Configuration

Point the watcher at a directory, change ports, and set access controls — all through environment variables.

OneSVD splits configuration in two. Day-to-day settings — the watched directory, ports, and serve mode — live in ~/.config/onesvd/config.yml and are managed with the onesvd command. Security and TLS values are read by the hub from its environment.

Core#

Set these with onesvd dir and onesvd config set; they're stored in config.yml and applied to the services automatically.

SettingDefaultWhat it does
watch_dir(chosen at install)The watched directory. Resolved to an absolute path and created if missing. Change it with onesvd dir <path>.
hub_port4000Hub WebSocket + HTTP port.
ingest_port4001Loopback port the watcher publishes to.
frontend_port7777Web client port.
frontend_modeprodprod serves the production build; dev runs the dev server.
shell
onesvd dir ~/projects/releases
onesvd config set hub_port 4100
Warning:

Keep the watched directory on a native Linux filesystem. Watching a Windows-mounted path under WSL won't deliver reliable change events.

Access control#

By default the node runs open on a trusted local network. These are read by the hub from its environment — set them in ~/.local/share/onesvd/server/.env (auto-loaded on start) or the systemd unit. To require a token:

VariableDefaultWhat it does
ONESVD_TOKEN(empty)Bearer token required for write endpoints and the UI.
ONESVD_ALLOW_IPS(empty)Comma-separated IP allowlist. Loopback is always allowed.

When a token is set, the browser exchanges it for a session cookie so shareable file links don't carry the secret.

TLS (production)#

Provide both to serve HTTPS/WSS instead of plain HTTP:

VariableWhat it does
ONESVD_TLS_KEYPath to the private key.
ONESVD_TLS_CERTPath to the full-chain certificate.
ONESVD_PUBLIC_HOSTPublic hostname used to build absolute links.

If either cert path is missing, the hub serves plain HTTP — the localhost profile.