# Aura VPN server configuration (project §9).
# Copy to server.toml and adjust. Paths may begin with `~` (expands to your home directory).

[server]
# Human-readable name (also the server's inner-handshake identity).
name = "aura-edge-1"
# UDP socket to listen on. ":443" mimics HTTPS; binding it needs privileges.
listen = "0.0.0.0:443"
# Accept workers (advisory in v1).
workers = 4

[pki]
# Trust anchor (the Aura CA) and this server's leaf cert/key, all PEM.
# Generate with: aura pki init --ca-name "Aura CA" --out ~/.aura
#               aura pki issue-server --domain vpn.example.com --out ~/.aura --ca ~/.aura
ca_cert = "~/.aura/ca.crt"
cert    = "~/.aura/server.crt"
key     = "~/.aura/server.key"

[tunnel]
# Address pool for clients; v1 uses a single shared server-side TUN on this network.
pool_cidr = "10.7.0.0/24"
# TUN MTU (leave headroom under the path MTU for QUIC + Aura framing).
mtu = 1420
# DNS server advertised to clients (informational in v1).
dns = "10.7.0.1"

[mimicry]
# Outer-TLS camouflage hostname the server presents/expects.
sni = "cdn.example.com"
# Enable traffic padding to blend packet sizes into HTTPS buckets.
padding = true

[transport]
# Aura's own post-quantum transport runs over plain UDP (primary), with TCP/443 and QUIC (HTTP/3
# mimicry) as fallbacks. On the server, `order` selects exactly which transports are bound and
# accepted simultaneously. Omitting this whole section enables udp/tcp/quic on 443/443/444.
order = ["udp", "tcp", "quic"]
# The UDP transport and QUIC both ride UDP, so udp_port and quic_port MUST differ. TCP may reuse the
# UDP port number (different protocol). Ports bind on the IP from [server] listen above.
udp_port  = 443
tcp_port  = 443
quic_port = 444
# UDP: pad datagrams up to HTTPS size buckets to blur the on-wire size distribution.
obfuscate = true
# TCP: prepend a minimal HTTP/1.1 preamble (Host = [mimicry] sni) so the open resembles plain HTTP.
masquerade = true

[transport.masks]
# Daily protocol-mask rotation. When `true`, every day at 05:00 MSK (= 02:00 UTC) the server
# derives a new (SNI, User-Agent, Server-header, padding-profile) tuple from
# HKDF-SHA256(CA-fingerprint, MSK-date) and applies it to new connections — the client derives the
# same tuple independently from the CA fingerprint it already trusts, so no wire coordination is
# needed. Existing connections keep the mask they accepted with. Default: true.
# When `false`, the static values above ([mimicry] sni, [transport] obfuscate, ...) are used as-is.
enabled = true