134 lines
6.8 KiB
TOML
134 lines
6.8 KiB
TOML
##########################
|
|
# trifid-api-old config file #
|
|
##########################
|
|
# trifid-api-old, an open source reimplementation of the Defined Networking nebula management server.
|
|
# Copyright (C) 2023 c0repwn3r
|
|
#
|
|
# This program is free software: you can redistribute it and/or modify
|
|
# it under the terms of the GNU General Public License as published by
|
|
# the Free Software Foundation, either version 3 of the License, or
|
|
# (at your option) any later version.
|
|
#
|
|
# This program is distributed in the hope that it will be useful,
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
# GNU General Public License for more details.
|
|
#
|
|
# You should have received a copy of the GNU General Public License
|
|
# along with this program. If not, see <https:#www.gnu.org/licenses/>.
|
|
|
|
# Please read this file in it's entirety to learn what options you do or don't need to change
|
|
# to get a functional trifid-api-old instance.
|
|
|
|
#### [database] ####
|
|
# Options related to the PostgreSQL database connection.
|
|
[database]
|
|
# The PostgreSQL connection URL to connect to the database.
|
|
# Example: postgres://username:password@ip:port/database-name.
|
|
# The database provided must exist. Database migrations will be run automatically upon database startup.
|
|
# Url. Required.
|
|
url = "your-database-url-here"
|
|
|
|
# The maximum number of connections that will be established to the database.
|
|
# This will effectively mean the amount of requests that trifid-api-old can process in parallel, as almost every
|
|
# request handler acquires a connection from the pool.
|
|
# Integer. Optional. Default: 100
|
|
# max_connections = 100
|
|
|
|
# The minimum number of connections that will be established to the database.
|
|
# At least this number of connections will be created and kept idle until needed. If requests have a lot of latency
|
|
# due to acquiring connections from the database, raise this number.
|
|
# Integer. Optional. Default = 5
|
|
# min_connections = 5
|
|
|
|
# The maximum amount of time (in seconds) that the database pool will wait in order to connect to the database.
|
|
# After this amount of time, the connection will return an error and trifid-api-old will exit. If you have a very high-latency
|
|
# database connection, raise this number.
|
|
# Integer. Optional. Default = 8
|
|
# connect_timeout = 8
|
|
|
|
# The maximum amount of time (in seconds) that the database pool will wait in order to acquire a connection from the database pool.
|
|
# After this amount of time, the connection will return an error and trifid-api-old will exit. If you have a very high-latency
|
|
# database connection, raise this number.
|
|
# Integer. Optional. Default = 8
|
|
# acquire_timeout = 8
|
|
|
|
# The maximum amount of time (in seconds) that a database connection will remain idle before the connection is closed.
|
|
# This only applies if closing this connection would not bring the number of connections below min_connections.
|
|
# Unless you are handling thousands of requests per second, you probably don't need to change this value.
|
|
# Integer. Optional. Default = 8
|
|
# idle_timeout = 8
|
|
|
|
# The maximum amount of time (in seconds) that a database connection will remain active before it is closed and replaced with a new connection.
|
|
# It is unlikely you ever need to change this value, unless your database takes 5 or more seconds per query, in which case you
|
|
# need a better database.
|
|
# Integer. Optional. Default = 8
|
|
# max_lifetime = 8
|
|
|
|
# Should sqlx query logging be enabled?
|
|
# Disable this if you are tired of the constant query spam in the logs. Enable for debugging.
|
|
# Boolean. Optional. Default = true
|
|
# sqlx_logging = true
|
|
|
|
#### [server] ####
|
|
# Configure options for the trifid-api-old HTTP server.
|
|
[server]
|
|
# What IPs and ports should the trifid-api-old server listen on?
|
|
# This may need to be changed if you want to bind on a different port or interface.
|
|
# SocketAddr. Optional. Default = 0.0.0.0:8080 (all IPs, port 8080)
|
|
# bind = "0.0.0.0:8080"
|
|
|
|
# The number of worker threads to create.
|
|
# Increase this number if your server is timing out requests.
|
|
# usize. Optional. Default = 32
|
|
# workers = 32
|
|
|
|
#### [tokens] ####
|
|
# Configure options related to the various tokens that may be issued by the trifid-api-old server.
|
|
[tokens]
|
|
# How long (in seconds) should magic link tokens be valid for?
|
|
# This controls how long links sent to user's email addresses will remain valid for login.
|
|
# The default of 3600 (1 hour) is a sane default and you likely do not need to change this.
|
|
# Integer. Optional. Default = 3600
|
|
# magic_link_expiry_time_seconds = 3600 # 1 hour
|
|
|
|
# How long (in seconds) should session tokens be valid for?
|
|
# This controls how long it will take before a user will need to re-log in with a magic link, if they do not explicitly
|
|
# log out first.
|
|
# The default of 15780000 (6 months) is a sane default and you likely do not need to change this.
|
|
# Integer. Optional. Default = 15780000
|
|
# session_token_expiry_time_seconds = 15780000 # 6 months
|
|
|
|
# How long (in seconds) should TOTP setup tokens be valid for?
|
|
# This controls how long a user will have to setup TOTP after starting the setup process before the token is invalidated
|
|
# and they need to try again.
|
|
# The default of 600 (10 minutes) is a sane default and you likely do not need to change this.
|
|
# Integer. Optional. Default = 600
|
|
# totp_setup_timeout_time_seconds = 600 # 10 minutes
|
|
|
|
# How long (in seconds) should MFA auth tokens be valid for?
|
|
# This controls how long a user will remain logged in before they need to re-input their 2FA code..
|
|
# The default of 600 (10 minutes) is a sane default and you likely do not need to change this.
|
|
# Integer. Optional. Default = 600
|
|
# mfa_tokens_expiry_time_seconds = 600 # 10 minutes
|
|
|
|
#### [crypto] ####
|
|
# Configure settings related to the cryptography used inside trifid-api-old
|
|
[crypto]
|
|
|
|
# The per-instance data encryption key to protect sensitive data in the instance.
|
|
# YOU ABSOLUTELY NEED TO CHANGE THIS. If you don't change anything else in this file, this should be the one thing you change.
|
|
# This should be a 32-byte hex value. Generate it with `openssl rand -hex 32`, or any other tool of your choice.
|
|
# If you get "InvalidLength" errors while trying to do anything involving organizations, that indicates that this
|
|
# value was improperly generated.
|
|
#
|
|
# ------- WARNING -------
|
|
# Do not change this value in a production instance. It will make existing data inaccessible until changed back.
|
|
# ------- WARNING -------
|
|
data-key = "edd600bcebea461381ea23791b6967c8667e12827ac8b94dc022f189a5dc59a2"
|
|
|
|
# The data directory used for storing keys, configuration, signing keys, etc. Must be writable by this instance.
|
|
# This directory will be used to store very sensitive data - protect it like a password! It should be writable by
|
|
# this instance and ONLY this instance.
|
|
# Do not modify any files in this directory manually unless directed to do so by trifid.
|
|
local_keystore_directory = "./trifid_data" |