cozy.yaml.template

# This file contain an example of cozy-stack configuration file.
# It provides a description for all available fields to configure the stack.
#
# It is possible to pass environnment variable to this configuration using the
# template language of golang, delimited by "{{" and "}}". See:
#
#     https://golang.org/pkg/text/template/.
#
# The env map is available in the ".Env" variable. For instance
# ".Env.COUCHDB_PASSPHRASE" will access to "COUCHDB_PASSPHRASE" environment
# variable. The template is evaluated at startup of the stack.

# server host - flags: --host
host: 0.0.0.0
# server port - flags: --port -p
port: 8080

# how to structure the subdomains for apps - flags: --subdomains
# values:
#  - nested, like https://<app>.<user>.<domain>/ (well suited for self-hosted with Let's Encrypt)
#  - flat, like https://<user>-<app>.<domain>/ (easier when using wildcard TLS certificate)
subdomains: nested

# defines a list of assets that can be fetched via the /remote/:asset-name
# route.
remote_assets:
  bank: https://myassetserver.com/remote_asset.json

# path to the directory with the assets - flags: --assets
# default is to use the assets packed in the binary
# assets: ""

# administration endpoint parameters. this endpoint should be protected
admin:
  # server host - flags: --admin-host
  host: 0.0.0.0
  # server port - flags: --admin-port
  port: 6060
  # secret file name containing the derived passphrase to access to the
  # administration endpoint. this secret file can be generated using the `cozy-
  # stack config passwd` command. this file should be located in the same path
  # as the configuration file.
  secret_filename: cozy-admin-passphrase

# vault contains keyfiles informations
# See https://docs.cozy.io/en/cozy-stack/cli/cozy-stack_config_gen-keys/
# to generate the keys
vault:
  # the path to the key used to encrypt credentials
  credentials_encryptor_key: /etc/cozy/credentials-key.enc
  # the path to the key used to decrypt credentials
  credentials_decryptor_key: /etc/cozy/credentials-key.dec

# file system parameters
fs:
  # file system url - flags: --fs-url
  # default url is the directory relative to the binary: ./storage

  # url: file://localhost/var/lib/cozy
  # url: swift://openstack/?UserName={{ .Env.OS_USERNAME }}&Password={{ .Env.OS_PASSWORD }}&ProjectName={{ .Env.OS_PROJECT_NAME }}&UserDomainName={{ .Env.OS_USER_DOMAIN_NAME }}

  # Swift FS can be used with advanced parameters to activate TLS properties.
  # For using swift with https, you must use the "swift+https" scheme.
  #
  # root_ca: /ca-certificates.pem
  # client_cert: /client_cert.pem
  # client_key: /client_key
  # pinned_key: 57c8ff33c9c0cfc3ef00e650a1cc910d7ee479a8bc509f6c9209a7c2a11399d6
  # insecure_skip_validation: true
  # default_layout: 2 # 1 for layout v2 and 2 for layout v3

  # versioning:
  #   max_number_of_versions_to_keep: 20
  #   min_delay_between_two_versions: 15m

# couchdb parameters
couchdb:
  # CouchDB URL - flags: --couchdb-url
  url: http://admin:password@db:5984/

  # CouchDB advanced parameters to activate TLS properties:
  #
  # root_ca: /ca-certificates.pem
  # client_cert: /client_cert.pem
  # client_key: /client_key
  # pinned_key: 57c8ff33c9c0cfc3ef00e650a1cc910d7ee479a8bc509f6c9209a7c2a11399d6
  # insecure_skip_validation: true

# jobs parameters to configure the job system
jobs:
  # path to the imagemagick convert binary
  # imagemagick_convert_cmd: convert

  # Specify whether the given list of jobs is a whitelist or blacklist. In case
  # of a whitelist, all jobs are deactivated by default and only the listed one
  # are activated.
  #
  # whitelist: false

  # workers individual configrations.
  #
  # For each worker type it is possible to configure the following fields:
  #   - concurrency: the maximum number of jobs executed in parallel. when set
  #     to zero, the worker is deactivated
  #   - max_exec_count: the maximum number of retries for one job in case of an
  #     error
  #   - timeout: the maximum amount of time allowed for one execution of a job
  #
  # List of available workers:
  #
  #   - "export":          exporting data from a cozy instance
  #   - "konnector":       launching konnectors
  #   - "migrations":      transforming a VFS with Swift to layout v3
  #   - "push":            sending push notifications
  #   - "sendmail":        sending mails
  #   - "service":         launching services
  #   - "share-replicate": for cozy to cozy sharing
  #   - "share-track":     idem
  #   - "share-upload":    idem
  #   - "thumbnail":       creatings and deleting thumbnails for images
  #   - "unzip":           unzipping tarball
  #   - "updates":         run updates for installed applications (deprecated)
  #   - "zip":             creating a zip tarball
  #
  # When no configuration is given for a worker, a default configuration is
  # used. When a false boolean value is given, the worker is deactivated.
  #
  # To deactivate all workers, the workers field can be set to "false" or
  # "none".
  workers:
    # thumbnail:
    #   concurrency: {{mul .NumCPU 4}}
    #   max_exec_count: 2
    #   timeout: 15s

    # konnector:
    #   concurrency: {{.NumCPU}}
    #   max_exec_count: 2
    #   timeout: 200s

    # service:
    #   concurrency: {{.NumCPU}}
    #   max_exec_count: 2
    #   timeout: 200s

    # export:
    #   concurrency: 4
    #   max_exec_count: 1
    #   timeout: 200s

    # push:     false
    # sendmail: false

  # Sets the default duration of jobs database documents to keep
  defaultDurationToKeep: "2W" # Keep 2 weeks

# konnectors execution parameters for executing external processes.
konnectors:
  cmd: /usr/local/cozy-stack/scripts/konnector-node-run.sh # run connectors with node
  # cmd: ./scripts/konnector-rkt-run.sh # run connectors with rkt
  # cmd: ./scripts/konnector-nsjail-node8-run.sh # run connectors with nsjail

# mail service parameters for sending email via SMTP
mail:
  # mail noreply address - flags: --mail-noreply-address
  noreply_address: ecolyodemo@alpha.grandlyon.com
  noreply_name: Cozy_Alpha
  # mail smtp host - flags: --mail-host
  host: mail.alpha.grandlyon.com
  # mail smtp port - flags: --mail-port
  port: 587
  # mail smtp username - flags: --mail-username
  username: ecolyodemo@alpha.grandlyon.com
  # mail smtp password - flags: --mail-password
  password: {{.Env.COZY_MAIL_PASSWORD}}
  # disable mail tls - flags: --mail-disable-tls
  disable_tls: false
  # skip the certificate validation (may be useful on localhost)
  skip_certificate_validation: false

# directory with the hooks scripts - flags: --hooks
hooks: ./scripts/hooks

# location of the database for IP -> City lookups - flags: --geodb
# See https://dev.maxmind.com/geoip/geoip2/geolite2/
geodb: ""

# minimal duration between two password reset
password_reset_interval: 15m

# redis namespace to configure its usage for different part of the stack. redis
# is not mandatory and is specifically useful to run the stack in an
# environment where multiple stacks run simultaneously.
redis:
  # the redis clients created can be configured to be used with a cluster of
  # redis. if addrs field is left empty, redis is not used.

  # either a single address or a seed list of host:port addresses
  # of cluster/sentinel nodes separated by whitespaces.
  addrs: # localhost:1234 localhost:4321

  # the sentinel master name - only failover clients.
  master:

  # redis password
  password:

  # databases number for each part of the stack using a specific database.
  databases:
    jobs: 0
    cache: 1
    lock: 2
    sessions: 3
    downloads: 4
    konnectors: 5
    realtime: 6
    log: 7
    rate_limiting: 8

  # advanced parameters for advanced users

  # dial_timeout: 5s
  # read_timeout: 3s
  # write_timeout: 3s
  # pool_size: max(25, 10 * runtime.NumCPU())  # pool_size cannot be below 25
  # pool_timeout: 3s
  # idle_timeout: 5m
  # idle_check_frequency: 1m

  # enables read only queries on slave nodes.
  # read_only_slave: false

# Registries used for applications and konnectors
registries:
  default:
    - https://apps-registry.cozycloud.cc/

notifications:
  # Activate development APIs (iOS only)
  development: false

  # Firebase Cloud Messaging API Key for Android notifications
  # android_api_key: ""

  # APNS/2 certificates for iOS notifications
  # ios_certificate_key_path: path/to/certificate.p12
  # ios_certificate_password: mycertificatepasswordifany
  # ios_key_id: my_key_id_if_any
  # ios_team_id: my_team_id_if_any

# Allowed domains for the CSP policy used in hosted web applications
csp_allowlist:
  style: https://fonts.googleapis.com/
  font: https://fonts.gstatic.com/
  img: https://statweb.grandlyon.com/
  script: https://grandlyon.errors.cozycloud.cc/ https://statweb.grandlyon.com/
  frame: https://statweb.grandlyon.com/
  connect: https://grandlyon.errors.cozycloud.cc/ https://fonts.gstatic.com/


# It can useful to disable the CSP policy to debug and test things in local
# disable_csp: true

log:
  # logger level (debug, info, warning, panic, fatal) - flags: --log-level
  level: info
  # send logs to the local syslog - flags: --log-syslog
  syslog: false

# It is possible to customize some behaviors of cozy-stack in function of the
# context of an instance (the context field of the settings document of this
# instance). Here, the "beta" context is customized with.
contexts:
  beta:
    # Indicates if debug related features should be enabled in front
    # applications.
    debug: false
    # Redirect to a specific route of cozy-collect after the onboarding
    onboarded_redirection: collect/#/discovery/?intro
    # Redirect to the photos application after login
    default_redirection: drive/#/files
    # Allow to customize the cozy-bar link to the help
    help_link: https://forum.cozy.io/
    # Coming soon applications listed in the Cozy Bar's app panel
    # Will be removed when the store will be available.
    coming_soon:
      store:
        editor: 'Cozy'
        name: 'Store'
        slug: 'store'
        category: 'cozy'
    # claudy actions list
    claudy_actions:
      - desktop
      - mobile
    # konnectors slugs to exclude from cozy-collect
    exclude_konnectors:
      - a_konnector_slug
    # If enabled, this option will skip permissions verification during
    # webapp/konnectors installs & updates processes
    permissions_skip_verification: false
    # By default, only the store app can install and update applications. But,
    # if this setting is enabled, it allows other applications with the right
    # permission to install and update applications.
    allow_install_via_a_permission: true
    # Tells if the photo folder should be created or not during the instance
    # creation
    init_photos_folder: true
    # Allows to override the default template "Cozy" title by your own title
    templates_title: "My Personal Cloud"
    # Use a different noreply mail for this context
    noreply_address: noreply@cozy.beta
    noreply_name: My Cozy Beta

authentication:
  open-id-connect:
    disable_password_authentication: true
    oidc:
      client_id: cozy
      client_secret: 75209b5d-302a-40c5-9a4e-823d792fa2fe
      scope: openid profile
      redirect_uri: https://COZY_TLD/oidc/redirect
      authorize_url: https://OIDC_IDP/auth/realms/cozy/protocol/openid-connect/auth
      token_url: https://OIDC_IDP/auth/realms/cozy/protocol/openid-connect/token
      userinfo_url: https://OIDC_IDP/auth/realms/cozy/protocol/openid-connect/userinfo
      userinfo_instance_field: preferred_username
      userinfo_instance_prefix:
      userinfo_instance_suffix: .COZY_TLD
      allow_oauth_token: false