#    _____ __ ___ | | __
#   |_  / '__/ _ \| |/ /
#    / /| | | (_) |   <
#   /___|_|  \___/|_|\_\
# controller configuration
#

# The `v` field determines the configuration version. When software is released that changes the structure of the
# configuration, the software will expect this field to be incremented. This protects you against invalid configuration
# versions.
#
v:                                2

admin:
  # The `secrets` array contains a list of strings that represent valid `ZROK_ADMIN_TOKEN` values to be used for
  # administration of the `zrok` controller.
  #
  # Change this for your installation.
  #
  secrets:
    -                             77623cad-1847-4d6d-8ffe-37defc33c909
  # if `tou_link` is present, the frontend will display the "Terms of Use" link on the login and registration forms
  #
  tou_link:                       '<a href="https://google.com" target="_">Terms and Conditions</a>'

# The `endpoint` section determines where the HTTP listener that serves the API and web console will be bound.
#
endpoint:
  host:                           0.0.0.0
  port:                           18080

# Outbound email configuration.
#
email:
  host:                           smtp.server.com
  port:                           587
  username:                       ""
  password:                       ""
  from:                           ziggy@zrok.io

# InfluxDB configuration. InfluxDB is used to support sparkline displays in the web console.
#
influx:
  url:                            http://127.0.0.1:8086
  bucket:                         zrok
  org:                            zrok
  token:                          ""

# Instance-wide limits for per-user limits. `-1` represents unlimited. Each user can have the `limitless` flag set on
# their record in the `accounts` table in the database, to allow the user to ignore the instance-wide limits.
#
limits:
  environments:                   -1
  shares:                         -1

# Background maintenance job configuration. The `registration` job purges registration requests created through the
# `zrok invite` tool. The `reset_password` job purges password reset requests.
#
maintenance:
  registration:
    expiration_timeout:           24h
    check_frequency:              1h
    batch_limit:                  500
  reset_password:
    expiration_timeout:           15m
    check_frequency:              15m
    batch_limit:                  500

# The name of the service used to report metrics from the frontends (`zrok access public`) to the zrok controller
# fleet.
#
metrics:
  service_name:     metrics

# Configure the generated URL for the registration email. The registration token will be appended to this URL.
#
registration:
  registration_url_template:      https://zrok.server.com/register
  token_strategy:                 store

# Configure the generated URL for password resets. The reset token will be appended to this URL.
#
reset_password:
  reset_url_template:             https://zrok.server.com/resetPassword

# Configure the controller database. Supports either PostgreSQL or sqlite3.
#
# sqlite3 only supports a single controller instance. To run multiple controllers, you must use PostgreSQL.
#
#store:
#  path:                           "host=127.0.0.1 user=zrok password=zrok dbname=zrok"
#  type:                           "postgres"
#
store:
  path:                           zrok.db
  type:                           sqlite3

# Ziti configuration.
#
ziti:
  api_endpoint:                   https://127.0.0.1:1280
  username:                       admin
  password:                       admin