-
Notifications
You must be signed in to change notification settings - Fork 16
Expand file tree
/
Copy pathsettings_example.toml
More file actions
122 lines (97 loc) · 4.67 KB
/
settings_example.toml
File metadata and controls
122 lines (97 loc) · 4.67 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
[server]
# This should be set to the URL of your backend server.
api_server_url = "http://localhost:8710"
# This should be set to the URL of your frontend server.
ui_server_url = "http://localhost:8711"
# This should be set to the URL of your frontend server.
allowed_origins = ["http://127.0.0.1:8711", "http://localhost:8711"]
# Storage Providers
[server.storage.providers]
# Configure storage providers here.
# You must have at least one storage provider configured and set as the default.
# The default storage provider is used for files that do not have a specific storage provider set.
# You can have multiple storage providers with different mount points (paths).
# All storage paths must be accessible by both server and worker containers.
# Default storage provider, can be changed without affecting existing files.
# Any new files and folders without a specific storage provider set will use this provider.
default = "server_default"
# Default storage provider (mandatory)
# Do not change or remove this provider.
[server.storage.providers.server_default]
display_name = "Default Storage"
description = "Default storage provider from installation"
path = "<REPLACE_WITH_STORAGE_PATH>"
mode = "rw"
# Extra Read-write storage provider example
# [server.storage.providers.extra_storage]
# display_name = "Extra Storage"
# description = "Extra read-write storage provider"
# path = "/path/to/extra_storage"
# mode = "rw"
# Read-only storage provider example.
# This can be used to mount data that should not be modified by OpenRelik but that has
# files that can be mapped to OpenRelik files and read by the server and workers.
# Example: A directory with disk images on a read-only remote filesystem.
# [server.storage.providers.read_only_storage]
# display_name = "Read Only Storage"
# description = "Read Only storage provider example"
# path = "/path/to/read_only_storage"
# mode = "ro"
[datastores.sqlalchemy]
# Postgresql: postgresql://user:password@postgresserver/db
database_url = "postgresql://<REPLACE_WITH_POSTGRES_USER>:<REPLACE_WITH_POSTGRES_PASSWORD>@<REPLACE_WITH_POSTGRES_SERVER>/<REPLACE_WITH_POSTGRES_DATABASE_NAME>"
[auth]
# Secret key for the Session middleware and JWT signing.
# IMPORTANT: Create a random string, e.g: openssl rand -base64 32
secret_session_key = "<REPLACE_WITH_RANDOM_SESSION_STRING>"
secret_jwt_key = "<REPLACE_WITH_RANDOM_JWT_STRING>"
# Algorithm to use for JWT.
jwt_algorithm = "HS256"
# UI token expiration in minutes.
jwt_cookie_refresh_expire_minutes = 1440 # 24 hours
jwt_cookie_access_expire_minutes = 720 # 12 hours
# API key token expiration in minutes, if not set by the user upon creation.
jwt_header_default_refresh_expire_minutes = 10080 # 7 days
jwt_header_default_access_expire_minutes = 5 # 5 minutes
[auth.google]
# Google OAuth authentication. You need to create credentials in a Google Cloud project:
# https://developers.google.com/workspace/guides/create-credentials#oauth-client-id
client_id = ""
client_secret = ""
# Extra client_ids for apps that authenticate with OpenRelik using Google OAuth.
extra_audiences = []
# Restrict logins from a Google Workspace domain.
# Empty value = any domain, including gmail.com
workspace_domain = ""
# Allow only these users (email address) to access the server.
allowlist = ["<REPLACE_WITH_USERNAME>@gmail.com"]
# Allow these robot accounts (service accounts) to access the server.
allowed_robot_accounts = []
# Allow anyone (who is authenticated) to access the server.
# Note: If a workspace_domain is set then the public_access is limited to that domain.
# WARNING: This allows anyone to login to your server!
public_access = false
[auth.oidc]
# Generic OIDC authentication (e.g. Keycloak, Okta, Auth0).
# Set discovery_url to your IdP's OpenID Connect discovery document URL.
# Keycloak example: http://keycloak/realms/{realm}/.well-known/openid-configuration
# client_id = ""
# client_secret = ""
# discovery_url = ""
# Allow only these users (email address) to access the server.
# allowlist = ["<REPLACE_WITH_USER_EMAIL>"]
# Allow anyone (who is authenticated with the IdP) to access the server.
# WARNING: This allows anyone to login to your server!
# public_access = false
# Explicit redirect URI for the OIDC callback. Set this when running behind a reverse
# proxy that terminates TLS, to ensure the correct scheme (https) is used.
# Example: https://openrelik.example.com/auth/oidc
# redirect_uri = ""
[ui]
# data_types that will be rendered using unescaped HTML in a sandboxed iframe in the
# frontend UI.
allowed_data_types_preview = ["openrelik:hayabusa:html_report"]
[experiments.agents]
# Enable the Agent Development Kit (ADK) server.
# Optional: if not set, the server will not be able to run agents.
adk_server_url = ""