# OpenBMP stack configuration — copy to .env and fill in. # cp .env.example .env && $EDITOR .env && ./setup.sh # The real .env is git-ignored and never committed. # --------------------------------------------------------------------------- # Core deployment # --------------------------------------------------------------------------- # Host path for all persistent data (postgres, kafka, grafana, authelia, ...). OBMP_DATA_ROOT=/var/openbmp # IP of this host that routers and external clients connect to # (Kafka external listener, BMP source, ExaBGP peering). HOST_IP=changeme # Auth mode: # local — Grafana built-in login (admin / openbmp). Lab default. # OBMP_DOMAIN / OBMP_COOKIE_DOMAIN below can stay blank. # authelia — Authelia in front (docker compose --profile auth). # OBMP_DOMAIN and OBMP_COOKIE_DOMAIN must be set, and a # reverse proxy must terminate TLS at OBMP_DOMAIN. OBMP_AUTH_MODE=local # Public domain fronting Grafana / Authelia / portal (TLS terminates upstream). # Only required when OBMP_AUTH_MODE=authelia. OBMP_DOMAIN= # Authelia session-cookie domain — the parent domain of OBMP_DOMAIN so the # cookie is valid across subpaths/subdomains. Only required when # OBMP_AUTH_MODE=authelia. OBMP_COOKIE_DOMAIN= # Grafana self-generated URL (alerts, share links). setup.sh writes this # automatically based on OBMP_AUTH_MODE — leave blank, it will be filled in. GF_SERVER_ROOT_URL= # Container memory limits. Lab defaults shown; raise for production # (see docs/production-sizing.md). psql-app's limit must exceed its MEM heap. PSQL_MEM_LIMIT=6g PSQL_APP_MEM_LIMIT=4g KAFKA_MEM_LIMIT=4g # ExaBGP — the full-table feature holds up to 900K route objects in memory. EXABGP_MEM_LIMIT=6g # gNMI streaming telemetry (telegraf, test profile). GNMI_ADDRESSES is a # quoted, comma-separated host:port list — add a router here once gNMI/grpc # is enabled on it and the management path is reachable. GNMI_ADDRESSES="10.100.0.100:57400", "10.100.0.200:57400" GNMI_USERNAME=changeme GNMI_PASSWORD=changeme # --------------------------------------------------------------------------- # ExaBGP route injector (test profile) # --------------------------------------------------------------------------- EXABGP_LOCAL_IP=changeme EXABGP_LOCAL_AS=65100 EXABGP_API_PORT=5050 # Semicolon-separated peer list, each entry "ip:peer_as:description". EXABGP_PEERS=10.100.0.100:65020:CML-R9K-CORE-01;10.100.0.200:65020:CML-R9K-CORE-02 # --------------------------------------------------------------------------- # CML lab API + IOS-XR NETCONF (used by cml/ automation scripts) # --------------------------------------------------------------------------- PROX-CML_URL=http://changeme PROX-CML_USERNAME=changeme PROX-CML_PASSWORD=changeme # Default IOS-XR NETCONF credentials, plus the admin-tier override for routers # that use a separate account. IOSXR_NETCONF_USER=changeme IOSXR_NETCONF_PASS=changeme IOSXR_NETCONF_ADMIN_USER=changeme IOSXR_NETCONF_ADMIN_PASS=changeme # --------------------------------------------------------------------------- # Integrations # --------------------------------------------------------------------------- GITEA_API_KEY=changeme # --------------------------------------------------------------------------- # Authelia secrets — leave BLANK; setup.sh generates them with openssl on a # fresh host and appends them here. Existing values are never overwritten. # --------------------------------------------------------------------------- AUTHELIA_SESSION_SECRET= AUTHELIA_JWT_SECRET= AUTHELIA_STORAGE_ENCRYPTION_KEY=