# config/defaults.conf — fleet-wide infrastructure defaults.
# Sourced by channel-render-lib.sh, hydrate.sh, oxpulse-partner-edge-sni-rotate.sh.
# install.sh picks these up transitively via channel-render-lib.sh.
#
# Operator override: export VAR before invoking the script, e.g.:
#   export OXPULSE_HY2_SERVER=my-relay.example.com:51822
#   ./hydrate.sh

# ── Reality (CH1) ─────────────────────────────────────────────────────────────
# Default SNI used when node-config.json does not carry a server_name.
: "${OXPULSE_REALITY_SERVER_NAME:=www.samsung.com}"
# Default SNI pool for sni-rotate.sh when reality_server_names is absent.
: "${OXPULSE_REALITY_SERVER_NAMES:=www.samsung.com,cdn.samsung.com,images.samsung.com,led.samsung.com,samsung.com}"

# ── AmneziaWG mesh (CH2) ──────────────────────────────────────────────────────
# Motherly (hub) node WireGuard mesh IP.
: "${OXPULSE_AWG_MOTHERLY_IP:=10.9.0.2}"
# Port the backend service listens on — used in Caddyfile and hysteria2 remote backend.
: "${OXPULSE_BACKEND_PORT:=8907}"

# ── Hysteria2 (CH3) ───────────────────────────────────────────────────────────
# Default relay server endpoint; overridden per-node by the registration API.
: "${OXPULSE_HY2_SERVER:=192.9.243.148:51822}"
# Local TCP listener — hysteria2-client forwards traffic received here through the tunnel.
: "${OXPULSE_HY2_LOCAL_LISTEN:=0.0.0.0:18443}"
# Upstream the hysteria2-client forwards traffic to on the far side of the tunnel.
: "${OXPULSE_HY2_REMOTE_BACKEND:=127.0.0.1:8907}"

# ── Caddy tunnel upstreams ────────────────────────────────────────────────────
# Hysteria2 fallback upstream — Caddy reaches the hy2 client container via the
# docker bridge gateway because it runs network_mode: host. The port matches
# HY2_LOCAL_LISTEN's port half.
: "${OXPULSE_HY2_FALLBACK_HOST:=host.docker.internal}"
: "${OXPULSE_HY2_FALLBACK_PORT:=18443}"