## trifid-api configuration file ##
# This file contains all of the buttons and knobs you can use to configure trifid to your liking.
# This file does not autoreload, you need to restart trifid-api for changes here to apply.


# [server] contains options for the HTTP server used to serve the API.
[server]
# (Required) What IP and port to bind the HTTP listener to.
bind = { ip = "::", port = 8080 }
# How many worker threads to start. The higher the number, the more resources trifid-api will use while idle, but
# the more parallel requests it can handle.
# Optional. Defaults to the number of physical CPUs in the system.
#workers = 16

# [database] contains options for the Postgres database used for all data storage
[database]
# (Required) The postgres database connection url to use
url = "postgres://postgres:postgres@localhost/trifid2"

# [email] contains options for the SMTP connection used to send magic link emails
[email]
# (Required) The mail server to connect to
server = "mail.e3t.cc"
# (Required) The SMTP port to connect to.
port = 465
# (Required) The username to authenticate with.
username = "core"
# (Required) The password to authenticate with. If set to $PASSWORD$, will be filled from the environment variable TRIFID_EMAIL_PASSWORD.
password = "$PASSWORD$"
# (Required) The "From Name" to send the email from
from_name = "Trifid"
# (Required) The address to send the email from
from_email = "core@e3t.cc"
# (Required) The email template to use. %TOKEN% will be replaced with the magic link token.
template = "Click this link to sign in! http://localhost:5173/magic-link?magicLinkToken=%TOKEN%\nAlternatively, use `%TOKEN%` with tfcli to log in."
# (Required) Should STARTTLS be used?
starttls = false

# [tokens] contains options for token expiry
[tokens]
# (Required) How long should magic links be valid for, in seconds?
magic_link_expiry_seconds = 3600 # 1 hour
# (Required) How long should session tokens be valid for, in seconds? This controls how long users can remain "identified"
# before they must re-identify via magic link.
session_token_expiry_seconds = 31536000 # ~1 year
# (Required) How long should auth tokens be valid for, in seconds? This controls how long users can remain logged in
# before they must re-authenticate via 2FA.
auth_token_expiry_seconds = 86400 # 24 hours
# (Required) (VERY IMPORTANT!) The per-instance encryption key used to encrypt sensitive data in the database.
# It is INCREDIBLY IMPORTANT that you change this value! It should be a 32-byte/256-bit hex-encoded randomly generated
# key.
data_encryption_key = "dd5aa62f0fd9b7fb4ff65567493f889557212f3a8e9587a79268161f9ae070a6"
# (Required) How long should client certs be valid for?
# Clients will require a config update after this period.
cert_expiry_time_seconds = 31536000 # ~1 year