# Triton Manage Server environment template.
# Copy to .env in this directory; install.sh does that automatically.
#
# Generated values are filled by install.sh on first run.
# License configuration is completed via the setup wizard after install.

# ─── PostgreSQL (auto-generated) ─────────────────────────────────────────
POSTGRES_USER=triton
POSTGRES_PASSWORD=__GENERATED_BY_INSTALL_SH__
POSTGRES_DB=triton_manage
POSTGRES_PORT=5435

# ─── Manage Server core (auto-generated) ─────────────────────────────────
# 32-byte HS256 secret as 64 hex chars. Generated once at install.
# Rotating this invalidates every active session — users re-login.
TRITON_MANAGE_JWT_SIGNING_KEY=__GENERATED_BY_INSTALL_SH__

# ─── Listener ────────────────────────────────────────────────────────────
TRITON_MANAGE_LISTEN=:8082
TRITON_MANAGE_HOST_PORT=8082

# Agent gateway (mTLS). Hostname must be reachable from agents.
TRITON_MANAGE_GATEWAY_LISTEN=:8443
TRITON_MANAGE_GATEWAY_HOST_PORT=8443
TRITON_MANAGE_GATEWAY_HOSTNAME=manage.example.com
# Full URL pushed to enrolled agents. Defaults to https://${HOSTNAME}:${PORT}.
TRITON_MANAGE_GATEWAY_URL=

# Host LAN IP/hostname for "+ This machine" auto-registration. Required in
# containers because the auto-detect picks up the container's own IP.
TRITON_MANAGE_HOST_IP=
TRITON_MANAGE_HOST_HOSTNAME=

# ─── Workers (auto-generated) ────────────────────────────────────────────
# Shared secret presented by sshagent / portscan workers when claiming jobs.
TRITON_MANAGE_WORKER_KEY=__GENERATED_BY_INSTALL_SH__

# Concurrent scan jobs (1–50). Higher = more CPU + RAM.
TRITON_MANAGE_PARALLELISM=10

# ─── Credential vault (auto-generated) ───────────────────────────────────
# PostgreSQL AES-256-GCM vault. Back this up — losing the key makes
# all stored host credentials unreadable.
TRITON_VAULT_KEY=__GENERATED_BY_INSTALL_SH__

# ─── TLS (recommended for production) ────────────────────────────────────
# Two paths:
#   A) Reverse proxy terminates TLS — leave these blank.
#   B) Container terminates TLS — set CERT + KEY paths inside the container.
TRITON_MANAGE_TLS_CERT=
TRITON_MANAGE_TLS_KEY=
TLS_CERT_HOST_DIR=/etc/triton/tls

# ─── Sessions ────────────────────────────────────────────────────────────
TRITON_MANAGE_SESSION_TTL=24h

# ─── Image ───────────────────────────────────────────────────────────────
TRITON_MANAGE_IMAGE=forgejo.primatekun.tech/primatekuntech/triton-manage-server:latest