clawdie/colibri
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 48
colibri/packaging/linux/colibri-bridge.env.example
Sam & Claude 2be8d4f72f
Some checks are pending
CI / rust (pull_request) Waiting to run
Details
CI / markdown (pull_request) Waiting to run
Details
CI / port (pull_request) Waiting to run
Details
CI / agent-jail-pkgs (pull_request) Waiting to run
Details
docs(packaging): scrub real Tailscale IPs from bridge files 
Per the no-real-100.x-IPs-in-git policy: env.example now ships
COLIBRI_BRIDGE_LISTEN_ADDR=TAILSCALE_IP_REQUIRED (operator fills in via
tailscale ip -4 at deploy time), and the README uses placeholders/commands
instead of literal addresses for both domedog and hermes.
2026-06-26 01:22:10 +02:00

18 lines
989 B
Text
Raw Blame History

# Colibri bridge configuration — systemd EnvironmentFile.
# Install to /etc/colibri/bridge.env (root:root, 0644).
# This is the systemd parallel to the sysrc vars in the FreeBSD rc.d script
# (packaging/freebsd/colibri_bridge.in).
# Tailscale IPv4 of THIS host. socat binds here — never 0.0.0.0 — so the control
# plane is not exposed on any other interface even if the firewall rule is
# removed. Fill in with this host's own address from `tailscale ip -4`.
# (Real 100.x addresses are never committed to git — set it at deploy time.)
COLIBRI_BRIDGE_LISTEN_ADDR=TAILSCALE_IP_REQUIRED
# TCP port. MUST match the firewall allow-rule that scopes 9190 to tailscale0.
COLIBRI_BRIDGE_LISTEN_PORT=9190
# colibri-daemon Unix socket. MUST equal the daemon's COLIBRI_DAEMON_SOCKET.
# The daemon default is under $XDG_DATA_HOME; for a system bridge point both at
# a stable /run path (and keep it off /home so ProtectHome=yes can stay on).
COLIBRI_BRIDGE_SOCKET=/run/colibri/colibri.sock
Reference in a new issue View git blame Copy permalink