for sending platform-admin invites + temp passwords.`
			`# Leave blank to disable email — invites are still issued, the password`
			`# just isn't auto-mailed.`
			`RESEND_API_KEY=`
			`RESEND_FROM_EMAIL=`

			`# ─── Worker binaries ─────────────────────────────────────────────────────`
			`# Host directory bind-mounted into the container at /data/binaries.`
			`# Binaries (triton-agent, triton-sshagent, triton-portscan) are stored as`
			`# files — not in the DB — so this directory must survive container rebuilds.`
			`# Created automatically by install.sh if it does not exist.`
			`TRITON_LICENSE_SERVER_HOST_BIN_DIR=/opt/triton/binaries`

			`# ─── Image ───────────────────────────────────────────────────────────────`
			`# Override to pin a specific build. Default tracks :latest from ghcr.io.`
			`TRITON_LICENSE_IMAGE=ghcr.io/amiryahaya/triton-licenseserver:latest`