Skip to content
Snippets Groups Projects
cozy.yaml.template 11.4 KiB
Newer Older
  • Learn to ignore specific revisions
  • Vincent Sellier's avatar
    Vincent Sellier committed
    # This file contain an example of cozy-stack configuration file.
    # It provides a description for all available fields to configure the stack.
    #
    # It is possible to pass environnment variable to this configuration using the
    # template language of golang, delimited by "{{" and "}}". See:
    #
    #     https://golang.org/pkg/text/template/.
    #
    # The env map is available in the ".Env" variable. For instance
    # ".Env.COUCHDB_PASSPHRASE" will access to "COUCHDB_PASSPHRASE" environment
    # variable. The template is evaluated at startup of the stack.
    
    # server host - flags: --host
    host: 0.0.0.0
    # server port - flags: --port -p
    port: 8080
    
    # how to structure the subdomains for apps - flags: --subdomains
    # values:
    #  - nested, like https://<app>.<user>.<domain>/ (well suited for self-hosted with Let's Encrypt)
    #  - flat, like https://<user>-<app>.<domain>/ (easier when using wildcard TLS certificate)
    subdomains: nested
    
    # defines a list of assets that can be fetched via the /remote/:asset-name
    # route.
    remote_assets:
      bank: https://myassetserver.com/remote_asset.json
    
    # path to the directory with the assets - flags: --assets
    # default is to use the assets packed in the binary
    # assets: ""
    
    # administration endpoint parameters. this endpoint should be protected
    admin:
      # server host - flags: --admin-host
      host: 0.0.0.0
      # server port - flags: --admin-port
      port: 6060
      # secret file name containing the derived passphrase to access to the
      # administration endpoint. this secret file can be generated using the `cozy-
      # stack config passwd` command. this file should be located in the same path
      # as the configuration file.
      secret_filename: cozy-admin-passphrase
    
    # vault contains keyfiles informations
    
    # See https://docs.cozy.io/en/cozy-stack/cli/cozy-stack_config_gen-keys/
    
    Vincent Sellier's avatar
    Vincent Sellier committed
    # to generate the keys
    
    Vincent Sellier's avatar
    Vincent Sellier committed
      # the path to the key used to encrypt credentials
    
      credentials_encryptor_key: /etc/cozy/credentials-key.enc
    
    Vincent Sellier's avatar
    Vincent Sellier committed
      # the path to the key used to decrypt credentials
    
      credentials_decryptor_key: /etc/cozy/credentials-key.dec
    
    Vincent Sellier's avatar
    Vincent Sellier committed
    
    # file system parameters
    fs:
      # file system url - flags: --fs-url
      # default url is the directory relative to the binary: ./storage
    
      # url: file://localhost/var/lib/cozy
      # url: swift://openstack/?UserName={{ .Env.OS_USERNAME }}&Password={{ .Env.OS_PASSWORD }}&ProjectName={{ .Env.OS_PROJECT_NAME }}&UserDomainName={{ .Env.OS_USER_DOMAIN_NAME }}
    
    
      # Swift FS can be used with advanced parameters to activate TLS properties.
      # For using swift with https, you must use the "swift+https" scheme.
      #
      # root_ca: /ca-certificates.pem
      # client_cert: /client_cert.pem
      # client_key: /client_key
      # pinned_key: 57c8ff33c9c0cfc3ef00e650a1cc910d7ee479a8bc509f6c9209a7c2a11399d6
      # insecure_skip_validation: true
    
      # default_layout: 2 # 1 for layout v2 and 2 for layout v3
    
      # versioning:
      #   max_number_of_versions_to_keep: 20
      #   min_delay_between_two_versions: 15m
    
    Vincent Sellier's avatar
    Vincent Sellier committed
    # couchdb parameters
    couchdb:
      # CouchDB URL - flags: --couchdb-url
    
    Hugo NOUTS's avatar
    Hugo NOUTS committed
      url: http://admin:password@db:5984/
    
    Vincent Sellier's avatar
    Vincent Sellier committed
    
    
      # CouchDB advanced parameters to activate TLS properties:
      #
      # root_ca: /ca-certificates.pem
      # client_cert: /client_cert.pem
      # client_key: /client_key
      # pinned_key: 57c8ff33c9c0cfc3ef00e650a1cc910d7ee479a8bc509f6c9209a7c2a11399d6
      # insecure_skip_validation: true
    
    
    Vincent Sellier's avatar
    Vincent Sellier committed
    # jobs parameters to configure the job system
    jobs:
      # path to the imagemagick convert binary
      # imagemagick_convert_cmd: convert
    
    
      # Specify whether the given list of jobs is a whitelist or blacklist. In case
      # of a whitelist, all jobs are deactivated by default and only the listed one
      # are activated.
      #
      # whitelist: false
    
    
    Vincent Sellier's avatar
    Vincent Sellier committed
      # workers individual configrations.
      #
      # For each worker type it is possible to configure the following fields:
      #   - concurrency: the maximum number of jobs executed in parallel. when set
      #     to zero, the worker is deactivated
      #   - max_exec_count: the maximum number of retries for one job in case of an
      #     error
      #   - timeout: the maximum amount of time allowed for one execution of a job
      #
      # List of available workers:
      #
    
      #   - "export":          exporting data from a cozy instance
      #   - "konnector":       launching konnectors
    
      #   - "migrations":      transforming a VFS with Swift to layout v3
    
      #   - "push":            sending push notifications
      #   - "sendmail":        sending mails
      #   - "service":         launching services
      #   - "share-replicate": for cozy to cozy sharing
      #   - "share-track":     idem
      #   - "share-upload":    idem
    
      #   - "thumbnail":       creatings and deleting thumbnails for images
    
      #   - "unzip":           unzipping tarball
    
      #   - "updates":         run updates for installed applications (deprecated)
      #   - "zip":             creating a zip tarball
    
    Vincent Sellier's avatar
    Vincent Sellier committed
      #
      # When no configuration is given for a worker, a default configuration is
      # used. When a false boolean value is given, the worker is deactivated.
      #
      # To deactivate all workers, the workers field can be set to "false" or
      # "none".
      workers:
        # thumbnail:
        #   concurrency: {{mul .NumCPU 4}}
        #   max_exec_count: 2
        #   timeout: 15s
    
        # konnector:
        #   concurrency: {{.NumCPU}}
        #   max_exec_count: 2
        #   timeout: 200s
    
        # service:
        #   concurrency: {{.NumCPU}}
        #   max_exec_count: 2
        #   timeout: 200s
    
        # export:
        #   concurrency: 4
        #   max_exec_count: 1
        #   timeout: 200s
    
        # push:     false
        # sendmail: false
    
    
      # Sets the default duration of jobs database documents to keep
      defaultDurationToKeep: "2W" # Keep 2 weeks
    
    
    Vincent Sellier's avatar
    Vincent Sellier committed
    # konnectors execution parameters for executing external processes.
    konnectors:
    
      cmd: /usr/local/cozy-stack/scripts/konnector-node-run.sh # run connectors with node
    
    Vincent Sellier's avatar
    Vincent Sellier committed
      # cmd: ./scripts/konnector-rkt-run.sh # run connectors with rkt
    
      # cmd: ./scripts/konnector-nsjail-node8-run.sh # run connectors with nsjail
    
    Vincent Sellier's avatar
    Vincent Sellier committed
    
    # mail service parameters for sending email via SMTP
    mail:
      # mail noreply address - flags: --mail-noreply-address
    
    Hugo NOUTS's avatar
    Hugo NOUTS committed
      noreply_address: ecolyodemo@alpha.grandlyon.com
      noreply_name: Cozy_Alpha
    
    Vincent Sellier's avatar
    Vincent Sellier committed
      # mail smtp host - flags: --mail-host
    
    Hugo NOUTS's avatar
    Hugo NOUTS committed
      host: mail.alpha.grandlyon.com
    
    Vincent Sellier's avatar
    Vincent Sellier committed
      # mail smtp port - flags: --mail-port
    
    Hugo NOUTS's avatar
    Hugo NOUTS committed
      port: 587
    
    Vincent Sellier's avatar
    Vincent Sellier committed
      # mail smtp username - flags: --mail-username
    
    Hugo NOUTS's avatar
    Hugo NOUTS committed
      username: ecolyodemo@alpha.grandlyon.com
    
    Vincent Sellier's avatar
    Vincent Sellier committed
      # mail smtp password - flags: --mail-password
      password: {{.Env.COZY_MAIL_PASSWORD}}
      # disable mail tls - flags: --mail-disable-tls
      disable_tls: false
      # skip the certificate validation (may be useful on localhost)
      skip_certificate_validation: false
    
    # directory with the hooks scripts - flags: --hooks
    hooks: ./scripts/hooks
    
    # location of the database for IP -> City lookups - flags: --geodb
    # See https://dev.maxmind.com/geoip/geoip2/geolite2/
    geodb: ""
    
    # minimal duration between two password reset
    password_reset_interval: 15m
    
    # redis namespace to configure its usage for different part of the stack. redis
    # is not mandatory and is specifically useful to run the stack in an
    # environment where multiple stacks run simultaneously.
    redis:
      # the redis clients created can be configured to be used with a cluster of
      # redis. if addrs field is left empty, redis is not used.
    
      # either a single address or a seed list of host:port addresses
      # of cluster/sentinel nodes separated by whitespaces.
      addrs: # localhost:1234 localhost:4321
    
      # the sentinel master name - only failover clients.
      master:
    
      # redis password
      password:
    
      # databases number for each part of the stack using a specific database.
      databases:
        jobs: 0
        cache: 1
        lock: 2
        sessions: 3
        downloads: 4
        konnectors: 5
        realtime: 6
        log: 7
    
        rate_limiting: 8
    
    Vincent Sellier's avatar
    Vincent Sellier committed
    
      # advanced parameters for advanced users
    
      # dial_timeout: 5s
      # read_timeout: 3s
      # write_timeout: 3s
    
      # pool_size: max(25, 10 * runtime.NumCPU())  # pool_size cannot be below 25
    
    Vincent Sellier's avatar
    Vincent Sellier committed
      # pool_timeout: 3s
      # idle_timeout: 5m
      # idle_check_frequency: 1m
    
      # enables read only queries on slave nodes.
      # read_only_slave: false
    
    # Registries used for applications and konnectors
    
    registries:
      default:
        - https://apps-registry.cozycloud.cc/
    
    Vincent Sellier's avatar
    Vincent Sellier committed
    
    notifications:
      # Activate development APIs (iOS only)
      development: false
    
      # Firebase Cloud Messaging API Key for Android notifications
      # android_api_key: ""
    
      # APNS/2 certificates for iOS notifications
      # ios_certificate_key_path: path/to/certificate.p12
      # ios_certificate_password: mycertificatepasswordifany
      # ios_key_id: my_key_id_if_any
      # ios_team_id: my_team_id_if_any
    
    
    Alpha FACTORY's avatar
    Alpha FACTORY committed
    # Allowed domains for the CSP policy used in hosted web applications
    csp_allowlist:
      style: https://fonts.googleapis.com/
      font: https://fonts.gstatic.com/
      img: https://statweb.grandlyon.com/
      script: https://grandlyon.errors.cozycloud.cc/ https://statweb.grandlyon.com/
      frame: https://statweb.grandlyon.com/
      connect: https://grandlyon.errors.cozycloud.cc/ https://fonts.gstatic.com/
    
    
    Vincent Sellier's avatar
    Vincent Sellier committed
    
    
    # It can useful to disable the CSP policy to debug and test things in local
    # disable_csp: true
    
    
    Vincent Sellier's avatar
    Vincent Sellier committed
    log:
      # logger level (debug, info, warning, panic, fatal) - flags: --log-level
    
      level: info
    
    Vincent Sellier's avatar
    Vincent Sellier committed
      # send logs to the local syslog - flags: --log-syslog
      syslog: false
    
    # It is possible to customize some behaviors of cozy-stack in function of the
    # context of an instance (the context field of the settings document of this
    # instance). Here, the "beta" context is customized with.
    contexts:
      beta:
        # Indicates if debug related features should be enabled in front
        # applications.
        debug: false
        # Redirect to a specific route of cozy-collect after the onboarding
        onboarded_redirection: collect/#/discovery/?intro
        # Redirect to the photos application after login
        default_redirection: drive/#/files
        # Allow to customize the cozy-bar link to the help
        help_link: https://forum.cozy.io/
        # Coming soon applications listed in the Cozy Bar's app panel
        # Will be removed when the store will be available.
        coming_soon:
          store:
            editor: 'Cozy'
            name: 'Store'
            slug: 'store'
            category: 'cozy'
        # claudy actions list
        claudy_actions:
    
          - desktop
          - mobile
    
    Vincent Sellier's avatar
    Vincent Sellier committed
        # konnectors slugs to exclude from cozy-collect
        exclude_konnectors:
    
          - a_konnector_slug
    
        # If enabled, this option will skip permissions verification during
        # webapp/konnectors installs & updates processes
        permissions_skip_verification: false
        # By default, only the store app can install and update applications. But,
        # if this setting is enabled, it allows other applications with the right
        # permission to install and update applications.
        allow_install_via_a_permission: true
        # Tells if the photo folder should be created or not during the instance
        # creation
        init_photos_folder: true
        # Allows to override the default template "Cozy" title by your own title
        templates_title: "My Personal Cloud"
        # Use a different noreply mail for this context
        noreply_address: noreply@cozy.beta
        noreply_name: My Cozy Beta
    
    
    authentication:
      open-id-connect:
        disable_password_authentication: true
        oidc:
          client_id: cozy
          client_secret: 75209b5d-302a-40c5-9a4e-823d792fa2fe
          scope: openid profile
          redirect_uri: https://COZY_TLD/oidc/redirect
          authorize_url: https://OIDC_IDP/auth/realms/cozy/protocol/openid-connect/auth
          token_url: https://OIDC_IDP/auth/realms/cozy/protocol/openid-connect/token
          userinfo_url: https://OIDC_IDP/auth/realms/cozy/protocol/openid-connect/userinfo
          userinfo_instance_field: preferred_username
          userinfo_instance_prefix:
          userinfo_instance_suffix: .COZY_TLD
          allow_oauth_token: false