$schema: ../schemas/config.json
http_web:
  address: 0.0.0.0
  port: 8080
  exposed_url: https://www.example.com:8080
  tls: false
  # tls:
  #   key: /tls/tls.key
  #   cert: /tls/tls.cert
  compress:
  - gzip
  - deflate
  - br
  - identity
  etag: true
  cache_control:
    static_assets: public, max-age=3600
http_meta:
  # DO NOT expose the metadata API to the public internet
  address: 0.0.0.0
  port: 8081
  tls: false
oidc:
  server_url: https://oauth.example.com
  signing_algorithm: ES512
  client_id: your-client-id
  client_secret:
    from_env: OAUTH_CLIENT_SECRET
pkce_cookie:
  name: app_pkce_code
  secure: true
  ttl: 300
  code_bytes: 48
session_cookie:
  name: app_session_key
  secure: true
  ttl: 7200
  pepper:
    from_env: SESSION_HASH_PEPPER
snowflake_uid:
  epoch: 1577836800000
  instance: 0  # todo: This should be populated by a StatefulSet ordinal in k8s; Need to prototype
storage:
  engine: sqlite3
  pool_min: 2
  pool_max: 10
argon2:
  # Using the argon2id variant with a time cost of 3 and memory cost 64MiB (65536)
  # is the recommendation for memory constrained environments, according to RFC 9106. If
  # running in an environment that has more available memory to use, the preferred
  # configuration is to instead run with a time cost of 1 and memory cost of 2GiB (2097152).
  #
  # see: https://github.com/ranisalt/node-argon2/wiki/Options
  # see: https://www.rfc-editor.org/rfc/rfc9106.html#section-7.4
  hash_length: 100
  time_cost: 3
  memory_cost: 65536
  parallelism: 4
logging:
  level: info
  pretty: false