coder/cli/testdata/server-config.yaml.golden

networking:
  # The URL that users will use to access the Coder deployment.
  # (default: <unset>, type: url)
  accessURL:
  # Specifies the wildcard hostname to use for workspace applications in the form
  # "*.example.com".
  # (default: <unset>, type: string)
  wildcardAccessURL: ""
  # Specifies the custom docs URL.
  # (default: <unset>, type: url)
  docsURL:
  # Specifies whether to redirect requests that do not match the access URL host.
  # (default: <unset>, type: bool)
  redirectToAccessURL: false
  http:
    # HTTP bind address of the server. Unset to disable the HTTP endpoint.
    # (default: 127.0.0.1:3000, type: string)
    httpAddress: 127.0.0.1:3000
    # The maximum lifetime duration users can specify when creating an API token.
    # (default: 876600h0m0s, type: duration)
    maxTokenLifetime: 876600h0m0s
    # The token expiry duration for browser sessions. Sessions may last longer if they
    # are actively making requests, but this functionality can be disabled via
    # --disable-session-expiry-refresh.
    # (default: 24h0m0s, type: duration)
    sessionDuration: 24h0m0s
    # Disable automatic session expiry bumping due to activity. This forces all
    # sessions to become invalid after the session expiry duration has been reached.
    # (default: <unset>, type: bool)
    disableSessionExpiryRefresh: false
    # Disable password authentication. This is recommended for security purposes in
    # production deployments that rely on an identity provider. Any user with the
    # owner role will be able to sign in with their password regardless of this
    # setting to avoid potential lock out. If you are locked out of your account, you
    # can use the `coder server create-admin` command to create a new admin user
    # directly in the database.
    # (default: <unset>, type: bool)
    disablePasswordAuth: false
    # The interval in which coderd should be checking the status of workspace proxies.
    # (default: 1m0s, type: duration)
    proxyHealthInterval: 1m0s
  # Configure TLS / HTTPS for your Coder deployment. If you're running
  #  Coder behind a TLS-terminating reverse proxy or are accessing Coder over a
  #  secure link, you can safely ignore these settings.
  tls:
    # HTTPS bind address of the server.
    # (default: 127.0.0.1:3443, type: host:port)
    address: 127.0.0.1:3443
    # Whether TLS will be enabled.
    # (default: <unset>, type: bool)
    enable: false
    # Whether HTTP requests will be redirected to the access URL (if it's a https URL
    # and TLS is enabled). Requests to local IP addresses are never redirected
    # regardless of this setting.
    # (default: true, type: bool)
    redirectHTTP: true
    # Path to each certificate for TLS. It requires a PEM-encoded file. To configure
    # the listener to use a CA certificate, concatenate the primary certificate and
    # the CA certificate together. The primary certificate should appear first in the
    # combined file.
    # (default: <unset>, type: string-array)
    certFiles: []
    # PEM-encoded Certificate Authority file used for checking the authenticity of
    # client.
    # (default: <unset>, type: string)
    clientCAFile: ""
    # Policy the server will follow for TLS Client Authentication. Accepted values are
    # "none", "request", "require-any", "verify-if-given", or "require-and-verify".
    # (default: none, type: string)
    clientAuth: none
    # Paths to the private keys for each of the certificates. It requires a
    # PEM-encoded file.
    # (default: <unset>, type: string-array)
    keyFiles: []
    # Minimum supported version of TLS. Accepted values are "tls10", "tls11", "tls12"
    # or "tls13".
    # (default: tls12, type: string)
    minVersion: tls12
    # Path to certificate for client TLS authentication. It requires a PEM-encoded
    # file.
    # (default: <unset>, type: string)
    clientCertFile: ""
    # Path to key for client TLS authentication. It requires a PEM-encoded file.
    # (default: <unset>, type: string)
    clientKeyFile: ""
    # Specify specific TLS ciphers that allowed to be used. See
    # https://github.com/golang/go/blob/master/src/crypto/tls/cipher_suites.go#L53-L75.
    # (default: <unset>, type: string-array)
    tlsCiphers: []
    # By default, only ciphers marked as 'secure' are allowed to be used. See
    # https://github.com/golang/go/blob/master/src/crypto/tls/cipher_suites.go#L82-L95.
    # (default: false, type: bool)
    tlsAllowInsecureCiphers: false
    # Controls if the 'Strict-Transport-Security' header is set on all static file
    # responses. This header should only be set if the server is accessed via HTTPS.
    # This value is the MaxAge in seconds of the header.
    # (default: 0, type: int)
    strictTransportSecurity: 0
    # Two optional fields can be set in the Strict-Transport-Security header;
    # 'includeSubDomains' and 'preload'. The 'strict-transport-security' flag must be
    # set to a non-zero value for these options to be used.
    # (default: <unset>, type: string-array)
    strictTransportSecurityOptions: []
  # Most Coder deployments never have to think about DERP because all connections
  #  between workspaces and users are peer-to-peer. However, when Coder cannot
  # establish
  #  a peer to peer connection, Coder uses a distributed relay network backed by
  #  Tailscale and WireGuard.
  derp:
    # Whether to enable or disable the embedded DERP relay server.
    # (default: true, type: bool)
    enable: true
    # Region ID to use for the embedded DERP server.
    # (default: 999, type: int)
    regionID: 999
    # Region code to use for the embedded DERP server.
    # (default: coder, type: string)
    regionCode: coder
    # Region name that for the embedded DERP server.
    # (default: Coder Embedded Relay, type: string)
    regionName: Coder Embedded Relay
    # Addresses for STUN servers to establish P2P connections. It's recommended to
    # have at least two STUN servers to give users the best chance of connecting P2P
    # to workspaces. Each STUN server will get it's own DERP region, with region IDs
    # starting at `--derp-server-region-id + 1`. Use special value 'disable' to turn
    # off STUN completely.
    # (default:
    # stun.l.google.com:19302,stun1.l.google.com:19302,stun2.l.google.com:19302,stun3.l.google.com:19302,stun4.l.google.com:19302,
    # type: string-array)
    stunAddresses:
      - stun.l.google.com:19302
      - stun1.l.google.com:19302
      - stun2.l.google.com:19302
      - stun3.l.google.com:19302
      - stun4.l.google.com:19302
    # An HTTP URL that is accessible by other replicas to relay DERP traffic. Required
    # for high availability.
    # (default: <unset>, type: url)
    relayURL:
    # Block peer-to-peer (aka. direct) workspace connections. All workspace
    # connections from the CLI will be proxied through Coder (or custom configured
    # DERP servers) and will never be peer-to-peer when enabled. Workspaces may still
    # reach out to STUN servers to get their address until they are restarted after
    # this change has been made, but new connections will still be proxied regardless.
    # (default: <unset>, type: bool)
    blockDirect: false
    # Force clients and agents to always use WebSocket to connect to DERP relay
    # servers. By default, DERP uses `Upgrade: derp`, which may cause issues with some
    # reverse proxies. Clients may automatically fallback to WebSocket if they detect
    # an issue with `Upgrade: derp`, but this does not work in all situations.
    # (default: <unset>, type: bool)
    forceWebSockets: false
    # URL to fetch a DERP mapping on startup. See:
    # https://tailscale.com/kb/1118/custom-derp-servers/.
    # (default: <unset>, type: string)
    url: ""
    # Path to read a DERP mapping from. See:
    # https://tailscale.com/kb/1118/custom-derp-servers/.
    # (default: <unset>, type: string)
    configPath: ""
  # Headers to trust for forwarding IP addresses. e.g. Cf-Connecting-Ip,
  # True-Client-Ip, X-Forwarded-For.
  # (default: <unset>, type: string-array)
  proxyTrustedHeaders: []
  # Origin addresses to respect "proxy-trusted-headers". e.g. 192.168.1.0/24.
  # (default: <unset>, type: string-array)
  proxyTrustedOrigins: []
  # Controls if the 'Secure' property is set on browser session cookies.
  # (default: <unset>, type: bool)
  secureAuthCookie: false
  # Whether Coder only allows connections to workspaces via the browser.
  # (default: <unset>, type: bool)
  browserOnly: false
# Interval to poll for scheduled workspace builds.
# (default: 1m0s, type: duration)
autobuildPollInterval: 1m0s
# Interval to poll for hung jobs and automatically terminate them.
# (default: 1m0s, type: duration)
jobHangDetectorInterval: 1m0s
introspection:
  prometheus:
    # Serve prometheus metrics on the address defined by prometheus address.
    # (default: <unset>, type: bool)
    enable: false
    # The bind address to serve prometheus metrics.
    # (default: 127.0.0.1:2112, type: host:port)
    address: 127.0.0.1:2112
    # Collect agent stats (may increase charges for metrics storage).
    # (default: <unset>, type: bool)
    collect_agent_stats: false
    # When collecting agent stats, aggregate metrics by a given set of comma-separated
    # labels to reduce cardinality. Accepted values are agent_name, template_name,
    # username, workspace_name.
    # (default: agent_name,template_name,username,workspace_name, type: string-array)
    aggregate_agent_stats_by:
      - agent_name
      - template_name
      - username
      - workspace_name
    # Collect database metrics (may increase charges for metrics storage).
    # (default: false, type: bool)
    collect_db_metrics: false
  pprof:
    # Serve pprof metrics on the address defined by pprof address.
    # (default: <unset>, type: bool)
    enable: false
    # The bind address to serve pprof.
    # (default: 127.0.0.1:6060, type: host:port)
    address: 127.0.0.1:6060
  tracing:
    # Whether application tracing data is collected. It exports to a backend
    # configured by environment variables. See:
    # https://github.com/open-telemetry/opentelemetry-specification/blob/main/specification/protocol/exporter.md.
    # (default: <unset>, type: bool)
    enable: false
    # Enables capturing of logs as events in traces. This is useful for debugging, but
    # may result in a very large amount of events being sent to the tracing backend
    # which may incur significant costs.
    # (default: <unset>, type: bool)
    captureLogs: false
    # Enables sending Go runtime traces to the local DataDog agent.
    # (default: false, type: bool)
    dataDog: false
  logging:
    # Output debug-level logs.
    # (default: <unset>, type: bool)
    verbose: false
    # Filter debug logs by matching against a given regex. Use .* to match all debug
    # logs.
    # (default: <unset>, type: string-array)
    filter: []
    # Output human-readable logs to a given file.
    # (default: /dev/stderr, type: string)
    humanPath: /dev/stderr
    # Output JSON logs to a given file.
    # (default: <unset>, type: string)
    jsonPath: ""
    # Output Stackdriver compatible logs to a given file.
    # (default: <unset>, type: string)
    stackdriverPath: ""
    # Allow administrators to enable Terraform debug output.
    # (default: false, type: bool)
    enableTerraformDebugMode: false
  healthcheck:
    # Refresh interval for healthchecks.
    # (default: 10m0s, type: duration)
    refresh: 10m0s
    # The threshold for the database health check. If the median latency of the
    # database exceeds this threshold over 5 attempts, the database is considered
    # unhealthy. The default value is 15ms.
    # (default: 15ms, type: duration)
    thresholdDatabase: 15ms
oauth2:
  github:
    # Client ID for Login with GitHub.
    # (default: <unset>, type: string)
    clientID: ""
    # Organizations the user must be a member of to Login with GitHub.
    # (default: <unset>, type: string-array)
    allowedOrgs: []
    # Teams inside organizations the user must be a member of to Login with GitHub.
    # Structured as: <organization-name>/<team-slug>.
    # (default: <unset>, type: string-array)
    allowedTeams: []
    # Whether new users can sign up with GitHub.
    # (default: <unset>, type: bool)
    allowSignups: false
    # Allow all logins, setting this option means allowed orgs and teams must be
    # empty.
    # (default: <unset>, type: bool)
    allowEveryone: false
    # Base URL of a GitHub Enterprise deployment to use for Login with GitHub.
    # (default: <unset>, type: string)
    enterpriseBaseURL: ""
oidc:
  # Whether new users can sign up with OIDC.
  # (default: true, type: bool)
  allowSignups: true
  # Client ID to use for Login with OIDC.
  # (default: <unset>, type: string)
  clientID: ""
  # Pem encoded RSA private key to use for oauth2 PKI/JWT authorization. This can be
  # used instead of oidc-client-secret if your IDP supports it.
  # (default: <unset>, type: string)
  oidcClientKeyFile: ""
  # Pem encoded certificate file to use for oauth2 PKI/JWT authorization. The public
  # certificate that accompanies oidc-client-key-file. A standard x509 certificate
  # is expected.
  # (default: <unset>, type: string)
  oidcClientCertFile: ""
  # Email domains that clients logging in with OIDC must match.
  # (default: <unset>, type: string-array)
  emailDomain: []
  # Issuer URL to use for Login with OIDC.
  # (default: <unset>, type: string)
  issuerURL: ""
  # Scopes to grant when authenticating with OIDC.
  # (default: openid,profile,email, type: string-array)
  scopes:
    - openid
    - profile
    - email
  # Ignore the email_verified claim from the upstream provider.
  # (default: <unset>, type: bool)
  ignoreEmailVerified: false
  # OIDC claim field to use as the username.
  # (default: preferred_username, type: string)
  usernameField: preferred_username
  # OIDC claim field to use as the name.
  # (default: name, type: string)
  nameField: name
  # OIDC claim field to use as the email.
  # (default: email, type: string)
  emailField: email
  # OIDC auth URL parameters to pass to the upstream provider.
  # (default: {"access_type": "offline"}, type: struct[map[string]string])
  authURLParams:
    access_type: offline
  # Ignore the userinfo endpoint and only use the ID token for user information.
  # (default: false, type: bool)
  ignoreUserInfo: false
  # This field must be set if using the organization sync feature. Set to the claim
  # to be used for organizations.
  # (default: <unset>, type: string)
  organizationField: ""
  # If set to true, users will always be added to the default organization. If
  # organization sync is enabled, then the default org is always added to the user's
  # set of expectedorganizations.
  # (default: true, type: bool)
  organizationAssignDefault: true
  # A map of OIDC claims and the organizations in Coder it should map to. This is
  # required because organization IDs must be used within Coder.
  # (default: {}, type: struct[map[string][]uuid.UUID])
  organizationMapping: {}
  # This field must be set if using the group sync feature and the scope name is not
  # 'groups'. Set to the claim to be used for groups.
  # (default: <unset>, type: string)
  groupField: ""
  # A map of OIDC group IDs and the group in Coder it should map to. This is useful
  # for when OIDC providers only return group IDs.
  # (default: {}, type: struct[map[string]string])
  groupMapping: {}
  # Automatically creates missing groups from a user's groups claim.
  # (default: false, type: bool)
  enableGroupAutoCreate: false
  # If provided any group name not matching the regex is ignored. This allows for
  # filtering out groups that are not needed. This filter is applied after the group
  # mapping.
  # (default: .*, type: regexp)
  groupRegexFilter: .*
  # If provided any group name not in the list will not be allowed to authenticate.
  # This allows for restricting access to a specific set of groups. This filter is
  # applied after the group mapping and before the regex filter.
  # (default: <unset>, type: string-array)
  groupAllowed: []
  # This field must be set if using the user roles sync feature. Set this to the
  # name of the claim used to store the user's role. The roles should be sent as an
  # array of strings.
  # (default: <unset>, type: string)
  userRoleField: ""
  # A map of the OIDC passed in user roles and the groups in Coder it should map to.
  # This is useful if the group names do not match. If mapped to the empty string,
  # the role will ignored.
  # (default: {}, type: struct[map[string][]string])
  userRoleMapping: {}
  # If user role sync is enabled, these roles are always included for all
  # authenticated users. The 'member' role is always assigned.
  # (default: <unset>, type: string-array)
  userRoleDefault: []
  # The text to show on the OpenID Connect sign in button.
  # (default: OpenID Connect, type: string)
  signInText: OpenID Connect
  # URL pointing to the icon to use on the OpenID Connect login button.
  # (default: <unset>, type: url)
  iconURL:
  # The custom text to show on the error page informing about disabled OIDC signups.
  # Markdown format is supported.
  # (default: <unset>, type: string)
  signupsDisabledText: ""
  # OIDC issuer urls must match in the request, the id_token 'iss' claim, and in the
  # well-known configuration. This flag disables that requirement, and can lead to
  # an insecure OIDC configuration. It is not recommended to use this flag.
  # (default: <unset>, type: bool)
  dangerousSkipIssuerChecks: false
# Telemetry is critical to our ability to improve Coder. We strip all personal
# information before sending data to our servers. Please only disable telemetry
# when required by your organization's security policy.
telemetry:
  # Whether telemetry is enabled or not. Coder collects anonymized usage data to
  # help improve our product.
  # (default: false, type: bool)
  enable: false
  # URL to send telemetry.
  # (default: https://telemetry.coder.com, type: url)
  url: https://telemetry.coder.com
# Tune the behavior of the provisioner, which is responsible for creating,
# updating, and deleting workspace resources.
provisioning:
  # Number of provisioner daemons to create on start. If builds are stuck in queued
  # state for a long time, consider increasing this.
  # (default: 3, type: int)
  daemons: 3
  # The supported job types for the built-in provisioners. By default, this is only
  # the terraform type. Supported types: terraform,echo.
  # (default: terraform, type: string-array)
  daemonTypes:
    - terraform
  # Deprecated and ignored.
  # (default: 1s, type: duration)
  daemonPollInterval: 1s
  # Deprecated and ignored.
  # (default: 100ms, type: duration)
  daemonPollJitter: 100ms
  # Time to force cancel provisioning tasks that are stuck.
  # (default: 10m0s, type: duration)
  forceCancelInterval: 10m0s
# Enable one or more experiments. These are not ready for production. Separate
# multiple experiments with commas, or enter '*' to opt-in to all available
# experiments.
# (default: <unset>, type: string-array)
experiments: []
# Periodically check for new releases of Coder and inform the owner. The check is
# performed once per day.
# (default: false, type: bool)
updateCheck: false
# Expose the swagger endpoint via /swagger.
# (default: <unset>, type: bool)
enableSwagger: false
# The directory to cache temporary files. If unspecified and $CACHE_DIRECTORY is
# set, it will be used for compatibility with systemd. This directory is NOT safe
# to be configured as a shared directory across coderd/provisionerd replicas.
# (default: [cache dir], type: string)
cacheDir: [cache dir]
# Controls whether data will be stored in an in-memory database.
# (default: <unset>, type: bool)
inMemoryDatabase: false
# Type of auth to use when connecting to postgres.
# (default: password, type: enum[password\|awsiamrds])
pgAuth: password
# A URL to an external Terms of Service that must be accepted by users when
# logging in.
# (default: <unset>, type: string)
termsOfServiceURL: ""
# The algorithm to use for generating ssh keys. Accepted values are "ed25519",
# "ecdsa", or "rsa4096".
# (default: ed25519, type: string)
sshKeygenAlgorithm: ed25519
# URL to use for agent troubleshooting when not set in the template.
# (default: https://coder.com/docs/templates/troubleshooting, type: url)
agentFallbackTroubleshootingURL: https://coder.com/docs/templates/troubleshooting
# Disable workspace apps that are not served from subdomains. Path-based apps can
# make requests to the Coder API and pose a security risk when the workspace
# serves malicious JavaScript. This is recommended for security purposes if a
# --wildcard-access-url is configured.
# (default: <unset>, type: bool)
disablePathApps: false
# Remove the permission for the 'owner' role to have workspace execution on all
# workspaces. This prevents the 'owner' from ssh, apps, and terminal access based
# on the 'owner' role. They still have their user permissions to access their own
# workspaces.
# (default: <unset>, type: bool)
disableOwnerWorkspaceAccess: false
# These options change the behavior of how clients interact with the Coder.
# Clients include the coder cli, vs code extension, and the web UI.
client:
  # The SSH deployment prefix is used in the Host of the ssh config.
  # (default: coder., type: string)
  sshHostnamePrefix: coder.
  # These SSH config options will override the default SSH config options. Provide
  # options in "key=value" or "key value" format separated by commas.Using this
  # incorrectly can break SSH to your deployment, use cautiously.
  # (default: <unset>, type: string-array)
  sshConfigOptions: []
  # The upgrade message to display to users when a client/server mismatch is
  # detected. By default it instructs users to update using 'curl -L
  # https://coder.com/install.sh | sh'.
  # (default: <unset>, type: string)
  cliUpgradeMessage: ""
  # The renderer to use when opening a web terminal. Valid values are 'canvas',
  # 'webgl', or 'dom'.
  # (default: canvas, type: string)
  webTerminalRenderer: canvas
# Support links to display in the top right drop down menu.
# (default: <unset>, type: struct[[]codersdk.LinkConfig])
supportLinks: []
# External Authentication providers.
# (default: <unset>, type: struct[[]codersdk.ExternalAuthConfig])
externalAuthProviders: []
# Hostname of HTTPS server that runs https://github.com/coder/wgtunnel. By
# default, this will pick the best available wgtunnel server hosted by Coder. e.g.
# "tunnel.example.com".
# (default: <unset>, type: string)
wgtunnelHost: ""
# Allow users to set quiet hours schedules each day for workspaces to avoid
# workspaces stopping during the day due to template scheduling.
userQuietHoursSchedule:
  # The default daily cron schedule applied to users that haven't set a custom quiet
  # hours schedule themselves. The quiet hours schedule determines when workspaces
  # will be force stopped due to the template's autostop requirement, and will round
  # the max deadline up to be within the user's quiet hours window (or default). The
  # format is the same as the standard cron format, but the day-of-month, month and
  # day-of-week must be *. Only one hour and minute can be specified (ranges or
  # comma separated values are not supported).
  # (default: CRON_TZ=UTC 0 0 * * *, type: string)
  defaultQuietHoursSchedule: CRON_TZ=UTC 0 0 * * *
  # Allow users to set their own quiet hours schedule for workspaces to stop in
  # (depending on template autostop requirement settings). If false, users can't
  # change their quiet hours schedule and the site default is always used.
  # (default: true, type: bool)
  allowCustomQuietHours: true
# DEPRECATED: Allow users to rename their workspaces. Use only for temporary
# compatibility reasons, this will be removed in a future release.
# (default: false, type: bool)
allowWorkspaceRenames: false
# Configure how notifications are processed and delivered.
notifications:
  # Which delivery method to use (available options: 'smtp', 'webhook').
  # (default: smtp, type: string)
  method: smtp
  # How long to wait while a notification is being sent before giving up.
  # (default: 1m0s, type: duration)
  dispatchTimeout: 1m0s
  # Configure how email notifications are sent.
  email:
    # The sender's address to use.
    # (default: <unset>, type: string)
    from: ""
    # The intermediary SMTP host through which emails are sent.
    # (default: localhost:587, type: host:port)
    smarthost: localhost:587
    # The hostname identifying the SMTP server.
    # (default: localhost, type: string)
    hello: localhost
    # Force a TLS connection to the configured SMTP smarthost.
    # (default: false, type: bool)
    forceTLS: false
    # Configure SMTP authentication options.
    emailAuth:
      # Identity to use with PLAIN authentication.
      # (default: <unset>, type: string)
      identity: ""
      # Username to use with PLAIN/LOGIN authentication.
      # (default: <unset>, type: string)
      username: ""
      # File from which to load password for use with PLAIN/LOGIN authentication.
      # (default: <unset>, type: string)
      passwordFile: ""
    # Configure TLS for your SMTP server target.
    emailTLS:
      # Enable STARTTLS to upgrade insecure SMTP connections using TLS.
      # (default: <unset>, type: bool)
      startTLS: false
      # Server name to verify against the target certificate.
      # (default: <unset>, type: string)
      serverName: ""
      # Skip verification of the target server's certificate (insecure).
      # (default: <unset>, type: bool)
      insecureSkipVerify: false
      # CA certificate file to use.
      # (default: <unset>, type: string)
      caCertFile: ""
      # Certificate file to use.
      # (default: <unset>, type: string)
      certFile: ""
      # Certificate key file to use.
      # (default: <unset>, type: string)
      certKeyFile: ""
  webhook:
    # The endpoint to which to send webhooks.
    # (default: <unset>, type: url)
    endpoint:
  # The upper limit of attempts to send a notification.
  # (default: 5, type: int)
  maxSendAttempts: 5
  # The minimum time between retries.
  # (default: 5m0s, type: duration)
  retryInterval: 5m0s
  # The notifications system buffers message updates in memory to ease pressure on
  # the database. This option controls how often it synchronizes its state with the
  # database. The shorter this value the lower the change of state inconsistency in
  # a non-graceful shutdown - but it also increases load on the database. It is
  # recommended to keep this option at its default value.
  # (default: 2s, type: duration)
  storeSyncInterval: 2s
  # The notifications system buffers message updates in memory to ease pressure on
  # the database. This option controls how many updates are kept in memory. The
  # lower this value the lower the change of state inconsistency in a non-graceful
  # shutdown - but it also increases load on the database. It is recommended to keep
  # this option at its default value.
  # (default: 50, type: int)
  storeSyncBufferSize: 50
  # How long a notifier should lease a message. This is effectively how long a
  # notification is 'owned' by a notifier, and once this period expires it will be
  # available for lease by another notifier. Leasing is important in order for
  # multiple running notifiers to not pick the same messages to deliver
  # concurrently. This lease period will only expire if a notifier shuts down
  # ungracefully; a dispatch of the notification releases the lease.
  # (default: 2m0s, type: duration)
  leasePeriod: 2m0s
  # How many notifications a notifier should lease per fetch interval.
  # (default: 20, type: int)
  leaseCount: 20
  # How often to query the database for queued notifications.
  # (default: 15s, type: duration)
  fetchInterval: 15s