36 lines
1.4 KiB
TOML
36 lines
1.4 KiB
TOML
[server]
|
|
listen = ":8080"
|
|
storage_dir = "./interfaces"
|
|
|
|
# ── Identity & access control ───────────────────────────────────────────────
|
|
# The end-user identity is read from a header set by a trusted authenticating
|
|
# reverse proxy. Leave trusted_user_header empty for unproxied/dev/LAN use.
|
|
# SECURITY: only enable this when the proxy strips any client-supplied value of
|
|
# this header, otherwise it can be spoofed.
|
|
trusted_user_header = "" # e.g. "X-Forwarded-User"
|
|
# Identity used when the trusted header is absent/empty. Empty = anonymous.
|
|
default_user = ""
|
|
|
|
# Every user is trusted with full write access by default. The blacklist
|
|
# downgrades specific users. Levels: "readonly" (view only, no writes) or
|
|
# "noaccess" (denied entirely).
|
|
# [[server.blacklist]]
|
|
# user = "guest"
|
|
# level = "readonly"
|
|
|
|
# Named sets of users, referenced by per-panel sharing rules (future phases).
|
|
# [[groups]]
|
|
# name = "operators"
|
|
# members = ["alice", "bob"]
|
|
|
|
[datasource.epics]
|
|
enabled = true
|
|
ca_addr_list = "" # overrides EPICS_CA_ADDR_LIST if set
|
|
archive_url = "" # EPICS Archive Appliance base URL
|
|
channel_finder_url = "" # e.g. http://channelfinder:8080/ChannelFinder
|
|
auto_sync_filter = "" # e.g. area=StorageRing or tags=production
|
|
|
|
[datasource.synthetic]
|
|
enabled = true
|
|
definitions_file = "./synthetic.json"
|