kindred/silo
1
1
Fork 0
Code Issues 30 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
fix-sse-read-deadline
silo/config.example.yaml
Forbes de8370481f chore: fix stale docs, add read_only to config example 
- Update COMPONENT_AUDIT.md: replace htmx reference with React SPA
- Add server.read_only to config.example.yaml and CONFIGURATION.md
2026-02-08 16:07:05 -06:00

94 lines
2.9 KiB
YAML
Raw Permalink Blame History

# Silo Configuration
# Copy to config.yaml and adjust for your environment
server:
host: "0.0.0.0"
port: 8080
base_url: "http://localhost:8080"
# read_only: false # Reject all write operations; toggle at runtime with SIGUSR1
database:
host: "psql.kindred.internal"
port: 5432
name: "silo"
user: "silo"
password: "" # Use SILO_DB_PASSWORD env var
sslmode: "require"
max_connections: 10
storage:
endpoint: "minio.kindred.internal:9000"
access_key: "" # Use SILO_MINIO_ACCESS_KEY env var
secret_key: "" # Use SILO_MINIO_SECRET_KEY env var
bucket: "silo-files"
use_ssl: true
region: "us-east-1"
schemas:
# Directory containing YAML schema files
directory: "/etc/silo/schemas"
# Default schema for new items
default: "kindred-rd"
freecad:
# URI scheme for "Open in FreeCAD" links
uri_scheme: "silo"
# Path to FreeCAD executable (for CLI operations)
executable: "/usr/bin/freecad"
# Authentication
# Set enabled: true to require login. When false, all routes are open
# with a synthetic "dev" user (admin role).
auth:
enabled: false
session_secret: "" # Use SILO_SESSION_SECRET env var in production
# Local accounts (username/password stored in Silo database)
local:
enabled: true
# Default admin account created on first startup (if username and password are set)
default_admin_username: "admin" # Use SILO_ADMIN_USERNAME env var
default_admin_password: "" # Use SILO_ADMIN_PASSWORD env var
# LDAP / FreeIPA
ldap:
enabled: false
url: "ldaps://ipa.kindred.internal"
base_dn: "dc=kindred,dc=internal"
user_search_dn: "cn=users,cn=accounts,dc=kindred,dc=internal"
# Optional service account for user search (omit for direct user bind)
# bind_dn: "uid=silo-service,cn=users,cn=accounts,dc=kindred,dc=internal"
# bind_password: "" # Use SILO_LDAP_BIND_PASSWORD env var
user_attr: "uid"
email_attr: "mail"
display_attr: "displayName"
group_attr: "memberOf"
# Map LDAP groups to Silo roles (checked in order: admin, editor, viewer)
role_mapping:
admin:
- "cn=silo-admins,cn=groups,cn=accounts,dc=kindred,dc=internal"
editor:
- "cn=silo-users,cn=groups,cn=accounts,dc=kindred,dc=internal"
- "cn=engineers,cn=groups,cn=accounts,dc=kindred,dc=internal"
viewer:
- "cn=silo-viewers,cn=groups,cn=accounts,dc=kindred,dc=internal"
tls_skip_verify: false
# OIDC / Keycloak
oidc:
enabled: false
issuer_url: "https://keycloak.kindred.internal/realms/silo"
client_id: "silo"
client_secret: "" # Use SILO_OIDC_CLIENT_SECRET env var
redirect_url: "https://silo.kindred.internal/auth/callback"
scopes: ["openid", "profile", "email"]
# Map Keycloak realm roles to Silo roles
admin_role: "silo-admin"
editor_role: "silo-editor"
default_role: "viewer" # Fallback if no role claim matches
# CORS origins (locked down when auth is enabled)
cors:
allowed_origins:
- "https://silo.kindred.internal"
Reference in New Issue View Git Blame Copy Permalink