Module config

Expand description

FIPS Configuration System

Loads configuration from YAML files with a cascading priority system:

./fips.yaml (current directory - highest priority)
~/.config/fips/fips.yaml (user config directory)
/etc/fips/fips.yaml (system - lowest priority)

Values from higher priority files override those from lower priority files.

§YAML Structure

The YAML structure mirrors the sysctl-style paths in the architecture docs. For example, node.identity.nsec in the docs corresponds to:

node:
  identity:
    nsec: "nsec1..."

Structs§

BleConfig: BLE transport instance configuration.
BloomConfig: Bloom filter (node.bloom.*).
BuffersConfig: Internal buffers (node.buffers.*).
CacheConfig: Cache parameters (node.cache.*).
Config: Root configuration structure.
ConntrackConfig: Conntrack timeout overrides (gateway.conntrack.*).
ControlConfig: Control socket configuration (node.control.*).
DirectoryServiceConfig: Directory-mode onion service configuration.
DiscoveryConfig: Discovery protocol (node.discovery.*).
EthernetConfig: Ethernet transport instance configuration.
GatewayConfig: Gateway configuration (gateway.*).
GatewayDnsConfig: Gateway DNS resolver configuration (gateway.dns.*).
IdentityConfig: Identity configuration (node.identity.*).
LimitsConfig: Resource limits (node.limits.*).
NodeConfig: Node configuration (node.*).
NostrDiscoveryConfig: Nostr-mediated overlay endpoint discovery (node.discovery.nostr.*).
PeerAddress: A transport-specific address for reaching a peer.
PeerConfig: Configuration for a known peer.
PortForward: An inbound port-forward rule: fips0:listen_port/proto → target.
RateLimitConfig: Rate limiting (node.rate_limit.*).
RekeyConfig
ResolvedIdentity: Result of identity resolution.
RetryConfig: Retry/backoff configuration (node.retry.*).
RoutingConfig: Routing strategy selection (node.routing.*).
SessionConfig: Session/data plane (node.session.*).
SessionMmpConfig: Session-layer Metrics Measurement Protocol (node.session_mmp.*).
TcpConfig: TCP transport instance configuration.
TorConfig: Tor transport instance configuration.
TransportsConfig: Transports configuration section.
TreeConfig: Spanning tree (node.tree.*).
UdpConfig: UDP transport instance configuration.

Enums§

ConfigError: Errors that can occur during configuration loading.
ConnectPolicy: Connection policy for a peer.
IdentitySource: Where a resolved identity originated.
NostrDiscoveryPolicy: Nostr advert discovery policy.
Proto: Transport protocol for an inbound port forward.
RoutingMode: Daemon routing mode.
TransportInstances: Transport instances - either a single config or named instances.

Functions§

default_control_path: Default control socket path for fipsctl / fipstop.
default_gateway_path: Default gateway control socket path.
key_file_path: Derive the key file path from a config file path.
pub_file_path: Derive the public key file path from a config file path.
read_key_file: Read a bare bech32 nsec from a key file.
resolve_identity: Resolve identity from config and key file.
write_key_file: Write a bare bech32 nsec to a key file with restricted permissions.
write_pub_file: Write a bare bech32 npub to a public key file.

Module config

Module config Copy item path

§YAML Structure

Structs§

Enums§

Functions§

Module config