server:
  name: My Outline Server
  hostname: example.com

api:
  listen_addr: ":8081"
  secret: ""
  cert_file: ""

metrics:
  listen_addr: "127.0.0.1:8081"
  node_exporter_collectors:
    - cpu
    - meminfo
    - loadavg
    - uname
    - filesystem
    - diskstats
    - netdev

shadowsocks:
  default_port: 0  # 0 = pick random unused port on first start
  default_cipher: chacha20-ietf-poly1305
  nat_timeout: 5m
  replay_history: 10000
  ip_country_db: ""
  ip_asn_db: ""

amneziawg:
  enabled: false
  listen_port: 443          # shared UDP port for AWG + HTTP/3
  tun_name: awg0
  address: "10.14.0.0/24"   # server gets .1, peers get .2+
  mtu: 1420
  private_key: ""            # auto-generated if empty
  dns: "1.1.1.1, 8.8.8.8"
  # HTTP/3 cover for DPI resistance (requires domain)
  domain: ""                 # e.g., vpn.example.com
  cert_cache: /var/lib/shroud/certs
  acme_http_port: 80
  # Obfuscation parameters (must match client config)
  jc: 4
  jmin: 64
  jmax: 256
  s1: 32
  s2: 28
  s3: 20
  s4: 25
  h1: "50000-100000"
  h2: "150000-200000"
  h3: "250000-300000"
  h4: "350000-400000"

state_file: state.yaml