# SPDX-FileCopyrightText: 2022-2024 Sarah Vaupel , David Mosbach , Gregor Kleen , Sarah Vaupel , Steffen Jost , Wolfgang Witt # # SPDX-License-Identifier: AGPL-3.0-or-later # Values formatted like "_env:ENV_VAR_NAME:default_value" can be overridden by the specified environment variable. # See https://github.com/yesodweb/yesod/wiki/Configuration#overriding-configuration-values-with-environment-variables # NB: If you need a numeric value (e.g. 123) to parse as a String, wrap it in single quotes (e.g. "_env:PGPASS:'123'") # See https://github.com/yesodweb/yesod/wiki/Configuration#parsing-numeric-values-as-strings static-dir: "_env:STATIC_DIR:static" well-known-dir: "_env:WELL_KNOWN_DIR:well-known" well-known-link-file: html_code.html webpack-manifest: "_env:WEBPACK_MANIFEST:config/webpack.yml" host: "_env:HOST:*4" # any IPv4 host port: "_env:PORT:3000" ip-from-header: "_env:IP_FROM_HEADER:false" approot: "_env:APPROOT:http://localhost:3000" # approot: # default: "http://localhost:3000" # user-generated: "http://127.0.0.1:3000" mail-from: name: "_env:MAILFROM_NAME:Uni2work" email: "_env:MAILFROM_EMAIL:uniworx@localhost" mail-object-domain: "_env:MAILOBJECT_DOMAIN:localhost" mail-use-replyto-instead-sender: "_env:MAIL_USES_REPLYTO:true" mail-reroute-to: name: "_env:MAIL_REROUTE_TO_NAME:" email: "_env:MAIL_REROUTE_TO_EMAIL:" #mail-verp: # separator: "_env:VERP_SEPARATOR:+" # prefix: "_env:VERP_PREFIX:bounce" mail-support: name: "_env:MAILSUPPORT_NAME:" email: "_env:MAILSUPPORT:uni2work@ifi.lmu.de" mail-retain-sent: 31470547 legal-external: - language: "en" imprint: "https://www.fraport.com/en/tools/imprint.html" data-protection: "https://www.fraport.com/en/our-group/data-protection-statement.html" terms-of-use: "https://www.fraport.com/en/tools/legal-information.html" payments: "https://www.fraport.com/de/geschaeftsfelder/service/geschaeftspartner/richtlinien-und-zahlungsbedingungen.html" - language: "de" imprint: "https://www.fraport.com/de/tools/impressum.html" data-protection: "https://www.fraport.com/de/konzern/datenschutz.html" terms-of-use: "https://www.fraport.com/de/tools/disclaimer.html" payments: "https://www.fraport.com/de/geschaeftsfelder/service/geschaeftspartner/richtlinien-und-zahlungsbedingungen.html" job-workers: "_env:JOB_WORKERS:10" job-flush-interval: "_env:JOB_FLUSH:30" job-cron-interval: "_env:CRON_INTERVAL:60" job-stale-threshold: 1800 job-move-threshold: 30 notification-rate-limit: 3600 notification-collate-delay: 7200 notification-expiration: 259200 session-timeout: 7200 bearer-expiration: 604800 bearer-encoding: HS256 maximum-content-length: "_env:MAX_UPLOAD_SIZE:805306368" session-files-expire: 3600 prune-unreferenced-files-within: 604801 prune-unreferenced-files-interval: 3600 keep-unreferenced-files: 86400 health-check-interval: matching-cluster-config: "_env:HEALTHCHECK_INTERVAL_MATCHING_CLUSTER_CONFIG:600" http-reachable: "_env:HEALTHCHECK_INTERVAL_HTTP_REACHABLE:600" ldap-admins: "_env:HEALTHCHECK_INTERVAL_LDAP_ADMINS:600" # TODO: either generalize over every external auth sources, or otherwise reimplement for different semantics smtp-connect: "_env:HEALTHCHECK_INTERVAL_SMTP_CONNECT:600" widget-memcached: "_env:HEALTHCHECK_INTERVAL_WIDGET_MEMCACHED:600" active-job-executors: "_env:HEALTHCHECK_INTERVAL_ACTIVE_JOB_EXECUTORS:60" does-flush: "_env:HEALTHCHECK_INTERVAL_DOES_FLUSH:15" health-check-delay-notify: "_env:HEALTHCHECK_DELAY_NOTIFY:true" health-check-http: "_env:HEALTHCHECK_HTTP:true" # Can we assume, that we can reach ourselves under APPROOT via HTTP (reverse proxies or firewalls might prevent this)? health-check-active-job-executors-timeout: "_env:HEALTHCHECK_ACTIVE_JOB_EXECUTORS_TIMEOUT:5" health-check-active-widget-memcached-timeout: "_env:HEALTHCHECK_ACTIVE_WIDGET_MEMCACHED_TIMEOUT:2" health-check-smtp-connect-timeout: "_env:HEALTHCHECK_SMTP_CONNECT_TIMEOUT:5" health-check-ldap-admins-timeout: "_env:HEALTHCHECK_LDAP_ADMINS_TIMEOUT:60" # TODO: either generalize over every external auth sources, or otherwise reimplement for different semantics health-check-http-reachable-timeout: "_env:HEALTHCHECK_HTTP_REACHABLE_TIMEOUT:2" health-check-matching-cluster-config-timeout: "_env:HEALTHCHECK_MATCHING_CLUSTER_CONFIG_TIMEOUT:2" synchronise-avs-users-within: "_env:SYNCHRONISE_AVS_WITHIN:5702400" # alle 66 Tage synchronise-avs-users-interval: "_env:SYNCHRONISE_AVS_INTERVAL:21600" # alle 6 Stunden study-features-recache-relevance-within: 172800 study-features-recache-relevance-interval: 293 # Enqueue at specified hour, a few minutes later # job-lms-qualifications-enqueue-hour: 15 # job-lms-qualifications-dequeue-hour: 3 log-settings: detailed: "_env:DETAILED_LOGGING:false" all: "_env:LOG_ALL:false" minimum-level: "_env:LOGLEVEL:warn" destination: "_env:LOGDEST:stderr" serializable-transaction-retry-limit: 2 ip-retention-time: 1209600 # Debugging auth-dummy-login: "_env:DUMMY_LOGIN:false" allow-deprecated: "_env:ALLOW_DEPRECATED:false" encrypt-errors: "_env:ENCRYPT_ERRORS:true" server-session-acid-fallback: "_env:SERVER_SESSION_ACID_FALLBACK:false" auth-pw-hash: algorithm: pbkdf2 strength: 14 # Optional values with the following production defaults. # In development, they default to the opposite. # reload-templates: false # mutable-static: false # skip-combining: false # clear-cache: false database: user: "_env:PGUSER:uniworx" password: "_env:PGPASS:uniworx" host: "_env:PGHOST:127.0.0.1" port: "_env:PGPORT:5432" # See config/test-settings.yml for an override during tests database: "_env:PGDATABASE:uniworx" poolsize: "_env:PGPOOLSIZE:990" auto-db-migrate: "_env:AUTO_DB_MIGRATE:true" # External sources used for user authentication and userdata lookups user-auth: # mode: single-source protocol: azureadv2 config: client-id: "_env:AZURECLIENTID:00000000-0000-0000-0000-000000000000" client-secret: "_env:AZURECLIENTSECRET:''" tenant-id: "_env:AZURETENANTID:00000000-0000-0000-0000-000000000000" scopes: "_env:AZURESCOPES:[ID,Profile]" # protocol: "ldap" # config: # host: "_env:LDAPHOST:" # tls: "_env:LDAPTLS:" # port: "_env:LDAPPORT:389" # user: "_env:LDAPUSER:" # pass: "_env:LDAPPASS:" # baseDN: "_env:LDAPBASE:" # scope: "_env:LDAPSCOPE:WholeSubtree" # timeout: "_env:LDAPTIMEOUT:5" # search-timeout: "_env:LDAPSEARCHTIME:5" single-sign-on: "_env:OIDC_SSO:false" # Automatically redirect to SSO route when not signed on # Note: This will force authentication, thus the site will be inaccessible without external credentials. Only use this option when it is ensured that every user that should be able to access the site has valid external credentials! auto-sign-on: "_env:AUTO_SIGN_ON:false" # TODO: generalize for arbitrary auth protocols # TODO: maybe use separate pools for external databases? ldap-pool: stripes: "_env:LDAPSTRIPES:1" timeout: "_env:LDAPTIMEOUT:20" limit: "_env:LDAPLIMIT:10" # TODO: reintroduce and move into failover settings once failover mode has been reimplemented # user-retest-failover: 60 # TODO; maybe implement syncWithin and syncInterval per auth source user-sync-within: "_env:USER_SYNC_WITHIN:1209600" # 14 Tage in Sekunden user-sync-interval: "_env:USER_SYNC_INTERVAL:3600" # jede Stunde lms-direct: upload-header: "_env:LMSUPLOADHEADER:true" upload-delimiter: "_env:LMSUPLOADDELIMITER:" download-header: "_env:LMSDOWNLOADHEADER:true" download-delimiter: "_env:LMSDOWNLOADDELIMITER:," download-cr-lf: "_env:LMSDOWNLOADCRLF:true" deletion-days: "_env:LMSDELETIONDAYS:7" avs: host: "_env:AVSHOST:skytest.fra.fraport.de" port: "_env:AVSPORT:443" user: "_env:AVSUSER:fradrive" pass: "_env:AVSPASS:" lpr: host: "_env:LPRHOST:fravm017173.fra.fraport.de" port: "_env:LPRPORT:515" queue: "_env:LPRQUEUE:fradrive" smtp: host: "_env:SMTPHOST:" port: "_env:SMTPPORT:25" ssl: "_env:SMTPSSL:starttls" auth: type: login user: "_env:SMTPUSER:" pass: "_env:SMTPPASS:" pool: stripes: "_env:SMTPSTRIPES:1" timeout: "_env:SMTPTIMEOUT:20" limit: "_env:SMTPLIMIT:10" widget-memcached: host: "_env:WIDGET_MEMCACHED_HOST:localhost" port: "_env:WIDGET_MEMCACHED_PORT:11211" auth: [] limit: "_env:WIDGET_MEMCACHED_LIMIT:1024" timeout: "_env:WIDGET_MEMCACHED_TIMEOUT:20" base-url: "_env:WIDGET_MEMCACHED_ROOT:" expiration: "_env:WIDGET_MEMCACHED_EXPIRATION:3600" session-memcached: host: "_env:SESSION_MEMCACHED_HOST:localhost" port: "_env:SESSION_MEMCACHED_PORT:11211" auth: [] limit: "_env:SESSION_MEMCACHED_LIMIT:1024" timeout: "_env:SESSION_MEMCACHED_TIMEOUT:20" expiration: "_env:SESSION_MEMCACHED_EXPIRATION:28807" memcached: host: "_env:MEMCACHED_HOST:localhost" port: "_env:MEMCACHED_PORT:11211" auth: [] limit: "_env:MEMCACHED_LIMIT:1024" timeout: "_env:MEMCACHED_TIMEOUT:20" expiration: "_env:MEMCACHED_EXPIRATION:300" memcache-auth: true memcached-local: maximum-ghost: 512 maximum-weight: 104857600 # 100MiB upload-cache: host: "_env:UPLOAD_S3_HOST:" # should be optional, but all file transfers will be empty without an S3 cache port: "_env:UPLOAD_S3_PORT:9000" access-key: "_env:UPLOAD_S3_KEY_ID:" secret-key: "_env:UPLOAD_S3_KEY" is-secure: "_env:UPLOAD_S3_SSL:false" region: "_env:UPLOAD_S3_REGION:" auto-discover-region: "_env:UPLOAD_S3_AUTO_DISCOVER_REGION:true" disable-cert-validation: "_env:UPLOAD_S3_DISABLE_CERT_VALIDATION:false" upload-cache-bucket: "uni2work-uploads" upload-tmp-bucket: "uni2work-tmp" inject-files: 601 rechunk-files: 1201 check-missing-files: 7207 file-upload-db-chunksize: 4194304 # 4MiB file-chunking-target-exponent: 21 # 2MiB file-chunking-hash-window: 4096 server-sessions: idle-timeout: 28807 absolute-timeout: 604801 timeout-resolution: 601 persistent-cookies: true session-token-start: null session-token-expiration: 28807 session-token-encoding: HS256 session-token-clock-leniency-start: 5 bearer-token-clock-leniency-start: 5 upload-token-clock-leniency-start: 5 cookies: SESSION: same-site: lax http-only: true secure: "_env:SERVER_SESSION_COOKIES_SECURE:true" XSRF-TOKEN: expires: null same-site: strict http-only: false secure: "_env:COOKIES_SECURE:true" LANG: expires: 12622780800 same-site: lax http-only: false secure: "_env:COOKIES_SECURE:true" SYSTEM-MESSAGE-STATE: expires: 12622780800 same-site: lax http-only: false secure: "_env:COOKIES_SECURE:true" ACTIVE-AUTH-TAGS: expires: 12622780800 same-site: lax http-only: true secure: "_env:COOKIES_SECURE:true" external-apis-ping-interval: 300 external-apis-pong-timeout: 600 external-apis-expiry: 1200 user-defaults: max-favourites: 0 max-favourite-terms: 2 theme: Default date-time-format: "%d %b %y %R" date-format: "%d %b %Y" time-format: "%R" download-files: false warning-days: 1209600 show-sex: false exam-office-get-synced: true exam-office-get-labels: true prefers-postal: true instance-id: "_env:INSTANCE_ID:instance" ribbon: "_env:RIBBON:" favourites-quick-actions-burstsize: 40 favourites-quick-actions-avg-inverse-rate: 50e3 # µs/token favourites-quick-actions-timeout: 40e-3 # s favourites-quick-actions-cache-ttl: 120 # s token-buckets: inject-files: depth: 20971520 # 20MiB inv-rate: 9.5e-7 # 1MiB/s initial-value: 0 inject-files-count: depth: 100 inv-rate: 1 initial-value: 0 prune-files: depth: 1572864000 # 1500MiB inv-rate: 1.9e-6 # 2MiB/s initial-value: 0 rechunk-files: depth: 20971520 # 20MiB inv-rate: 9.5e-7 # 1MiB/s initial-value: 0 fallback-personalised-sheet-files-keys-expire: 2419200 download-token-expire: 604801 file-source-arc: maximum-ghost: 512 maximum-weight: 1073741824 # 1GiB file-source-prewarm: maximum-weight: 1073741824 # 1GiB start: 1800 # 30m end: 600 # 10m inhibit: 3600 # 60m steps: 20 max-speedup: 3 bot-mitigations: - only-logged-in-table-sorting - unauthorized-form-honeypots volatile-cluster-settings-cache-time: 10 communication-attachments-max-size: 20971520 # 20MiB