trifid/trifid-api/config.example.toml

129 lines
6.6 KiB
TOML

##########################
# trifid-api config file #
##########################
# trifid-api, an open source reimplementation of the Defined Networking nebula management server.
# Copyright (C) 2023 c0repwn3r
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <https:#www.gnu.org/licenses/>.
# Please read this file in it's entirety to learn what options you do or don't need to change
# to get a functional trifid-api instance.
#### [database] ####
# Options related to the PostgreSQL database connection.
[database]
# The PostgreSQL connection URL to connect to the database.
# Example: postgres://username:password@ip:port/database-name.
# The database provided must exist. Database migrations will be run automatically upon database startup.
# Url. Required.
url = "your-database-url-here"
# The maximum number of connections that will be established to the database.
# This will effectively mean the amount of requests that trifid-api can process in parallel, as almost every
# request handler acquires a connection from the pool.
# Integer. Optional. Default: 100
# max_connections = 100
# The minimum number of connections that will be established to the database.
# At least this number of connections will be created and kept idle until needed. If requests have a lot of latency
# due to acquiring connections from the database, raise this number.
# Integer. Optional. Default = 5
# min_connections = 5
# The maximum amount of time (in seconds) that the database pool will wait in order to connect to the database.
# After this amount of time, the connection will return an error and trifid-api will exit. If you have a very high-latency
# database connection, raise this number.
# Integer. Optional. Default = 8
# connect_timeout = 8
# The maximum amount of time (in seconds) that the database pool will wait in order to acquire a connection from the database pool.
# After this amount of time, the connection will return an error and trifid-api will exit. If you have a very high-latency
# database connection, raise this number.
# Integer. Optional. Default = 8
# acquire_timeout = 8
# The maximum amount of time (in seconds) that a database connection will remain idle before the connection is closed.
# This only applies if closing this connection would not bring the number of connections below min_connections.
# Unless you are handling thousands of requests per second, you probably don't need to change this value.
# Integer. Optional. Default = 8
# idle_timeout = 8
# The maximum amount of time (in seconds) that a database connection will remain active before it is closed and replaced with a new connection.
# It is unlikely you ever need to change this value, unless your database takes 5 or more seconds per query, in which case you
# need a better database.
# Integer. Optional. Default = 8
# max_lifetime = 8
# Should sqlx query logging be enabled?
# Disable this if you are tired of the constant query spam in the logs. Enable for debugging.
# Boolean. Optional. Default = true
# sqlx_logging = true
#### [server] ####
# Configure options for the trifid-api HTTP server.
[server]
# What IPs and ports should the trifid-api server listen on?
# This may need to be changed if you want to bind on a different port or interface.
# SocketAddr. Optional. Default = 0.0.0.0:8080 (all IPs, port 8080)
# bind = "0.0.0.0:8080"
#### [tokens] ####
# Configure options related to the various tokens that may be issued by the trifid-api server.
[tokens]
# How long (in seconds) should magic link tokens be valid for?
# This controls how long links sent to user's email addresses will remain valid for login.
# The default of 3600 (1 hour) is a sane default and you likely do not need to change this.
# Integer. Optional. Default = 3600
# magic_link_expiry_time_seconds = 3600 # 1 hour
# How long (in seconds) should session tokens be valid for?
# This controls how long it will take before a user will need to re-log in with a magic link, if they do not explicitly
# log out first.
# The default of 15780000 (6 months) is a sane default and you likely do not need to change this.
# Integer. Optional. Default = 15780000
# session_token_expiry_time_seconds = 15780000 # 6 months
# How long (in seconds) should TOTP setup tokens be valid for?
# This controls how long a user will have to setup TOTP after starting the setup process before the token is invalidated
# and they need to try again.
# The default of 600 (10 minutes) is a sane default and you likely do not need to change this.
# Integer. Optional. Default = 600
# totp_setup_timeout_time_seconds = 600 # 10 minutes
# How long (in seconds) should MFA auth tokens be valid for?
# This controls how long a user will remain logged in before they need to re-input their 2FA code..
# The default of 600 (10 minutes) is a sane default and you likely do not need to change this.
# Integer. Optional. Default = 600
# mfa_tokens_expiry_time_seconds = 600 # 10 minutes
#### [crypto] ####
# Configure settings related to the cryptography used inside trifid-api
[crypto]
# The per-instance data encryption key to protect sensitive data in the instance.
# YOU ABSOLUTELY NEED TO CHANGE THIS. If you don't change anything else in this file, this should be the one thing you change.
# This should be a 32-byte hex value. Generate it with `openssl rand -hex 32`, or any other tool of your choice.
# If you get "InvalidLength" errors while trying to do anything involving organizations, that indicates that this
# value was improperly generated.
#
# ------- WARNING -------
# Do not change this value in a production instance. It will make existing data inaccessible until changed back.
# ------- WARNING -------
data-key = "edd600bcebea461381ea23791b6967c8667e12827ac8b94dc022f189a5dc59a2"
# The data directory used for storing keys, configuration, signing keys, etc. Must be writable by this instance.
# This directory will be used to store very sensitive data - protect it like a password! It should be writable by
# this instance and ONLY this instance.
# Do not modify any files in this directory manually unless directed to do so by trifid.
local_keystore_directory = "./trifid_data"