// We can't use warn! here because logging isn't setup yet.
// We can't use warn! here because logging isn't setup yet.
println!("[WARNING] The following environment variables are being overriden by the config file,");
println!("[WARNING] The following environment variables are being overriden by the config file,");
println!("[WARNING] please use the admin panel to make changes to them:");
println!("[WARNING] please use the admin panel to make changes to them:");
@ -224,24 +227,27 @@ make_config! {
/// General settings
/// General settings
settings{
settings{
/// Domain URL |> This needs to be set to the URL used to access the server, including 'http[s]://' and port, if it's different than the default. Some server functions don't work correctly without this value
/// Domain URL |> This needs to be set to the URL used to access the server, including 'http[s]://'
/// and port, if it's different than the default. Some server functions don't work correctly without this value
/// Domain Set |> Indicates if the domain is set by the admin. Otherwise the default will be used.
/// Domain Set |> Indicates if the domain is set by the admin. Otherwise the default will be used.
domain_set: bool,false,def,false;
domain_set: bool,false,def,false;
/// Enable web vault
/// Enable web vault
web_vault_enabled: bool,false,def,true;
web_vault_enabled: bool,false,def,true;
/// Disable icon downloads |> Set to true to disable icon downloading, this would still serve icons from $ICON_CACHE_FOLDER,
/// Disable icon downloads |> Set to true to disable icon downloading, this would still serve icons from
/// but it won't produce any external network request. Needs to set $ICON_CACHE_TTL to 0,
/// $ICON_CACHE_FOLDER, but it won't produce any external network request. Needs to set $ICON_CACHE_TTL to 0,
/// otherwise it will delete them and they won't be downloaded again.
/// otherwise it will delete them and they won't be downloaded again.
disable_icon_download: bool,true,def,false;
disable_icon_download: bool,true,def,false;
/// Allow new signups |> Controls if new users can register. Note that while this is disabled, users could still be invited
/// Allow new signups |> Controls if new users can register. Note that while this is disabled, users could still be invited
signups_allowed: bool,true,def,true;
signups_allowed: bool,true,def,true;
/// Allow invitations |> Controls whether users can be invited by organization admins, even when signups are disabled
/// Allow invitations |> Controls whether users can be invited by organization admins, even when signups are disabled
invitations_allowed: bool,true,def,true;
invitations_allowed: bool,true,def,true;
/// Password iterations |> Number of server-side passwords hashing iterations. The changes only apply when a user changes their password. Not recommended to lower the value
/// Password iterations |> Number of server-side passwords hashing iterations.
/// The changes only apply when a user changes their password. Not recommended to lower the value
password_iterations: i32,true,def,100_000;
password_iterations: i32,true,def,100_000;
/// Show password hints |> Controls if the password hint should be shown directly in the web page. Otherwise, if email is disabled, there is no way to see the password hint
/// Show password hints |> Controls if the password hint should be shown directly in the web page.
/// Otherwise, if email is disabled, there is no way to see the password hint
show_password_hint: bool,true,def,true;
show_password_hint: bool,true,def,true;
/// Admin page token |> The token used to authenticate in this very same page. Changing it here won't deauthorize the current session
/// Admin page token |> The token used to authenticate in this very same page. Changing it here won't deauthorize the current session
@ -256,18 +262,31 @@ make_config! {
icon_cache_negttl: u64,true,def,259_200;
icon_cache_negttl: u64,true,def,259_200;
/// Icon download timeout |> Number of seconds when to stop attempting to download an icon.
/// Icon download timeout |> Number of seconds when to stop attempting to download an icon.
icon_download_timeout: u64,true,def,10;
icon_download_timeout: u64,true,def,10;
/// Icon blacklist Regex |> Any domains or IPs that match this regex won't be fetched by the icon service.
/// Useful to hide other servers in the local network. Check the WIKI for more details
icon_blacklist_regex: String,true,option;
/// Disable Two-Factor remember |> Enabling this would force the users to use a second factor to login every time.
/// Note that the checkbox would still be present, but ignored.
disable_2fa_remember: bool,true,def,false;
/// Reload templates (Dev) |> When this is set to true, the templates get reloaded with every request. ONLY use this during development, as it can slow down the server
/// Reload templates (Dev) |> When this is set to true, the templates get reloaded with every request.
/// ONLY use this during development, as it can slow down the server
reload_templates: bool,true,def,false;
reload_templates: bool,true,def,false;
/// Log routes at launch (Dev)
/// Log routes at launch (Dev)
log_mounts: bool,true,def,false;
log_mounts: bool,true,def,false;
/// Enable extended logging
/// Enable extended logging
extended_logging: bool,false,def,true;
extended_logging: bool,false,def,true;
/// Enable the log to output to Syslog
use_syslog: bool,false,def,false;
/// Log file path
/// Log file path
log_file: String,false,option;
log_file: String,false,option;
/// Log level
log_level: String,false,def,"Info".to_string();
/// Enable DB WAL |> Turning this off might lead to worse performance, but might help if using bitwarden_rs on some exotic filesystems, that do not support WAL. Please make sure you read project wiki on the topic before changing this setting.
/// Enable DB WAL |> Turning this off might lead to worse performance, but might help if using bitwarden_rs on some exotic filesystems,
/// that do not support WAL. Please make sure you read project wiki on the topic before changing this setting.
enable_db_wal: bool,false,def,true;
enable_db_wal: bool,false,def,true;
/// Disable Admin Token (Know the risks!) |> Disables the Admin Token for the admin page so you may use your own auth in-front
/// Disable Admin Token (Know the risks!) |> Disables the Admin Token for the admin page so you may use your own auth in-front
@ -286,6 +305,20 @@ make_config! {
yubico_server: String,true,option;
yubico_server: String,true,option;
},
},
/// Global Duo settings (Note that users can override them)
duo: _enable_duo{
/// Enabled
_enable_duo: bool,true,def,false;
/// Integration Key
duo_ikey: String,true,option;
/// Secret Key
duo_skey: Pass,true,option;
/// Host
duo_host: String,true,option;
/// Application Key (generated automatically)
_duo_akey: Pass,false,option;
},
/// SMTP Email Settings
/// SMTP Email Settings
smtp: _enable_smtp{
smtp: _enable_smtp{
/// Enabled
/// Enabled
@ -294,8 +327,10 @@ make_config! {
smtp_host: String,true,option;
smtp_host: String,true,option;
/// Enable SSL
/// Enable SSL
smtp_ssl: bool,true,def,true;
smtp_ssl: bool,true,def,true;
/// Use explicit TLS |> Enabling this would force the use of an explicit TLS connection, instead of upgrading an insecure one with STARTTLS