kindred/silo
1
1
Fork 0
Code Issues 30 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
127836f7ce91ca675605aa315872347d305997b4
silo/config.example.yaml
forbes-0023 127836f7ce docs: replace kindred.internal with example.internal in all docs and config 
Replace all references to internal hostnames (silo.kindred.internal,
psql.kindred.internal, minio.kindred.internal, ipa.kindred.internal,
keycloak.kindred.internal) with example.internal equivalents.

Replace gitea.kindred.internal and git.kindred.internal with the public
git.kindred-systems.com instance. Also fix stale silo-0062 repo name
in setup-host.sh and DEPLOYMENT.md.
2026-02-11 11:20:45 -06:00

94 lines
2.9 KiB
YAML
Raw Blame History

# Silo Configuration
# Copy to config.yaml and adjust for your environment
server:
host: "0.0.0.0"
port: 8080
base_url: "http://localhost:8080"
# read_only: false # Reject all write operations; toggle at runtime with SIGUSR1
database:
host: "psql.example.internal"
port: 5432
name: "silo"
user: "silo"
password: "" # Use SILO_DB_PASSWORD env var
sslmode: "require"
max_connections: 10
storage:
endpoint: "minio.example.internal:9000"
access_key: "" # Use SILO_MINIO_ACCESS_KEY env var
secret_key: "" # Use SILO_MINIO_SECRET_KEY env var
bucket: "silo-files"
use_ssl: true
region: "us-east-1"
schemas:
# Directory containing YAML schema files
directory: "/etc/silo/schemas"
# Default schema for new items
default: "kindred-rd"
freecad:
# URI scheme for "Open in FreeCAD" links
uri_scheme: "silo"
# Path to FreeCAD executable (for CLI operations)
executable: "/usr/bin/freecad"
# Authentication
# Set enabled: true to require login. When false, all routes are open
# with a synthetic "dev" user (admin role).
auth:
enabled: false
session_secret: "" # Use SILO_SESSION_SECRET env var in production
# Local accounts (username/password stored in Silo database)
local:
enabled: true
# Default admin account created on first startup (if username and password are set)
default_admin_username: "admin" # Use SILO_ADMIN_USERNAME env var
default_admin_password: "" # Use SILO_ADMIN_PASSWORD env var
# LDAP / FreeIPA
ldap:
enabled: false
url: "ldaps://ipa.example.internal"
base_dn: "dc=kindred,dc=internal"
user_search_dn: "cn=users,cn=accounts,dc=kindred,dc=internal"
# Optional service account for user search (omit for direct user bind)
# bind_dn: "uid=silo-service,cn=users,cn=accounts,dc=kindred,dc=internal"
# bind_password: "" # Use SILO_LDAP_BIND_PASSWORD env var
user_attr: "uid"
email_attr: "mail"
display_attr: "displayName"
group_attr: "memberOf"
# Map LDAP groups to Silo roles (checked in order: admin, editor, viewer)
role_mapping:
admin:
- "cn=silo-admins,cn=groups,cn=accounts,dc=kindred,dc=internal"
editor:
- "cn=silo-users,cn=groups,cn=accounts,dc=kindred,dc=internal"
- "cn=engineers,cn=groups,cn=accounts,dc=kindred,dc=internal"
viewer:
- "cn=silo-viewers,cn=groups,cn=accounts,dc=kindred,dc=internal"
tls_skip_verify: false
# OIDC / Keycloak
oidc:
enabled: false
issuer_url: "https://keycloak.example.internal/realms/silo"
client_id: "silo"
client_secret: "" # Use SILO_OIDC_CLIENT_SECRET env var
redirect_url: "https://silo.example.internal/auth/callback"
scopes: ["openid", "profile", "email"]
# Map Keycloak realm roles to Silo roles
admin_role: "silo-admin"
editor_role: "silo-editor"
default_role: "viewer" # Fallback if no role claim matches
# CORS origins (locked down when auth is enabled)
cors:
allowed_origins:
- "https://silo.example.internal"
Reference in New Issue View Git Blame Copy Permalink