00cff51ce5
All checks were successful
Closes the open broker (anonymous publish to any tenant's corrosion.*).
Per-license isolation via NATS user/password + subject permissions:
each license -> user=license_id, password=HMAC-SHA256(license_id,
NATS_TOKEN_SECRET), scoped to corrosion.{license_id}.> + _INBOX. Backend
uses a privileged internal user.
- Agent (alpha.5): nats_user/nats_password config + env, user_and_password
auth; falls back to token/anonymous (transition-safe)
- Backend: connects with NATS_INTERNAL_USER/PASSWORD when set, else anon
- scripts/generate-nats-auth.mjs: regenerates nats-auth.conf from the
licenses table; NATS_AUTH_STAGE=open keeps a no_auth_user fallback
(verify creds first), =enforce rejects anonymous
- committed nats-auth.conf is the SAFE OPEN default (no secrets); the
host copy carries real users and is not committed
- compose: NATS_INTERNAL_USER/PASSWORD/NATS_TOKEN_SECRET, mount nats-auth.conf
Entirely non-breaking until secrets+config deployed; staged cutover next.
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
71 lines
2.5 KiB
TOML
71 lines
2.5 KiB
TOML
# Corrosion Host Agent configuration
|
|
# Default location: /etc/corrosion/agent.toml (Linux)
|
|
# C:\ProgramData\Corrosion\agent.toml (Windows)
|
|
# Override with: corrosion-host-agent --config /path/to/agent.toml
|
|
#
|
|
# Secrets can come from the environment instead of this file:
|
|
# CORROSION_LICENSE_ID, CORROSION_NATS_URL, CORROSION_NATS_TOKEN
|
|
|
|
[agent]
|
|
license_id = "your-license-uuid"
|
|
nats_url = "nats://nats.corrosionmgmt.com:4222"
|
|
# Per-license auth (preferred): user = license id, password = the token shown
|
|
# on the panel Server page. The broker scopes you to corrosion.{license}.>
|
|
# nats_user = "your-license-uuid" # defaults to license_id if omitted
|
|
# nats_password = "set-me-or-use-CORROSION_NATS_PASSWORD"
|
|
# nats_token = "legacy token-only auth; use nats_password instead"
|
|
heartbeat_seconds = 60
|
|
log_level = "info"
|
|
|
|
# One agent supervises every game instance on this host.
|
|
# Each instance gets a stable id (lowercase letters, digits, '-', '_') that
|
|
# the panel uses to address it. Changing an id orphans its panel history.
|
|
|
|
[[instance]]
|
|
id = "rust-main"
|
|
game = "rust" # rust | conan | soulmask | dune
|
|
root = "/opt/rustserver"
|
|
label = "Main 2x Vanilla"
|
|
|
|
# RCON lets the panel send console commands to the running server.
|
|
# For rust the protocol is WebRCON (WebSocket JSON); for conan/soulmask it is
|
|
# Source RCON (Valve TCP binary). `kind` is optional — it is inferred from
|
|
# the game name when absent.
|
|
#
|
|
# The [instance.rcon] sub-table MUST immediately follow the [[instance]] entry
|
|
# it belongs to (standard TOML array-of-tables scoping rule).
|
|
[instance.rcon]
|
|
port = 28016
|
|
password = "changeme"
|
|
# kind = "webrcon" # explicit override; omit to infer from game
|
|
|
|
# [[instance]]
|
|
# id = "soulmask-main"
|
|
# game = "soulmask"
|
|
# root = "/opt/soulmask/main"
|
|
# label = "Cloud Mist Forest (cluster main)"
|
|
#
|
|
# [instance.rcon]
|
|
# port = 19000
|
|
# password = "changeme"
|
|
# # kind = "source" # inferred automatically for soulmask
|
|
|
|
# SteamCMD update settings — optional sub-table for any instance.
|
|
# Absent = defaults: steamcmd binary resolved via PATH, validate = false.
|
|
#
|
|
# [instance.steamcmd]
|
|
# steamcmd_path = "/opt/steamcmd/steamcmd.sh" # omit to use PATH
|
|
# validate = true # enable file-hash check pass
|
|
#
|
|
# Dune instances do not use SteamCMD (Docker images); the steam_update func
|
|
# will return a clear error if invoked on a dune instance.
|
|
|
|
[prober]
|
|
interval_seconds = 300
|
|
|
|
# Extra outbound TCP checks beyond the built-in defaults:
|
|
# [[prober.target]]
|
|
# name = "steam-cdn"
|
|
# host = "steamcdn-a.akamaihd.net"
|
|
# port = 443
|