Configuration
Each service is configured via a .env file in its directory. Copy the example files and edit them.
elster-terminal-backend
cd elster-terminal-backend
cp .env.example .envRequired Variables
| Variable | Description | Example |
|---|---|---|
HOST | Bind address | 0.0.0.0 |
PORT | Listen port | 8000 |
NEXTAUTH_SECRET | Shared secret with frontend (must match) | Random 32+ char string |
FRONTEND_URL | Frontend URL for CORS | http://localhost:3000 |
ALLOWED_ORIGINS | JSON array of allowed CORS origins | ["http://localhost:3000"] |
BUILDS_PATH | Directory for git worktrees during builds | /home/user/elster-builds |
BUILD_ISO_REPO_URL | SSH URL for build-iso-public repo | git@github.com:org/build-iso-public.git |
BUILD_ISO_UBUNTU_REPO_URL | SSH URL for build-iso-ubuntu repo | git@github.com:org/build-iso-ubuntu.git |
CLAUDE_CODE_PATH | Path to Claude Code CLI binary | claude |
CLAUDE_WORKING_DIR | Working directory for Claude subprocesses | /home/user/elster-builds |
LIBVIRT_BACKEND_URL | URL of cto-gui-libvirt-backend | http://localhost:8001 |
Optional Variables
| Variable | Description | Default |
|---|---|---|
DEBUG | Enable debug mode | false |
DATA_FILE_PATH | Path to users.json | ./data/users.json |
LOG_DIR_PATH | Log directory | ./data/logs |
GIT_SSH_KEY_PATH | SSH key for git operations | System default |
WORKER_CONCURRENCY | Max concurrent builds | 4 |
ORCHESTRATOR_ENABLED | Enable build orchestrator | true |
INSTRUCTIONS_DIR | AI instruction templates | ./instructions |
OBS_API_URL | Open Build Service URL (Elster OS only) | — |
OBS_API_USER | OBS username | — |
OBS_API_PASSWORD | OBS password | — |
OPENQA_API_URL | openQA URL | — |
GITHUB_CLIENT_ID | GitHub OAuth app ID | — |
GITHUB_CLIENT_SECRET | GitHub OAuth secret | — |
SMTP_HOST | SMTP server for notifications | — |
SMTP_PORT | SMTP port | 465 |
SMTP_USER | SMTP username | — |
SMTP_PASSWORD | SMTP password | — |
NOTIFICATIONS_ENABLED | Enable email notifications | false |
SUPER_ADMIN_EMAILS | Comma-separated admin emails | — |
GUEST_MAX_AGE_DAYS | Auto-cleanup guest accounts after N days | 30 |
cto-gui-libvirt-backend
cd cto-gui-libvirt-backend
cp .env.example .env| Variable | Description | Example |
|---|---|---|
HOST | Bind address | 0.0.0.0 |
PORT | Listen port | 8001 |
KVM_URI | Libvirt connection URI | qemu:///system |
NEXTAUTH_SECRET | Must match frontend and backend | Same secret |
ALLOWED_ORIGINS | CORS origins | ["http://localhost:3000"] |
ELSTER_API_URL | URL of elster-terminal-backend | http://localhost:8000 |
BENCHMARK_DIR | CIS benchmark definitions | ./benchmarks |
BENCHMARK_STORAGE_DIR | Benchmark results | ./data/benchmarks |
TEST_STORAGE_DIR | Test results | ./data/tests |
LOG_DIR_PATH | Log directory | ./data/logs |
For remote KVM hosts, use an SSH URI:
KVM_URI=qemu+ssh://user@kvm-host/systemweb-terminal-backend
cd web-terminal-backend
cp .env.example .env| Variable | Description | Example |
|---|---|---|
PORT | Listen port | 8002 |
NEXTAUTH_SECRET | Must match other services | Same secret |
HOSTS_FILE | SSH host definitions | ./data/hosts.json |
SSH_KEYS_DIR | SSH private keys directory | ./data/keys |
elster-terminal (frontend)
cd elster-terminal
cp .env.local.example .env.local| Variable | Description | Example |
|---|---|---|
NEXTAUTH_SECRET | Must match all backends | Same secret |
NEXTAUTH_URL | Public URL of the frontend | http://localhost:3000 |
API_URL | Backend API URL (server-side) | http://localhost:8000 |
NEXT_PUBLIC_API_URL | Backend API URL (client-side) | http://localhost:8000 |
GOOGLE_CLIENT_ID | Google OAuth (optional) | — |
GOOGLE_CLIENT_SECRET | Google OAuth (optional) | — |
Shared Secret
The NEXTAUTH_SECRET value must be identical across all services. Generate one:
openssl rand -base64 32Next Steps
With configuration complete, proceed to Running Services.