# ─────────────────────────────────────────────────────────────────────────── # Single-node DChain deployment — operator configuration. # # Copy this file to `node.env` and fill in the blanks. All variables are # DCHAIN_*-prefixed; the node binary reads them as flag fallbacks # (CLI > env > hard-coded default). # ─────────────────────────────────────────────────────────────────────────── # ══ 1. Mode: first node of a new chain, OR joiner to an existing one ══ # Uncomment for the VERY FIRST node of a brand-new network. # Creates block 0 with this node's key as the sole initial validator. # Drop this flag after the first successful boot (it's a no-op on a # non-empty DB but clutters logs). #DCHAIN_GENESIS=true # Comma-separated HTTP URLs of seed nodes to bootstrap from. The node # fetches /api/network-info from each in order until one replies, then # auto-populates --peers / --validators and starts syncing. # # Leave empty ONLY if you're using --genesis above (first node) OR you're # running a standalone offline node for testing. #DCHAIN_JOIN=https://seed1.dchain.example.com,https://seed2.dchain.example.com # ══ 2. Access control ═══════════════════════════════════════════════════ # Shared secret required to submit transactions. Without this, ANY client # that can reach your node can submit txs through it (they still need a # valid signature, so they can't forge — but they could clutter YOUR # mempool with their traffic). # # Recommended: # DCHAIN_API_TOKEN=$(openssl rand -hex 32) # # Configure the same value in your mobile/desktop client's "Authorization: # Bearer ..." header. Leave commented-out for a fully public node. #DCHAIN_API_TOKEN=REPLACE_WITH_A_LONG_RANDOM_SECRET # Go a step further: require the token on READ endpoints too. Only you # (and anyone you share the token with) can query /api/netstats, balances, # tx history, etc. Useful for a personal node where chat metadata is # sensitive. Requires DCHAIN_API_TOKEN above to be set. #DCHAIN_API_PRIVATE=true # ══ 3. Networking ══════════════════════════════════════════════════════ # Public libp2p multiaddr others will use to dial this node. Substitute # your VPS's public IP (or use a hostname resolved via DNS). Port 4001 # must be open on your firewall. DCHAIN_ANNOUNCE=/ip4/CHANGE_ME_TO_YOUR_PUBLIC_IP/tcp/4001 # Public domain for HTTPS access. Must have a DNS A-record pointing at # this host BEFORE `docker compose up` — Caddy issues a cert via # Let's Encrypt on first start. DOMAIN=node.example.com ACME_EMAIL=admin@example.com # ══ 4. Role ═══════════════════════════════════════════════════════════ # Observer mode: this node applies blocks and serves HTTP/WS but never # proposes or votes. Use if you want an API-only node (e.g. running behind # a load balancer for clients, without caring about consensus). Skip if # this node is a validator. #DCHAIN_OBSERVER=true # Submit a REGISTER_RELAY tx at startup so clients can use this node as a # relay for encrypted messages. Costs 1 tx fee (1000 µT by default). # Requires the node identity to have a minimum balance. #DCHAIN_REGISTER_RELAY=true #DCHAIN_RELAY_FEE=1000 # Governance contract ID — if your network uses on-chain gas-price / # parameter voting. Auto-discovered from --join seeds; only set manually # to pin a non-canonical deployment. #DCHAIN_GOVERNANCE_CONTRACT= # ══ 5. Validator-only ═════════════════════════════════════════════════ # Validator set (comma-separated pubkeys). On a joining node this gets # populated automatically from --join. On --genesis this is the initial # set (usually just this node's own pubkey). #DCHAIN_VALIDATORS= # ══ 6. Logging ════════════════════════════════════════════════════════ # `text` is human-readable; `json` is machine-parsable for Loki/ELK. DCHAIN_LOG_FORMAT=json # ══ 7. Auto-update (used by deploy/single/update.sh + systemd timer) ══ # Full URL of your Gitea release-API endpoint. Exposed as /api/update-check. # Format: https:///api/v1/repos///releases/latest # When set, the update script prefers this over blind git-fetch — less # upstream traffic, and releases act as a gate (operator publishes a release # when a version is known-good). #DCHAIN_UPDATE_SOURCE_URL=https://gitea.example.com/api/v1/repos/dchain/dchain/releases/latest # Optional PAT (personal access token) for private repos. Not needed if the # repo is public. #DCHAIN_UPDATE_SOURCE_TOKEN= # Semver guard: set to "true" to permit auto-update across major versions # (v1.x → v2.y). Defaults to false — you get a loud error instead of a # potentially breaking upgrade at 3am. #UPDATE_ALLOW_MAJOR=false # ══ 8. Monitoring (only used if you run --profile monitor) ════════════ # Grafana admin password. Change this if you expose the dashboard # publicly. GRAFANA_ADMIN_PW=change-me-to-something-long