chore: initial commit for v0.0.1
DChain single-node blockchain + React Native messenger client. Core: - PBFT consensus with multi-sig validator admission + equivocation slashing - BadgerDB + schema migration scaffold (CurrentSchemaVersion=0) - libp2p gossipsub (tx/v1, blocks/v1, relay/v1, version/v1) - Native Go contracts (username_registry) alongside WASM (wazero) - WebSocket gateway with topic-based fanout + Ed25519-nonce auth - Relay mailbox with NaCl envelope encryption (X25519 + Ed25519) - Prometheus /metrics, per-IP rate limit, body-size cap Deployment: - Single-node compose (deploy/single/) with Caddy TLS + optional Prometheus - 3-node dev compose (docker-compose.yml) with mocked internet topology - 3-validator prod compose (deploy/prod/) for federation - Auto-update from Gitea via /api/update-check + systemd timer - Build-time version injection (ldflags → node --version) - UI / Swagger toggle flags (DCHAIN_DISABLE_UI, DCHAIN_DISABLE_SWAGGER) Client (client-app/): - Expo / React Native / NativeWind - E2E NaCl encryption, typing indicator, contact requests - Auto-discovery of canonical contracts, chain_id aware, WS reconnect on node switch Documentation: - README.md, CHANGELOG.md, CONTEXT.md - deploy/single/README.md with 6 operator scenarios - deploy/UPDATE_STRATEGY.md with 4-layer forward-compat design - docs/contracts/*.md per contract
This commit is contained in:
vsecoder
119
deploy/single/node.env.example
Normal file
119
deploy/single/node.env.example
Normal file
@@ -0,0 +1,119 @@
|
||||
# ───────────────────────────────────────────────────────────────────────────
|
||||
# Single-node DChain deployment — operator configuration.
|
||||
#
|
||||
# Copy this file to `node.env` and fill in the blanks. All variables are
|
||||
# DCHAIN_*-prefixed; the node binary reads them as flag fallbacks
|
||||
# (CLI > env > hard-coded default).
|
||||
# ───────────────────────────────────────────────────────────────────────────
|
||||
|
||||
|
||||
# ══ 1. Mode: first node of a new chain, OR joiner to an existing one ══
|
||||
|
||||
# Uncomment for the VERY FIRST node of a brand-new network.
|
||||
# Creates block 0 with this node's key as the sole initial validator.
|
||||
# Drop this flag after the first successful boot (it's a no-op on a
|
||||
# non-empty DB but clutters logs).
|
||||
#DCHAIN_GENESIS=true
|
||||
|
||||
# Comma-separated HTTP URLs of seed nodes to bootstrap from. The node
|
||||
# fetches /api/network-info from each in order until one replies, then
|
||||
# auto-populates --peers / --validators and starts syncing.
|
||||
#
|
||||
# Leave empty ONLY if you're using --genesis above (first node) OR you're
|
||||
# running a standalone offline node for testing.
|
||||
#DCHAIN_JOIN=https://seed1.dchain.example.com,https://seed2.dchain.example.com
|
||||
|
||||
|
||||
# ══ 2. Access control ═══════════════════════════════════════════════════
|
||||
|
||||
# Shared secret required to submit transactions. Without this, ANY client
|
||||
# that can reach your node can submit txs through it (they still need a
|
||||
# valid signature, so they can't forge — but they could clutter YOUR
|
||||
# mempool with their traffic).
|
||||
#
|
||||
# Recommended:
|
||||
# DCHAIN_API_TOKEN=$(openssl rand -hex 32)
|
||||
#
|
||||
# Configure the same value in your mobile/desktop client's "Authorization:
|
||||
# Bearer ..." header. Leave commented-out for a fully public node.
|
||||
#DCHAIN_API_TOKEN=REPLACE_WITH_A_LONG_RANDOM_SECRET
|
||||
|
||||
# Go a step further: require the token on READ endpoints too. Only you
|
||||
# (and anyone you share the token with) can query /api/netstats, balances,
|
||||
# tx history, etc. Useful for a personal node where chat metadata is
|
||||
# sensitive. Requires DCHAIN_API_TOKEN above to be set.
|
||||
#DCHAIN_API_PRIVATE=true
|
||||
|
||||
|
||||
# ══ 3. Networking ══════════════════════════════════════════════════════
|
||||
|
||||
# Public libp2p multiaddr others will use to dial this node. Substitute
|
||||
# your VPS's public IP (or use a hostname resolved via DNS). Port 4001
|
||||
# must be open on your firewall.
|
||||
DCHAIN_ANNOUNCE=/ip4/CHANGE_ME_TO_YOUR_PUBLIC_IP/tcp/4001
|
||||
|
||||
# Public domain for HTTPS access. Must have a DNS A-record pointing at
|
||||
# this host BEFORE `docker compose up` — Caddy issues a cert via
|
||||
# Let's Encrypt on first start.
|
||||
DOMAIN=node.example.com
|
||||
ACME_EMAIL=admin@example.com
|
||||
|
||||
|
||||
# ══ 4. Role ═══════════════════════════════════════════════════════════
|
||||
|
||||
# Observer mode: this node applies blocks and serves HTTP/WS but never
|
||||
# proposes or votes. Use if you want an API-only node (e.g. running behind
|
||||
# a load balancer for clients, without caring about consensus). Skip if
|
||||
# this node is a validator.
|
||||
#DCHAIN_OBSERVER=true
|
||||
|
||||
# Submit a REGISTER_RELAY tx at startup so clients can use this node as a
|
||||
# relay for encrypted messages. Costs 1 tx fee (1000 µT by default).
|
||||
# Requires the node identity to have a minimum balance.
|
||||
#DCHAIN_REGISTER_RELAY=true
|
||||
#DCHAIN_RELAY_FEE=1000
|
||||
|
||||
# Governance contract ID — if your network uses on-chain gas-price /
|
||||
# parameter voting. Auto-discovered from --join seeds; only set manually
|
||||
# to pin a non-canonical deployment.
|
||||
#DCHAIN_GOVERNANCE_CONTRACT=
|
||||
|
||||
|
||||
# ══ 5. Validator-only ═════════════════════════════════════════════════
|
||||
|
||||
# Validator set (comma-separated pubkeys). On a joining node this gets
|
||||
# populated automatically from --join. On --genesis this is the initial
|
||||
# set (usually just this node's own pubkey).
|
||||
#DCHAIN_VALIDATORS=
|
||||
|
||||
|
||||
# ══ 6. Logging ════════════════════════════════════════════════════════
|
||||
|
||||
# `text` is human-readable; `json` is machine-parsable for Loki/ELK.
|
||||
DCHAIN_LOG_FORMAT=json
|
||||
|
||||
|
||||
# ══ 7. Auto-update (used by deploy/single/update.sh + systemd timer) ══
|
||||
|
||||
# Full URL of your Gitea release-API endpoint. Exposed as /api/update-check.
|
||||
# Format: https://<gitea-host>/api/v1/repos/<owner>/<repo>/releases/latest
|
||||
# When set, the update script prefers this over blind git-fetch — less
|
||||
# upstream traffic, and releases act as a gate (operator publishes a release
|
||||
# when a version is known-good).
|
||||
#DCHAIN_UPDATE_SOURCE_URL=https://gitea.example.com/api/v1/repos/dchain/dchain/releases/latest
|
||||
|
||||
# Optional PAT (personal access token) for private repos. Not needed if the
|
||||
# repo is public.
|
||||
#DCHAIN_UPDATE_SOURCE_TOKEN=
|
||||
|
||||
# Semver guard: set to "true" to permit auto-update across major versions
|
||||
# (v1.x → v2.y). Defaults to false — you get a loud error instead of a
|
||||
# potentially breaking upgrade at 3am.
|
||||
#UPDATE_ALLOW_MAJOR=false
|
||||
|
||||
|
||||
# ══ 8. Monitoring (only used if you run --profile monitor) ════════════
|
||||
|
||||
# Grafana admin password. Change this if you expose the dashboard
|
||||
# publicly.
|
||||
GRAFANA_ADMIN_PW=change-me-to-something-long
|
||||
Reference in New Issue
Block a user