# greenhouse-daemon
![Pitney the Pineapple dressed up in thier Daemon halloween costume ](mascot-daemon.png )
This is the background service which runs/manages threshold + caddy and responds to requests from the UI.
It depends on [threshold ](https://git.sequentialread.com/forest/threshold ) and SequentialRead's [forked version of Caddy 2 ](https://git.sequentialread.com/forest/caddy ).
For now you must also provide `caddy-config.json` inside `GREENHOUSE_DAEMON_PATH` . Example config:
##### `caddy-config.json`
```
{
"admin": {
"disabled": false,
"listen": "127.0.0.1:9574",
"authorized_clients_ca_file": "greenhouse_daemon_localhost_ca.crt",
"tls_key_file": "greenhouse-daemon.key",
"tls_cert_file": "greenhouse-daemon.crt",
"config": {
"persist": false
}
}
}
```
### forest's dev environment notes
Build and deploy to both the daemon that the desktop app uses (`/opt/greenhouse-daemon`) and the daemon that the greenhouse server uses (`../greenhouse/greenhouse-daemon`).
```
go build -o greenhouse-daemon .
sudo cp greenhouse-daemon /opt/greenhouse-daemon/greenhouse-daemon
mv greenhouse-daemon ../greenhouse/greenhouse-daemon/greenhouse-daemon
```
### environment variables
##### `GREENHOUSE_DAEMON_PATH`
Default Value:
* Linux: `/opt/greenhouse-daemon`
* Windows: `%ProgramData%\greenhouse-background-service`
* MacOS: `/Library/Application Support/greenhouse-daemon`
Path to folder where it will store all its files. This folder should be exclusively owned by the user that runs the greenhouse-daemon process for security reasons.
##### `GREENHOUSE_DAEMON_CLOUD_URL`
Default Value: `https://greenhouse-alpha.server.garden`
URL the daemon will use to contact the greenhouse cloud service, for example, to log into the users account.
##### `GREENHOUSE_DAEMON_USE_UNIX_SOCKETS`
Default Value: `false`
If set to true then the daemon will listen HTTP on unix sockets instead of listening HTTPS on local TCP ports.
### ports used
```
greenhouse-daemon api: https://localhost:9572 -- certificate signed by daemon CA, the GUI does not validate the cert (it can't)
threshold admin api: https://localhost:9573 -- certificate signed by daemon CA, uses mutual TLS with daemon
caddy admin api: https://localhost:9574 -- certificate signed by daemon CA, uses mutual TLS with daemon
caddy http port: https://localhost:9575 -- used by caddy for http -> https redirects
caddy https port: https://localhost:9576 -- certificate signed by Let's Encrypt CA, public internet TLS
caddy tls port: https://localhost:9577 -- certificate signed by Let's Encrypt CA, public internet TLS
```
### unix sockets used (alternative to ports)
All of these socket files are owned by whatever user is running the greenhouse-daemon process.
They all use plain http with no TLS.
```
greenhouse-daemon api: /var/run/greenhouse-daemon.sock
threshold admin api: /var/run/greenhouse-daemon-threshold.sock
caddy admin api: /var/run/greenhouse-daemon-caddy-admin.sock
caddy http port: /var/run/greenhouse-daemon-caddy-http.sock
caddy https port: /var/run/greenhouse-daemon-caddy-https.sock
caddy tls port: /var/run/greenhouse-daemon-caddy-tls.sock
```