1.3. Configuration¶
All configuration options can either be configured by changing config.toml or setting the respective environment variable. Environment variables have higher priority than the configuration file.
For example, you can set the database url by either setting the
OKR_DATABASE_URLenvironment variable or by changingdatabase_urlin theokrsection of the config.
Below is an example configuration file:
config.toml¶# See [config.py] for detailed documentation on the possible values!
[okr]
# path to the database file - here: ./data/db.sqlite is used (file gets automatically created)
database_url = "sqlite+aiosqlite:///data/db.sqlite"
# list of websites that may access the OKR's public API
# at minimum, this has to contain the URL of the hosted frontend app
cors_allow_origins = ["https://example.com", "http://localhost:3000", "http://127.0.0.1:3000", "http://0.0.0.0:3000"]
[okr.admin]
# login data for the admin account
# automatically gets created on first app startup
username = "admin"
email = "admin@okr.local"
# generate by executing the following command:
#
# ./maintenance_script.py hash-password "<your-password-here>"
#
# The default value here is `password`, so you could theoretically also just leave it as is
# and change the password via the Web UI when using the app the first time (on your own responsibility)
password_hash = "$argon2id$v=19$m=65536,t=3,p=4$qP4cvuNyXxtoou7Hl7FcTA$4zJxdTYlLJDOuKlyPTep/I1RZQi2ZHS/99YprG5Rp+8"
[okr.jwt_config]
# generate randomly, e.g. via `pwgen 64 1`
secret = "<random-long-value-here>"
# after this period, users will automatically be logged out
validity_duration_hours = 24
[okr.twofa_config]
# name of the TOTP/webauthn issuer (will be displayed to users when they use 2FA)
app_name = "OKR-Tool"
# url to frontend without "https://"!
app_url = "example.com"
# how long a totp window should remain valid: 1 = 30s, 2 = 60s, ...
totp_valid_window = 1
The minimum changes you have to do are the following:
Change cors_allow_origins in okr to include the url of your frontend (e.g. https://okr.example.com)
Change the secret in okr.jwt_config to a randomly generated sequence of characters
Change the admin password by setting password_hash to the output of
./maintenance_script.py hash-password "<your-password-here>"
For further information about the configuration, please see the detailed documentation at config module.