What's inside
- Autonity validator node with snap mode
- Autonity Oracle service
- node-exporter, Prometheus, Grafana dashboards
- WireGuard secure network overlay
- Official `aut` tooling bundled with scripts
Autonity Validator Toolkit
Opinionated package for spinning up Autonity validators, oracles, and monitoring stacks with secure tunnels, snap sync, and official tooling.
Setup flow
From clone to validator
- Clone the repository and run `./tools/install_requirements_ubuntu.sh` to install Docker and docker-compose.
- Copy `.env.default` to `.env`, then edit it with `nano` to set network name (bakerloo / piccadilly), Oracle passwords, Grafana credentials, and WireGuard parameters.
- Start the stack with WireGuard tunneling (`./tools/start_autonity_with_wireguard`). An unsecured variant exists, but only for air‑gapped environments.
- Run `./tools/setup_shell_environment` followed by `source ~/.bashrc` to have the `aut` CLI and helper scripts on your PATH.
- Generate or import Oracle wallets via `aut account new` or `aut account import-private-key`, copy UTC files into `.data/.autonity/keystore`, update `ORACLE_UTC_FILE` in `.env`.
- Generate operator wallets (repeat Step 5) and keep their credentials managed inside the toolkit folder.
- Upgrade by pulling the repo and re-running `bash ./tools/start_autonity_with_wireguard`—your configs stay intact.
Environment
Key `.env` fields
NETWORK_NAME
Autonity network identifier (bakerloo / piccadilly).
ORACLE_KEY_PASSWD
Password used for the Oracle wallet (referenced during `aut account new`).
PROMETHEUS_METRICS_TOKEN
Internal token for metrics endpoints.
GRAFANA_ADMIN_PASSWORD
Login password for Grafana (`admin`).
DOCKER_SUBNET_MASK
Internal subnet used by Docker + WireGuard (default 172.29.13.0).
WIREGUARD_PORT
Port exposed for WireGuard clients (defaults to 816).
WIREGUARD_SUBNET
Overlay subnet for tunneling (10.253.1.0 by default).
ORACLE_UTC_FILE
Filename of the Oracle UTC wallet stored under `.data/.autonity/keystore`.
SECURE_NETWORK_IP
Optional IP to expose services if WireGuard is not used (recommended to keep blank).
Secure access
WireGuard best practices
- Archive `SubqueryIndexerHandbook.tar.gz` contains ready-to-import WireGuard configs for two devices.
- Install WireGuard on macOS, Linux, Windows, or mobile (Android/iOS) and import the provided config to reach Grafana, coordinator, and validator services securely.
- If you skip WireGuard, restrict `SECURE_NETWORK_IP` to a private address—exposing 0.0.0.0 is discouraged.
Why operators use it
The toolkit removes guesswork when deploying Autonity infrastructure: WireGuard protects management planes, snap sync reduces bootstrap time, and pre-configured Prometheus/Grafana dashboards give instant visibility. Upgrades are as simple as pulling the repo and restarting scripts, keeping custom tweaks to a minimum.
Because all official `aut` tooling ships inside the package, teams maintain compatibility with Autonity releases while inheriting best practices for wallet handling, oracle configuration, and metrics exposure.