########################## # trifid-api config file # ########################## # trifid-api, an open source reimplementation of the Defined Networking nebula management server. # Copyright (C) 2023 c0repwn3r # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # Please read this file in it's entirety to learn what options you do or don't need to change # to get a functional trifid-api instance. #### [database] #### # Options related to the PostgreSQL database connection. [database] # The PostgreSQL connection URL to connect to the database. # Example: postgres://username:password@ip:port/database-name. # The database provided must exist. Database migrations will be run automatically upon database startup. # Url. Required. url = "your-database-url-here" # The maximum number of connections that will be established to the database. # This will effectively mean the amount of requests that trifid-api can process in parallel, as almost every # request handler acquires a connection from the pool. # Integer. Optional. Default: 100 # max_connections = 100 # The minimum number of connections that will be established to the database. # At least this number of connections will be created and kept idle until needed. If requests have a lot of latency # due to acquiring connections from the database, raise this number. # Integer. Optional. Default = 5 # min_connections = 5 # The maximum amount of time (in seconds) that the database pool will wait in order to connect to the database. # After this amount of time, the connection will return an error and trifid-api will exit. If you have a very high-latency # database connection, raise this number. # Integer. Optional. Default = 8 # connect_timeout = 8 # The maximum amount of time (in seconds) that the database pool will wait in order to acquire a connection from the database pool. # After this amount of time, the connection will return an error and trifid-api will exit. If you have a very high-latency # database connection, raise this number. # Integer. Optional. Default = 8 # acquire_timeout = 8 # The maximum amount of time (in seconds) that a database connection will remain idle before the connection is closed. # This only applies if closing this connection would not bring the number of connections below min_connections. # Unless you are handling thousands of requests per second, you probably don't need to change this value. # Integer. Optional. Default = 8 # idle_timeout = 8 # The maximum amount of time (in seconds) that a database connection will remain active before it is closed and replaced with a new connection. # It is unlikely you ever need to change this value, unless your database takes 5 or more seconds per query, in which case you # need a better database. # Integer. Optional. Default = 8 # max_lifetime = 8 # Should sqlx query logging be enabled? # Disable this if you are tired of the constant query spam in the logs. Enable for debugging. # Boolean. Optional. Default = true # sqlx_logging = true #### [server] #### # Configure options for the trifid-api HTTP server. [server] # What IPs and ports should the trifid-api server listen on? # This may need to be changed if you want to bind on a different port or interface. # SocketAddr. Optional. Default = 0.0.0.0:8080 (all IPs, port 8080) # bind = "0.0.0.0:8080" # The number of worker threads to create. # Increase this number if your server is timing out requests. # usize. Optional. Default = 32 # workers = 32 #### [tokens] #### # Configure options related to the various tokens that may be issued by the trifid-api server. [tokens] # How long (in seconds) should magic link tokens be valid for? # This controls how long links sent to user's email addresses will remain valid for login. # The default of 3600 (1 hour) is a sane default and you likely do not need to change this. # Integer. Optional. Default = 3600 # magic_link_expiry_time_seconds = 3600 # 1 hour # How long (in seconds) should session tokens be valid for? # This controls how long it will take before a user will need to re-log in with a magic link, if they do not explicitly # log out first. # The default of 15780000 (6 months) is a sane default and you likely do not need to change this. # Integer. Optional. Default = 15780000 # session_token_expiry_time_seconds = 15780000 # 6 months # How long (in seconds) should TOTP setup tokens be valid for? # This controls how long a user will have to setup TOTP after starting the setup process before the token is invalidated # and they need to try again. # The default of 600 (10 minutes) is a sane default and you likely do not need to change this. # Integer. Optional. Default = 600 # totp_setup_timeout_time_seconds = 600 # 10 minutes # How long (in seconds) should MFA auth tokens be valid for? # This controls how long a user will remain logged in before they need to re-input their 2FA code.. # The default of 600 (10 minutes) is a sane default and you likely do not need to change this. # Integer. Optional. Default = 600 # mfa_tokens_expiry_time_seconds = 600 # 10 minutes #### [crypto] #### # Configure settings related to the cryptography used inside trifid-api [crypto] # The per-instance data encryption key to protect sensitive data in the instance. # YOU ABSOLUTELY NEED TO CHANGE THIS. If you don't change anything else in this file, this should be the one thing you change. # This should be a 32-byte hex value. Generate it with `openssl rand -hex 32`, or any other tool of your choice. # If you get "InvalidLength" errors while trying to do anything involving organizations, that indicates that this # value was improperly generated. # # ------- WARNING ------- # Do not change this value in a production instance. It will make existing data inaccessible until changed back. # ------- WARNING ------- data-key = "edd600bcebea461381ea23791b6967c8667e12827ac8b94dc022f189a5dc59a2" # The data directory used for storing keys, configuration, signing keys, etc. Must be writable by this instance. # This directory will be used to store very sensitive data - protect it like a password! It should be writable by # this instance and ONLY this instance. # Do not modify any files in this directory manually unless directed to do so by trifid. local_keystore_directory = "./trifid_data"