forked from kchristensen/udm-le
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathudm-le.env
135 lines (111 loc) · 4.3 KB
/
udm-le.env
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
#
# Required configuration
#
# Email for LetsEncrypt certificate issuance
CERT_EMAIL="your@email.com"
# The FQDN of your UDMP (comma separated fqdns are supported)
CERT_HOSTS="whatever.hostname.com,*.whatever.anotherhostname.com"
# Enable updating certificate keystore used by Captive Portal and WiFiman as well as device certificate
ENABLE_CAPTIVE="no"
# Import only the server certificate for use with Captive Portal and WiFiman.
# WiFiman requires a single certificate in the .crt file and does not work if
# the full chain is imported as this includes the CA intermediate certificates.
# Setting NO_BUNDLE="yes" only has effect if ENABLE_CAPTIVE="yes".
# WARNING: Experimental support. Not serving the full certificate chain may result in
# some clients not being able to connect to Captive Portal if they do not already have
# a cached copy of the CA intermediate certificate(s) and are unable to download them.
NO_BUNDLE="no"
# Enable updating Radius support
ENABLE_RADIUS="no"
# Allows CNAMEs to be resolved. When true, allows resolving _acme-challenge.* in case it
# has a CNAME pointing to a different domain. With this, make sure the DNS provider config
# is for the provider the CNAME points to.
#
# Leave this disabled if you don't know what this means as most configurations don't need it.
LEGO_EXPERIMENTAL_CNAME_SUPPORT=false
#
# DNS provider configuration
# See README.md file for more details
#
# AWS Route53
#DNS_PROVIDER="route53"
#AWS_ACCESS_KEY_ID=""
#AWS_SECRET_ACCESS_KEY=""
#AWS_REGION=""
#AWS_HOSTED_ZONE_ID=""
# Azure
#DNS_PROVIDER="azure"
#AZURE_CLIENT_ID=""
#AZURE_CLIENT_SECRET_FILE="/data/udm-le/.secrets/client-secret.txt"
#AZURE_ENVIRONMENT="public"
#AZURE_RESOURCE_GROUP="udm-le"
#AZURE_SUBSCRIPTION_ID="00000000-0000-0000-0000-000000000000"
#AZURE_TENANT_ID=""
# CloudFlare
DNS_PROVIDER="cloudflare"
CLOUDFLARE_DNS_API_TOKEN="YOUR_CLOUDFLARE_API_TOKEN"
# Digital Ocean
# Note: Quoting your DO_AUTH_TOKEN below seems to cause issues
#DNS_PROVIDER="digitalocean"
#DO_AUTH_TOKEN="AUTH_TOKEN"
# DuckDNS
#DNS_PROVIDER="duckdns"
#DUCKDNS_TOKEN="AUTH_TOKEN"
# Google Cloud DNS
# Note: The default path for the service account file is /root/.secrets
#DNS_PROVIDER="gcloud"
#GCE_SERVICE_ACCOUNT_FILE="/data/udm-le/.secrets/sa.json"
#GCE_PROPAGATION_TIMEOUT="3600"
# Google Domains
#DNS_PROVIDER="googledomains"
#GOOGLE_DOMAINS_ACCESS_TOKEN="ACCESS_TOKEN"
# Linode DNS
#DNS_PROVIDER="linode"
#LINODE_TOKEN=""
#LINODE_PROPAGATION_TIMEOUT="120"
# Gandi Live DNS (v5)
#DNS_PROVIDER="gandiv5"
#GANDIV5_API_KEY="AUTH_TOKEN"
# Name.com
# Note: You need to use the your name.com username and not the api key name.
#DNS_PROVIDER="namedotcom"
#NAMECOM_USERNAME="YOUR_NAMECOM_USERNAME"
#NAMECOM_API_TOKEN="YOUR_NAMECOM_API_TOKEN"
# Oracle Cloud Infrastructure (OCI) DNS
#
# DO NOT WRAP ANY OF THE OCI_ VARIABLES IN QUOTES! See README.md for details.
#
#DNS_PROVIDER="oraclecloud"
# If OCI_PRIVKEY_FILE is password protected, uncomment the following line:
#OCI_PRIVKEY_PASS=password
#OCI_PRIVKEY_FILE=/data/udm-le/.secrets/oci_api_key.pem
# The following values can be found in ~/.oci/config after
#OCI_PUBKEY_FINGERPRINT=00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00
#OCI_TENANCY_OCID=ocid1.tenancy.oc1..secret
#OCI_COMPARTMENT_OCID=ocid1.compartment.oc1..secret
#OCI_USER_OCID=ocid1.user.oc1..secret
#OCI_REGION=us-ashburn-1
# Zonomi
#DNS_PROVIDER="zonomi"
#ZONOMI_API_KEY="AUTH_TOKEN"
#
# Change stuff below at your own risk
#
# DNS_RESOLVERS supports a host:port if you need to override system DNS
DNS_RESOLVERS=""
# Changing below requires changing line 7 of udm-le.sh, as well as the paths within systemd service files
UDM_LE_PATH="/data/udm-le"
# LetsEncrypt Configuration
LEGO_VERSION="4.11.0"
LEGO_SHA1="41fb3736156ed6d42fba551127905c834e5b0ab0"
LEGO_DOWNLOAD_URL="https://github.com/go-acme/lego/releases/download/v${LEGO_VERSION}/lego_v${LEGO_VERSION}_linux_arm64.tar.gz"
LEGO_BINARY="${UDM_LE_PATH}/lego"
LEGO_PATH="${UDM_LE_PATH}/.lego"
# These should only change if Unifi-OS core changes require it
CERT_IMPORT_CMD="java -jar /usr/lib/unifi/lib/ace.jar import_key_cert"
UBIOS_CONTROLLER_CERT_PATH="/data/unifi-core/config"
UBIOS_RADIUS_CERT_PATH="/data/udapi-config/raddb/certs"
UNIFIOS_CERT_PATH="/data/unifi-core/config"
UNIFIOS_KEYSTORE_PATH="/usr/lib/unifi/data"
UNIFIOS_KEYSTORE_CERT_ALIAS="unifi"
UNIFIOS_KEYSTORE_PASSWORD="aircontrolenterprise"