zrok/etc/ctrl.yml

#    _____ __ ___ | | __
#   |_  / '__/ _ \| |/ /
#    / /| | | (_) |   <
#   /___|_|  \___/|_|\_\
# controller configuration
#

# The `v` field determines the configuration version. When software is released that changes the structure of the
# configuration, the software will expect this field to be incremented. This protects you against invalid configuration
# versions.
#
v: 3

admin:
  # The `secrets` array contains a list of strings that represent valid `ZROK_ADMIN_TOKEN` values to be used for
  # administration of the `zrok` controller.
  #
  # Change this for your installation.
  #
  secrets:
    -                             77623cad-1847-4d6d-8ffe-37defc33c909
  #
  # If `tou_link` is present, the frontend will display the "Terms of Use" link on the login and registration forms
  #
  tou_link:                       '<a href="https://google.com" target="_">Terms and Conditions</a>'

# The `bridge` section configures the `zrok controller metrics bridge`, specifying the source and sink where OpenZiti
# `fabric.usage` events are consumed and then sent into `zrok`. For production environments, we recommend that you use
# the `fileSource`, tailing the events from a JSON file written to by the OpenZiti controller. The `amqpSink` will then
# forward the events to an AMQP queue for consumption by multiple `zrok` controllers.
#
bridge:
  source:
    type:           fileSource
    path:           /tmp/fabric-usage.log
  sink:
    type:           amqpSink
    url:            amqp://guest:guest@localhost:5672
    queue_name:     events

# The `endpoint` section determines where the HTTP listener that serves the API and web console will be bound.
#
endpoint:
  host:                           0.0.0.0
  port:                           18080

# Outbound email configuration.
#
email:
  host:                           smtp.server.com
  port:                           587  # this must be a STARTTLS port, not the TLS port (465)
  username:                       ""
  password:                       ""
  from:                           ziggy@zrok.io

# Invites
#
invites:
  #
  # Setting `invites_open` to `true` will allow your service instance to allow users to request invites.
  #
  invites_open:                   false
  #
  # Setting `token_strategy` to `store` will use the `invite_tokens` table in the database for available invite tokens.
  #
  token_strategy:                 store
  #
  # Setting `token_contact` to something other than an empty string will show the contact information in the
  # `zrok invite` command.
  #
  token_contact:                  invite@zrok.io

# Service instance limits configuration.
#
# See `docs/guides/metrics-and-limits/configuring-limits.md` for details.
#
limits:
  environments:     -1
  shares:           -1
  bandwidth:
    per_account:
      period:       5m
      warning:
        rx:         -1
        tx:         -1
        total:      7242880
      limit:
        rx:         -1
        tx:         -1
        total:      10485760
    per_environment:
      period:       5m
      warning:
        rx:         -1
        tx:         -1
        total:      -1
      limit:
        rx:         -1
        tx:         -1
        total:      -1
    per_share:
      period:       5m
      warning:
        rx:         -1
        tx:         -1
        total:      -1
      limit:
        rx:         -1
        tx:         -1
        total:      -1
  enforcing:        false
  cycle:            5m

# Background maintenance job configuration. The `registration` job purges registration requests created through the
# `zrok invite` tool. The `reset_password` job purges password reset requests.
#
maintenance:
  registration:
    expiration_timeout:           24h
    check_frequency:              1h
    batch_limit:                  500
  reset_password:
    expiration_timeout:           15m
    check_frequency:              15m
    batch_limit:                  500

# Metrics configuration.
#
metrics:
  agent:
    # The `source` controls where the `zrok controller` looks to consume OpenZiti `fabric.usage` events. This works in
    # concert with the `bridge` section above to consume events from an AMQP queue. This can also be configured to work
    # with a `fileSource` (see the `bridge` section above for details), and also with a `websocketSource`.
    #
    source:
      type:         amqpSource
      url:          amqp://guest:guest@localhost:5672
      queue_name:   events
  #
  # The `influx` section configures access to the InfluxDB instance used to store `zrok` metrics.
  #
  influx:
    url:            "http://127.0.0.1:8086"
    bucket:         zrok
    org:            zrok
    token:          "<INFLUX TOKEN>"

# Configure password requirements for user accounts.
#
#passwords:
#  length:           8
#  require_capital:  true
#  require_numeric:  true
#  require_special:  true
#  # Denote which characters satisfy the `require_special` requirement. Note the need to escape specific characters.
#  valid_special_characters: "\"\\`'~!@#$%^&*()[],./"

# Configure the generated URL for the registration email. The registration token will be appended to this URL.
#
registration:
  registration_url_template:      https://zrok.server.com/register

# Configure the generated URL for password resets. The reset token will be appended to this URL.
#
reset_password:
  reset_url_template:             https://zrok.server.com/resetPassword

# Configure the controller database. Supports either PostgreSQL or sqlite3.
#
# sqlite3 only supports a single controller instance. To run multiple controllers, you must use PostgreSQL.
#
#store:
#  path:                           "host=127.0.0.1 user=zrok password=zrok dbname=zrok"
#  type:                           "postgres"
#
store:
  path:                           zrok.db
  type:                           sqlite3

# Ziti configuration.
#
ziti:
  api_endpoint:                   https://127.0.0.1:1280
  username:                       admin
  password:                       admin