50 lines
2.3 KiB
Plaintext
50 lines
2.3 KiB
Plaintext
# Omnigent server config — non-secret settings in one file.
|
|
#
|
|
# Copy to the persistent volume as `/data/config.yaml` (the default the
|
|
# server looks for), or point OMNIGENT_CONFIG at an explicit path. The
|
|
# server (Docker entrypoint, Databricks Apps, and `omnigent server -c`)
|
|
# reads the same keys — so a hosted deploy keeps its settings here just
|
|
# like a laptop does, instead of a pile of env vars.
|
|
#
|
|
# cp config.yaml.example /path/to/your/volume/config.yaml
|
|
# # then edit; takes effect on the next server start
|
|
#
|
|
# ── Secrets do NOT go here ──────────────────────────────────────────
|
|
# DATABASE_URL, the session cookie secret, and the OIDC client secret
|
|
# stay in the environment (.env / bootstrap.sh / your platform). This
|
|
# file is operator-editable and often world-readable on the box — keep
|
|
# credentials out of it.
|
|
|
|
# Admin roster (canonical). Identities promoted to admin on login —
|
|
# email in OIDC mode, username in accounts mode. Union'd with the
|
|
# runtime-editable `<data_dir>/admins` file (edit that for a no-restart
|
|
# change). Additive: removing an entry here does not demote on its own.
|
|
admins:
|
|
- alice@example.com
|
|
- bob@example.com
|
|
|
|
# OIDC access control: only these email domains may sign in (union'd
|
|
# with OMNIGENT_OIDC_ALLOWED_DOMAINS and the `<data_dir>/allowed_domains`
|
|
# file). Admin-listed and invited identities bypass this. Omit / empty
|
|
# to allow any authenticated IdP user (the OSS default).
|
|
allowed_domains:
|
|
- example.com
|
|
|
|
# Artifact store location (defaults to /data/artifacts in the Docker
|
|
# stack). database_uri may also live here, but for Docker the compose
|
|
# provides DATABASE_URL via env (it carries the password) — leave it
|
|
# unset here unless you self-manage the connection string.
|
|
# artifact_location: /data/artifacts
|
|
# database_uri: postgresql+psycopg://user:pw@host:5432/omnigent
|
|
|
|
# Extra Python modules scanned for POLICY_REGISTRY lists at startup.
|
|
# policy_modules:
|
|
# - myorg.policies.safety
|
|
|
|
# Copy-at-spawn limits. When a parent agent forwards files to a subagent,
|
|
# the server copies them through the destination session. These bound a
|
|
# single copy request so it can't spike shared-server memory; omit to use
|
|
# the built-in defaults (20 files / 256 MiB total).
|
|
# copy_max_files: 20
|
|
# copy_max_total_bytes: 268435456
|