kindred/silo
1
1
Fork 0
Code Issues 30 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
silo/config.example.yaml
Forbes 88d1ab1f97 refactor(storage): remove MinIO backend, filesystem-only storage 
Remove the MinIO/S3 storage backend entirely. The filesystem backend is
fully implemented, already used in production, and a migrate-storage tool
exists for any remaining MinIO deployments to migrate beforehand.

Changes:
- Delete MinIO client implementation (internal/storage/storage.go)
- Delete migrate-storage tool (cmd/migrate-storage, scripts/migrate-storage.sh)
- Remove MinIO service, volumes, and env vars from all Docker Compose files
- Simplify StorageConfig: remove Endpoint, AccessKey, SecretKey, Bucket,
  UseSSL, Region fields; add SILO_STORAGE_ROOT_DIR env override
- Change all SQL COALESCE defaults from 'minio' to 'filesystem'
- Add migration 020 to update column defaults to 'filesystem'
- Remove minio-go/v7 dependency (go mod tidy)
- Update all config examples, setup scripts, docs, and tests
2026-02-19 14:36:22 -06:00

91 lines
2.9 KiB
YAML
Raw Permalink Blame History

# Silo Configuration
# Copy to config.yaml and adjust for your environment
server:
host: "0.0.0.0"
port: 8080
base_url: "http://localhost:8080"
# read_only: false # Reject all write operations; toggle at runtime with SIGUSR1
database:
host: "localhost" # Use "postgres" for Docker Compose
port: 5432
name: "silo"
user: "silo"
password: "" # Use SILO_DB_PASSWORD env var
sslmode: "require" # Use "disable" for Docker Compose (internal network)
max_connections: 10
storage:
backend: "filesystem"
filesystem:
root_dir: "/opt/silo/data" # Override with SILO_STORAGE_ROOT_DIR env var
schemas:
# Directory containing YAML schema files
directory: "/etc/silo/schemas"
# Default schema for new items
default: "kindred-rd"
freecad:
# URI scheme for "Open in FreeCAD" links
uri_scheme: "silo"
# Path to FreeCAD executable (for CLI operations)
executable: "/usr/bin/freecad"
# Authentication
# Set enabled: true to require login. When false, all routes are open
# with a synthetic "dev" user (admin role).
auth:
enabled: false
session_secret: "" # Use SILO_SESSION_SECRET env var in production
# Local accounts (username/password stored in Silo database)
local:
enabled: true
# Default admin account created on first startup (if username and password are set)
default_admin_username: "admin" # Use SILO_ADMIN_USERNAME env var
default_admin_password: "" # Use SILO_ADMIN_PASSWORD env var
# LDAP / FreeIPA
ldap:
enabled: false
url: "ldaps://ipa.example.internal"
base_dn: "dc=kindred,dc=internal"
user_search_dn: "cn=users,cn=accounts,dc=kindred,dc=internal"
# Optional service account for user search (omit for direct user bind)
# bind_dn: "uid=silo-service,cn=users,cn=accounts,dc=kindred,dc=internal"
# bind_password: "" # Use SILO_LDAP_BIND_PASSWORD env var
user_attr: "uid"
email_attr: "mail"
display_attr: "displayName"
group_attr: "memberOf"
# Map LDAP groups to Silo roles (checked in order: admin, editor, viewer)
role_mapping:
admin:
- "cn=silo-admins,cn=groups,cn=accounts,dc=kindred,dc=internal"
editor:
- "cn=silo-users,cn=groups,cn=accounts,dc=kindred,dc=internal"
- "cn=engineers,cn=groups,cn=accounts,dc=kindred,dc=internal"
viewer:
- "cn=silo-viewers,cn=groups,cn=accounts,dc=kindred,dc=internal"
tls_skip_verify: false
# OIDC / Keycloak
oidc:
enabled: false
issuer_url: "https://keycloak.example.internal/realms/silo"
client_id: "silo"
client_secret: "" # Use SILO_OIDC_CLIENT_SECRET env var
redirect_url: "https://silo.example.internal/auth/callback"
scopes: ["openid", "profile", "email"]
# Map Keycloak realm roles to Silo roles
admin_role: "silo-admin"
editor_role: "silo-editor"
default_role: "viewer" # Fallback if no role claim matches
# CORS origins (locked down when auth is enabled)
cors:
allowed_origins:
- "https://silo.example.internal"
Reference in New Issue View Git Blame Copy Permalink