# Configuration Reference ## Required | Variable | Description | | --------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | `LUNAR_HUB_TOKEN` | Auth token for your Hub installation. | | `LUNAR_HUB_HOST` | Hostname of your Hub installation. Must be reachable from the runner. | | `LUNAR_HUB_GRPC_PORT` | Hub's gRPC port. Used for configuration sync, collection results, and GitHub token resolution. | | `LUNAR_HUB_HTTP_PORT` | Hub's HTTP port. Used for log uploads and script downloads. | | `LUNAR_CI_TYPE` | CI platform type. Currently only `github` is supported. | | `LUNAR_RUN_CMD` | Command to start the runner process. For GitHub Actions self-hosted runners, this is the path to `run.sh` (e.g. `/home/ubuntu/actions-runner/run.sh`). Not needed when using the [managed runners](/install/lunar-ci-agent/agent-managed.md) GitHub Action. | ## Optional | Variable | Default | Description | | --------------------- | -------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | `LUNAR_HUB_INSECURE` | `false` | Set to `true` when connecting to a Hub instance without TLS. | | `LUNAR_UPDATE_PERIOD` | `15s` | How often the agent polls Hub for configuration updates. | | `LUNAR_LOG_LEVEL` | `info` | Log verbosity. Set to `debug` for troubleshooting. | | `LUNAR_GIT_BASE_URL` | *(none)* | Base URL used for git clone URL construction. Required for GitHub Enterprise Server installations where the git base URL differs from the default `https://github.com`. | ## Advanced ### Docker These options are for environments where collectors or policies run in Docker containers (e.g. private registries, custom networks, or sidecar Docker daemons). | Variable | Default | Description | | ---------------------------- | -------- | -------------------------------------------------------------------------- | | `LUNAR_DOCKER_REGISTRY_USER` | *(none)* | Username for a private Docker registry containing collector/policy images. | | `LUNAR_DOCKER_REGISTRY_PASS` | *(none)* | Password for a private Docker registry containing collector/policy images. | | `LUNAR_DOCKER_NETWORK` | *(none)* | Docker network for script container execution. | ### State Directories The agent uses several directories for state, caching, and execution. The defaults listed below are the root-user paths. When running as a non-root user, the agent automatically falls back to `$HOME/.lunar/` paths (e.g. `$HOME/.lunar/state` instead of `/var/lib/lunar`), so manual overrides are usually unnecessary. You can still set these variables explicitly if you need non-standard locations. | Variable | Default | Description | | ---------------------- | ---------------------------- | ----------------------------------------------------- | | `LUNAR_STATE_DIR` | `/var/lib/lunar` | Script execution state and embedded runtimes. | | `LUNAR_GIT_CACHE_DIR` | `/var/cache/lunar/git-repos` | Cached git repository clones. | | `LUNAR_BUNDLE_DIR` | `/var/tmp/lunar/bundles` | Component JSON bundles for policy evaluation. | | `LUNAR_SNIPPET_DIR` | `/var/lib/lunar/snippets` | Downloaded script code from Hub. | | `LUNAR_SCRIPT_LOG_DIR` | `/var/tmp/lunar/scripts` | Script execution logs (uploaded to Hub). | | `LUNAR_BIN_DIR` | `/usr/lib/lunar` | Embedded runtime binaries. | | `LUNAR_LOCK_DIR` | `/run/lock/lunar` | Installation lock files to prevent parallel installs. | --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs-lunar.earthly.dev/install/lunar-ci-agent/agent-config.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.