BetterFrame/sec-config.yaml

# BSB runtime configuration for BetterFrame server.
#
# This file is bind-mounted into the container at /home/bsb/sec-config.yaml.
# All server config lives here — no env vars in the application code.
#
# For native (non-Docker) installs, adjust hostnames to 127.0.0.1 and
# set driver: sqlite if not using PostgreSQL.

default:
  observable:
    observable-default:
      plugin: observable-default
      enabled: true
      config: {}
  events:
    events-default:
      plugin: events-default
      enabled: true
  services:
    # ----- Data layer -----
    service-store:
      plugin: service-store
      enabled: true
      config:
        driver: postgres
        # SQLite (native installs)
        sqlitePath: /var/lib/betterframe/betterframe.db
        # PostgreSQL (Docker / production)
        pgHost: postgres
        pgPort: 5432
        pgDatabase: betterframe
        pgUser: betterframe
        pgPassword: betterframe
        pgPoolMax: 10

    # ----- Admin UI + API -----
    service-admin-http:
      plugin: service-admin-http
      enabled: true
      config:
        host: 0.0.0.0
        port: 18080
        dataDir: /var/lib/betterframe
        # Auth
        sessionIdleSeconds: 43200
        sessionMaxSeconds: 2592000
        loginLockoutThreshold: 8
        loginLockoutSeconds: 900
        argon2Memory: 65536
        argon2TimeCost: 3
        argon2Parallelism: 2
        cookieName: betterframe_session
        totpIssuer: BetterFrame
        # Inter-service URLs (Docker container names)
        noderedUrl: http://nodered:1880
        selfUrl: http://server:18080
        # Systemd credentials directory (native installs only)
        systemdCredsDir: ""
        # Firmware signing key (PEM). Leave empty to auto-generate on disk.
        firmwareSigningKey: ""
        # Bearer tokens for CI import endpoints. Generate with: openssl rand -base64 32
        firmwareImportApiKey: ""
        otaImportApiKey: ""

    # ----- Kiosk-facing REST API -----
    service-api-http:
      plugin: service-api-http
      enabled: true
      config:
        host: 0.0.0.0
        port: 18081
        codeTtlSeconds: 600
        dataDir: /var/lib/betterframe
        argon2Memory: 65536
        argon2TimeCost: 3
        argon2Parallelism: 2
        cookieName: betterframe_session
        totpIssuer: BetterFrame
        noderedUrl: http://nodered:1880
        # MQTT telemetry bridge (optional)
        mqttUrl: ""
        mqttUsername: ""
        mqttPassword: ""
        mqttTopicPrefix: betterframe

    # ----- Live kiosk WebSocket channel -----
    service-coordinator-ws:
      plugin: service-coordinator-ws
      enabled: true
      config:
        host: 0.0.0.0
        port: 18082
        dataDir: /var/lib/betterframe
        argon2Memory: 65536
        argon2TimeCost: 3
        argon2Parallelism: 2
        cookieName: betterframe_session
        totpIssuer: BetterFrame
        noderedUrl: http://nodered:1880