# Emissary server configuration

# Logger configuration
logger:
  # Logging verbosity
  # DEBUG: 0
  # INFO: 1
  # WARN: 2
  # ERROR: 3
  # CRITICAL: 4
  level: 1
  # Logging format
  # Possible values: human, json
  format: human

# Server configuration
server:
  # HTTP server configuration
  http:
    # Listening address (0.0.0.0 to listen on all interfaces)
    host: 0.0.0.0
    # Listening port
    port: 3000
  
  # Database configuration
  database:
    # Database driver
    # Possible values: sqlite
    driver: sqlite
    # Database DSN
    # sqlite: see https://github.com/mattn/go-sqlite3#connection-string
    dsn: sqlite:///var/lib/emissary/data.sqlite?_pragma=foreign_keys(1)&_pragma=busy_timeout=60000
  
  # CORS configuration
  # See https://developer.mozilla.org/en/docs/Glossary/CORS
  cors:
    allowedOrigins: []
    allowCredentials: true
    allowMethods:
      - POST
      - GET
      - PUT
      - DELETE
    allowedHeaders:
      - Origin
      - Accept
      - Content-Type
      - Authorization
      - Sentry-Trace
  
  # Auth configuration
  auth:
    # Local authentication configuration
    local:
      privateKeyPath: /var/lib/emissary/server-key.json
    
    # Remote authentication configuration
    # Disabled by default
    remote: ~
      # jwksUrl: https://my-server/.well-known/jwks.json

    # Role extraction rules
    # Permit to derivate user's role 
    # from the received JWT.
    #
    # The first rule returning a non empty
    # string will define the role of the user.
    #
    # The role should be 'reader' or 'writer'.
    roleExtractionRules:
      - "jwt.role != nil ? str(jwt.role) : ''"