-
Notifications
You must be signed in to change notification settings - Fork 80
/
udm-le.env
146 lines (119 loc) · 4.75 KB
/
udm-le.env
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
#
# Required configuration
#
# Email for LetsEncrypt certificate issuance
CERT_EMAIL="[email protected]"
# The FQDN of your UDMP (comma separated fqdns are supported)
CERT_HOSTS="whatever.hostname.com,*.whatever.anotherhostname.com"
# The number of days left on a certificate before renewal
CERT_DAYS_BEFORE_RENEWAL="30"
# Enable updating certificate keystore used by Captive Portal and WiFiman as well as device certificate
ENABLE_CAPTIVE="no"
# Import only the server certificate for use with Captive Portal and WiFiman.
# WiFiman requires a single certificate in the .crt file and does not work if
# the full chain is imported as this includes the CA intermediate certificates.
# Setting NO_BUNDLE="yes" only has effect if ENABLE_CAPTIVE="yes".
# WARNING: Experimental support. Not serving the full certificate chain may result in
# some clients not being able to connect to Captive Portal if they do not already have
# a cached copy of the CA intermediate certificate(s) and are unable to download them.
NO_BUNDLE="no"
# Enable updating Radius support
ENABLE_RADIUS="no"
# Disable support for CNAME resolution. When false, allows resolving _acme-challenge.* if you
# have a CNAME pointing to a different domain. This is generally not something people need, so leave
# this alone unless you've explicitly set up a CNAME and understand the implications.
LEGO_DISABLE_CNAME_SUPPORT=true
# The DNS resolver used to verify records. Change this to a public DNS resolver if you have
# modified your UDM's upstream DNS servers to point to an internal resolver that is the
# authoritative name server for any domain that you are trying to request certificates for.
DNS_RESOLVER="127.0.0.1:53"
#
# DNS provider configuration
# See README.md file for more details
#
# AWS Route53
#DNS_PROVIDER="route53"
#AWS_ACCESS_KEY_ID=""
#AWS_SECRET_ACCESS_KEY=""
#AWS_REGION=""
#AWS_HOSTED_ZONE_ID=""
# Azure
#DNS_PROVIDER="azure"
#AZURE_CLIENT_ID=""
#AZURE_CLIENT_SECRET_FILE="/data/udm-le/.secrets/client-secret.txt"
#AZURE_ENVIRONMENT="public"
#AZURE_RESOURCE_GROUP="udm-le"
#AZURE_SUBSCRIPTION_ID="00000000-0000-0000-0000-000000000000"
#AZURE_TENANT_ID=""
# CloudFlare
DNS_PROVIDER="cloudflare"
CLOUDFLARE_DNS_API_TOKEN="YOUR_CLOUDFLARE_API_TOKEN"
# Digital Ocean
# Note: Quoting your DO_AUTH_TOKEN below seems to cause issues
#DNS_PROVIDER="digitalocean"
#DO_AUTH_TOKEN="AUTH_TOKEN"
# DuckDNS
#DNS_PROVIDER="duckdns"
#DUCKDNS_TOKEN="AUTH_TOKEN"
# Google Cloud DNS
# Note: The default path for the service account file is /root/.secrets
#DNS_PROVIDER="gcloud"
#GCE_SERVICE_ACCOUNT_FILE="/data/udm-le/.secrets/sa.json"
#GCE_PROPAGATION_TIMEOUT="3600"
# Google Domains
#DNS_PROVIDER="googledomains"
#GOOGLE_DOMAINS_ACCESS_TOKEN="ACCESS_TOKEN"
# Linode DNS
#DNS_PROVIDER="linode"
#LINODE_TOKEN=""
#LINODE_PROPAGATION_TIMEOUT="120"
# Loopia
#DNS_PROVIDER="loopia"
#LOOPIA_API_USER="YOUR_API_USER@loopiaapi"
#LOOPIA_API_PASSWORD="YOUR_API_PASSWORD"
# Gandi Live DNS (v5)
#DNS_PROVIDER="gandiv5"
#GANDIV5_API_KEY="AUTH_TOKEN"
# Name.com
# Note: You need to use the your name.com username and not the api key name.
#DNS_PROVIDER="namedotcom"
#NAMECOM_USERNAME="YOUR_NAMECOM_USERNAME"
#NAMECOM_API_TOKEN="YOUR_NAMECOM_API_TOKEN"
# Oracle Cloud Infrastructure (OCI) DNS
#
# DO NOT WRAP ANY OF THE OCI_ VARIABLES IN QUOTES! See README.md for details.
#
#DNS_PROVIDER="oraclecloud"
# If OCI_PRIVKEY_FILE is password protected, uncomment the following line:
#OCI_PRIVKEY_PASS=password
#OCI_PRIVKEY_FILE=/data/udm-le/.secrets/oci_api_key.pem
# The following values can be found in ~/.oci/config after
#OCI_PUBKEY_FINGERPRINT=00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00
#OCI_TENANCY_OCID=ocid1.tenancy.oc1..secret
#OCI_COMPARTMENT_OCID=ocid1.compartment.oc1..secret
#OCI_USER_OCID=ocid1.user.oc1..secret
#OCI_REGION=us-ashburn-1
# Zonomi
#DNS_PROVIDER="zonomi"
#ZONOMI_API_KEY="AUTH_TOKEN"
#
# Change stuff below at your own risk
#
# DNS_RESOLVERS supports a host:port if you need to override system DNS
DNS_RESOLVERS=""
# Changing below requires changing line 7 of udm-le.sh, as well as the paths within systemd service files
UDM_LE_PATH="/data/udm-le"
# LetsEncrypt Configuration
LEGO_VERSION="4.17.4"
LEGO_SHA1="637144bb79f42f7a4884bd98be7decb1679e4322"
LEGO_DOWNLOAD_URL="https://github.com/go-acme/lego/releases/download/v${LEGO_VERSION}/lego_v${LEGO_VERSION}_linux_arm64.tar.gz"
LEGO_BINARY="${UDM_LE_PATH}/lego"
LEGO_PATH="${UDM_LE_PATH}/.lego"
# These should only change if Unifi-OS core changes require it
CERT_IMPORT_CMD="java -jar /usr/lib/unifi/lib/ace.jar import_key_cert"
UBIOS_CONTROLLER_CERT_PATH="/data/unifi-core/config"
UBIOS_RADIUS_CERT_PATH="/data/udapi-config/raddb/certs"
UNIFIOS_CERT_PATH="/data/unifi-core/config"
UNIFIOS_KEYSTORE_PATH="/usr/lib/unifi/data"
UNIFIOS_KEYSTORE_CERT_ALIAS="unifi"
UNIFIOS_KEYSTORE_PASSWORD="aircontrolenterprise"