Files
veola/config.toml.example
prosolis 72f4bdd88a Add ntfy Basic auth, sign-out button, config-only credentials
- ntfy client supports HTTP Basic auth (username/password) for servers with
  access control; [ntfy] config gains username/password. Scheduler + Test Ntfy
  use it instead of the old settings-only bearer token.
- Settings page no longer has credential inputs (Apify/eBay/ntfy/Resend); they
  are managed in config.toml. Read-only status + Test buttons remain.
- Sidebar gains a Sign out button; in forward-auth mode it routes through the
  Authentik outpost sign_out so the IdP session is cleared.
2026-06-20 14:56:24 -07:00

106 lines
4.7 KiB
Plaintext

[server]
port = 8080
db_path = "./veola.db"
# Sets the Secure attribute on the session cookie. Leave true for any
# HTTPS-reachable deployment, including behind a TLS-terminating proxy such as
# Traefik. Defaults to true if omitted; set false only for local plain-HTTP
# development on a non-localhost address.
secure_cookies = true
[security]
# Both must be at least 32 bytes and different from each other.
# Generate with: openssl rand -hex 32
session_secret = "change-this-to-a-random-32-byte-string-aaaa"
encryption_key = "change-this-to-a-different-random-32-byte-string-bb"
# Identity. mode = "local" (default) uses Veola's own password login. mode =
# "forward" additionally trusts identity headers set by a reverse proxy doing
# forward-auth (Traefik in front of Authentik); local password login stays
# available as a break-glass fallback. Users are matched/created by EMAIL.
#
# SECURITY: forward-auth headers are honored ONLY when the direct connection
# comes from a CIDR in trusted_proxies. Without this, anyone who can reach the
# port could spoof the headers. Set it to your proxy's address(es). Veola
# refuses to start in forward mode with an empty trusted_proxies list.
[auth]
mode = "local"
# trusted_proxies = ["127.0.0.1/32"] # required when mode = "forward"
# admin_group = "veola-admins" # IdP group that maps to the admin role
# Header names default to Authentik's; override only if your proxy differs.
# forward_header_user = "X-Authentik-Username"
# forward_header_email = "X-Authentik-Email"
# forward_header_name = "X-Authentik-Name"
# forward_header_groups = "X-Authentik-Groups"
[apify]
api_key = ""
# Apify proxy configuration. If use_apify_proxy is false (or this whole
# block is absent), Veola omits proxyConfiguration from actor input entirely
# and the actor handles its own routing. RESIDENTIAL costs more credits and
# requires a plan that includes it; AUTO (or empty groups) uses whatever
# your plan provides.
[apify.proxy]
use_apify_proxy = false
# groups = ["RESIDENTIAL"] # or [] for AUTO
# country = "US" # ISO-3166-1 alpha-2; match your eBay region
# Actor IDs verified on apify.com/store at build time. Pricing varies; check
# each actor's listing before enabling. Empty values disable that actor.
[apify.actors]
active_listings = "automation-lab/ebay-scraper"
sold_listings = "automation-lab/ebay-sold-scraper"
price_comparison = "" # set to a verified slug if you want price-comparison overlays
yahoo_auctions_jp = "meron1122/zenmarket-scraper"
yahoo_auctions_jp_sold = "" # no known verified sold-listings actor for Yahoo JP
mercari_jp = "cloud9_ai/mercari-scraper"
# eBay's official Buy > Browse API. When client_id and client_secret are set,
# eBay marketplaces (ebay.com, ebay.co.uk, ...) are polled through this API
# instead of an Apify scraper actor; Apify still handles Yahoo JP and Mercari.
# client_id is the App ID and client_secret is the Cert ID from your eBay
# developer keyset. Both can also be set/overridden at runtime via /settings.
# environment is "production" (default) or "sandbox".
# daily_call_limit caps Browse API calls per day on eBay's own quota clock
# (midnight US Pacific); once hit, eBay polling halts until the next reset.
# 5000 is the standard Browse API allowance; set a negative value to disable.
[ebay]
client_id = ""
client_secret = ""
environment = "production"
daily_call_limit = 5000
# ntfy push notifications. If the server has access control
# (auth-default-access: deny-all), set username/password to an ntfy user that
# has write access to the topics you publish to; Veola authenticates publishes
# with HTTP Basic auth. Leave both blank for an open server.
[ntfy]
base_url = "https://ntfy.yourdomain.com"
default_topic = "veola"
username = ""
password = ""
# Resend transactional email (https://resend.com) for opt-in deal alerts and
# the weekly digest. api_key and from can also be set via /settings. The from
# address domain must be verified in your Resend account. Each user enables
# their own email + opt-ins on the Settings page.
[resend]
api_key = ""
from = "Veola <veola@yourdomain.com>"
# Budget visibility. Apify bills per actor run/result, which Veola cannot read
# back exactly, so apify_cost_per_call is a USD estimate multiplied by the
# recorded run count. monthly_budget_usd > 0 draws a budget bar on the
# dashboard (visible to every signed-in user). Both are overridable via
# /settings.
[budget]
apify_cost_per_call = 0.0
monthly_budget_usd = 0.0
[scheduler]
# Per-item poll cadence is set on the add-item form (new items default to a
# 12-hour refresh to keep Apify spend down). This global value is the fallback
# for items left at 0.
global_poll_interval_minutes = 60
match_confidence_threshold = 0.6