70 lines
1.8 KiB
YAML
70 lines
1.8 KiB
YAML
shard_id: "gc-test-001"
|
|
|
|
listen:
|
|
http: "0.0.0.0:9080" # API for testers
|
|
https: "" # if you terminate TLS at a proxy, leave empty
|
|
ws: "0.0.0.0:9081" # reserved
|
|
|
|
tls:
|
|
enable: false # set true only if serving HTTPS directly here
|
|
cert_file: "/etc/greencoast/tls/cert.pem"
|
|
key_file: "/etc/greencoast/tls/key.pem"
|
|
|
|
federation:
|
|
mtls_enable: false
|
|
listen: "0.0.0.0:9443"
|
|
cert_file: "/etc/greencoast/fed/cert.pem"
|
|
key_file: "/etc/greencoast/fed/key.pem"
|
|
client_ca_file: "/etc/greencoast/fed/clients_ca.pem"
|
|
|
|
ui:
|
|
enable: true
|
|
path: "./client"
|
|
base_url: "/"
|
|
frontend_http: "0.0.0.0:9082" # static client for testers
|
|
|
|
storage:
|
|
backend: "fs"
|
|
path: "/var/lib/greencoast/objects"
|
|
max_object_kb: 128 # lower if you want to constrain uploads
|
|
|
|
security:
|
|
zero_trust: true
|
|
require_mtls_for_federation: true
|
|
accept_client_signed_tokens: true
|
|
log_level: "warn"
|
|
|
|
privacy:
|
|
retain_ip: "no"
|
|
retain_user_agent: "no"
|
|
retain_timestamps: "coarse"
|
|
|
|
auth:
|
|
# IMPORTANT: rotate this per environment (use `openssl rand -hex 32`)
|
|
signing_secret: "D941C4F91D0046D28CDBC3F425DE0B4EA26BD2A80434E0F160D1B7C813EB43F8"
|
|
sso:
|
|
discord:
|
|
enabled: true
|
|
client_id: "1408292766319906946"
|
|
client_secret: "zJ6GnUUykHbMFbWsPPneNxNK-PtOXYg1"
|
|
# must exactly match your Discord app's allowed redirect
|
|
redirect_uri: "https://greencoast.fullmooncyberworks.com/auth-callback.html"
|
|
google:
|
|
enabled: false
|
|
client_id: ""
|
|
client_secret: ""
|
|
redirect_uri: ""
|
|
facebook:
|
|
enabled: false
|
|
client_id: ""
|
|
client_secret: ""
|
|
redirect_uri: ""
|
|
two_factor:
|
|
webauthn_enabled: false
|
|
totp_enabled: false
|
|
|
|
limits:
|
|
rate:
|
|
burst: 20
|
|
per_minute: 60 # slightly tighter for external testing
|