trifid/trifid-api/config.example.toml

##########################
# trifid-api config file #
##########################
# trifid-api, an open source reimplementation of the Defined Networking nebula management server.
#     Copyright (C) 2023 c0repwn3r
#
#     This program is free software: you can redistribute it and/or modify
#     it under the terms of the GNU General Public License as published by
#     the Free Software Foundation, either version 3 of the License, or
#     (at your option) any later version.
#
#     This program is distributed in the hope that it will be useful,
#     but WITHOUT ANY WARRANTY; without even the implied warranty of
#     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
#     GNU General Public License for more details.
#
#     You should have received a copy of the GNU General Public License
#     along with this program.  If not, see <https:#www.gnu.org/licenses/>.

# Please read this file in it's entirety to learn what options you do or don't need to change
# to get a functional trifid-api instance.

#### [database] ####
# Options related to the PostgreSQL database connection.
[database]
# The PostgreSQL connection URL to connect to the database.
# Example: postgres://username:password@ip:port/database-name.
# The database provided must exist. Database migrations will be run automatically upon database startup.
# Url. Required.
url = "your-database-url-here"

# The maximum number of connections that will be established to the database.
# This will effectively mean the amount of requests that trifid-api can process in parallel, as almost every
# request handler acquires a connection from the pool.
# Integer. Optional. Default: 100
# max_connections = 100

# The minimum number of connections that will be established to the database.
# At least this number of connections will be created and kept idle until needed. If requests have a lot of latency
# due to acquiring connections from the database, raise this number.
# Integer. Optional. Default = 5
# min_connections = 5

# The maximum amount of time (in seconds) that the database pool will wait in order to connect to the database.
# After this amount of time, the connection will return an error and trifid-api will exit. If you have a very high-latency
# database connection, raise this number.
# Integer. Optional. Default = 8
# connect_timeout = 8

# The maximum amount of time (in seconds) that the database pool will wait in order to acquire a connection from the database pool.
# After this amount of time, the connection will return an error and trifid-api will exit. If you have a very high-latency
# database connection, raise this number.
# Integer. Optional. Default = 8
# acquire_timeout = 8

# The maximum amount of time (in seconds) that a database connection will remain idle before the connection is closed.
# This only applies if closing this connection would not bring the number of connections below min_connections.
# Unless you are handling thousands of requests per second, you probably don't need to change this value.
# Integer. Optional. Default = 8
# idle_timeout = 8

# The maximum amount of time (in seconds) that a database connection will remain active before it is closed and replaced with a new connection.
# It is unlikely you ever need to change this value, unless your database takes 5 or more seconds per query, in which case you
# need a better database.
# Integer. Optional. Default = 8
# max_lifetime = 8

# Should sqlx query logging be enabled?
# Disable this if you are tired of the constant query spam in the logs. Enable for debugging.
# Boolean. Optional. Default = true
# sqlx_logging = true

#### [server] ####
# Configure options for the trifid-api HTTP server.
[server]
# What IPs and ports should the trifid-api server listen on?
# This may need to be changed if you want to bind on a different port or interface.
# SocketAddr. Optional. Default = 0.0.0.0:8080 (all IPs, port 8080)
# bind = "0.0.0.0:8080"

# The number of worker threads to create.
# Increase this number if your server is timing out requests.
# usize. Optional. Default = 32
# workers = 32

#### [tokens] ####
# Configure options related to the various tokens that may be issued by the trifid-api server.
[tokens]
# How long (in seconds) should magic link tokens be valid for?
# This controls how long links sent to user's email addresses will remain valid for login.
# The default of 3600 (1 hour) is a sane default and you likely do not need to change this.
# Integer. Optional. Default = 3600
# magic_link_expiry_time_seconds = 3600 # 1 hour

# How long (in seconds) should session tokens be valid for?
# This controls how long it will take before a user will need to re-log in with a magic link, if they do not explicitly
# log out first.
# The default of 15780000 (6 months) is a sane default and you likely do not need to change this.
# Integer. Optional. Default = 15780000
# session_token_expiry_time_seconds = 15780000 # 6 months

# How long (in seconds) should TOTP setup tokens be valid for?
# This controls how long a user will have to setup TOTP after starting the setup process before the token is invalidated
# and they need to try again.
# The default of 600 (10 minutes) is a sane default and you likely do not need to change this.
# Integer. Optional. Default = 600
# totp_setup_timeout_time_seconds = 600 # 10 minutes

# How long (in seconds) should MFA auth tokens be valid for?
# This controls how long a user will remain logged in before they need to re-input their 2FA code..
# The default of 600 (10 minutes) is a sane default and you likely do not need to change this.
# Integer. Optional. Default = 600
# mfa_tokens_expiry_time_seconds = 600 # 10 minutes

#### [crypto] ####
# Configure settings related to the cryptography used inside trifid-api
[crypto]

# The per-instance data encryption key to protect sensitive data in the instance.
# YOU ABSOLUTELY NEED TO CHANGE THIS. If you don't change anything else in this file, this should be the one thing you change.
# This should be a 32-byte hex value. Generate it with `openssl rand -hex 32`, or any other tool of your choice.
# If you get "InvalidLength" errors while trying to do anything involving organizations, that indicates that this
# value was improperly generated.
#
# ------- WARNING -------
# Do not change this value in a production instance. It will make existing data inaccessible until changed back.
# ------- WARNING -------
data-key = "edd600bcebea461381ea23791b6967c8667e12827ac8b94dc022f189a5dc59a2"

# The data directory used for storing keys, configuration, signing keys, etc. Must be writable by this instance.
# This directory will be used to store very sensitive data - protect it like a password! It should be writable by
# this instance and ONLY this instance.
# Do not modify any files in this directory manually unless directed to do so by trifid.
local_keystore_directory = "./trifid_data"
networks and organizations 2023-04-04 01:53:14 +00:00			`##########################`
			`# trifid-api config file #`
			`##########################`
			`# trifid-api, an open source reimplementation of the Defined Networking nebula management server.`
			`# Copyright (C) 2023 c0repwn3r`
			`#`
			`# This program is free software: you can redistribute it and/or modify`
			`# it under the terms of the GNU General Public License as published by`
			`# the Free Software Foundation, either version 3 of the License, or`
			`# (at your option) any later version.`
			`#`
			`# This program is distributed in the hope that it will be useful,`
			`# but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`# GNU General Public License for more details.`
			`#`
			`# You should have received a copy of the GNU General Public License`
			`# along with this program. If not, see <https:#www.gnu.org/licenses/>.`

			`# Please read this file in it's entirety to learn what options you do or don't need to change`
			`# to get a functional trifid-api instance.`

			`#### [database] ####`
			`# Options related to the PostgreSQL database connection.`
			`[database]`
			`# The PostgreSQL connection URL to connect to the database.`
			`# Example: postgres://username:password@ip:port/database-name.`
			`# The database provided must exist. Database migrations will be run automatically upon database startup.`
			`# Url. Required.`
			`url = "your-database-url-here"`

			`# The maximum number of connections that will be established to the database.`
			`# This will effectively mean the amount of requests that trifid-api can process in parallel, as almost every`
			`# request handler acquires a connection from the pool.`
			`# Integer. Optional. Default: 100`
			`# max_connections = 100`

			`# The minimum number of connections that will be established to the database.`
			`# At least this number of connections will be created and kept idle until needed. If requests have a lot of latency`
			`# due to acquiring connections from the database, raise this number.`
			`# Integer. Optional. Default = 5`
			`# min_connections = 5`

			`# The maximum amount of time (in seconds) that the database pool will wait in order to connect to the database.`
			`# After this amount of time, the connection will return an error and trifid-api will exit. If you have a very high-latency`
			`# database connection, raise this number.`
			`# Integer. Optional. Default = 8`
			`# connect_timeout = 8`

			`# The maximum amount of time (in seconds) that the database pool will wait in order to acquire a connection from the database pool.`
			`# After this amount of time, the connection will return an error and trifid-api will exit. If you have a very high-latency`
			`# database connection, raise this number.`
			`# Integer. Optional. Default = 8`
			`# acquire_timeout = 8`

			`# The maximum amount of time (in seconds) that a database connection will remain idle before the connection is closed.`
			`# This only applies if closing this connection would not bring the number of connections below min_connections.`
			`# Unless you are handling thousands of requests per second, you probably don't need to change this value.`
			`# Integer. Optional. Default = 8`
			`# idle_timeout = 8`

			`# The maximum amount of time (in seconds) that a database connection will remain active before it is closed and replaced with a new connection.`
			`# It is unlikely you ever need to change this value, unless your database takes 5 or more seconds per query, in which case you`
			`# need a better database.`
			`# Integer. Optional. Default = 8`
			`# max_lifetime = 8`

			`# Should sqlx query logging be enabled?`
			`# Disable this if you are tired of the constant query spam in the logs. Enable for debugging.`
			`# Boolean. Optional. Default = true`
			`# sqlx_logging = true`

			`#### [server] ####`
			`# Configure options for the trifid-api HTTP server.`
			`[server]`
			`# What IPs and ports should the trifid-api server listen on?`
			`# This may need to be changed if you want to bind on a different port or interface.`
			`# SocketAddr. Optional. Default = 0.0.0.0:8080 (all IPs, port 8080)`
			`# bind = "0.0.0.0:8080"`

hotfix: configurable threadpool size & new website starts 2023-08-15 04:16:47 +00:00			`# The number of worker threads to create.`
			`# Increase this number if your server is timing out requests.`
			`# usize. Optional. Default = 32`
			`# workers = 32`

networks and organizations 2023-04-04 01:53:14 +00:00			`#### [tokens] ####`
			`# Configure options related to the various tokens that may be issued by the trifid-api server.`
			`[tokens]`
			`# How long (in seconds) should magic link tokens be valid for?`
			`# This controls how long links sent to user's email addresses will remain valid for login.`
			`# The default of 3600 (1 hour) is a sane default and you likely do not need to change this.`
			`# Integer. Optional. Default = 3600`
			`# magic_link_expiry_time_seconds = 3600 # 1 hour`

			`# How long (in seconds) should session tokens be valid for?`
			`# This controls how long it will take before a user will need to re-log in with a magic link, if they do not explicitly`
			`# log out first.`
			`# The default of 15780000 (6 months) is a sane default and you likely do not need to change this.`
			`# Integer. Optional. Default = 15780000`
			`# session_token_expiry_time_seconds = 15780000 # 6 months`

			`# How long (in seconds) should TOTP setup tokens be valid for?`
			`# This controls how long a user will have to setup TOTP after starting the setup process before the token is invalidated`
			`# and they need to try again.`
			`# The default of 600 (10 minutes) is a sane default and you likely do not need to change this.`
			`# Integer. Optional. Default = 600`
			`# totp_setup_timeout_time_seconds = 600 # 10 minutes`

			`# How long (in seconds) should MFA auth tokens be valid for?`
			`# This controls how long a user will remain logged in before they need to re-input their 2FA code..`
			`# The default of 600 (10 minutes) is a sane default and you likely do not need to change this.`
			`# Integer. Optional. Default = 600`
			`# mfa_tokens_expiry_time_seconds = 600 # 10 minutes`

			`#### [crypto] ####`
			`# Configure settings related to the cryptography used inside trifid-api`
			`[crypto]`

			`# The per-instance data encryption key to protect sensitive data in the instance.`
			`# YOU ABSOLUTELY NEED TO CHANGE THIS. If you don't change anything else in this file, this should be the one thing you change.`
			# This should be a 32-byte hex value. Generate it with `openssl rand -hex 32`, or any other tool of your choice.
			`# If you get "InvalidLength" errors while trying to do anything involving organizations, that indicates that this`
			`# value was improperly generated.`
			`#`
			`# ------- WARNING -------`
			`# Do not change this value in a production instance. It will make existing data inaccessible until changed back.`
			`# ------- WARNING -------`
enrollment 2023-05-14 17:47:49 +00:00			`data-key = "edd600bcebea461381ea23791b6967c8667e12827ac8b94dc022f189a5dc59a2"`

			`# The data directory used for storing keys, configuration, signing keys, etc. Must be writable by this instance.`
			`# This directory will be used to store very sensitive data - protect it like a password! It should be writable by`
			`# this instance and ONLY this instance.`
			`# Do not modify any files in this directory manually unless directed to do so by trifid.`
			`local_keystore_directory = "./trifid_data"`