################################## # trifid-api example config file # ################################## # trifid-api, an open source reimplementation of the Defined Networking nebula management server. # Copyright (C) 2023 c0repwn3r # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # Please read this file in it's entirety to learn what options you do or don't need to change # to get a functional trifid-api instance. # What port should the API server listen on? # e.g. 8000 would mean the server is reachable at localhost:8000. # You probably don't need to change this. listen_port = 8000 # What is the postgres connection url to connect to the database? # Example: postgres://username:password@database_host/database_name # You absolutely need to change this. db_url = "postgres://postgres@localhost/trifidapi" # What is the externally accessible URL of this instance? # If you are running behind a reverse proxy, or a domain name, or similar, # you need to set this to the URL that the web UI can make requests to. # e.g. http://localhost:8000 # Reminder: this ip needs to be internet-accessible. # You absolutely need to change this. base = "http://localhost:8000" # What is the externally accessible URL of the **web ui** for this instance? # This URL will be used to generate magic links, and needs to be correct. # You absolutely need to change this. web_root = "http://localhost:5173" # How long should magic links be valid for (in seconds)? # You probably don't need to change this, 86400 (24 hours) is a sane default. magic_links_valid_for = 86400 # How long should session tokens be valid for (in seconds)? # This controls how long a user can go without requesting a new "magic link" to re-log-in. # This is a completley independent timer than `totp_verification_valid_for` - the auth token can (and often will) expire # while the session token remains completley valid. # You probably don't need to change this, 86400 (24 hours) is a sane default. session_tokens_valid_for = 86400 # How long should 2FA authentication be valid for (in seconds)? # This controls how long a user can remain logged in without having to re-do the 2FA authentication process. # This is a completley independent timer than `session_tokens_valid_for` - the session token can expire while the 2FA token # remains completley valid. # You probably don't need to change this, 3600 (1 hour) is a sane default. totp_verification_valid_for = 3600 # The per-instance data encryption key to protect sensitive data in the instance. # YOU ABSOLUTELY NEED TO CHANGE THIS. If you don't change anything else in this file, this should be the one thing you change. # This should be a 32-byte hex value. Generate it with `openssl rand -hex 32`, or any other tool of your choice. # If you get "InvalidLength" errors while trying to do anything involving organizations, that indicates that this # value was improperly generated. # # ------- WARNING ------- # Do not change this value in a production instance. It will make existing data inaccessible until changed back. # ------- WARNING ------- data_key = "edd600bcebea461381ea23791b6967c8667e12827ac8b94dc022f189a5dc59a2" # How long should CA certs be valid for before they need to be replaced (in seconds)? # This controls the maximum amount of time a network on this instance can go # without a rekey. # You probably don't need to change, this, 31536000 (1 year) is a sane default. # This value only affects new certs signed by this instance. ca_certs_valid_for = 31536000