config.example.hoodi.toml

# The main configuration file for the Commit-Boost sidecar.
# Some fields are optional and can be omitted, in which case the default value, if present, will be used.

# Chain spec ID. Supported values:
# A network ID. Supported values: Mainnet, Holesky, Sepolia, Helder, Hoodi. Lower case values e.g. "mainnet" are also accepted
# A custom object, e.g., chain = { genesis_time_secs = 1695902400, path = "/path/to/spec.json" }, with a path to a chain spec file, either in .json format (e.g., as returned by the beacon endpoint /eth/v1/config/spec), or in .yml format (see examples in tests/data).
# A custom object, e.g., chain = { genesis_time_secs = 1695902400, slot_time_secs = 12, genesis_fork_version = "0x01017000" }.
chain = "Hoodi" # this affect BUILDER_DOMAIN used in signing data root hash

# Configuration for the PBS module.
[pbs]
# Whether to enable the PBS module to request signatures from the Signer module (not used in the default PBS image)
# OPTIONAL, DEFAULT: false
with_signer = false

# Host to receive BuilderAPI calls from beacon node.
# OPTIONAL, DEFAULT: 127.0.0.1
host = "0.0.0.0"

# Port to receive BuilderAPI calls from beacon node.
# OPTIONAL, DEFAULT: 18550
port = 18550

# Whether to forward `status` calls to relays or skip and return 200.
# OPTIONAL, DEFAULT: true
relay_check = true

# Whether to return after the first successful registration, or wait for all relays to respond.
# OPTIONAL, DEFAULT: true
wait_all_registrations = true

# Timeout in milliseconds for the `get_header` call to relays. Note that the CL has also a timeout (e.g. 1 second) so
# this should be lower than that, leaving some margin for overhead.
# OPTIONAL, DEFAULT: 950
timeout_get_header_ms = 950

# Timeout in milliseconds for the `submit_blinded_block` call to relays.
# OPTIONAL, DEFAULT: 4000
timeout_get_payload_ms = 4000

# Timeout in milliseconds for the `register_validator` call to relays.
# OPTIONAL, DEFAULT: 3000
timeout_register_validator_ms = 3000

# Whether to skip signature verification of headers and pubkey matching against the relay pubkey.
# OPTIONAL, DEFAULT: false
skip_sigverify = false

# Minimum bid in ETH that will be accepted from `get_header`.
# Can be specified as a float or a string for extra precision (e.g. "0.01").
# OPTIONAL, DEFAULT: 0.0
min_bid_eth = 0.0

# How late in milliseconds in the slot is "late". 
# This impacts the `get_header` requests, by shortening timeouts for `get_header` calls to
# relays and make sure a header is returned within this deadline. 
# If the request from the CL comes later in the slot, then fetching headers is skipped
# to force local building and minimizing the risk of missed slots. See also the timing games section below.
# OPTIONAL, DEFAULT: 2000
late_in_slot_time_ms = 2000

# Whether to enable extra validation of get_header responses, if this is enabled `rpc_url` must also be set.
# OPTIONAL, DEFAULT: false
extra_validation_enabled = false

# Execution Layer RPC url to use for extra validation and the deposit module.
# OPTIONAL
# rpc_url = "rpc_url = "https://ethereum-hoodi-rpc.publicnode.com"

# URL of the SSV API server to use, if you have a mux that targets an SSV node operator.
# OPTIONAL, DEFAULT: "https://api.ssv.network/api/v4"
# ssv_api_url = "https://api.ssv.network/api/v4"

# Timeout for any HTTP requests sent from the PBS module to other services, in seconds.
# OPTIONAL, DEFAULT: 10
http_timeout_seconds = 10

# Maximum number of retries for validator registrations per relay.
# OPTIONAL, DEFAULT: 3
register_validator_retry_limit = 3

# Maximum number of validators to register in a single request.
# OPTIONAL, DEFAULT: "" (unlimited)
validator_registration_batch_size = ""

# For any Registry-based Mux configurations that have dynamic pubkey
# refreshing enabled, this is how often to refresh the list of pubkeys
# from the registry, in seconds. Enabling registry refreshing is done per-mux
# with the mux's `enable_refreshing` property. If none of the muxes have it
# enabled, this value will not be used.
# OPTIONAL, DEFAULT: 384
mux_registry_refresh_interval_seconds = 384

# The PBS module needs one or more [[relays]] as defined below.
[[relays]]
# Relay ID to use in telemetry.
# OPTIONAL, DEFAULT: URL hostname
id = "ethgas"

# Relay URL in the format scheme://pubkey@host.
url = "https://0xb20c3fe59db9c3655088839ef3d972878d182eb745afd8abb1dd2abf6c14f93cd5934ed4446a5fe1ba039e2bc0cf1011@hoodi-relay.ethgas.com"

# Headers to send with each request for this relay.
# OPTIONAL
# headers = { X-MyCustomHeader = "MyCustomValue" }

# GET parameters to add to each request URL for this relay.
# OPTIONAL
# get_params = { param1 = "value1", param2 = "value2" }

# Whether to enable timing games, as tuned by `target_first_request_ms` and `frequency_get_header_ms`.
# NOTE: if neither `target_first_request_ms` nor `frequency_get_header_ms` is set, this flag has no effect.
# These values should be carefully chosen for each relay, 
# as each relay has different latency and timing games setups.
# They should only be used by advanced users, and if mis-configured 
# can result in unforeseen effects, e.g. fetching a lower header value, or getting a temporary IP ban.
# EXAMPLES
# Assuming: 
#   timeout_get_header_ms = 950
#   frequency_get_header_ms = 300
#   target_first_request_ms = 200
#   late_in_slot_time_ms = 2000
#
# 1) CL request comes at 100ms in the slot (max timeout 1050ms in the slot), then:
#   - sleep for 100ms
#   - send request at 200ms with 850ms timeout
#   - send request at 500ms with 550ms timeout
#   - send request at 800ms with 250ms timeout
# 2) CL request comes at 1500ms in the slot (max timeout 2000ms in the slot), then:
#   - send request at 1500ms with 500ms timeout
#   - send request at 1800ms with 200ms timeout
# 3) CL request comes 2500ms in the slot then:
#   - return 204 and force local build
#
# OPTIONAL, DEFAULT: false, please consult us if you want to delay the validator signing from the consensus client.
enable_timing_games = true

# Target time in slot when to send the first header request.
# OPTIONAL
target_first_request_ms = 0

# Frequency in ms to send get_header requests.
# OPTIONAL
frequency_get_header_ms = 100

# Maximum number of validators to register in a single request.
# OPTIONAL, DEFAULT: "" (unlimited)
validator_registration_batch_size = ""

# Configuration for the PBS multiplexers, which enable different 
# configs to be used for get header requests, depending on validator pubkey.
# Note that:
# - multiple sets of keys can be defined by adding multiple [[mux]] sections. The validator pubkey sets need to be disjoint
# - the mux is only used for get header requests
# - if any value is missing from the mux config, the default value from the main config will be used
# [[mux]]
# Unique ID for the mux config
# REQUIRED
# id = "ethgas_mux"

# Which validator pubkeys to match against this mux config. This can be empty or omitted if a loader is specified.
# Any keys loaded via the loader will be added to this list.
# validator_pubkeys = [
#     "0x80c7f782b2467c5898c5516a8b6595d75623960b4afc4f71ee07d40985d20e117ba35e7cd352a3e75fb85a8668a3b745",
#     "0xa119589bb33ef52acbb8116832bec2b58fca590fe5c85eac5d3230b44d5bc09fe73ccd21f88eab31d6de16194d17782e",
# ]

# Path to a file containing a list of validator pubkeys or details of a registry to load keys from.
# Supported registries:
#   - Lido: NodeOperatorsRegistry
#   - SSV: SSV API
# OPTIONAL
# loader = "/tests/data/mux_keys.example.json"

# URL to HTTP endpoint returning JSON list of validator pubkeys.
# Example response:
# [
#   "0x80c7f782b2467c5898c5516a8b6595d75623960b4afc4f71ee07d40985d20e117ba35e7cd352a3e75fb85a8668a3b745",
#   "0xa119589bb33ef52acbb8116832bec2b58fca590fe5c85eac5d3230b44d5bc09fe73ccd21f88eab31d6de16194d17782e"
#]
# loader = { url = "http://localhost:8000/keys" }

# Example of loading keys from the Lido registry
# loader = { registry = "lido", node_operator_id = 8, lido_module_id = 1, enable_refreshing = false }

# Example of loading keys from an SSV API
# loader = { registry = "ssv", node_operator_id = 8, enable_refreshing = false }

# OPTIONAL
# timeout_get_header_ms = 950

# OPTIONAL
# late_in_slot_time_ms = 2000

# For each mux, one or more [[mux.relays]] can be defined, which will be used for the matching validator pubkeys.
# Only the relays defined here will be used, and the relays defined in the main [[relays]] config will be ignored.
# The fields specified here are the same as in [[relays]] (headers, get_params, enable_timing_games, target_first_request_ms, frequency_get_header_ms).
# [[mux.relays]]
# id = "ethgas"
# url = "https://0xb20c3fe59db9c3655088839ef3d972878d182eb745afd8abb1dd2abf6c14f93cd5934ed4446a5fe1ba039e2bc0cf1011@hoodi-relay.ethgas.com"

# Configuration for the Signer Module, only required if any `commit` module is present, or if `pbs.with_signer = true`.
# Currently three types of Signer modules are supported (only one can be used at a time):
#   - Remote: a remote Web3Signer instance
#   - Dirk: a remote Dirk instance
#   - Local: a local Signer module
# More details on the docs (https://commit-boost.github.io/commit-boost-client/get_started/configuration/#signer-module).
[signer]
# Host to bind the Signer API server to.
# OPTIONAL, DEFAULT: 127.0.0.1
host = "0.0.0.0"

# Port to listen for Signer API calls on.
# OPTIONAL, DEFAULT: 20000
port = 20000

# Number of JWT authentication attempts a client can fail before blocking that client temporarily from Signer access.
# OPTIONAL, DEFAULT: 3
jwt_auth_fail_limit = 3

# How long to block a client from Signer access, in seconds, if it failed JWT authentication too many times.
# OPTIONAL, DEFAULT: 300
jwt_auth_fail_timeout_seconds = 300

# For Remote signer:
# [signer.remote]
# URL of the Web3Signer instance.
# url = "https://remote.signer.url"

# For Dirk signer:
# [signer.dirk]
# Path to the client certificate to authenticate with Dirk.
# cert_path = "/path/to/client.crt"

# Path to the client key.
# key_path = "/path/to/client.key"

# Path to the secrets directory where the accounts passwords are stored.
# secrets_path = "/path/to/secrets"

# Path to the CA certificate that signed the Dirk server certificate.
# OPTIONAL
# ca_cert_path = "/path/to/ca.crt"
# Limits the maximum size of a decoded gRPC response
# OPTIONAL. Default: 4MB
# max_response_size_bytes = 4194304

# Add one entry like this for each Dirk host.
# [[signer.dirk.hosts]]
# Domain name of the server to use in TLS verification, if different from the URL.
# OPTIONAL
# server_name = "localhost-1"

# Complete URL of a Dirk gateway.
# url = "https://localhost:8881"

# Wallets to load consensus keys from.
# accounts = ["Wallet1", "DistributedWallet"]

# [[signer.dirk.hosts]]
# server_name = "localhost-2"
# url = "https://localhost:8882"
# accounts = ["Wallet2", "DistributedWallet"]

# Configuration for how the Signer module should store proxy delegations.
# OPTIONAL
# [signer.dirk.store]
# proxy_dir = "/path/to/proxies"

# For Local signer:
# Configuration for how the Signer module should load validator keys. Currently two types of loaders are supported:
#   - File: load keys from a plain text file (unsafe, use only for testing purposes)
#   - ValidatorsDir: load keys from a `keys` and `secrets` file/folder (ERC-2335 style keystores). More details can be found in the docs (https://commit-boost.github.io/commit-boost-client/get_started/configuration/)
[signer.local.loader]
# Format of the keystore (lighthouse, prysm, teku or lodestar)
format = "lighthouse"

# Full path to the keys directory
# For lighthouse, it's the path to the directory where the `<pubkey>` directories are located, under each of which is a `voting-keystore.json` file.
# For prysm, it's the path to the `all-accounts.keystore.json` file.
# For teku, it's the path to the directory where all `<pubkey>.json` files are located.
# For lodestar, it's the path to the directory where all `<pubkey>.json` files are located.
# For nimbus, it's the path to the directory where the `<pubkey>` directories are located, under each of which is a `keystore.json` file.
keys_path = "/path/to/data_validator/validators"

# Full path to the secrets file/directory
# For lighthouse, it's the path to the directory where the `<pubkey>` files are located.
# For prysm, it's the path to the file containing the wallet decryption password.
# For teku, it's the path to the directory where all `<pubkey>.txt` files are located.
# For lodestar, it's the path to the file containing the decryption password.
# For nimbus, it's the path to the directory where the `<pubkey>` files are located.
secrets_path = "/path/to/data_validator/secrets"

# Configuration for how the Signer module should store proxy delegations. Supported types of store are:
#   - File: store keys and delegations from a plain text file (unsafe, use only for testing purposes)
#   - ERC2335: store keys and delegations safely using ERC-2335 style keystores. More details can be found in the docs (https://commit-boost.github.io/commit-boost-client/get_started/configuration#proxy-keys-store)
# OPTIONAL, if missing proxies are lost on restart
# [signer.local.store]
# File: path to the keys file
# proxy_dir = "./proxies"
# # ERC2335: path to the keys directory
# # keys_path = "./tests/data/proxy/keys"
# # ERC2335: path to the secrets directory
# # secrets_path = "./tests/data/proxy/secrets"

# Commit-Boost can optionally run "modules" which extend the capabilities of the sidecar.
# Currently, two types of modules are supported:
#   - "commit": modules which request commitment signatures from the validator keys
# If any "commit" module is present, then the [signer] section should also be configured
[[modules]]
id = "ETHGAS_COMMIT"
type = "commit"
env_file = ".cb.env"
docker_image = "" # placeholder value, actual docker image is set in docker-compose.yml

# REQUIRED
exchange_api_base = "https://hoodi.app.ethgas.com"

# REQUIRED
entity_name = "..." # a41, bcw, blockdaemon, chorus_one, coinbase, everstake, figment, kelp, kiln, nethermind, node_monster, p2p, piertwo, rocket_pool, sensei_node, ssv, staked, stakefish, validation_cloud, stake_capital, solo, other

# Indicates the waiting time before re-running the module, set it as 0 to stop re-running the module.
# REQUIRED
overall_wait_interval_in_second = 0

# Mode of registration.
# Supported values: standard, standard-mux, ssv, obol, skipped
# When registration_mode = standard, all validator public keys inside the
# keys directory or file will be registered in the ETHGas Exchange. 
# To enable PBS multiplexer, set registration_mode = standard-mux 
# and set the id of [[mux.relays]] to contain ethgas wording under [[mux]] section, 
# then only validator public keys of validator_pubkeys or loader will be registered.
# REQUIRED
registration_mode = "standard"

# Set to true to register validators in ETHGas, set to false to de-register validators.
# REQUIRED
enable_registration = true

# Enable to delegate to the the ETHGas default pricer to help you to sell preconfs.
# REQUIRED
enable_pricer = true

# Set to true to delegate to a specific external builder to build the block. 
# Regardless of whether the builder delegation is enabled or not, 
# our fallback builder will always build a backup block which can fulfill all the preconf commitments.
# REQUIRED
enable_builder = false

# Set to true if your validators only accept ofac-compliant blocks. 
# This is a pubkey-specific setting so you could specify a list 
# of pubkeys in [[mux]].validator_pubkeys or ssv_node_operator_owner_validator_pubkeys.
# REQUIRED
enable_ofac = false

# Indicates how much ETH is allocated to secure a single slot.
# It is in the unit of ETH and can either be 0 or between 0.01 to 1000 inclusive and no more than 2 decimal places.
# REQUIRED
collateral_per_slot = "0"

# Address of the fee recipient for receiving payout if ETHGas collateral contract (EthgasPool) address
# is set as the fee recipient in the beacon node or validator client
# More details can be found in https://docs.ethgas.com/get-started/node-operators/multi-relay-support
# This config is applicable on a per-validator key basis. 
# If `[[mux]]` is enabled, only the payout addresses of the validator keys specified in `[[mux]].validator_pubkeys` will be updated; 
# other validator keys will retain their existing payout address
# For ssv or obol validators, please check the config in the section below
# OPTIONAL
payout_address = "0x..."

# A builder pubkey is required as a default, even when it is not used by the validator.
# REQUIRED
builder_pubkey = "0x94a076b27f294dc44b9fd44d8e2b063fb129bc85ed047da1cefb82d16e1a13e6b50de31a86f5b233d1e6bbaca3c69173" # Titan, you could change it to any other registered builder pubkey

# Indicates if the JWT authentication method will be used.
# REQUIRED
is_jwt_provided = false

# Set to true if you want to query all your validator pubkeys regardless 
# of standard or dvt type that have been registered on the ETHGas Exchange. 
# A txt file will be created in ./records folder.
# REQUIRED
query_pubkey = true

# Specify either eoa_signing_key/eoa_ledger_path or access_jwt & refresh_jwt depending on is_jwt_provided boolean value.
# Alternatively, you can set EOA_SIGNING_KEY or ACCESS_JWT & REFRESH_JWT in .cb.env as env variables.
# OPTIONAL
eoa_signing_key = "0x..." # for registration in exchange, required if is_jwt_provided = false and eoa_ledger_path is not set
# eoa_ledger_path = "m/44'/60'/0'/0" # for registration in exchange with Ledger, required if is_jwt_provided = false and eoa_signing_key is not set

# OPTIONAL
access_jwt = "xxx.xxx.xxx" # required if is_jwt_provided = true
refresh_jwt = "xxx.xxx.xxx" # required if is_jwt_provided = true

# Below configs are only for ssv validators.
# ssv_node_operator_owner_mode = "key" # key, keystore, ledger, tx
# ssv_node_operator_owner_signing_keys = [
#     "0x...",
#     "0x...",
#     "0x..."
# ]
# Alternatively, you can set SSV_NODE_OPERATOR_OWNER_SIGNING_KEYS=0x...,0x... in .cb.env as an env variable
# you could also use secure keystore files instead of raw private keys
# ssv_node_operator_owner_keystores = [
#     { keystore_path = "/path/to/keystore1.json", password_path = "/path/to/password1.txt" },
#     { keystore_path = "/path/to/keystore2.json", password_path = "/path/to/password2.txt" },
#     { keystore_path = "/path/to/keystore3.json", password_path = "/path/to/password3.txt" }
# ]
# Alternatively, you can set SSV_NODE_OPERATOR_OWNER_KEYSTORE_PATHS=/path/to/keystore1.json,/path/to/keystore2.json,/path/to/keystore3.json and SSV_NODE_OPERATOR_OWNER_PASSWORD_PATHS=/path/to/password1.txt,/path/to/password2.txt,/path/to/password3.txt in .cb.env as env variables
# ssv_node_operator_owner_ledger_paths = [
#     "m/44'/60'/0'/0"
# ]
# ssv_node_operator_owner_tx_hashes = [
#     "0x...",
#     "0x...",
#     "0x..."
# ]
# ssv_node_operator_owner_tx_from_addr = [
#     "0x...",
#     "0x...",
#     "0x..."
# ]
# ssv_node_operator_owner_validator_pubkeys = [
#     [], # this will trigger the registration of all associated BLS pubkeys obtained from SSV API
#     [ "0x...", "0x..." ],
#     [ "0x..." ]
# ]
# ssv_node_operator_owner_payout_addresses = [
#     "0x...",
#     "0x...",
#     "0x..."
# ]
# below configs are only for obol validators
# obol_node_operator_owner_mode = "key" # key, keystore, ledger
# obol_node_operator_owner_signing_keys = [
#     "0x...",
#     "0x...",
#     "0x..."
# ]
# Alternatively, you can set OBOL_NODE_OPERATOR_OWNER_SIGNING_KEYS=0x...,0x... in .cb.env as an env variable
# you could also use secure keystore files instead of raw private keys
# obol_node_operator_owner_keystores = [
#     { keystore_path = "/path/to/keystore1.json", password_path = "/path/to/password1.txt" },
#     { keystore_path = "/path/to/keystore2.json", password_path = "/path/to/password2.txt" },
#     { keystore_path = "/path/to/keystore3.json", password_path = "/path/to/password3.txt" }
# ]
# Alternatively, you can set OBOL_NODE_OPERATOR_OWNER_KEYSTORE_PATHS=/path/to/keystore1.json,/path/to/keystore2.json,/path/to/keystore3.json and OBOL_NODE_OPERATOR_OWNER_PASSWORD_PATHS=/path/to/password1.txt,/path/to/password2.txt,/path/to/password3.txt in .cb.env as env variables
# obol_node_operator_owner_ledger_paths = [
#     "m/44'/60'/0'/0"
# ]
# obol_node_operator_owner_validator_pubkeys = [
#     [], # this will trigger the registration of all associated BLS pubkeys obtained from OBOL API
#     [ "0x...", "0x..." ],
#     [ "0x..." ]
# ]
# obol_node_operator_owner_payout_addresses = [
#     "0x...",
#     "0x...",
#     "0x..."
# ]

# required only if cb_ethgas_deposit is run
[[modules]]
id = "ETHGAS_DEPOSIT"
type = "commit"
env_file = ".cb.env"
docker_image = "" # placeholder value, actual docker image is set in docker-compose.yml

# REQUIRED
block_confirmation = 12

# REQUIRED
exchange_api_base = "https://hoodi.app.ethgas.com"

# REQUIRED
collateral_to_be_deposited = "0.01"

# REQUIRED
collateral_contract = "0x104Ef4192a97E0A93aBe8893c8A2d2484DFCBAF1"

# OPTIONAL
eoa_signing_key = "0x..."

# Configuration for how metrics should be collected and scraped
# OPTIONAL, skip metrics collection if missing
[metrics]
# Whether to collect metrics
# OPTIONAL, DEFAULT: true
enabled = true

# Host to listen on for metrics
# OPTIONAL, DEFAULT: 127.0.0.1
host = "127.0.0.1"

# Services will listen for Prometheus scrapes on this port, port + 1, +2, etc.
# OPTIONAL, DEFAULT: 10000
start_port = 10000

# Configuration stdout logs
# OPTIONAL, DEFAULT: enabled
[logs.stdout]
# Whether to enable stdout logging
# OPTIONAL, DEFAULT: true
enabled = true

# Log level. Supported values: trace, debug, info, warn, error
# OPTIONAL, DEFAULT: info
level = "info"

# Log in JSON format
# OPTIONAL, DEFAULT: false
use_json = false

# Whether to enable ANSI color codes
# OPTIONAL, DEFAULT: true
color = true

# Configuration file logs
# OPTIONAL, DEFAULT: disabled
[logs.file]
# Whether to enable file logging
# OPTIONAL, DEFAULT: false
enabled = true

# Log level. Supported values: trace, debug, info, warn, error
# OPTIONAL, DEFAULT: info
level = "debug"

# Log in JSON format
# OPTIONAL, DEFAULT: true
use_json = true

# Path to the log directory
# OPTIONAL, DEFAULT: /var/logs/commit-boost
dir_path = "./logs"

# Maximum number of log files to keep
# OPTIONAL
max_files = 30