-
Notifications
You must be signed in to change notification settings - Fork 2
/
pompa.yml.sample
96 lines (91 loc) · 4.61 KB
/
pompa.yml.sample
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
# vi:syntax=yaml
# redis configuration (https://www.rubydoc.info/github/redis/redis-rb/Redis/Client)
redis_default: &redis_default
driver: hiredis
pool_size: <%= ENV.fetch("RAILS_MAX_THREADS") { 5 } %>
url: "unix:///var/run/redis/redis-server.sock" # you can also define different URLs as in db key below
db:
_default: 0 # default database (used as fallback if no other is defined)
cache: 10 # database for rails and model cache
lock: 11 # database for worker locks
sidekiq: 12 # database for sidekiq
events: 13 # database for campaign events
auth: 14 # database for authentication tokens
default: &default
log_level: "info" # available log levels are: debug, info, warn, error, fatal and unknown
code_length: 7 # length of auto-generated client-side IDs for resources and victims
batch_size: 1000 # batch size when doing various bulk SQL inserts (i.e. importing targets from CSV file)
url: /api # relative URL for application API - public endpoint is exposed under /api/public by default
origins: "" # allowed origins for Cross-Origin Resource Sharing (CORS)
trusted_proxies: # trusted IPs of proxies in order to handle X-Forwarded-For header correctly
- "127.0.0.1"
- "::1"
sendfile_header: "" # configure header to be used for x-sendfile acceleration
endpoints: # backend endpoints to be enabled for this instance
admin: true
public: true
authentication: # SAML authentication configuration
enabled: false
authentication_timeout: 300 # SAML authentication process timeout
authentication_lifetime: 3600 # a single authentication lifetime before a token is invalidated (~maximum session duration)
access_timeout: 300 # token timeout (~session timeout)
temporary_access_timeout: 5 # temporary token timeout (~download link timeout)
auto_create_user: false # automatically create user when a SAML assertion is valid
allowed_roles: [] # assertion is valid only when any of specified roles is passed
role_attribute_name: "role" # SAML role attribute name to match allowed_roles
role_attribute_name_format: "urn:oasis:names:tc:SAML:2.0:attrname-format:basic" # SAML role attribute name format
token_refresh_margin: 90 # specifies when a token is too fresh to be refreshed (expert)
idp_entity_id: "https://..." # SAML entity ID
idp_sso_target_url: "https://..." # SAML SSO target URL
idp_cert: |- # SAML certificate
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
model_cache: # whether to perform Redis caching of a data model
enable: true
expire: 300
response_cache: # whether to enable caching of responses from the public endpoint
enable: true
expire: 300
lock: # parameters for Redlock distributed locking (expert)
retry_delay: 0.2
retry_count: 50
worker: # parameters for message queue communication (expert)
queue_timeout: 30
refill_interval: 120
expiry_timeout: 300
mailer: # parameters for mailer worker
idle_timeout: 180 # number of seconds of the worker to be active in idle state
debug_email_content: false # wheter to send email content to logs
extra_headers: # extra headers to include in every mail message
- name: "X-Phishing-Simulation"
value: 1
campaign: # parameters for campaign worker
sync_interval: 20 # how often Redis<->PostgreSQL event synchronization should occur (in seconds)
victim_batch_size: 3 # how many victim worker jobs should be spawned at once
error_threshold: 6 # number of errors before a campaign is paused
respawn_interval: 300 # how often the campaign worker job should be respawned (expert)
events_redis_db: "events" # name of redis db to exchange evnets with public endpoint (expert)
victim: # parameters for victim worker
email_timeout: 300 # how long a worker should wait for a response from a mailer worker before timeout
retry_threshold: 5 # how many times a worker should try to queue an email before going into error state
expose_header: "X-Pompa-Expose" # header name inside email to include a signed JWT token with victim and phishing report goal codes
template: # parameters / defaults for a template
base_url: "http://localhost:3000/api/public" # default base URL for a template (instance default value)
report: # parameters for event reporting subsystem inside the public endpoint
cookie_name: "pompa" # name of a persistent cookie set by public endpoint handler for each victim
redis:
<<: *redis_default
production:
<<: *default
redis:
<<: *redis_default
db:
default: 1
cache: 11
development:
<<: *default
origins: "*"
log_level: "debug"
test:
<<: *default