This file is auto-generated by
make gen-settings. Do not edit manually — edits are overwritten. To change a setting's metadata, editinternal/controlplane/settings/registry.goand re-runmake gen-settings.
Bootstrap settings are read once at process start. Edit them via environment variables or config.toml. Changes require a panel restart.
| Name | Type | Default | ENV | TOML | Description |
|---|---|---|---|---|---|
http.listen_address |
hostport | :8080 |
PANVEX_HTTP_ADDR |
http.listen_address |
HTTP bind address for the control-plane API and dashboard. |
http.root_path |
string | (empty) | PANVEX_HTTP_ROOT_PATH |
http.root_path |
URL prefix when behind a path-rewriting reverse proxy (empty = none). |
http.agent_root_path |
string | (empty) | PANVEX_HTTP_AGENT_ROOT_PATH |
http.agent_root_path |
URL prefix for the agent gRPC-gateway when fronted separately. |
http.panel_allowed_cidrs |
string | (empty) | PANVEX_PANEL_ALLOWED_CIDRS |
http.panel_allowed_cidrs |
Comma-separated CIDRs allowed to reach the panel API (empty = no restriction). |
http.trusted_proxy_cidrs |
string | (empty) | PANVEX_TRUSTED_PROXY_CIDRS |
http.trusted_proxy_cidrs |
Trusted reverse-proxy CIDRs whose X-Forwarded-For headers are honoured. |
grpc.listen_address |
hostport | :8443 |
PANVEX_GRPC_ADDR |
grpc.listen_address |
gRPC bind address for the agent gateway. |
tls.mode |
enum | proxy |
PANVEX_TLS_MODE |
tls.mode |
TLS termination mode. proxy = terminate at reverse proxy; direct = serve TLS from the panel. |
tls.cert_file |
string | (empty) | PANVEX_TLS_CERT_FILE |
tls.cert_file |
PEM certificate path when tls.mode=direct. |
tls.key_file |
string | (empty) | PANVEX_TLS_KEY_FILE |
tls.key_file |
PEM private key path when tls.mode=direct. |
panel.restart_mode |
enum | disabled |
PANVEX_RESTART_MODE |
panel.restart_mode |
Self-restart capability. supervised requires a process supervisor. |
panel.env |
enum | development |
PANVEX_ENV |
panel.env |
Deployment environment. production tightens defaults (cookies, HSTS, ws origin). |
panel.multi_tenant |
bool | false |
PANVEX_MULTI_TENANT |
panel.multi_tenant |
Enable per-fleet-group scoping for non-admin users. |
storage.driver |
enum | sqlite |
PANVEX_STORAGE_DRIVER |
storage.driver |
Storage backend driver. Use postgres for production deployments. |
storage.dsn |
string | — | PANVEX_STORAGE_DSN |
storage.dsn |
Storage data source name. Required. SQLite path or postgres URL. |
storage.db_password |
string | (secret, no default) | PANVEX_DB_PASSWORD |
— | Postgres password override. Env-only — keeps the secret out of config files. |
storage.allow_insecure_db |
bool | false |
PANVEX_ALLOW_INSECURE_DB |
— | Permit Postgres DSNs with sslmode=disable. Env-only safety guard. |
storage.allow_empty_db_password |
bool | false |
PANVEX_ALLOW_EMPTY_DB_PASSWORD |
— | Permit empty Postgres password. Env-only safety guard for development only. |
auth.encryption_key |
string | (secret, no default) | PANVEX_ENCRYPTION_KEY |
— | Master at-rest encryption key. Required. No default, no TOML. |
auth.force_secure_cookie |
enum | auto |
PANVEX_FORCE_SECURE_COOKIE |
— | Override the auto-detected Secure cookie flag. Env-only. |
auth.hsts_preload |
bool | false |
PANVEX_HSTS_PRELOAD |
— | Emit the preload directive in HSTS headers. Env-only. |
observability.log_level |
enum | info |
PANVEX_LOG_LEVEL |
observability.log_level |
Logger verbosity. |
observability.log_file |
string | (empty) | PANVEX_LOG_FILE |
observability.log_file |
Path to log file. Empty = stderr only. |
observability.pprof_addr |
string | (empty) | PANVEX_PPROF_ADDR |
observability.pprof_addr |
pprof listener host:port. Empty disables pprof. |
observability.metrics_scrape_token |
string | (secret, no default) | PANVEX_METRICS_SCRAPE_TOKEN |
— | Bearer token required to scrape /metrics. Env-only. |
updates.install_script_url |
string | (empty) | PANVEX_INSTALL_SCRIPT_URL |
updates.install_script_url |
Override default agent install-script URL emitted by /api/agents/{id}/install-command. |
agent.client_data_concurrency |
int | 4 |
PANVEX_AGENT_CLIENT_DATA_CONCURRENCY |
agent.client_data_concurrency |
Per-agent concurrency for the panel-side client-data fetcher. |
Operational settings are stored in the database and edited via the panel UI or the /api/settings/values endpoint.
| Name | Type | Default | ENV | TOML | Description |
|---|---|---|---|---|---|
http.public_url |
string | (empty) | — | — | Externally visible URL of the panel; used in agent install scripts. |
grpc.public_endpoint |
string | (empty) | — | — | Externally visible gRPC endpoint for agents to dial. |
auth.password_min_length |
int | 10 |
— | — | Minimum length for newly created or rotated passwords. |
retention |
json | — | — | — | Retention policy: how long to keep audit events, metrics, jobs, presence rows. |
geoip |
json | — | — | — | GeoIP data source mode (off/local/url) and database paths. |
updates.channel |
enum | stable |
— | — | Release channel used to discover panel + agent updates. |
updates.allow_prerelease |
bool | false |
— | — | Permit prerelease tags in the chosen channel. |
agents.outbound_backoff_initial |
duration | 1s |
— | — | Initial reconnect delay for outbound agent supervisors after a transport failure. |
agents.outbound_backoff_max |
duration | 60s |
— | — | Maximum reconnect delay (with jitter) for outbound agent supervisors. |
agents.presence_degraded_after |
duration | 30s |
— | — | Heartbeat silence after which an agent is marked degraded. |
agents.presence_offline_after |
duration | 90s |
— | — | Heartbeat silence after which an agent is marked offline. |
auth.password_lockout_duration |
duration | 15m |
— | — | How long an account stays locked after exceeding the password failure cap. |
auth.password_lockout_max_attempts |
int | 5 |
— | — | Consecutive password failures before the account is locked. |
auth.session_idle_timeout |
duration | 30m |
— | — | Session expires after this period of inactivity. Restart required. |
auth.session_max_lifetime |
duration | 8h |
— | — | Absolute maximum session lifetime before re-authentication. Restart required. |
auth.totp_lockout_duration |
duration | 5m |
— | — | How long the TOTP factor stays locked after exceeding the code-failure cap. |
auth.totp_setup_ttl |
duration | 10m |
— | — | TTL for pending TOTP enrollment invitations. |
jobs.ack_expiry_interval |
duration | 1h |
— | — | Cadence of the worker that scans acknowledged-but-incomplete job targets. |
jobs.ack_expiry_ttl |
duration | 2h |
— | — | Time-to-live for acknowledged job targets without a result. |
jobs.client_job_ttl |
duration | 10m |
— | — | TTL for cached client-job records. |
jobs.key_eviction_interval |
duration | 1h |
— | — | Cadence of the worker that evicts expired job idempotency keys. |
jobs.key_eviction_ttl |
duration | 24h |
— | — | Age threshold at which terminal job idempotency keys are evicted. |
observability.metrics_poll_interval |
duration | 5s |
— | — | Cadence for sampling Prometheus-derived gauges. |
observability.telemetry_dashboard_window |
duration | 40m |
— | — | Lookback window for the dashboard load sparkline. |
observability.telemetry_detail_boost_ttl |
duration | 10m |
— | — | TTL for the dashboard detail-boost cache (high-resolution graph window). |
storage.batch_flush_interval |
duration | 500ms |
— | — | Cadence for flushing accumulated audit/agent events to storage. |
storage.rollup_interval |
duration | 5m |
— | — | Cadence for the timeseries rollup worker. |