[frontend]
# The name of the instance as shown in the page title
site_name = Some Snazzy Name

# Optional:
# An absolute webserver path that returns a html fragment to replace the
# default <details> element in the topbox. The file must be located under
# the public/static/ subdirectory, and the path must begin with /static/.
topbox_content = /static/somefile.html

[wireguard]
# The name of the wireguard tunnel. Will among other things be used for
# the server config filename.
tunnel_id = some-interface-name

# The directory where all users' configs will be stored.
configs_base = some/writable/directory

# The DNS server to advertise to clients
dns_server = a.dns.server.ip

# The IP address and port a client will connect to
server_address = the.public.tunnel.ip
server_port = 51820

# Server keys
server_pubkey_file = path/to/keyfile
server_privkey_file = path/to/other/keyfile

# The network to assign client ip:s from
client_network = a.network.in.cidr/notation

# Optional:
# Any extra configuration directives to include in the config file.
# Will override defaults.
server_extra_config = path/to/a/conf/fragment

# Optional:
# Any extra configuration directives to include in client configs.
# Will override defaults.
client_extra_config = path/to/another/fragment

# Optional:
# The maximum number of clients to allow per user.
# Defaults to unlimited, equivalent to setting this value to 0.
user_client_limit = 3

# Optional:
# The amount of time a client is valid after creation.
# Accepts strings of the format "N <time-units>", where time-units
# is days, weeks, months or years.
# Defaults to unlimited, equivalent to setting this value to 0.
user_client_validity = 0


[security]
# Optional.
# A comma-separated list of entitlements (as read from oauth) that should
# be required to access the site. Access is granted if the user has any of
# the listed entitlements.
required_entitlement = urn:mace:some:entitlement


[oauth]
authorization_url = https://oauth.example/authorize
token_url = https://oauth.example/exchange
introspection_url = https://oauth.example/introspect
client_id = some_id_string
client_secret = some_secret_string