81 lines
4.0 KiB
TOML
81 lines
4.0 KiB
TOML
##################################
|
|
# trifid-api example config file #
|
|
##################################
|
|
# trifid-api, an open source reimplementation of the Defined Networking nebula management server.
|
|
# Copyright (C) 2023 c0repwn3r
|
|
#
|
|
# This program is free software: you can redistribute it and/or modify
|
|
# it under the terms of the GNU General Public License as published by
|
|
# the Free Software Foundation, either version 3 of the License, or
|
|
# (at your option) any later version.
|
|
#
|
|
# This program is distributed in the hope that it will be useful,
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
# GNU General Public License for more details.
|
|
#
|
|
# You should have received a copy of the GNU General Public License
|
|
# along with this program. If not, see <https:#www.gnu.org/licenses/>.
|
|
|
|
# Please read this file in it's entirety to learn what options you do or don't need to change
|
|
# to get a functional trifid-api instance.
|
|
|
|
# What port should the API server listen on?
|
|
# e.g. 8000 would mean the server is reachable at localhost:8000.
|
|
# You probably don't need to change this.
|
|
listen_port = 8000
|
|
|
|
# What is the postgres connection url to connect to the database?
|
|
# Example: postgres://username:password@database_host/database_name
|
|
# You absolutely need to change this.
|
|
db_url = "postgres://postgres@localhost/trifidapi"
|
|
|
|
# What is the externally accessible URL of this instance?
|
|
# If you are running behind a reverse proxy, or a domain name, or similar,
|
|
# you need to set this to the URL that the web UI can make requests to.
|
|
# e.g. http://localhost:8000
|
|
# Reminder: this ip needs to be internet-accessible.
|
|
# You absolutely need to change this.
|
|
base = "http://localhost:8000"
|
|
|
|
# What is the externally accessible URL of the **web ui** for this instance?
|
|
# This URL will be used to generate magic links, and needs to be correct.
|
|
# You absolutely need to change this.
|
|
web_root = "http://localhost:5173"
|
|
|
|
# How long should magic links be valid for (in seconds)?
|
|
# You probably don't need to change this, 86400 (24 hours) is a sane default.
|
|
magic_links_valid_for = 86400
|
|
|
|
# How long should session tokens be valid for (in seconds)?
|
|
# This controls how long a user can go without requesting a new "magic link" to re-log-in.
|
|
# This is a completley independent timer than `totp_verification_valid_for` - the auth token can (and often will) expire
|
|
# while the session token remains completley valid.
|
|
# You probably don't need to change this, 86400 (24 hours) is a sane default.
|
|
session_tokens_valid_for = 86400
|
|
|
|
# How long should 2FA authentication be valid for (in seconds)?
|
|
# This controls how long a user can remain logged in without having to re-do the 2FA authentication process.
|
|
# This is a completley independent timer than `session_tokens_valid_for` - the session token can expire while the 2FA token
|
|
# remains completley valid.
|
|
# You probably don't need to change this, 3600 (1 hour) is a sane default.
|
|
totp_verification_valid_for = 3600
|
|
|
|
# The per-instance data encryption key to protect sensitive data in the instance.
|
|
# YOU ABSOLUTELY NEED TO CHANGE THIS. If you don't change anything else in this file, this should be the one thing you change.
|
|
|
|
# This should be a 32-byte hex value. Generate it with `openssl rand -hex 32`, or any other tool of your choice.
|
|
# If you get "InvalidLength" errors while trying to do anything involving organizations, that indicates that this
|
|
# value was improperly generated.
|
|
#
|
|
# ------- WARNING -------
|
|
# Do not change this value in a production instance. It will make existing data inaccessible until changed back.
|
|
# ------- WARNING -------
|
|
data_key = "edd600bcebea461381ea23791b6967c8667e12827ac8b94dc022f189a5dc59a2"
|
|
|
|
# How long should CA certs be valid for before they need to be replaced (in seconds)?
|
|
# This controls the maximum amount of time a network on this instance can go
|
|
# without a rekey.
|
|
# You probably don't need to change, this, 31536000 (1 year) is a sane default.
|
|
# This value only affects new certs signed by this instance.
|
|
ca_certs_valid_for = 31536000 |