config_defaults.hjson

# Copyright © 2018, Octave Online LLC
#
# This file is part of Octave Online Server.
#
# Octave Online Server is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or (at your
# option) any later version.
#
# Octave Online Server is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
# or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Affero General Public
# License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with Octave Online Server.  If not, see
# <https://www.gnu.org/licenses/>.


#############
# IMPORTANT #
#############
#
# This file contains default configurations for Octave Online.
#
# Do NOT edit this file directly, unless you are making a contribution to
# Octave Online Server and wish to change these defaults for all users.
#
# To make custom local configurations, create a file "config.hjson" in this
# directory and add the keys you want to override into that file. You can use
# "config.sample.hjson" as a template for "config.hjson".
#


# # # # # # # # # # # # #
# Common configurations #
# # # # # # # # # # # # #

# Redis connection info
# To disable Redis (for testing only), set the hostname to ""
redis: {
	hostname: redis
	port: 6379
	options: {
		# Add a password here if your instance requires authentication:
		# auth_pass: xxxxxxxxx
	}

	# RATE LIMITING
	# Most keys added to Redis will have an expiration and an interval to touch the expiration. Setting these too low may overload Redis with expiration touch requests.
	# maxPayload determines when a message is too big to be sent over the main pub-sub pipe; a special client will be opened to receive the message. This makes that message slightly slower but clears up the pipe for other messages. This is most often used when transmitting large amounts of data like plot images.
	expire: {
		interval: 5000
		timeout: 16000
		timeoutShort: 6000
	}
	maxPayload: 10000
}

# MongoDB connection info
# To disable MongoDB (for testing only), set the hostname to ""
mongo: {
	hostname: mongod
	port: 27017
	db: oo
}

# Email SaaS settings
email: {
	# The email provider should be either "mailgun" or "postmark".
	provider: mailgun

	# Default headers for sending email
	from: Octave Online Server <example@example.com>

	# productName and supportUrl are used only for postmark
	productName: Octave Online Server
	supportUrl: http://localhost/
}

# Mailgun connection info
mailgun: {
	api_key: xxxxxxxxx
	domain: localhost
}

# Postmark connection info
postmark: {
	serverToken: xxxx-xxxx-xxxx
	# Postmark is configured to send email using a template. Please create a template in Postmark with the fields product_name, token_string, action_url, and support_url.
	templateAlias: xxxxxxxxx
	# MessageStream and Template to use for on-demand file snapshot emails. The template should have fields product_name, archive_desc, action_url, and support_url.
	onDemandSnapshots: {
		stream: "on-demand-file-snapshots",
		template: "on-demand-file-snapshots",
	}
}

# ReCAPTCHA connection info
recaptcha: {
	siteKey: xxxxxxxxx
	secretKey: xxxxxxxxx
}

# Patreon info
patreon: {
	client_id: xxxxxxxxx
	client_secret: xxxxxxxxx
	redirect_url: http://localhost/auth/patreon/callback
	# Send webhooks to /auth/patreon/webhook
	webhook_secret: xxxxxxxxx
	# A secret used for encoding the state to authenticate OAuth requests (make up a custom string)
	state_secret: xxxxxxxxx
	state_max_token_age: 1800000
	# Where to redirect the user if they link Patreon and aren't already a member
	login_redirect: https://www.patreon.com/bePatron?u=xxxxxxxxx&redirect_uri=http%3A%2F%2Flocalhost%2Fauth%2Fpatreon

	# A mapping from Patreon tiers to Octave Online Server tiers. Multiple Patreon tiers can map to the same Octave Online tier.
	# Four tier names are supported with icon assets: "root", "plus", "times", and "exp".
	# Example: Patreon tier with ID "12345" has vanity name "plus" and maps to the Octave Online "vip" tier.
	tiers: {
		# "12345": {
		# 	name: plus
		# 	oo_tier: vip
		# }
	}
}

# Rackspace connection info
rackspace: {
	username: xxxxxxxxx
	api_key: xxxxxxxxx
	identity_base_url: https://identity.api.rackspacecloud.com/v2.0/
	# Fill in the following with the region as xxx and the tenant ID as yyy
	servers_base_url: https://xxx.servers.api.rackspacecloud.com/v2/yyy/
	# The personality filename to send metadata to the instance
	personality_filename: /etc/oo-personality.json
}

# GCP connection info
gcp: {
	# Credentials for service worker to access GCP resources. Take the JSON blob that you download from the GCP cloud console and paste it here:
	# credentials: {
	# 	"type": "service_account",
	# 	"project_id": "...",
	# 	"private_key_id": "...",
	# 	"private_key": "...",
	# 	...
	# }
	credentials: false
	# Zone for compute API calls
	zone: us-central1-f
	# Managed Instance Group (MIG) autoscaler configurations
	instance_group_name: xxxxxxxxx
	instance_group_removal_method: abandon
	health_check_port: 3030
	# Cloud Storage Bucket for artifacts used for i18next locales; see cloudbuild.yaml in https://github.com/octave-online/oos-translations
	artifacts_bucket: artifacts.PROJECT_ID.appspot.com
  i18next_locales_tar_gz: objects/oos-translations/i18next_locales.tar.gz
  # Cloud Storage Bucket for user file snapshots
  snapshots_bucket: reposnapshots.PROJECT_ID.appspot.com
  # Cloud Storage Bucket for user file archive
  archive_bucket: repoarchive.PROJECT_ID.appspot.com
  # Amount of time for snapshot links to be valid (default: 72 hours = 259,200 seconds)
  snapshots_duration: 259200000
}

# StatsD connection info
statsd: {
	hostname: localhost
	port: 8125
}

# Gith server connection info (for git-http-backend and php-fpm)
# TODO: Consider making the service ports configurable.
gith: {
	hostname: utils-gith
}

# # # # # # # # # # # # # # # #
# Back Server configurations  #
# # # # # # # # # # # # # # # #

# Runtime details for the back server worker process
worker: {

	# LOGGING
	# The log directory should exist and be writeable by the server process.
	# "token" is the name of the worker written at the top of the log file.
	logDir: /srv/logs
	token: local
	monitorLogs: {
		subdir: monitor
	}
	sessionLogs: {
		subdir: sessions
		depth: 3
	}

	# SESSION QUEUE AGGRESSIVENESS
	# How frequently to check the queue for new jobs (ms).
	# When maxSessions is reached, don't get any more from the queue.
	clockInterval: {
		min: 1500
		max: 2500
	}
	maxSessions: 12
	# clockStrategy:
	#   - random = randomly choose a delay between clockInterval.min and clockInterval.max
	#   - weighted = choose a shorter delay if there are fewer online sessions, and a longer delay if there are more online sessions
	clockStrategy: random

	# PERMISSIONS
	# uid to use for file ownership; set this to the uid of the user running Octave.
	uid: 1000

	# SESSION HANDLING
	# When set to "destroy" (default), destroy sessions immediately when the client disconnects.  When set to "ignore", don't destroy sessions immediately, and let them be cleaned up when they expire (see redis.expire).  When set to "expireShort", set the expire timeout to config.redis.expire.timeoutShort and then ignore.
	onDisconnect: destroy
}

# Octave session settings
session: {

	# COMMAND AND SESSION TIMEOUTS
	# All times are in milliseconds.
	# legalTime is the amount of time initially given to commands; different values for guests and signed-in users.
	legalTime: {
		guest: 5000
		user: 10000
	}
	# countdownExtraTime is how much time to add when the user clicks the "Add __ Seconds" button near the timeout.
	# countdownRequestTime determines when to show the "Add ___ Seconds" button, based on the amount of time left on the clock.
	# countdownRequestTimeBuffer is how much sooner the server should allow extra-time requests; this is in order to prevent race conditions if the client-side and server-side clocks are slightly out of sync.
	countdownExtraTime: 15000
	countdownRequestTime: 3000
	countdownRequestTimeBuffer: 1000
	# timewarnTime is when to display the warning message in timewarnMessage that the session will be terminated soon.
	# timeoutTime is the amount of time a session is allowed to be idle before it is terminated by the server due to inactivity.
	# 10 min, 15 min
	timewarnTime: 600000
	timeoutTime: 900000
	timewarnMessage: 'NOTICE: Due to inactivity, your session will expire in five minutes.'

	# DATA SIZE LIMITS
	# All data sizes are in bytes.
	# payloadLimit is the number of bytes in command output before the command is paused; this prevents large amounts of data clogging the messaging pipeline and also reduces bandwidth for the user, possibly also preventing their browser from freezing. Different values for guests and signed-in users.
	payloadLimit: {
		guest: 5000
		user: 10000
	}
	# payloadMessageDelay is how much time to wait before allowing the user to restart the process; this is primarily to allow the buffer to flush before displaying the restart message.
	# payloadAcknowledgeDelay is how much time the user is given to restart the process.
	payloadMessageDelay: 100
	payloadAcknowledgeDelay: 5000
	# textFileSizeLimit is the maximum number of bytes per file to transmit for editing to the client.  This is in place for the same reason as payloadLimit.
	textFileSizeLimit: 50000
	# jsonMaxMessageLength is a hard ceiling on the amount of data that the GNU Octave process can send per message to the Octave Online session host process.  This sometimes manifests itself in errors involving plot images that are oversize.
	jsonMaxMessageLength: 1000000

	# URLREAD
	# For security, all HTTP requests from Octave processes (e.g., via the function urlread) are blocked by Octave Online Server by default.  This whitelist determines regular expression patterns to match against domain names to allow requests to those domains to pass through.
	urlreadPatterns: [
		^example\.com$
		^(.*\.)?coursera\.org$
	]
	# urlreadMaxBytes is the maximum file size of URLs read from urlread/urlwrite. These bytes have to be piped between Node and Octave, similar to plot images but in the other direction.
	urlreadMaxBytes: 5000000

	# OCTAVE SESSION HOST IMPLEMENTATION
	# Choices: "selinux", "docker", and "unsafe".
	# Refer to the README file for more details.
	implementation: unsafe
}

# Session pool settings
sessionManager: {
	# How often to log the currently active sessions (ms) and check command lag time.
	logInterval: 60000
	# How many sessions to keep in the pool: sessions without an owner that are pre-allocated so that when a user joins, a session is ready for them.
	poolSize: 2
	# How long to wait between creating sessions (ms), for rate limiting.
	poolInterval: 5000
	# Maximum time that a session can use to start up (ms); above this, the session will be destroyed before it reaches the pool.
	startupTimeLimit: 30000
	# Tier-dependent override to select a different pool than the tier name. Set to false to use the tier name as the pool name.
	poolTier: false
	# Tier-dependent boost to give sessions in the queue (used on front server).
	queueBoostTime: 0
}

# Server auto-maintenance settings
# Maintenance is designed for when multiple back servers are in a cluster; one of the servers in the cluster can take itself offline and perform maintenance, like cleaning up caches or doing a system reboot.
maintenance: {
	interval: 1800000
	requestInterval: 5000
	responseWaitTime: 3000
	pauseDuration: 15000
	maxNodesInMaintenance: 1
	minNodesInCluster: 2
}

# Git file server settings
git: {
	# Hostname for the git file server; it is expected that this server exposes a Git daemon (git:// protocol) on default port 9418 and the create-repo service on default port 3003 (see back-filesystem/README.md).
	hostname: utils-gitd
	# Author as shown in commit messages.
	author: {
		name: Octave Online Server
		email: localhost@localhost
	}
	gitDaemonPort: 9418
	createRepoPort: 3003
	# Time limit for committing to Git; if the time limit is exceeded, the commit is aborted.
	commitTimeLimit: 30000
	# Interval (in ms) for committing without the user having to request; behaves like an "auto-save" where changes to script files are persisted to the Git server.
	autoCommitInterval: 300000
	# Base URL of the HTTP frontend for the Git file server
	httpUrl: http://localhost/
	# Set this to false if your git version does not support "--allow-unrelated-histories" (before Git 2.9)
	supportsAllowUnrelatedHistories: true
}

# Docker implementation settings
docker: {
	cwd: /home/oo
	gitdir: /srv/git
	cpuShares: 512
	memoryShares: 256m
	diskQuotaKiB: 20480
	images: {
		filesystemSuffix: files
		octaveSuffix: 'octave:prod'
	}
}

# SELinux implementation settings
selinux: {
	cgroup: {
		# Name of the CGroup to create and use for Octave processes
		name: oo/octave
		# Configuration to mirror in /etc/cgconfig.d/oo.conf
		conf:
			'''
			group oo/octave {
				perm {
					admin {
						uid = root;
						gid = root;
					}
					task {
						uid = oo;
						gid = oo;
					}
				}
				cpu {
					cpu.shares = 128;
					cpu.cfs_period_us = 10000;
					cpu.cfs_quota_us = 8000;
				}
			}
			'''
	}
	prlimit: {
		# The amount of memory (address space) available to an Octave process. The default is 1GB. Note that the Octave runtime counts against the address space; it consumes in the ballpark of ~250MB, leaving the other 750MB to the user.
		addressSpace: 1000000000
	}
}

# Tier settings
# Tiers allow you to customize a number of different settings for different groups of users.  For example, this could be used to implement a free tier and a paid tier, where the paid tier gets more resources.
# A default tier, named _default, is always available.
# The following settings are customizable by tier:
#  - ads.disabled
#  - sessionManager.poolSize
#  - sessionManager.poolTier
#  - sessionManager.queueBoostTime
#  - selinux.cgroup.name
#  - selinux.prlimit.addressSpace
#  - session.legalTime.user
#  - session.payloadLimit.user
#  - session.countdownExtraTime
#  - session.countdownRequestTime
#  - session.timewarnTime
#  - session.timeoutTime
tiers: {
	# Default tier: no settings need to be customized.
	_default: {}

	# Maxima tier: set limits to very high values.
	_maxima: {
		sessionManager.poolSize: 1
		selinux.prlimit.addressSpace: -1
		# 15 min, 10 min, 5 min, 16 min, 21 min
		session.legalTime.user: 900000
		session.countdownExtraTime: 600000
		session.countdownRequestTime: 300000
		session.timewarnTime: 960000
		session.timeoutTime: 1260000
	}

	# Example custom tier: a tier named "vip" that gets additional memory (4GB)
	# vip: {
	# 	selinux.prlimit.addressSpace: 4000000000
	# }
}

# Flavor settings
# Flavors are different server configurations where an entire custom server spins up to handle a session.  The code currently handles this feature only on the Rackspace cloud.
flavors: {
	# Example custom flavor: named "basic" and mapped to the Rackspace flavor "memory1-15"
	# basic: {
	# 	rackspaceFlavor: memory1-15
	# 	# The image UUID to use when spinning up flavor servers
	# 	image_uuid: xxxx-xxxx-xxxx
	# 	# The UUID of the private network to which to add this server
	# 	network_uuid: xxxx-xxxx-xxxx
	# }
}

# Settings common to all flavors; may be overriden by custom flavors
flavorCommon: {
	defaultClusterSize: 2
	idleTime: 600000
	statusInterval: 300000
	blockVolume: true
}

# # # # # # # # # # # # # # # #
# Front Server configurations #
# # # # # # # # # # # # # # # #

# Authentication settings
auth: {
	google: {
		oauth_key: xxxxxxxxx.apps.googleusercontent.com
		oauth_secret: xxxxxxxxx
	}
	easy: {
		secret: xxxxxxxxx
		max_token_age: 900000
	}
	password: {
		salt_rounds: 10
		# Additional delay, in milliseconds, during auth requests
		delay: 100
	}
	# Basic Auth users for utils-admin and utils-auth
	utils_admin: {
		users: {
		}
	}
}

# Front server settings
front: {
	# SERVER HOST SETTINGS
	# protocol, hostname, and port are the *publicly-visible* URLs to be used for links, redirects, etc.
	protocol: http
	hostname: localhost
	port: 8080
	# listen_port is the port where the Node process should attach.  This might be different than the publicly-visible port if there is a proxy or other middleware.
	listen_port: 8080
	# static_path is the directory to serve; should be either the "app" (debug) or "dist" (production) directory of the client project.
	# A relative path is relative to the top-level projects directory (the directory where this file is located).
	static_path: client/dist

	# LOCALE SETTINGS
	# Both of these settings may be overriden in either buildData.json or front_setup.js. See src/app.ts for details.
	# locales_path is the path matching i18next translation files, with "{{lng}}" standing in for the language. A relative path is relative to the top-level projects directory.
	locales_path: "front/locales/{{lng}}.yaml"
	# locales is a list of languages to load from the above directory.
	locales: ["en"]

	# COOKIE SETTINGS
	# For the primary Octave Online Server session ID; there may be other cookies set on the client side, like those used to dismiss onboarding boxes.
	# Please set a custom cookie secret!
	cookie: {
		name: oo.sid
		secret: xxxxxxxxx
		max_age: 7889231400  # (3 months)
	}

	# OTHER OPTIONS
	# Timeout (in ms) for logging status of flavor servers.
	flavor_log_interval: 60000
	# Socket.io path. There may be situations where you need to change this, such as when performing server upgrades.
	socket_io_path: /socket.io
	# Whether to redirect HTTP to HTTPS in Express
	require_https: false
	# Interval (in ms) to clear the Express template view cache. This enables live changes to index.ejs and other template files in production. Set to 0 to disable clearing of the cache.
	view_cache_clear_interval: 120000
}

# Redirect Service settings
# These settings power "octav.onl" in official Octave Online.
redirect: {
	# e.g., "octav.onl"
	hostname: localhost
}

# Operational Transformation settings
# These are timeouts (in ms) that control the lifecycle of OT operations in Redis, used for shared workspaces.
ot: {
	operation_expire: 120000
	stats_interval: 60000
	document_expire: {
		interval: 120000
		timeout: 86400000
	}
}

# # # # # # # # # # # # #
# Client configurations #
# # # # # # # # # # # # #

# Advertisement settings
ads: {
	# Whether to hide ads from an authenticated user.
	disabled: false,

	# HTML code for the <head> block.
	# Example for AdSense:
	#
	#     '''
	#     <script data-ad-client="ca-pub-xxxxxxxx" async src="https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js"></script>
	#     '''
	#
	# The function "oo_enableAds()" will be called when it is confirmed that the current session is not from a paid subscriber:
	#
	#     '''
	#     <script type="text/javascript">
	#     window.oo_enableAds = function() {
	#         require(["fuse"]);
	#     }
	#     </script>
	#     '''
	head_html:
		'''
		'''

	# HTML code for the "abox" div in the <body> tag. The div must be enabled via CSS in a <style> tag.
	# Example for AdSense, creating a fixed 300x100 slot (use media queries to change the slot size based on screen size):
	#
	#     '''
	#     <style type="text/css">
	#     #abox { display: block; width: 100%; height: 100px; }
	#     .abox_content { width: 300px; height: 100px; }
	#     #main { top: 100px; right: 0; }
	#     </style>
	#     <ins class="adsbygoogle abox_content" id="abox_responsive"
	#       style="display:block;"
	#       data-ad-client="ca-pub-xxxxxxxx"
	#       data-ad-slot="xxxxxxxx"
	#       data-full-width-responsive="false"></ins>
	#     <script>
	#     (adsbygoogle = window.adsbygoogle || []).push({});
	#     </script>
	#     '''
	abox_html:
		'''
		'''
}

client: {
	# THEME COLLECTION
	# Choices: "server", "official", or some other theme collection that you create manually.
	# To avoid confusing the end user, do not use the theme collection "official" unless you are running on octave-online.net.
	theme_collection: server

	# FRONTEND OPTIONS
	# Title and meta-tag description to use, based on a key in the translation file. Before being added to the translation files, these options were "title" and "description" directly in this configuration file.
	title_key: "header.meta.server.title"
	description_key: "header.meta.server.desc"
	# Theme color; should be consistent with color1 in fire.styl
	theme_color: AD928E
	# Brand name, same across languages.
	app_name: Octave Online Server
	# Whether to show the splash screen and other onboarding bubbles to help new users learn how to use the software.
	onboarding: false
	# Number of milliseconds since the user's last_activity before displaying the Welcome Back message. Defaults to 200 days.
	welcome_back_ms: 17280000000

	# ANNOUNCEMENT MESSAGE
	# Set announcement_display to enable a dialog that is shown to users when visiting the page.  There are three options:
	#   - "on" => show the message to all visitors; this could announce expected system downtime, for example
	#   - "returning" => show the message to returning users only (those who have dismissed the onboarding screen); this could announce new feature to existing users, for example.  This setting only works if onboarding is set to true
	#   - "off" => disable the announcement screen
	# TODO: Re-engineer a way to set the announcement without rebuilding the app.
	announcement_display: "off"
	# Use the following variable to control the HTML shown in the announcement box.
	announcement_html:
		'''
		<p>Example announcement</p>
		'''

	# OTHER CLIENT OPTIONS
	# Application identifier for Google Universal Analytics (deprecated)
	gacode: xxxxxxxxx
	# Google Tag ID (GA4 Measurement ID). Instructions for how to get this:
	# <https://support.google.com/analytics/answer/9539598>
	gtagid: xxxxxxxxx
	# Application identifier for UserVoice
	uservoice: xxxxxxxxx
}