# Metacrypt production configuration # Copy to /srv/metacrypt/metacrypt.toml and adjust for your environment. [server] # Address to listen on. Use "0.0.0.0:8443" to listen on all interfaces. listen_addr = ":8443" # gRPC address for metacrypt-web to connect to. Required if running the # standalone web UI server. grpc_addr = ":9443" # TLS certificate and key. Metacrypt always terminates TLS. tls_cert = "/srv/metacrypt/certs/server.crt" tls_key = "/srv/metacrypt/certs/server.key" # Public base URL used in ACME directory responses. # external_url = "https://metacrypt.example.com" [web] # Address for the standalone web UI server (metacrypt-web) to listen on. listen_addr = ":8080" # gRPC address of the vault (must match server.grpc_addr above). vault_grpc = "127.0.0.1:9443" # CA certificate used to verify the vault's gRPC TLS certificate. # Required if the vault uses a self-signed or private CA cert. vault_ca_cert = "/srv/metacrypt/certs/server.crt" # TLS for the web UI itself. Leave empty to run plain HTTP behind a # reverse proxy, or set both to terminate TLS directly. # tls_cert = "/srv/metacrypt/certs/web.crt" # tls_key = "/srv/metacrypt/certs/web.key" [database] # SQLite database path. Created automatically on first run. # The directory must be writable by the metacrypt user. path = "/srv/metacrypt/metacrypt.db" [mcias] # MCIAS server URL for authentication. server_url = "https://mcias.metacircular.net:8443" # CA certificate for verifying the MCIAS server's TLS certificate. # Omit if MCIAS uses a publicly trusted certificate. # ca_cert = "/srv/metacrypt/certs/mcias-ca.crt" [seal] # Argon2id parameters for key derivation. # These are applied during initialization and stored alongside the encrypted # master key. Changing them here after init has no effect. # # Defaults are tuned for server hardware (3 iterations, 128 MiB, 4 threads). # Increase argon2_memory on machines with more RAM for stronger protection. # argon2_time = 3 # argon2_memory = 131072 # KiB (128 MiB) # argon2_threads = 4 [log] # Log level: debug, info, warn, error level = "info"