vsecoder/dchain
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
7e7393e4f8081c8cfe42bfb01b10f39ef2db966c
dchain/deploy/single/node.env.example
vsecoder 7e7393e4f8 chore: initial commit for v0.0.1 
DChain single-node blockchain + React Native messenger client.

Core:
- PBFT consensus with multi-sig validator admission + equivocation slashing
- BadgerDB + schema migration scaffold (CurrentSchemaVersion=0)
- libp2p gossipsub (tx/v1, blocks/v1, relay/v1, version/v1)
- Native Go contracts (username_registry) alongside WASM (wazero)
- WebSocket gateway with topic-based fanout + Ed25519-nonce auth
- Relay mailbox with NaCl envelope encryption (X25519 + Ed25519)
- Prometheus /metrics, per-IP rate limit, body-size cap

Deployment:
- Single-node compose (deploy/single/) with Caddy TLS + optional Prometheus
- 3-node dev compose (docker-compose.yml) with mocked internet topology
- 3-validator prod compose (deploy/prod/) for federation
- Auto-update from Gitea via /api/update-check + systemd timer
- Build-time version injection (ldflags → node --version)
- UI / Swagger toggle flags (DCHAIN_DISABLE_UI, DCHAIN_DISABLE_SWAGGER)

Client (client-app/):
- Expo / React Native / NativeWind
- E2E NaCl encryption, typing indicator, contact requests
- Auto-discovery of canonical contracts, chain_id aware, WS reconnect on node switch

Documentation:
- README.md, CHANGELOG.md, CONTEXT.md
- deploy/single/README.md with 6 operator scenarios
- deploy/UPDATE_STRATEGY.md with 4-layer forward-compat design
- docs/contracts/*.md per contract
2026-04-17 14:16:44 +03:00

120 lines
5.6 KiB
Plaintext
Raw Blame History

# ───────────────────────────────────────────────────────────────────────────
# Single-node DChain deployment — operator configuration.
#
# Copy this file to `node.env` and fill in the blanks. All variables are
# DCHAIN_*-prefixed; the node binary reads them as flag fallbacks
# (CLI > env > hard-coded default).
# ───────────────────────────────────────────────────────────────────────────
# ══ 1. Mode: first node of a new chain, OR joiner to an existing one ══
# Uncomment for the VERY FIRST node of a brand-new network.
# Creates block 0 with this node's key as the sole initial validator.
# Drop this flag after the first successful boot (it's a no-op on a
# non-empty DB but clutters logs).
#DCHAIN_GENESIS=true
# Comma-separated HTTP URLs of seed nodes to bootstrap from. The node
# fetches /api/network-info from each in order until one replies, then
# auto-populates --peers / --validators and starts syncing.
#
# Leave empty ONLY if you're using --genesis above (first node) OR you're
# running a standalone offline node for testing.
#DCHAIN_JOIN=https://seed1.dchain.example.com,https://seed2.dchain.example.com
# ══ 2. Access control ═══════════════════════════════════════════════════
# Shared secret required to submit transactions. Without this, ANY client
# that can reach your node can submit txs through it (they still need a
# valid signature, so they can't forge — but they could clutter YOUR
# mempool with their traffic).
#
# Recommended:
# DCHAIN_API_TOKEN=$(openssl rand -hex 32)
#
# Configure the same value in your mobile/desktop client's "Authorization:
# Bearer ..." header. Leave commented-out for a fully public node.
#DCHAIN_API_TOKEN=REPLACE_WITH_A_LONG_RANDOM_SECRET
# Go a step further: require the token on READ endpoints too. Only you
# (and anyone you share the token with) can query /api/netstats, balances,
# tx history, etc. Useful for a personal node where chat metadata is
# sensitive. Requires DCHAIN_API_TOKEN above to be set.
#DCHAIN_API_PRIVATE=true
# ══ 3. Networking ══════════════════════════════════════════════════════
# Public libp2p multiaddr others will use to dial this node. Substitute
# your VPS's public IP (or use a hostname resolved via DNS). Port 4001
# must be open on your firewall.
DCHAIN_ANNOUNCE=/ip4/CHANGE_ME_TO_YOUR_PUBLIC_IP/tcp/4001
# Public domain for HTTPS access. Must have a DNS A-record pointing at
# this host BEFORE `docker compose up` — Caddy issues a cert via
# Let's Encrypt on first start.
DOMAIN=node.example.com
ACME_EMAIL=admin@example.com
# ══ 4. Role ═══════════════════════════════════════════════════════════
# Observer mode: this node applies blocks and serves HTTP/WS but never
# proposes or votes. Use if you want an API-only node (e.g. running behind
# a load balancer for clients, without caring about consensus). Skip if
# this node is a validator.
#DCHAIN_OBSERVER=true
# Submit a REGISTER_RELAY tx at startup so clients can use this node as a
# relay for encrypted messages. Costs 1 tx fee (1000 µT by default).
# Requires the node identity to have a minimum balance.
#DCHAIN_REGISTER_RELAY=true
#DCHAIN_RELAY_FEE=1000
# Governance contract ID — if your network uses on-chain gas-price /
# parameter voting. Auto-discovered from --join seeds; only set manually
# to pin a non-canonical deployment.
#DCHAIN_GOVERNANCE_CONTRACT=
# ══ 5. Validator-only ═════════════════════════════════════════════════
# Validator set (comma-separated pubkeys). On a joining node this gets
# populated automatically from --join. On --genesis this is the initial
# set (usually just this node's own pubkey).
#DCHAIN_VALIDATORS=
# ══ 6. Logging ════════════════════════════════════════════════════════
# `text` is human-readable; `json` is machine-parsable for Loki/ELK.
DCHAIN_LOG_FORMAT=json
# ══ 7. Auto-update (used by deploy/single/update.sh + systemd timer) ══
# Full URL of your Gitea release-API endpoint. Exposed as /api/update-check.
# Format: https://<gitea-host>/api/v1/repos/<owner>/<repo>/releases/latest
# When set, the update script prefers this over blind git-fetch — less
# upstream traffic, and releases act as a gate (operator publishes a release
# when a version is known-good).
#DCHAIN_UPDATE_SOURCE_URL=https://gitea.example.com/api/v1/repos/dchain/dchain/releases/latest
# Optional PAT (personal access token) for private repos. Not needed if the
# repo is public.
#DCHAIN_UPDATE_SOURCE_TOKEN=
# Semver guard: set to "true" to permit auto-update across major versions
# (v1.x → v2.y). Defaults to false — you get a loud error instead of a
# potentially breaking upgrade at 3am.
#UPDATE_ALLOW_MAJOR=false
# ══ 8. Monitoring (only used if you run --profile monitor) ════════════
# Grafana admin password. Change this if you expose the dashboard
# publicly.
GRAFANA_ADMIN_PW=change-me-to-something-long
Reference in New Issue View Git Blame Copy Permalink