342 lines
11 KiB
YAML
342 lines
11 KiB
YAML
# SPDX-FileCopyrightText: 2022-2024 Sarah Vaupel <sarah.vaupel@uniworx.de>, Gregor Kleen <gregor.kleen@ifi.lmu.de>,Sarah Vaupel <sarah.vaupel@ifi.lmu.de>,Steffen Jost <jost@tcs.ifi.lmu.de>,Wolfgang Witt <Wolfgang.Witt@campus.lmu.de>
|
|
#
|
|
# SPDX-License-Identifier: AGPL-3.0-or-later
|
|
|
|
# Values formatted like "_env:ENV_VAR_NAME:default_value" can be overridden by the specified environment variable.
|
|
# See https://github.com/yesodweb/yesod/wiki/Configuration#overriding-configuration-values-with-environment-variables
|
|
# NB: If you need a numeric value (e.g. 123) to parse as a String, wrap it in single quotes (e.g. "_env:PGPASS:'123'")
|
|
# See https://github.com/yesodweb/yesod/wiki/Configuration#parsing-numeric-values-as-strings
|
|
|
|
static-dir: "_env:STATIC_DIR:static"
|
|
well-known-dir: "_env:WELL_KNOWN_DIR:well-known"
|
|
well-known-link-file: include.html
|
|
|
|
bundler-manifest: "_env:BUNDLER_MANIFEST:config/manifest.json"
|
|
host: "_env:HOST:*4" # any IPv4 host
|
|
port: "_env:PORT:3000"
|
|
ip-from-header: "_env:IP_FROM_HEADER:false"
|
|
approot: "_env:APPROOT:http://localhost:3000"
|
|
# approot:
|
|
# default: "http://localhost:3000"
|
|
# user-generated: "http://127.0.0.1:3000"
|
|
mail-from:
|
|
name: "_env:MAILFROM_NAME:Uni2work"
|
|
email: "_env:MAILFROM_EMAIL:uniworx@localhost"
|
|
mail-object-domain: "_env:MAILOBJECT_DOMAIN:localhost"
|
|
mail-use-replyto-instead-sender: "_env:MAIL_USES_REPLYTO:true"
|
|
mail-reroute-to:
|
|
name: "_env:MAIL_REROUTE_TO_NAME:"
|
|
email: "_env:MAIL_REROUTE_TO_EMAIL:"
|
|
#mail-verp:
|
|
# separator: "_env:VERP_SEPARATOR:+"
|
|
# prefix: "_env:VERP_PREFIX:bounce"
|
|
mail-support:
|
|
name: "_env:MAILSUPPORT_NAME:"
|
|
email: "_env:MAILSUPPORT:uni2work@ifi.lmu.de"
|
|
mail-retain-sent: 31470547
|
|
|
|
legal-external:
|
|
- language: "en"
|
|
imprint: "https://www.fraport.com/en/tools/imprint.html"
|
|
data-protection: "https://www.fraport.com/en/our-group/data-protection-statement.html"
|
|
terms-of-use: "https://www.fraport.com/en/tools/legal-information.html"
|
|
payments: "https://www.fraport.com/de/geschaeftsfelder/service/geschaeftspartner/richtlinien-und-zahlungsbedingungen.html"
|
|
- language: "de"
|
|
imprint: "https://www.fraport.com/de/tools/impressum.html"
|
|
data-protection: "https://www.fraport.com/de/konzern/datenschutz.html"
|
|
terms-of-use: "https://www.fraport.com/de/tools/disclaimer.html"
|
|
payments: "https://www.fraport.com/de/geschaeftsfelder/service/geschaeftspartner/richtlinien-und-zahlungsbedingungen.html"
|
|
|
|
job-workers: "_env:JOB_WORKERS:10"
|
|
job-flush-interval: "_env:JOB_FLUSH:30"
|
|
job-cron-interval: "_env:CRON_INTERVAL:60"
|
|
job-stale-threshold: 1800
|
|
job-move-threshold: 30
|
|
notification-rate-limit: 3600
|
|
notification-collate-delay: 7200
|
|
notification-expiration: 259200
|
|
session-timeout: 7200
|
|
bearer-expiration: 604800
|
|
bearer-encoding: HS256
|
|
maximum-content-length: "_env:MAX_UPLOAD_SIZE:805306368"
|
|
session-files-expire: 3600
|
|
prune-unreferenced-files-within: 604801
|
|
prune-unreferenced-files-interval: 3600
|
|
keep-unreferenced-files: 86400
|
|
health-check-interval:
|
|
matching-cluster-config: "_env:HEALTHCHECK_INTERVAL_MATCHING_CLUSTER_CONFIG:600"
|
|
http-reachable: "_env:HEALTHCHECK_INTERVAL_HTTP_REACHABLE:600"
|
|
ldap-admins: "_env:HEALTHCHECK_INTERVAL_LDAP_ADMINS:600"
|
|
smtp-connect: "_env:HEALTHCHECK_INTERVAL_SMTP_CONNECT:600"
|
|
widget-memcached: "_env:HEALTHCHECK_INTERVAL_WIDGET_MEMCACHED:600"
|
|
active-job-executors: "_env:HEALTHCHECK_INTERVAL_ACTIVE_JOB_EXECUTORS:60"
|
|
does-flush: "_env:HEALTHCHECK_INTERVAL_DOES_FLUSH:15"
|
|
health-check-delay-notify: "_env:HEALTHCHECK_DELAY_NOTIFY:true"
|
|
health-check-http: "_env:HEALTHCHECK_HTTP:true" # Can we assume, that we can reach ourselves under APPROOT via HTTP (reverse proxies or firewalls might prevent this)?
|
|
|
|
health-check-active-job-executors-timeout: "_env:HEALTHCHECK_ACTIVE_JOB_EXECUTORS_TIMEOUT:5"
|
|
health-check-active-widget-memcached-timeout: "_env:HEALTHCHECK_ACTIVE_WIDGET_MEMCACHED_TIMEOUT:2"
|
|
health-check-smtp-connect-timeout: "_env:HEALTHCHECK_SMTP_CONNECT_TIMEOUT:5"
|
|
health-check-ldap-admins-timeout: "_env:HEALTHCHECK_LDAP_ADMINS_TIMEOUT:60"
|
|
health-check-http-reachable-timeout: "_env:HEALTHCHECK_HTTP_REACHABLE_TIMEOUT:2"
|
|
health-check-matching-cluster-config-timeout: "_env:HEALTHCHECK_MATCHING_CLUSTER_CONFIG_TIMEOUT:2"
|
|
|
|
synchronise-ldap-users-within: "_env:SYNCHRONISE_LDAP_WITHIN:1209600" # 14 Tage in Sekunden
|
|
synchronise-ldap-users-interval: "_env:SYNCHRONISE_LDAP_INTERVAL:3600" # jede Stunde
|
|
|
|
synchronise-avs-users-within: "_env:SYNCHRONISE_AVS_WITHIN:5702400" # alle 66 Tage
|
|
synchronise-avs-users-interval: "_env:SYNCHRONISE_AVS_INTERVAL:21600" # alle 6 Stunden
|
|
|
|
study-features-recache-relevance-within: 172800
|
|
study-features-recache-relevance-interval: 293
|
|
|
|
# Enqueue at specified hour, a few minutes later
|
|
# job-lms-qualifications-enqueue-hour: 15
|
|
# job-lms-qualifications-dequeue-hour: 3
|
|
|
|
log-settings:
|
|
detailed: "_env:DETAILED_LOGGING:false"
|
|
all: "_env:LOG_ALL:false"
|
|
minimum-level: "_env:LOGLEVEL:warn"
|
|
destination: "_env:LOGDEST:stderr"
|
|
serializable-transaction-retry-limit: 2
|
|
|
|
ip-retention-time: 1209600
|
|
|
|
# Debugging
|
|
auth-dummy-login: "_env:DUMMY_LOGIN:false"
|
|
allow-deprecated: "_env:ALLOW_DEPRECATED:false"
|
|
encrypt-errors: "_env:ENCRYPT_ERRORS:true"
|
|
server-session-acid-fallback: "_env:SERVER_SESSION_ACID_FALLBACK:false"
|
|
|
|
auth-pw-hash:
|
|
algorithm: pbkdf2
|
|
strength: 14
|
|
|
|
# Optional values with the following production defaults.
|
|
# In development, they default to the opposite.
|
|
# reload-templates: false
|
|
# mutable-static: false
|
|
# skip-combining: false
|
|
# clear-cache: false
|
|
|
|
database:
|
|
user: "_env:PGUSER:uniworx"
|
|
password: "_env:PGPASS:uniworx"
|
|
host: "_env:PGHOST:localhost"
|
|
port: "_env:PGPORT:5432"
|
|
# See config/test-settings.yml for an override during tests
|
|
database: "_env:PGDATABASE:uniworx"
|
|
poolsize: "_env:PGPOOLSIZE:990"
|
|
|
|
auto-db-migrate: '_env:AUTO_DB_MIGRATE:true'
|
|
|
|
ldap:
|
|
- host: "_env:LDAPHOST:"
|
|
tls: "_env:LDAPTLS:"
|
|
port: "_env:LDAPPORT:389"
|
|
user: "_env:LDAPUSER:"
|
|
pass: "_env:LDAPPASS:"
|
|
baseDN: "_env:LDAPBASE:"
|
|
scope: "_env:LDAPSCOPE:WholeSubtree"
|
|
timeout: "_env:LDAPTIMEOUT:5"
|
|
search-timeout: "_env:LDAPSEARCHTIME:5"
|
|
pool:
|
|
stripes: "_env:LDAPSTRIPES:1"
|
|
timeout: "_env:LDAPTIMEOUT:20"
|
|
limit: "_env:LDAPLIMIT:10"
|
|
|
|
ldap-re-test-failover: 60
|
|
|
|
lms-direct:
|
|
upload-header: "_env:LMSUPLOADHEADER:true"
|
|
upload-delimiter: "_env:LMSUPLOADDELIMITER:"
|
|
download-header: "_env:LMSDOWNLOADHEADER:true"
|
|
download-delimiter: "_env:LMSDOWNLOADDELIMITER:,"
|
|
download-cr-lf: "_env:LMSDOWNLOADCRLF:true"
|
|
deletion-days: "_env:LMSDELETIONDAYS:7"
|
|
|
|
avs:
|
|
host: "_env:AVSHOST:skytest.fra.fraport.de"
|
|
port: "_env:AVSPORT:443"
|
|
user: "_env:AVSUSER:fradrive"
|
|
pass: "_env:AVSPASS:"
|
|
|
|
lpr:
|
|
host: "_env:LPRHOST:fravm017173.fra.fraport.de"
|
|
port: "_env:LPRPORT:515"
|
|
queue: "_env:LPRQUEUE:fradrive"
|
|
|
|
smtp:
|
|
host: "_env:SMTPHOST:"
|
|
port: "_env:SMTPPORT:25"
|
|
ssl: "_env:SMTPSSL:starttls"
|
|
auth:
|
|
type: login
|
|
user: "_env:SMTPUSER:"
|
|
pass: "_env:SMTPPASS:"
|
|
pool:
|
|
stripes: "_env:SMTPSTRIPES:1"
|
|
timeout: "_env:SMTPTIMEOUT:20"
|
|
limit: "_env:SMTPLIMIT:10"
|
|
|
|
widget-memcached:
|
|
host: "_env:WIDGET_MEMCACHED_HOST:localhost"
|
|
port: "_env:WIDGET_MEMCACHED_PORT:11211"
|
|
auth: []
|
|
limit: "_env:WIDGET_MEMCACHED_LIMIT:1024"
|
|
timeout: "_env:WIDGET_MEMCACHED_TIMEOUT:20"
|
|
base-url: "_env:WIDGET_MEMCACHED_ROOT:"
|
|
expiration: "_env:WIDGET_MEMCACHED_EXPIRATION:3600"
|
|
|
|
session-memcached:
|
|
host: "_env:SESSION_MEMCACHED_HOST:localhost"
|
|
port: "_env:SESSION_MEMCACHED_PORT:11211"
|
|
auth: []
|
|
limit: "_env:SESSION_MEMCACHED_LIMIT:1024"
|
|
timeout: "_env:SESSION_MEMCACHED_TIMEOUT:20"
|
|
expiration: "_env:SESSION_MEMCACHED_EXPIRATION:28807"
|
|
|
|
|
|
# TODO: this one seems to be required!
|
|
memcached:
|
|
host: "_env:MEMCACHED_HOST:localhost"
|
|
port: "_env:MEMCACHED_PORT:11211"
|
|
auth: []
|
|
limit: "_env:MEMCACHED_LIMIT:1024"
|
|
timeout: "_env:MEMCACHED_TIMEOUT:20"
|
|
expiration: "_env:MEMCACHED_EXPIRATION:300"
|
|
memcache-auth: true
|
|
memcached-local:
|
|
maximum-ghost: 512
|
|
maximum-weight: 104857600 # 100MiB
|
|
|
|
upload-cache:
|
|
host: "_env:UPLOAD_S3_HOST:localhost" # should be optional, but all file transfers will be empty without an S3 cache
|
|
port: "_env:UPLOAD_S3_PORT:9000"
|
|
access-key: "_env:UPLOAD_S3_KEY_ID:minioadmin"
|
|
secret-key: "_env:UPLOAD_S3_KEY:minioadmin"
|
|
is-secure: "_env:UPLOAD_S3_SSL:false"
|
|
region: "_env:UPLOAD_S3_REGION:"
|
|
auto-discover-region: "_env:UPLOAD_S3_AUTO_DISCOVER_REGION:true"
|
|
disable-cert-validation: "_env:UPLOAD_S3_DISABLE_CERT_VALIDATION:false"
|
|
upload-cache-bucket: "uni2work-uploads"
|
|
upload-tmp-bucket: "uni2work-tmp"
|
|
|
|
inject-files: 601
|
|
rechunk-files: 1201
|
|
check-missing-files: 7207
|
|
|
|
file-upload-db-chunksize: 4194304 # 4MiB
|
|
file-chunking-target-exponent: 21 # 2MiB
|
|
file-chunking-hash-window: 4096
|
|
|
|
server-sessions:
|
|
idle-timeout: 28807
|
|
absolute-timeout: 604801
|
|
timeout-resolution: 601
|
|
persistent-cookies: true
|
|
session-token-start: null
|
|
session-token-expiration: 28807
|
|
session-token-encoding: HS256
|
|
|
|
session-token-clock-leniency-start: 5
|
|
bearer-token-clock-leniency-start: 5
|
|
upload-token-clock-leniency-start: 5
|
|
|
|
cookies:
|
|
SESSION:
|
|
same-site: lax
|
|
http-only: true
|
|
secure: "_env:SERVER_SESSION_COOKIES_SECURE:true"
|
|
XSRF-TOKEN:
|
|
expires: null
|
|
same-site: strict
|
|
http-only: false
|
|
secure: "_env:COOKIES_SECURE:true"
|
|
LANG:
|
|
expires: 12622780800
|
|
same-site: lax
|
|
http-only: false
|
|
secure: "_env:COOKIES_SECURE:true"
|
|
SYSTEM-MESSAGE-STATE:
|
|
expires: 12622780800
|
|
same-site: lax
|
|
http-only: false
|
|
secure: "_env:COOKIES_SECURE:true"
|
|
ACTIVE-AUTH-TAGS:
|
|
expires: 12622780800
|
|
same-site: lax
|
|
http-only: true
|
|
secure: "_env:COOKIES_SECURE:true"
|
|
|
|
external-apis-ping-interval: 300
|
|
external-apis-pong-timeout: 600
|
|
external-apis-expiry: 1200
|
|
|
|
user-defaults:
|
|
max-favourites: 0
|
|
max-favourite-terms: 2
|
|
theme: Default
|
|
date-time-format: "%d %b %y %R"
|
|
date-format: "%d %b %Y"
|
|
time-format: "%R"
|
|
download-files: false
|
|
warning-days: 1209600
|
|
show-sex: false
|
|
exam-office-get-synced: true
|
|
exam-office-get-labels: true
|
|
prefers-postal: true
|
|
|
|
|
|
instance-id: "_env:INSTANCE_ID:instance"
|
|
ribbon: "_env:RIBBON:"
|
|
|
|
|
|
favourites-quick-actions-burstsize: 40
|
|
favourites-quick-actions-avg-inverse-rate: 50e3 # µs/token
|
|
favourites-quick-actions-timeout: 40e-3 # s
|
|
favourites-quick-actions-cache-ttl: 120 # s
|
|
|
|
|
|
token-buckets:
|
|
inject-files:
|
|
depth: 20971520 # 20MiB
|
|
inv-rate: 9.5e-7 # 1MiB/s
|
|
initial-value: 0
|
|
inject-files-count:
|
|
depth: 100
|
|
inv-rate: 1
|
|
initial-value: 0
|
|
prune-files:
|
|
depth: 1572864000 # 1500MiB
|
|
inv-rate: 1.9e-6 # 2MiB/s
|
|
initial-value: 0
|
|
rechunk-files:
|
|
depth: 20971520 # 20MiB
|
|
inv-rate: 9.5e-7 # 1MiB/s
|
|
initial-value: 0
|
|
|
|
fallback-personalised-sheet-files-keys-expire: 2419200
|
|
|
|
download-token-expire: 604801
|
|
|
|
file-source-arc:
|
|
maximum-ghost: 512
|
|
maximum-weight: 1073741824 # 1GiB
|
|
file-source-prewarm:
|
|
maximum-weight: 1073741824 # 1GiB
|
|
start: 1800 # 30m
|
|
end: 600 # 10m
|
|
inhibit: 3600 # 60m
|
|
steps: 20
|
|
max-speedup: 3
|
|
|
|
bot-mitigations:
|
|
- only-logged-in-table-sorting
|
|
- unauthorized-form-honeypots
|
|
|
|
volatile-cluster-settings-cache-time: 10
|
|
|
|
communication-attachments-max-size: 20971520 # 20MiB
|