Configuration File¶
The bnerd configuration file is a YAML file located at ~/.bnerd.yaml by default.
File Location¶
| Method | Location |
|---|---|
| Default | ~/.bnerd.yaml |
| Override | --config /path/to/config.yaml |
| Environment | BNERD_CONFIG=/path/to/config.yaml |
The file is created with 0600 permissions (owner read/write only) to protect sensitive values like tokens.
Complete Schema¶
# Connection
api-url: https://api.bnerd.net # CloudAPI base URL
token: your-bearer-token # Authentication token
org-id: your-organization-id # Organization ID
project-id: your-project-id # Project ID (optional)
region: de-muc1 # Cloud region
# Output
output: table # Default output format (json|table|yaml)
debug: false # Enable debug output
# AI features
anthropic-key: sk-ant-... # Anthropic API key
ai-model: haiku # Model: haiku, sonnet, opus, or full ID
ai-mode: read-only # Safety: read-only, non-destructive, full
ai-provider: anthropic # Provider: anthropic or openai
openai-key: sk-... # OpenAI API key
openai-base-url: "" # OpenAI-compatible backend URL
openai-model: "" # Model name for OpenAI backend
ai-shell-unrestricted: false # Allow arbitrary shell commands
ai-token-budget: 0 # Max tokens per session (0 = unlimited)
# VPN configuration
vpn:
private-key: "" # WireGuard private key (auto-generated)
public-key: "" # Derived public key (auto-generated)
server-endpoint: vpn.bnerd.net:51820 # WireGuard server address
server-public-key: "" # Server's WireGuard public key
client-address: 10.8.0.2/24 # Client VPN IP address
allowed-ips: 10.8.0.0/24 # IP ranges routed through VPN
dns: 1.1.1.1 # DNS server for VPN
interface: bnerd0 # WireGuard interface name
config-dir: /etc/wireguard # WireGuard config directory
cleanup-config: false # Remove config files on disconnect
Field Reference¶
Connection Fields¶
| Field | Type | Required | Default | Description |
|---|---|---|---|---|
api-url | string | Yes | https://api.bnerd.net | CloudAPI base URL |
token | string | Yes | Bearer token for authentication | |
org-id | string | Yes* | Organization ID (*required for most commands) | |
project-id | string | No | Project ID (required for project-scoped commands) | |
region | string | No | de-muc1 | Cloud region |
AI Fields¶
| Field | Type | Required | Default | Description |
|---|---|---|---|---|
anthropic-key | string | No | Anthropic API key | |
ai-model | string | No | haiku | AI model selection |
ai-mode | string | No | read-only | AI safety mode |
ai-provider | string | No | anthropic | AI provider |
openai-key | string | No | OpenAI-compatible API key | |
openai-base-url | string | No | OpenAI-compatible base URL | |
openai-model | string | No | OpenAI-compatible model name | |
ai-shell-unrestricted | bool | No | false | Allow arbitrary shell commands |
ai-token-budget | int | No | 0 | Max tokens per session |
VPN Fields¶
See VPN Configuration for detailed documentation of the vpn: block.