Vervis/config/settings-default.yaml
fr33domlover fbc9ad2b30 Rotate actor key once a day by default, instead of once an hour
I'm not sure what the best balance is, but once an hour may end up causing a
lot more key re-fetch requests coming from other servers. I prefer to default
to once a day for now (maybe even once a week) and tighten it later if needed.

Caveat: If an instance key is rotated once a day, there's no
change-key-right-after-toot-deletion thing for deniability. Potentially,
rotation may happen only 24 hours after that deletion, which is much more than
1 hour. On the other hand, it's a whole instance key, not personal key of the
actor.
2019-02-07 23:28:39 +00:00

125 lines
4.2 KiB
YAML

# Values formatted like "_env:ENV_VAR_NAME:default_value" can be overridden by
# the specified environment variable. See the Yesod wiki, Configuration page.
###############################################################################
# Static files
###############################################################################
static-dir: "_env:STATIC_DIR:static"
###############################################################################
# HTTP server
###############################################################################
# any IPv4 host
host: "_env:HOST:*4"
# The port `yesod devel` uses is distinct from this value. Set the
# `yesod devel` port from the command line.
http-port: "_env:PORT:3000"
ip-from-header: "_env:IP_FROM_HEADER:false"
# Default behavior: determine the application root from the request headers.
# Uncomment to set an explicit approot
#approot: "_env:APPROOT:http://localhost:3000"
# Encryption key file for encrypting the session cookie sent to clients
client-session-key: config/client_session_key.aes
# How much time after the last request it takes for the session cookie to
# expire
client-session-timeout:
amount: 2
unit: hours
# Maximal accepted time difference between request date and current time, when
# performing this check during HTTP signature verification
request-time-limit:
amount: 5
unit: minutes
# How often to generate a new actor key for HTTP-signing requests
actor-key-rotation:
amount: 1
unit: days
###############################################################################
# Development
###############################################################################
# Optional values with the following production defaults.
# In development, they default to the inverse.
#
# development: false
# detailed-logging: false
# should-log-all: false
# reload-templates: false
# mutable-static: false
# skip-combining: false
# load-font-from-lib-data: false
###############################################################################
# SQL database
###############################################################################
# If you need a numeric value (e.g. 123) to parse as a String, wrap it in
# single quotes (e.g. "_env:PGPASS:'123'"). See the Yesod wiki, Configuration
# page.
database:
user: "_env:PGUSER:vervis_dev"
password: "_env:PGPASS:vervis_dev_password"
host: "_env:PGHOST:localhost"
port: "_env:PGPORT:5432"
database: "_env:PGDATABASE:vervis_dev"
poolsize: "_env:PGPOOLSIZE:10"
###############################################################################
# Version control repositories
###############################################################################
repo-dir: repos
diff-context-lines: 5
###############################################################################
# SSH server
###############################################################################
ssh-port: 5022
ssh-key-file: config/ssh-host-key
###############################################################################
# Accounts
###############################################################################
registration: false
max-accounts: 3
###############################################################################
# Mail
###############################################################################
# Optional SMTP server settings for sending email. If not provided, no email
# will be sent. The login field is optional, provide if you need SMTP
# authentication.
# mail:
# smtp:
# login:
# user: "_env:SMTPUSER:vervis_dev"
# password: "_env:SMTPPASS:vervis_dev_password"
# host: "_env:SMTPHOST:localhost"
# port: "_env:SMTPPORT:587"
# sender:
# name: "_env:SENDERNAME:vervis"
# email: "_env:SENDEREMAIL:vervis@vervis.vervis"
# allow-reply: false
###############################################################################
# Federation
###############################################################################
# Signing key file for signing object capabilities sent to remote users
capability-signing-key: config/capability_signing_key