# NoteDiscovery Configuration app: name: "NoteDiscovery" server: host: "0.0.0.0" port: 8000 reload: false # Set to true for development # CORS (Cross-Origin Resource Sharing) configuration # For self-hosted use, "*" is fine. For production, specify allowed domains. # Examples: ["http://localhost:8000", "https://yourdomain.com"] allowed_origins: ["*"] # Debug mode - shows detailed error messages (DISABLE in production!) debug: false storage: notes_dir: "./data" plugins_dir: "./plugins" search: enabled: true authentication: # Authentication settings # Set enabled to true to require login enabled: false # ⚠️ SECURITY WARNING: Change these values before exposing to the internet! # Default values below are for LOCAL TESTING ONLY # Session secret key - CHANGE THIS TO A RANDOM STRING! # Generate with: python -c "import secrets; print(secrets.token_hex(32))" secret_key: "change_this_to_a_random_secret_key_in_production" # Password (hashed automatically at startup) # ⚠️ Default password is "admin" - CHANGE THIS for production! password: "admin" # Session expiry in seconds (default: 7 days) session_max_age: 604800 # API Key Authentication (for external integrations) # Usage (choose one): # Authorization: Bearer YOUR_API_KEY # X-API-Key: YOUR_API_KEY # # Generate a secure key with: # python -c "import secrets; print(secrets.token_hex(32))" # # Leave empty to disable API key authentication (only session auth works) api_key: ""