trifid/trifid-api/config.example.toml

75 lines
3.7 KiB
TOML

##################################
# trifid-api example config file #
##################################
# trifid-api, an open source reimplementation of the Defined Networking nebula management server.
# Copyright (C) 2023 c0repwn3r
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <https:#www.gnu.org/licenses/>.
# Please read this file in it's entirety to learn what options you do or don't need to change
# to get a functional trifid-api instance.
# What port should the API server listen on?
# e.g. 8000 would mean the server is reachable at localhost:8000.
# You probably don't need to change this.
listen_port = 8000
# What is the postgres connection url to connect to the database?
# Example: postgres://username:password@database_host/database_name
# You absolutely need to change this.
db_url = "postgres://postgres@localhost/trifidapi"
# What is the externally accessible URL of this instance?
# If you are running behind a reverse proxy, or a domain name, or similar,
# you need to set this to the URL that the web UI can make requests to.
# e.g. http://localhost:8000
# Reminder: this ip needs to be internet-accessible.
# You absolutely need to change this.
base = "http://localhost:8000"
# What is the externally accessible URL of the **web ui** for this instance?
# This URL will be used to generate magic links, and needs to be correct.
# You absolutely need to change this.
web_root = "http://localhost:5173"
# How long should magic links be valid for (in seconds)?
# You probably don't need to change this, 86400 (24 hours) is a sane default.
magic_links_valid_for = 86400
# How long should session tokens be valid for (in seconds)?
# This controls how long a user can go without requesting a new "magic link" to re-log-in.
# This is a completley independent timer than `totp_verification_valid_for` - the auth token can (and often will) expire
# while the session token remains completley valid.
# You probably don't need to change this, 86400 (24 hours) is a sane default.
session_tokens_valid_for = 86400
# How long should 2FA authentication be valid for (in seconds)?
# This controls how long a user can remain logged in without having to re-do the 2FA authentication process.
# This is a completley independent timer than `session_tokens_valid_for` - the session token can expire while the 2FA token
# remains completley valid.
# You probably don't need to change this, 3600 (1 hour) is a sane default.
totp_verification_valid_for = 3600
# The per-instance data encryption key to protect sensitive data in the instance.
# YOU ABSOLUTELY NEED TO CHANGE THIS. If you don't change anything else in this file, this should be the one thing you change.
# This should be a 32-byte hex value. Generate it with `openssl rand -hex 32`, or any other tool of your choice.
# If you get "InvalidLength" errors while trying to do anything involving organizations, that indicates that this
# value was improperly generated.
#
# ------- WARNING -------
# Do not change this value in a production instance. It will make existing data inaccessible until changed back.
# ------- WARNING -------
data_key = "edd600bcebea461381ea23791b6967c8667e12827ac8b94dc022f189a5dc59a2"