61 lines
3.7 KiB
Text
61 lines
3.7 KiB
Text
# Triton License Server environment template.
|
|
# Copy to .env in this directory; install.sh does that automatically.
|
|
#
|
|
# Required values are flagged. Generated values get auto-filled by install.sh
|
|
# when run without flags.
|
|
|
|
# ─── PostgreSQL (auto-generated) ─────────────────────────────────────────
|
|
POSTGRES_USER=triton
|
|
POSTGRES_PASSWORD=__GENERATED_BY_INSTALL_SH__ # openssl rand -hex 24
|
|
POSTGRES_DB=triton_license
|
|
POSTGRES_PORT=5436 # localhost-bound
|
|
|
|
# ─── License Server core (REQUIRED) ──────────────────────────────────────
|
|
# Ed25519 keypair as 128 hex chars (seed||pub). Generated once at install
|
|
# time. Back this up — losing it forces every customer to re-activate.
|
|
TRITON_LICENSE_SERVER_SIGNING_KEY=__GENERATED_BY_INSTALL_SH__
|
|
|
|
# Initial superadmin seeded on first boot. After login, rotate this.
|
|
TRITON_LICENSE_SERVER_ADMIN_EMAIL=admin@example.com
|
|
TRITON_LICENSE_SERVER_ADMIN_PASSWORD=__GENERATED_BY_INSTALL_SH__
|
|
|
|
# ─── Listener ────────────────────────────────────────────────────────────
|
|
TRITON_LICENSE_SERVER_LISTEN=:8081
|
|
TRITON_LICENSE_SERVER_HOST_PORT=8081 # host port to publish
|
|
|
|
# ─── TLS (recommended for production) ────────────────────────────────────
|
|
# Two paths:
|
|
# A) Reverse proxy terminates TLS — leave these blank, set ALLOW_INSECURE=1.
|
|
# B) Container terminates TLS — set CERT + KEY (paths inside container)
|
|
# and mount your /etc/triton/tls directory via TLS_CERT_HOST_DIR.
|
|
TRITON_LICENSE_SERVER_TLS_CERT=
|
|
TRITON_LICENSE_SERVER_TLS_KEY=
|
|
TRITON_LICENSE_SERVER_ALLOW_INSECURE=
|
|
TLS_CERT_HOST_DIR=/etc/triton/tls
|
|
|
|
# ─── Operations ──────────────────────────────────────────────────────────
|
|
# Hours after which a license is considered stale (offline grace window).
|
|
# 336h = 14 days. Increase for longer offline tolerance.
|
|
TRITON_LICENSE_SERVER_STALE_THRESHOLD=336h
|
|
|
|
# Public URL of this server. Used in invite emails and pushed to clients
|
|
# during validation. Leave blank if no email/external clients yet.
|
|
TRITON_LICENSE_SERVER_PUBLIC_URL=
|
|
|
|
# ─── Email (optional) ────────────────────────────────────────────────────
|
|
# Resend.com keys for sending platform-admin invites + temp passwords.
|
|
# Leave blank to disable email — invites are still issued, the password
|
|
# just isn't auto-mailed.
|
|
RESEND_API_KEY=
|
|
RESEND_FROM_EMAIL=
|
|
|
|
# ─── Worker binaries ─────────────────────────────────────────────────────
|
|
# Host directory bind-mounted into the container at /data/binaries.
|
|
# Binaries (triton-agent, triton-sshagent, triton-portscan) are stored as
|
|
# files — not in the DB — so this directory must survive container rebuilds.
|
|
# Created automatically by install.sh if it does not exist.
|
|
TRITON_LICENSE_SERVER_HOST_BIN_DIR=/opt/triton/binaries
|
|
|
|
# ─── Image ───────────────────────────────────────────────────────────────
|
|
# Override to pin a specific build. Default tracks :latest from ghcr.io.
|
|
TRITON_LICENSE_IMAGE=ghcr.io/amiryahaya/triton-licenseserver:latest
|