4.1. Startup configuration

This is the non-reloadable part of the configuration. halon-policyd loads the non-reloadable configuration from /etc/halon/policyd.yaml.

It is described by, and can be validated with, the policyd.schema.json.

4.1.1. Listener directives

This listener is used to receive requests from applications such as the Halon web UI.

listeners[].port: Which TCP port to listen on. Required

listeners[].address: IPv4 or IPv6 address to listen on. The default is to listen to all IPv4 and IPv6 addresses.

listeners[].pki

The X.509 certificate and private key to use for transport security. The private key and certificate should have either a path or data property.

pki:
  certificate:
    data: |-
      -----BEGIN CERTIFICATE-----
      ...
  privatekey:
    data: |-
      -----BEGIN PRIVATE KEY-----
      ...

listeners[].pki.certificate: The X.509 certificate to use for transport security. The public certificate should have either a path or data property.

listeners[].pki.privatekey: The X.509 private key to use for transport security. The private key should have either a path or data property.

4.1.2. WebSocket directives

This listener is used to to communicate with the smtpd instances.

websocket.listener.port: Which TCP port to listen on. Required

websocket.listener.address: IPv4 or IPv6 address to listen on. The default is to listen to all IPv4 and IPv6 addresses.

websocket.listener.pki

The X.509 certificate and private key to use for transport security. The private key and certificate should have either a path or data property.

pki:
  certificate:
    data: |-
      -----BEGIN CERTIFICATE-----
      ...
  privatekey:
    data: |-
      -----BEGIN PRIVATE KEY-----
      ...

websocket.listener.pki.certificate: The X.509 certificate to use for transport security. The public certificate should have either a path or data property.

websocket.listener.pki.privatekey: The X.509 private key to use for transport security. The private key should have either a path or data property.

4.1.3. Elasticsearch directives

elasticsearch: The settings for Elasticsearch. Required

elasticsearch.index.history: The index for storing history events. Required

elasticsearch.index.actions: The index for storing action events. Required

elasticsearch.nodes[]: A list of Elasticsearch nodes. Required

elasticsearch.nodes[].url: The Elasticsearch URL to connect to. Required

elasticsearch.auth: Specify any credentials for authentication.

elasticsearch.auth.username: The username for basic authentication.

elasticsearch.auth.password: The password for basic authentication.

elasticsearch.tls.verify: If the server certificate should be verified. The default is true.

stats.path: The directory where statistics files will be written. Required