diff --git a/drasl/config/config.toml.tmpl b/drasl/config/config.toml.tmpl new file mode 100644 index 0000000..f9bc023 --- /dev/null +++ b/drasl/config/config.toml.tmpl @@ -0,0 +1,23 @@ +# Drasl config — password-login mode (NO Keycloak/OIDC for now). +# TOML only (drasl has no env support). Rendered by tooling/render-config.sh +# -> drasl/config/config.toml (gitignored). Only ${BASE_DOMAIN} is substituted. +# Reached only via Caddy at auth.${BASE_DOMAIN}; drasl has no published host port. + +BaseURL = "http://auth.${BASE_DOMAIN}" +Domain = "auth.${BASE_DOMAIN}" +ListenAddress = "0.0.0.0:25585" # internal; Caddy reverse-proxies to it +DefaultAdminUsernames = ["admin"] + +# Password login: admin + guests register a username/password on the web UI. +AllowPasswordLogin = true + +# 1.21+ secure-profile fix: MUST pair with server ENFORCE_SECURE_PROFILE=FALSE. +# Both or neither — mixed auth breaks on MC 1.21+ with SignPublicKeys = true. +SignPublicKeys = false + +[ApplicationOwner] +Name = "Ulicraft" +Email = "admin@${BASE_DOMAIN}" + +# OIDC block intentionally omitted for now (no Keycloak). +# [[RegistrationOIDC]] <- future task