coder/cli/testdata/server-config.yaml.golden

networking:
  # The URL that users will use to access the Coder deployment.
  # (default: <unset>, type: url)
  accessURL:
  # Specifies the wildcard hostname to use for workspace applications in the form
  # "*.example.com".
  # (default: <unset>, type: string)
  wildcardAccessURL: ""
  # Specifies the custom docs URL.
  # (default: https://coder.com/docs, type: url)
  docsURL: https://coder.com/docs
  # Specifies whether to redirect requests that do not match the access URL host.
  # (default: <unset>, type: bool)
  redirectToAccessURL: false
  http:
    # HTTP bind address of the server. Unset to disable the HTTP endpoint.
    # (default: 127.0.0.1:3000, type: string)
    httpAddress: 127.0.0.1:3000
    # Coder configures a Content Security Policy (CSP) to protect against XSS attacks.
    # This setting allows you to add additional CSP directives, which can open the
    # attack surface of the deployment. Format matches the CSP directive format, e.g.
    # --additional-csp-policy="script-src https://example.com".
    # (default: <unset>, type: string-array)
    additionalCSPPolicy: []
    # The maximum lifetime duration users can specify when creating an API token.
    # (default: 876600h0m0s, type: duration)
    maxTokenLifetime: 876600h0m0s
    # The maximum lifetime duration administrators can specify when creating an API
    # token.
    # (default: 168h0m0s, type: duration)
    maxAdminTokenLifetime: 168h0m0s
    # The token expiry duration for browser sessions. Sessions may last longer if they
    # are actively making requests, but this functionality can be disabled via
    # --disable-session-expiry-refresh.
    # (default: 24h0m0s, type: duration)
    sessionDuration: 24h0m0s
    # Disable automatic session expiry bumping due to activity. This forces all
    # sessions to become invalid after the session expiry duration has been reached.
    # (default: <unset>, type: bool)
    disableSessionExpiryRefresh: false
    # Disable password authentication. This is recommended for security purposes in
    # production deployments that rely on an identity provider. Any user with the
    # owner role will be able to sign in with their password regardless of this
    # setting to avoid potential lock out. If you are locked out of your account, you
    # can use the `coder server create-admin` command to create a new admin user
    # directly in the database.
    # (default: <unset>, type: bool)
    disablePasswordAuth: false
    # The interval in which coderd should be checking the status of workspace proxies.
    # (default: 1m0s, type: duration)
    proxyHealthInterval: 1m0s
  # Configure TLS / HTTPS for your Coder deployment. If you're running
  #  Coder behind a TLS-terminating reverse proxy or are accessing Coder over a
  #  secure link, you can safely ignore these settings.
  tls:
    # HTTPS bind address of the server.
    # (default: 127.0.0.1:3443, type: host:port)
    address: 127.0.0.1:3443
    # Whether TLS will be enabled.
    # (default: <unset>, type: bool)
    enable: false
    # Whether HTTP requests will be redirected to the access URL (if it's a https URL
    # and TLS is enabled). Requests to local IP addresses are never redirected
    # regardless of this setting.
    # (default: true, type: bool)
    redirectHTTP: true
    # Path to each certificate for TLS. It requires a PEM-encoded file. To configure
    # the listener to use a CA certificate, concatenate the primary certificate and
    # the CA certificate together. The primary certificate should appear first in the
    # combined file.
    # (default: <unset>, type: string-array)
    certFiles: []
    # PEM-encoded Certificate Authority file used for checking the authenticity of
    # client.
    # (default: <unset>, type: string)
    clientCAFile: ""
    # Policy the server will follow for TLS Client Authentication. Accepted values are
    # "none", "request", "require-any", "verify-if-given", or "require-and-verify".
    # (default: none, type: string)
    clientAuth: none
    # Paths to the private keys for each of the certificates. It requires a
    # PEM-encoded file.
    # (default: <unset>, type: string-array)
    keyFiles: []
    # Minimum supported version of TLS. Accepted values are "tls10", "tls11", "tls12"
    # or "tls13".
    # (default: tls12, type: string)
    minVersion: tls12
    # Path to certificate for client TLS authentication. It requires a PEM-encoded
    # file.
    # (default: <unset>, type: string)
    clientCertFile: ""
    # Path to key for client TLS authentication. It requires a PEM-encoded file.
    # (default: <unset>, type: string)
    clientKeyFile: ""
    # Specify specific TLS ciphers that allowed to be used. See
    # https://github.com/golang/go/blob/master/src/crypto/tls/cipher_suites.go#L53-L75.
    # (default: <unset>, type: string-array)
    tlsCiphers: []
    # By default, only ciphers marked as 'secure' are allowed to be used. See
    # https://github.com/golang/go/blob/master/src/crypto/tls/cipher_suites.go#L82-L95.
    # (default: false, type: bool)
    tlsAllowInsecureCiphers: false
    # Controls if the 'Strict-Transport-Security' header is set on all static file
    # responses. This header should only be set if the server is accessed via HTTPS.
    # This value is the MaxAge in seconds of the header.
    # (default: 0, type: int)
    strictTransportSecurity: 0
    # Two optional fields can be set in the Strict-Transport-Security header;
    # 'includeSubDomains' and 'preload'. The 'strict-transport-security' flag must be
    # set to a non-zero value for these options to be used.
    # (default: <unset>, type: string-array)
    strictTransportSecurityOptions: []
  # Most Coder deployments never have to think about DERP because all connections
  #  between workspaces and users are peer-to-peer. However, when Coder cannot
  # establish
  #  a peer to peer connection, Coder uses a distributed relay network backed by
  #  Tailscale and WireGuard.
  derp:
    # Whether to enable or disable the embedded DERP relay server.
    # (default: true, type: bool)
    enable: true
    # Region ID to use for the embedded DERP server.
    # (default: 999, type: int)
    regionID: 999
    # Region code to use for the embedded DERP server.
    # (default: coder, type: string)
    regionCode: coder
    # Region name that for the embedded DERP server.
    # (default: Coder Embedded Relay, type: string)
    regionName: Coder Embedded Relay
    # Addresses for STUN servers to establish P2P connections. It's recommended to
    # have at least two STUN servers to give users the best chance of connecting P2P
    # to workspaces. Each STUN server will get it's own DERP region, with region IDs
    # starting at `--derp-server-region-id + 1`. Use special value 'disable' to turn
    # off STUN completely.
    # (default:
    # stun.l.google.com:19302,stun1.l.google.com:19302,stun2.l.google.com:19302,stun3.l.google.com:19302,stun4.l.google.com:19302,
    # type: string-array)
    stunAddresses:
      - stun.l.google.com:19302
      - stun1.l.google.com:19302
      - stun2.l.google.com:19302
      - stun3.l.google.com:19302
      - stun4.l.google.com:19302
    # An HTTP URL that is accessible by other replicas to relay DERP traffic. Required
    # for high availability.
    # (default: <unset>, type: url)
    relayURL:
    # Block peer-to-peer (aka. direct) workspace connections. All workspace
    # connections from the CLI will be proxied through Coder (or custom configured
    # DERP servers) and will never be peer-to-peer when enabled. Workspaces may still
    # reach out to STUN servers to get their address until they are restarted after
    # this change has been made, but new connections will still be proxied regardless.
    # (default: <unset>, type: bool)
    blockDirect: false
    # Force clients and agents to always use WebSocket to connect to DERP relay
    # servers. By default, DERP uses `Upgrade: derp`, which may cause issues with some
    # reverse proxies. Clients may automatically fallback to WebSocket if they detect
    # an issue with `Upgrade: derp`, but this does not work in all situations.
    # (default: <unset>, type: bool)
    forceWebSockets: false
    # URL to fetch a DERP mapping on startup. See:
    # https://tailscale.com/kb/1118/custom-derp-servers/.
    # (default: <unset>, type: string)
    url: ""
    # Path to read a DERP mapping from. See:
    # https://tailscale.com/kb/1118/custom-derp-servers/.
    # (default: <unset>, type: string)
    configPath: ""
  # Headers to trust for forwarding IP addresses. e.g. Cf-Connecting-Ip,
  # True-Client-Ip, X-Forwarded-For.
  # (default: <unset>, type: string-array)
  proxyTrustedHeaders: []
  # Origin addresses to respect "proxy-trusted-headers". e.g. 192.168.1.0/24.
  # (default: <unset>, type: string-array)
  proxyTrustedOrigins: []
  # Controls if the 'Secure' property is set on browser session cookies.
  # (default: false, type: bool)
  secureAuthCookie: false
  # Controls the 'SameSite' property is set on browser session cookies.
  # (default: lax, type: enum[lax\|none])
  sameSiteAuthCookie: lax
  # Recommended to be enabled. Enables `__Host-` prefix for cookies to guarantee
  # they are only set by the right domain. This change is disruptive to any
  # workspaces built before release 2.31, requiring a workspace restart.
  # (default: false, type: bool)
  hostPrefixCookie: false
  # Whether Coder only allows connections to workspaces via the browser.
  # (default: <unset>, type: bool)
  browserOnly: false
# Interval to poll for scheduled workspace builds.
# (default: 1m0s, type: duration)
autobuildPollInterval: 1m0s
# Interval to poll for hung and pending jobs and automatically terminate them.
# (default: 1m0s, type: duration)
jobHangDetectorInterval: 1m0s
introspection:
  statsCollection:
    usageStats:
      # Enable the collection of application and workspace usage along with the
      # associated API endpoints and the template insights page. Disabling this will
      # also disable traffic and connection insights in the deployment stats shown to
      # admins in the bottom bar of the Coder UI, and will prevent Prometheus collection
      # of these values.
      # (default: true, type: bool)
      enable: true
  prometheus:
    # Serve prometheus metrics on the address defined by prometheus address.
    # (default: <unset>, type: bool)
    enable: false
    # The bind address to serve prometheus metrics.
    # (default: 127.0.0.1:2112, type: host:port)
    address: 127.0.0.1:2112
    # Collect agent stats (may increase charges for metrics storage).
    # (default: <unset>, type: bool)
    collect_agent_stats: false
    # When collecting agent stats, aggregate metrics by a given set of comma-separated
    # labels to reduce cardinality. Accepted values are agent_name, template_name,
    # username, workspace_name.
    # (default: agent_name,template_name,username,workspace_name, type: string-array)
    aggregate_agent_stats_by:
      - agent_name
      - template_name
      - username
      - workspace_name
    # Collect database query metrics (may increase charges for metrics storage). If
    # set to false, a reduced set of database metrics are still collected.
    # (default: false, type: bool)
    collect_db_metrics: false
  pprof:
    # Serve pprof metrics on the address defined by pprof address.
    # (default: <unset>, type: bool)
    enable: false
    # The bind address to serve pprof.
    # (default: 127.0.0.1:6060, type: host:port)
    address: 127.0.0.1:6060
  tracing:
    # Whether application tracing data is collected. It exports to a backend
    # configured by environment variables. See:
    # https://github.com/open-telemetry/opentelemetry-specification/blob/main/specification/protocol/exporter.md.
    # (default: <unset>, type: bool)
    enable: false
    # Enables capturing of logs as events in traces. This is useful for debugging, but
    # may result in a very large amount of events being sent to the tracing backend
    # which may incur significant costs.
    # (default: <unset>, type: bool)
    captureLogs: false
    # Enables sending Go runtime traces to the local DataDog agent.
    # (default: false, type: bool)
    dataDog: false
  logging:
    # Output debug-level logs.
    # (default: <unset>, type: bool)
    verbose: false
    # Filter debug logs by matching against a given regex. Use .* to match all debug
    # logs.
    # (default: <unset>, type: string-array)
    filter: []
    # Output human-readable logs to a given file.
    # (default: /dev/stderr, type: string)
    humanPath: /dev/stderr
    # Output JSON logs to a given file.
    # (default: <unset>, type: string)
    jsonPath: ""
    # Output Stackdriver compatible logs to a given file.
    # (default: <unset>, type: string)
    stackdriverPath: ""
    # Allow administrators to enable Terraform debug output.
    # (default: false, type: bool)
    enableTerraformDebugMode: false
  healthcheck:
    # Refresh interval for healthchecks.
    # (default: 10m0s, type: duration)
    refresh: 10m0s
    # The threshold for the database health check. If the median latency of the
    # database exceeds this threshold over 5 attempts, the database is considered
    # unhealthy. The default value is 15ms.
    # (default: 15ms, type: duration)
    thresholdDatabase: 15ms
oauth2:
  github:
    # Client ID for Login with GitHub.
    # (default: <unset>, type: string)
    clientID: ""
    # Enable device flow for Login with GitHub.
    # (default: false, type: bool)
    deviceFlow: false
    # Enable the default GitHub OAuth2 provider managed by Coder.
    # (default: true, type: bool)
    defaultProviderEnable: true
    # Organizations the user must be a member of to Login with GitHub.
    # (default: <unset>, type: string-array)
    allowedOrgs: []
    # Teams inside organizations the user must be a member of to Login with GitHub.
    # Structured as: <organization-name>/<team-slug>.
    # (default: <unset>, type: string-array)
    allowedTeams: []
    # Whether new users can sign up with GitHub.
    # (default: <unset>, type: bool)
    allowSignups: false
    # Allow all logins, setting this option means allowed orgs and teams must be
    # empty.
    # (default: <unset>, type: bool)
    allowEveryone: false
    # Base URL of a GitHub Enterprise deployment to use for Login with GitHub.
    # (default: <unset>, type: string)
    enterpriseBaseURL: ""
oidc:
  # Whether new users can sign up with OIDC.
  # (default: true, type: bool)
  allowSignups: true
  # Client ID to use for Login with OIDC.
  # (default: <unset>, type: string)
  clientID: ""
  # Pem encoded RSA private key to use for oauth2 PKI/JWT authorization. This can be
  # used instead of oidc-client-secret if your IDP supports it.
  # (default: <unset>, type: string)
  oidcClientKeyFile: ""
  # Pem encoded certificate file to use for oauth2 PKI/JWT authorization. The public
  # certificate that accompanies oidc-client-key-file. A standard x509 certificate
  # is expected.
  # (default: <unset>, type: string)
  oidcClientCertFile: ""
  # Email domains that clients logging in with OIDC must match.
  # (default: <unset>, type: string-array)
  emailDomain: []
  # Issuer URL to use for Login with OIDC.
  # (default: <unset>, type: string)
  issuerURL: ""
  # Scopes to grant when authenticating with OIDC.
  # (default: openid,profile,email, type: string-array)
  scopes:
    - openid
    - profile
    - email
  # Ignore the email_verified claim from the upstream provider.
  # (default: <unset>, type: bool)
  ignoreEmailVerified: false
  # OIDC claim field to use as the username.
  # (default: preferred_username, type: string)
  usernameField: preferred_username
  # OIDC claim field to use as the name.
  # (default: name, type: string)
  nameField: name
  # OIDC claim field to use as the email.
  # (default: email, type: string)
  emailField: email
  # OIDC auth URL parameters to pass to the upstream provider.
  # (default: {"access_type": "offline"}, type: struct[map[string]string])
  authURLParams:
    access_type: offline
  # Ignore the userinfo endpoint and only use the ID token for user information.
  # (default: false, type: bool)
  ignoreUserInfo: false
  # Source supplemental user claims from the 'access_token'. This assumes the token
  # is a jwt signed by the same issuer as the id_token. Using this requires setting
  # 'oidc-ignore-userinfo' to true. This setting is not compliant with the OIDC
  # specification and is not recommended. Use at your own risk.
  # (default: false, type: bool)
  accessTokenClaims: false
  # This field must be set if using the organization sync feature. Set to the claim
  # to be used for organizations.
  # (default: <unset>, type: string)
  organizationField: ""
  # If set to true, users will always be added to the default organization. If
  # organization sync is enabled, then the default org is always added to the user's
  # set of expectedorganizations.
  # (default: true, type: bool)
  organizationAssignDefault: true
  # A map of OIDC claims and the organizations in Coder it should map to. This is
  # required because organization IDs must be used within Coder.
  # (default: {}, type: struct[map[string][]uuid.UUID])
  organizationMapping: {}
  # This field must be set if using the group sync feature and the scope name is not
  # 'groups'. Set to the claim to be used for groups.
  # (default: <unset>, type: string)
  groupField: ""
  # A map of OIDC group IDs and the group in Coder it should map to. This is useful
  # for when OIDC providers only return group IDs.
  # (default: {}, type: struct[map[string]string])
  groupMapping: {}
  # Automatically creates missing groups from a user's groups claim.
  # (default: false, type: bool)
  enableGroupAutoCreate: false
  # If provided any group name not matching the regex is ignored. This allows for
  # filtering out groups that are not needed. This filter is applied after the group
  # mapping.
  # (default: .*, type: regexp)
  groupRegexFilter: .*
  # If provided any group name not in the list will not be allowed to authenticate.
  # This allows for restricting access to a specific set of groups. This filter is
  # applied after the group mapping and before the regex filter.
  # (default: <unset>, type: string-array)
  groupAllowed: []
  # This field must be set if using the user roles sync feature. Set this to the
  # name of the claim used to store the user's role. The roles should be sent as an
  # array of strings.
  # (default: <unset>, type: string)
  userRoleField: ""
  # A map of the OIDC passed in user roles and the groups in Coder it should map to.
  # This is useful if the group names do not match. If mapped to the empty string,
  # the role will ignored.
  # (default: {}, type: struct[map[string][]string])
  userRoleMapping: {}
  # If user role sync is enabled, these roles are always included for all
  # authenticated users. The 'member' role is always assigned.
  # (default: <unset>, type: string-array)
  userRoleDefault: []
  # The text to show on the OpenID Connect sign in button.
  # (default: OpenID Connect, type: string)
  signInText: OpenID Connect
  # URL pointing to the icon to use on the OpenID Connect login button.
  # (default: <unset>, type: url)
  iconURL:
  # The custom text to show on the error page informing about disabled OIDC signups.
  # Markdown format is supported.
  # (default: <unset>, type: string)
  signupsDisabledText: ""
  # OIDC issuer urls must match in the request, the id_token 'iss' claim, and in the
  # well-known configuration. This flag disables that requirement, and can lead to
  # an insecure OIDC configuration. It is not recommended to use this flag.
  # (default: <unset>, type: bool)
  dangerousSkipIssuerChecks: false
  # Optional override of the default redirect url which uses the deployment's access
  # url. Useful in situations where a deployment has more than 1 domain. Using this
  # setting can also break OIDC, so use with caution.
  # (default: <unset>, type: url)
  oidc-redirect-url:
# Telemetry is critical to our ability to improve Coder. We strip all personal
#  information before sending data to our servers. Please only disable telemetry
#  when required by your organization's security policy.
telemetry:
  # Whether telemetry is enabled or not. Coder collects anonymized usage data to
  # help improve our product.
  # (default: false, type: bool)
  enable: false
  # URL to send telemetry.
  # (default: https://telemetry.coder.com, type: url)
  url: https://telemetry.coder.com
# Tune the behavior of the provisioner, which is responsible for creating,
# updating, and deleting workspace resources.
provisioning:
  # Number of provisioner daemons to create on start. If builds are stuck in queued
  # state for a long time, consider increasing this.
  # (default: 3, type: int)
  daemons: 3
  # The supported job types for the built-in provisioners. By default, this is only
  # the terraform type. Supported types: terraform,echo.
  # (default: terraform, type: string-array)
  daemonTypes:
    - terraform
  # Deprecated and ignored.
  # (default: 1s, type: duration)
  daemonPollInterval: 1s
  # Deprecated and ignored.
  # (default: 100ms, type: duration)
  daemonPollJitter: 100ms
  # Time to force cancel provisioning tasks that are stuck.
  # (default: 10m0s, type: duration)
  forceCancelInterval: 10m0s
# Enable one or more experiments. These are not ready for production. Separate
# multiple experiments with commas, or enter '*' to opt-in to all available
# experiments.
# (default: <unset>, type: string-array)
experiments: []
# Periodically check for new releases of Coder and inform the owner. The check is
# performed once per day.
# (default: false, type: bool)
updateCheck: false
# The default lifetime duration for API tokens. This value is used when creating a
# token without specifying a duration, such as when authenticating the CLI or an
# IDE plugin.
# (default: 168h0m0s, type: duration)
defaultTokenLifetime: 168h0m0s
# The default lifetime duration for OAuth2 refresh tokens. This controls how long
# refresh tokens remain valid after issuance or rotation.
# (default: 720h0m0s, type: duration)
defaultOAuthRefreshLifetime: 720h0m0s
# Expose the swagger endpoint via /swagger.
# (default: <unset>, type: bool)
enableSwagger: false
# The directory to cache temporary files. If unspecified and $CACHE_DIRECTORY is
# set, it will be used for compatibility with systemd. This directory is NOT safe
# to be configured as a shared directory across coderd/provisionerd replicas.
# (default: [cache dir], type: string)
cacheDir: [cache dir]
# Controls whether Coder data, including built-in Postgres, will be stored in a
# temporary directory and deleted when the server is stopped.
# (default: <unset>, type: bool)
ephemeralDeployment: false
# Type of auth to use when connecting to postgres. For AWS RDS, using IAM
# authentication (awsiamrds) is recommended.
# (default: password, type: enum[password\|awsiamrds])
pgAuth: password
# Maximum number of open connections to the database. Defaults to 10.
# (default: 10, type: int)
pgConnMaxOpen: 10
# Maximum number of idle connections to the database. Set to "auto" (the default)
# to use max open / 3. Value must be greater or equal to 0; 0 means explicitly no
# idle connections.
# (default: auto, type: string)
pgConnMaxIdle: auto
# A URL to an external Terms of Service that must be accepted by users when
# logging in.
# (default: <unset>, type: string)
termsOfServiceURL: ""
# The algorithm to use for generating ssh keys. Accepted values are "ed25519",
# "ecdsa", or "rsa4096".
# (default: ed25519, type: string)
sshKeygenAlgorithm: ed25519
# URL to use for agent troubleshooting when not set in the template.
# (default: https://coder.com/docs/admin/templates/troubleshooting, type: url)
agentFallbackTroubleshootingURL: https://coder.com/docs/admin/templates/troubleshooting
# Disable workspace apps that are not served from subdomains. Path-based apps can
# make requests to the Coder API and pose a security risk when the workspace
# serves malicious JavaScript. This is recommended for security purposes if a
# --wildcard-access-url is configured.
# (default: <unset>, type: bool)
disablePathApps: false
# Remove the permission for the 'owner' role to have workspace execution on all
# workspaces. This prevents the 'owner' from ssh, apps, and terminal access based
# on the 'owner' role. They still have their user permissions to access their own
# workspaces.
# (default: <unset>, type: bool)
disableOwnerWorkspaceAccess: false
# Disable workspace sharing. Workspace ACL checking is disabled and only owners
# can have ssh, apps and terminal access to workspaces. Access based on the
# 'owner' role is also allowed unless disabled via
# --disable-owner-workspace-access.
# (default: <unset>, type: bool)
disableWorkspaceSharing: false
# Disable chat sharing. Chat ACL checking is disabled and only owners can access
# their chats.
# (default: <unset>, type: bool)
disableChatSharing: false
# These options change the behavior of how clients interact with the Coder.
# Clients include the Coder CLI, Coder Desktop, IDE extensions, and the web UI.
client:
  # Deprecated: use workspace-hostname-suffix instead. The SSH deployment prefix is
  # used in the Host of the ssh config.
  # (default: coder., type: string)
  sshHostnamePrefix: coder.
  # Workspace hostnames use this suffix in SSH config and Coder Connect on Coder
  # Desktop. By default it is coder, resulting in names like myworkspace.coder.
  # (default: coder, type: string)
  workspaceHostnameSuffix: coder
  # These SSH config options will override the default SSH config options. Provide
  # options in "key=value" or "key value" format separated by commas.Using this
  # incorrectly can break SSH to your deployment, use cautiously.
  # (default: <unset>, type: string-array)
  sshConfigOptions: []
  # The upgrade message to display to users when a client/server mismatch is
  # detected. By default it instructs users to update using 'curl -L
  # https://coder.com/install.sh | sh'.
  # (default: <unset>, type: string)
  cliUpgradeMessage: ""
  # The renderer to use when opening a web terminal. Valid values are 'canvas',
  # 'webgl', or 'dom'.
  # (default: canvas, type: string)
  webTerminalRenderer: canvas
  # Hide AI tasks from the dashboard.
  # (default: false, type: bool)
  hideAITasks: false
# Support links to display in the top right drop down menu.
# (default: <unset>, type: struct[[]codersdk.LinkConfig])
supportLinks: []
# External Authentication providers.
# (default: <unset>, type: struct[[]codersdk.ExternalAuthConfig])
externalAuthProviders: []
# Enable the default GitHub external auth provider managed by Coder.
# (default: true, type: bool)
externalAuthGithubDefaultProviderEnable: true
# Hostname of HTTPS server that runs https://github.com/coder/wgtunnel. By
# default, this will pick the best available wgtunnel server hosted by Coder. e.g.
# "tunnel.example.com".
# (default: <unset>, type: string)
wgtunnelHost: ""
# Allow users to set quiet hours schedules each day for workspaces to avoid
# workspaces stopping during the day due to template scheduling.
userQuietHoursSchedule:
  # The default daily cron schedule applied to users that haven't set a custom quiet
  # hours schedule themselves. The quiet hours schedule determines when workspaces
  # will be force stopped due to the template's autostop requirement, and will round
  # the max deadline up to be within the user's quiet hours window (or default). The
  # format is the same as the standard cron format, but the day-of-month, month and
  # day-of-week must be *. Only one hour and minute can be specified (ranges or
  # comma separated values are not supported).
  # (default: CRON_TZ=UTC 0 0 * * *, type: string)
  defaultQuietHoursSchedule: CRON_TZ=UTC 0 0 * * *
  # Allow users to set their own quiet hours schedule for workspaces to stop in
  # (depending on template autostop requirement settings). If false, users can't
  # change their quiet hours schedule and the site default is always used.
  # (default: true, type: bool)
  allowCustomQuietHours: true
# Allow users to rename their workspaces. WARNING: Renaming a workspace can cause
# Terraform resources that depend on the workspace name to be destroyed and
# recreated, potentially causing data loss. Only enable this if your templates do
# not use workspace names in resource identifiers, or if you understand the risks.
# (default: false, type: bool)
allowWorkspaceRenames: false
# Configure how emails are sent.
email:
  # The sender's address to use.
  # (default: <unset>, type: string)
  from: ""
  # The intermediary SMTP host through which emails are sent.
  # (default: <unset>, type: string)
  smarthost: ""
  # The hostname identifying the SMTP server.
  # (default: localhost, type: string)
  hello: localhost
  # Force a TLS connection to the configured SMTP smarthost.
  # (default: false, type: bool)
  forceTLS: false
  # Configure SMTP authentication options.
  emailAuth:
    # Identity to use with PLAIN authentication.
    # (default: <unset>, type: string)
    identity: ""
    # Username to use with PLAIN/LOGIN authentication.
    # (default: <unset>, type: string)
    username: ""
    # File from which to load password for use with PLAIN/LOGIN authentication.
    # (default: <unset>, type: string)
    passwordFile: ""
  # Configure TLS for your SMTP server target.
  emailTLS:
    # Enable STARTTLS to upgrade insecure SMTP connections using TLS.
    # (default: <unset>, type: bool)
    startTLS: false
    # Server name to verify against the target certificate.
    # (default: <unset>, type: string)
    serverName: ""
    # Skip verification of the target server's certificate (insecure).
    # (default: <unset>, type: bool)
    insecureSkipVerify: false
    # CA certificate file to use.
    # (default: <unset>, type: string)
    caCertFile: ""
    # Certificate file to use.
    # (default: <unset>, type: string)
    certFile: ""
    # Certificate key file to use.
    # (default: <unset>, type: string)
    certKeyFile: ""
# Configure how notifications are processed and delivered.
notifications:
  # Which delivery method to use (available options: 'smtp', 'webhook').
  # (default: smtp, type: string)
  method: smtp
  # How long to wait while a notification is being sent before giving up.
  # (default: 1m0s, type: duration)
  dispatchTimeout: 1m0s
  # Configure how email notifications are sent.
  email:
    # The sender's address to use.
    # (default: <unset>, type: string)
    from: ""
    # The intermediary SMTP host through which emails are sent.
    # (default: <unset>, type: string)
    smarthost: ""
    # The hostname identifying the SMTP server.
    # (default: <unset>, type: string)
    hello: localhost
    # Force a TLS connection to the configured SMTP smarthost.
    # (default: <unset>, type: bool)
    forceTLS: false
    # Configure SMTP authentication options.
    emailAuth:
      # Identity to use with PLAIN authentication.
      # (default: <unset>, type: string)
      identity: ""
      # Username to use with PLAIN/LOGIN authentication.
      # (default: <unset>, type: string)
      username: ""
      # File from which to load password for use with PLAIN/LOGIN authentication.
      # (default: <unset>, type: string)
      passwordFile: ""
    # Configure TLS for your SMTP server target.
    emailTLS:
      # Enable STARTTLS to upgrade insecure SMTP connections using TLS.
      # (default: <unset>, type: bool)
      startTLS: false
      # Server name to verify against the target certificate.
      # (default: <unset>, type: string)
      serverName: ""
      # Skip verification of the target server's certificate (insecure).
      # (default: <unset>, type: bool)
      insecureSkipVerify: false
      # CA certificate file to use.
      # (default: <unset>, type: string)
      caCertFile: ""
      # Certificate file to use.
      # (default: <unset>, type: string)
      certFile: ""
      # Certificate key file to use.
      # (default: <unset>, type: string)
      certKeyFile: ""
  webhook:
    # The endpoint to which to send webhooks.
    # (default: <unset>, type: url)
    endpoint:
  inbox:
    # Enable Coder Inbox.
    # (default: true, type: bool)
    enabled: true
  # The upper limit of attempts to send a notification.
  # (default: 5, type: int)
  maxSendAttempts: 5
  # The minimum time between retries.
  # (default: 5m0s, type: duration)
  retryInterval: 5m0s
  # The notifications system buffers message updates in memory to ease pressure on
  # the database. This option controls how often it synchronizes its state with the
  # database. The shorter this value the lower the change of state inconsistency in
  # a non-graceful shutdown - but it also increases load on the database. It is
  # recommended to keep this option at its default value.
  # (default: 2s, type: duration)
  storeSyncInterval: 2s
  # The notifications system buffers message updates in memory to ease pressure on
  # the database. This option controls how many updates are kept in memory. The
  # lower this value the lower the change of state inconsistency in a non-graceful
  # shutdown - but it also increases load on the database. It is recommended to keep
  # this option at its default value.
  # (default: 50, type: int)
  storeSyncBufferSize: 50
  # How long a notifier should lease a message. This is effectively how long a
  # notification is 'owned' by a notifier, and once this period expires it will be
  # available for lease by another notifier. Leasing is important in order for
  # multiple running notifiers to not pick the same messages to deliver
  # concurrently. This lease period will only expire if a notifier shuts down
  # ungracefully; a dispatch of the notification releases the lease.
  # (default: 2m0s, type: duration)
  leasePeriod: 2m0s
  # How many notifications a notifier should lease per fetch interval.
  # (default: 20, type: int)
  leaseCount: 20
  # How often to query the database for queued notifications.
  # (default: 15s, type: duration)
  fetchInterval: 15s
# Configure how workspace prebuilds behave.
workspace_prebuilds:
  # How often to reconcile workspace prebuilds state.
  # (default: 1m0s, type: duration)
  reconciliation_interval: 1m0s
  # Interval to increase reconciliation backoff by when prebuilds fail, after which
  # a retry attempt is made.
  # (default: 1m0s, type: duration)
  reconciliation_backoff_interval: 1m0s
  # Interval to look back to determine number of failed prebuilds, which influences
  # backoff.
  # (default: 1h0m0s, type: duration)
  reconciliation_backoff_lookback_period: 1h0m0s
  # Maximum number of consecutive failed prebuilds before a preset hits the hard
  # limit; disabled when set to zero.
  # (default: 3, type: int)
  failure_hard_limit: 3
# Configure the background chat processing daemon.
chat:
  # How many pending chats a worker should acquire per polling cycle.
  # (default: 10, type: int)
  acquireBatchSize: 10
  # Force chat debug logging on for every chat, bypassing the runtime admin and user
  # opt-in settings.
  # (default: false, type: bool)
  debugLoggingEnabled: false
aibridge:
  # Deprecated: use --ai-gateway-enabled or CODER_AI_GATEWAY_ENABLED instead.
  # Whether to start an in-memory aibridged instance.
  # (default: true, type: bool)
  enabled: true
  # Deprecated: use --ai-gateway-openai-base-url or CODER_AI_GATEWAY_OPENAI_BASE_URL
  # instead. The base URL of the OpenAI API.
  # (default: https://api.openai.com/v1/, type: string)
  openai_base_url: https://api.openai.com/v1/
  # Deprecated: use --ai-gateway-anthropic-base-url or
  # CODER_AI_GATEWAY_ANTHROPIC_BASE_URL instead. The base URL of the Anthropic API.
  # (default: https://api.anthropic.com/, type: string)
  anthropic_base_url: https://api.anthropic.com/
  # Deprecated: use --ai-gateway-bedrock-base-url or
  # CODER_AI_GATEWAY_BEDROCK_BASE_URL instead. The base URL to use for the AWS
  # Bedrock API. Use this setting to specify an exact URL to use. Takes precedence
  # over CODER_AIBRIDGE_BEDROCK_REGION.
  # (default: <unset>, type: string)
  bedrock_base_url: ""
  # Deprecated: use --ai-gateway-bedrock-region or CODER_AI_GATEWAY_BEDROCK_REGION
  # instead. The AWS Bedrock API region to use. Constructs a base URL to use for the
  # AWS Bedrock API in the form of 'https://bedrock-runtime.<region>.amazonaws.com'.
  # (default: <unset>, type: string)
  bedrock_region: ""
  # Deprecated: use --ai-gateway-bedrock-model or CODER_AI_GATEWAY_BEDROCK_MODEL
  # instead. The model to use when making requests to the AWS Bedrock API.
  # (default: global.anthropic.claude-sonnet-4-5-20250929-v1:0, type: string)
  bedrock_model: global.anthropic.claude-sonnet-4-5-20250929-v1:0
  # Deprecated: use --ai-gateway-bedrock-small-fastmodel or
  # CODER_AI_GATEWAY_BEDROCK_SMALL_FAST_MODEL instead. The small fast model to use
  # when making requests to the AWS Bedrock API. Claude Code uses Haiku-class models
  # to perform background tasks. See
  # https://docs.claude.com/en/docs/claude-code/settings#environment-variables.
  # (default: global.anthropic.claude-haiku-4-5-20251001-v1:0, type: string)
  bedrock_small_fast_model: global.anthropic.claude-haiku-4-5-20251001-v1:0
  # Deprecated: Injected MCP in AI Gateway is deprecated and will be removed in a
  # future release. This option is an alias for --ai-gateway-inject-coder-mcp-tools.
  # (default: false, type: bool)
  inject_coder_mcp_tools: false
  # Deprecated: use --ai-gateway-retention or CODER_AI_GATEWAY_RETENTION instead.
  # Length of time to retain data such as interceptions and all related records
  # (token, prompt, tool use).
  # (default: 60d, type: duration)
  retention: 1440h0m0s
  # Deprecated: use --ai-gateway-max-concurrency or CODER_AI_GATEWAY_MAX_CONCURRENCY
  # instead. Maximum number of concurrent AI Bridge requests per replica. Set to 0
  # to disable (unlimited).
  # (default: 0, type: int)
  max_concurrency: 0
  # Deprecated: use --ai-gateway-rate-limit or CODER_AI_GATEWAY_RATE_LIMIT instead.
  # Maximum number of AI Bridge requests per second per replica. Set to 0 to disable
  # (unlimited).
  # (default: 0, type: int)
  rate_limit: 0
  # Deprecated: use --ai-gateway-structured-logging or
  # CODER_AI_GATEWAY_STRUCTURED_LOGGING instead. Emit structured logs for AI Bridge
  # interception records. Use this for exporting these records to external SIEM or
  # observability systems.
  # (default: false, type: bool)
  structured_logging: false
  # Deprecated: use --ai-gateway-send-actor-headers or
  # CODER_AI_GATEWAY_SEND_ACTOR_HEADERS instead. Once enabled, extra headers will be
  # added to upstream requests to identify the user (actor) making requests to AI
  # Bridge. This is only needed if you are using a proxy between AI Bridge and an
  # upstream AI provider. This will send X-Ai-Bridge-Actor-Id (the ID of the user
  # making the request) and X-Ai-Bridge-Actor-Metadata-Username (their username).
  # (default: false, type: bool)
  send_actor_headers: false
  # Deprecated: use --ai-gateway-allow-byok or CODER_AI_GATEWAY_ALLOW_BYOK instead.
  # Allow users to provide their own LLM API keys or subscriptions. When disabled,
  # only centralized key authentication is permitted.
  # (default: true, type: bool)
  allow_byok: true
  # Deprecated: use --ai-gateway-circuit-breaker-enabled or
  # CODER_AI_GATEWAY_CIRCUIT_BREAKER_ENABLED instead. Enable the circuit breaker to
  # protect against cascading failures from upstream AI provider overload (503,
  # 529).
  # (default: false, type: bool)
  circuit_breaker_enabled: false
  # Deprecated: use --ai-gateway-circuit-breaker-failure-threshold or
  # CODER_AI_GATEWAY_CIRCUIT_BREAKER_FAILURE_THRESHOLD instead. Number of
  # consecutive failures that triggers the circuit breaker to open.
  # (default: 5, type: int)
  circuit_breaker_failure_threshold: 5
  # Deprecated: use --ai-gateway-circuit-breaker-interval or
  # CODER_AI_GATEWAY_CIRCUIT_BREAKER_INTERVAL instead. Cyclic period of the closed
  # state for clearing internal failure counts.
  # (default: 10s, type: duration)
  circuit_breaker_interval: 10s
  # Deprecated: use --ai-gateway-circuit-breaker-timeout or
  # CODER_AI_GATEWAY_CIRCUIT_BREAKER_TIMEOUT instead. How long the circuit breaker
  # stays open before transitioning to half-open state.
  # (default: 30s, type: duration)
  circuit_breaker_timeout: 30s
  # Deprecated: use --ai-gateway-circuit-breaker-max-requests or
  # CODER_AI_GATEWAY_CIRCUIT_BREAKER_MAX_REQUESTS instead. Maximum number of
  # requests allowed in half-open state before deciding to close or re-open the
  # circuit.
  # (default: 3, type: int)
  circuit_breaker_max_requests: 3
ai_gateway:
  # Whether to start an in-memory AI Gateway instance.
  # (default: true, type: bool)
  enabled: true
  # The base URL of the OpenAI API.
  # (default: https://api.openai.com/v1/, type: string)
  openai_base_url: https://api.openai.com/v1/
  # The base URL of the Anthropic API.
  # (default: https://api.anthropic.com/, type: string)
  anthropic_base_url: https://api.anthropic.com/
  # The base URL to use for the AWS Bedrock API. Use this setting to specify an
  # exact URL to use. Takes precedence over CODER_AI_GATEWAY_BEDROCK_REGION.
  # (default: <unset>, type: string)
  bedrock_base_url: ""
  # The AWS Bedrock API region to use. Constructs a base URL to use for the AWS
  # Bedrock API in the form of 'https://bedrock-runtime.<region>.amazonaws.com'.
  # (default: <unset>, type: string)
  bedrock_region: ""
  # The model to use when making requests to the AWS Bedrock API.
  # (default: global.anthropic.claude-sonnet-4-5-20250929-v1:0, type: string)
  bedrock_model: global.anthropic.claude-sonnet-4-5-20250929-v1:0
  # The small fast model to use when making requests to the AWS Bedrock API. Claude
  # Code uses Haiku-class models to perform background tasks. See
  # https://docs.claude.com/en/docs/claude-code/settings#environment-variables.
  # (default: global.anthropic.claude-haiku-4-5-20251001-v1:0, type: string)
  bedrock_small_fast_model: global.anthropic.claude-haiku-4-5-20251001-v1:0
  # Deprecated: Injected MCP in AI Gateway is deprecated and will be removed in a
  # future release. Whether to inject Coder's MCP tools into intercepted AI Gateway
  # requests (requires the "oauth2" and "mcp-server-http" experiments to be
  # enabled).
  # (default: false, type: bool)
  inject_coder_mcp_tools: false
  # Length of time to retain data such as interceptions and all related records
  # (token, prompt, tool use).
  # (default: 60d, type: duration)
  retention: 1440h0m0s
  # Maximum number of concurrent AI Gateway requests per replica. Set to 0 to
  # disable (unlimited).
  # (default: 0, type: int)
  max_concurrency: 0
  # Maximum number of AI Gateway requests per second per replica. Set to 0 to
  # disable (unlimited).
  # (default: 0, type: int)
  rate_limit: 0
  # Emit structured logs for AI Gateway interception records. Use this for exporting
  # these records to external SIEM or observability systems.
  # (default: false, type: bool)
  structured_logging: false
  # Once enabled, extra headers will be added to upstream requests to identify the
  # user (actor) making requests to AI Gateway. This is only needed if you are using
  # a proxy between AI Gateway and an upstream AI provider. This will send
  # X-Ai-Bridge-Actor-Id (the ID of the user making the request) and
  # X-Ai-Bridge-Actor-Metadata-Username (their username).
  # (default: false, type: bool)
  send_actor_headers: false
  # Base directory for dumping AI Bridge request/response pairs to disk for
  # debugging. When set, each provider writes under a subdirectory named after the
  # provider. Sensitive headers are redacted. Leave empty to disable.
  # (default: <unset>, type: string)
  api_dump_dir: ""
  # Allow users to provide their own LLM API keys or subscriptions. When disabled,
  # only centralized key authentication is permitted.
  # (default: true, type: bool)
  allow_byok: true
  # Enable the circuit breaker to protect against cascading failures from upstream
  # AI provider overload (503, 529).
  # (default: false, type: bool)
  circuit_breaker_enabled: false
  # Number of consecutive failures that triggers the circuit breaker to open.
  # (default: 5, type: int)
  circuit_breaker_failure_threshold: 5
  # Cyclic period of the closed state for clearing internal failure counts.
  # (default: 10s, type: duration)
  circuit_breaker_interval: 10s
  # How long the circuit breaker stays open before transitioning to half-open state.
  # (default: 30s, type: duration)
  circuit_breaker_timeout: 30s
  # Maximum number of requests allowed in half-open state before deciding to close
  # or re-open the circuit.
  # (default: 3, type: int)
  circuit_breaker_max_requests: 3
  # Determines the effective group when a user belongs to multiple groups with AI
  # budgets. "highest" selects the group with the largest spend limit, and is
  # currently the only supported value.
  # (default: highest, type: enum[highest])
  budget_policy: highest
  # Determines when accumulated AI spend resets to zero, aligned to UTC calendar
  # boundaries. Only "month" is currently supported.
  # (default: month, type: enum[month])
  budget_period: month
aibridgeproxy:
  # Deprecated: use --ai-gateway-proxy-enabled or CODER_AI_GATEWAY_PROXY_ENABLED
  # instead. Enable the AI Bridge MITM Proxy for intercepting and decrypting AI
  # provider requests.
  # (default: false, type: bool)
  enabled: false
  # Deprecated: use --ai-gateway-proxy-listen-addr or
  # CODER_AI_GATEWAY_PROXY_LISTEN_ADDR instead. The address the AI Bridge Proxy will
  # listen on.
  # (default: :8888, type: string)
  listen_addr: :8888
  # Deprecated: use --ai-gateway-proxy-tls-cert-file or
  # CODER_AI_GATEWAY_PROXY_TLS_CERT_FILE instead. Path to the TLS certificate file
  # for the AI Bridge Proxy listener. Must be set together with AI Bridge Proxy TLS
  # Key File.
  # (default: <unset>, type: string)
  tls_cert_file: ""
  # Deprecated: use --ai-gateway-proxy-tls-key-file or
  # CODER_AI_GATEWAY_PROXY_TLS_KEY_FILE instead. Path to the TLS private key file
  # for the AI Bridge Proxy listener. Must be set together with AI Bridge Proxy TLS
  # Certificate File.
  # (default: <unset>, type: string)
  tls_key_file: ""
  # Deprecated: use --ai-gateway-proxy-cert-file or CODER_AI_GATEWAY_PROXY_CERT_FILE
  # instead. Path to the CA certificate file used to intercept (MITM) HTTPS traffic
  # from AI clients. This CA must be trusted by AI clients for the proxy to decrypt
  # their requests.
  # (default: <unset>, type: string)
  cert_file: ""
  # Deprecated: use --ai-gateway-proxy-key-file or CODER_AI_GATEWAY_PROXY_KEY_FILE
  # instead. Path to the CA private key file used to intercept (MITM) HTTPS traffic
  # from AI clients.
  # (default: <unset>, type: string)
  key_file: ""
  # Deprecated: This value is now derived automatically from the configured AI
  # providers' base URLs. Setting this value has no effect. This option will be
  # removed in a future release.
  # (default: <unset>, type: string-array)
  domain_allowlist: []
  # Deprecated: use --ai-gateway-proxy-upstream or CODER_AI_GATEWAY_PROXY_UPSTREAM
  # instead. URL of an upstream HTTP proxy to chain tunneled (non-allowlisted)
  # requests through. Format: http://[user:pass@]host:port or
  # https://[user:pass@]host:port.
  # (default: <unset>, type: string)
  upstream_proxy: ""
  # Deprecated: use --ai-gateway-proxy-upstream-ca or
  # CODER_AI_GATEWAY_PROXY_UPSTREAM_CA instead. Path to a PEM-encoded CA certificate
  # to trust for the upstream proxy's TLS connection. Only needed for HTTPS upstream
  # proxies with certificates not trusted by the system. If not provided, the system
  # certificate pool is used.
  # (default: <unset>, type: string)
  upstream_proxy_ca: ""
  # Deprecated: use --ai-gateway-proxy-allowed-private-cidrs or
  # CODER_AI_GATEWAY_PROXY_ALLOWED_PRIVATE_CIDRS instead. Comma-separated list of
  # CIDR ranges that are permitted even though they fall within blocked
  # private/reserved IP ranges. By default all private ranges are blocked to prevent
  # SSRF attacks. Use this to allow access to specific internal networks.
  # (default: <unset>, type: string-array)
  allowed_private_cidrs: []
  # Deprecated: use --ai-gateway-proxy-dump-dir or CODER_AI_GATEWAY_PROXY_DUMP_DIR
  # instead. Directory for dumping MITM request/response pairs to disk for
  # debugging. When set, each proxied request produces .req.txt and .resp.txt files
  # organized by provider. Sensitive headers are redacted. Leave empty to disable.
  # (default: <unset>, type: string)
  api_dump_dir: ""
ai_gateway_proxy:
  # Enable the AI Gateway MITM Proxy for intercepting and decrypting AI provider
  # requests.
  # (default: false, type: bool)
  enabled: false
  # The address the AI Gateway Proxy will listen on.
  # (default: :8888, type: string)
  listen_addr: :8888
  # Path to the TLS certificate file for the AI Gateway Proxy listener. Must be set
  # together with AI Gateway Proxy TLS Key File.
  # (default: <unset>, type: string)
  tls_cert_file: ""
  # Path to the TLS private key file for the AI Gateway Proxy listener. Must be set
  # together with AI Gateway Proxy TLS Certificate File.
  # (default: <unset>, type: string)
  tls_key_file: ""
  # Path to the CA certificate file used to intercept (MITM) HTTPS traffic from AI
  # clients. This CA must be trusted by AI clients for the proxy to decrypt their
  # requests.
  # (default: <unset>, type: string)
  cert_file: ""
  # Path to the CA private key file used to intercept (MITM) HTTPS traffic from AI
  # clients.
  # (default: <unset>, type: string)
  key_file: ""
  # Deprecated: This value is now derived automatically from the configured AI
  # Gateway providers' base URLs. Setting this value has no effect. This option will
  # be removed in a future release.
  # (default: <unset>, type: string-array)
  domain_allowlist: []
  # URL of an upstream HTTP proxy to chain tunneled (non-allowlisted) requests
  # through. Format: http://[user:pass@]host:port or https://[user:pass@]host:port.
  # (default: <unset>, type: string)
  upstream_proxy: ""
  # Path to a PEM-encoded CA certificate to trust for the upstream proxy's TLS
  # connection. Only needed for HTTPS upstream proxies with certificates not trusted
  # by the system. If not provided, the system certificate pool is used.
  # (default: <unset>, type: string)
  upstream_proxy_ca: ""
  # Comma-separated list of CIDR ranges that are permitted even though they fall
  # within blocked private/reserved IP ranges. By default all private ranges are
  # blocked to prevent SSRF attacks. Use this to allow access to specific internal
  # networks.
  # (default: <unset>, type: string-array)
  allowed_private_cidrs: []
  # Directory for dumping MITM request/response pairs to disk for debugging. When
  # set, each proxied request produces .req.txt and .resp.txt files organized by
  # provider. Sensitive headers are redacted. Leave empty to disable.
  # (default: <unset>, type: string)
  api_dump_dir: ""
# Configure data retention policies for various database tables. Retention
# policies automatically purge old data to reduce database size and improve
# performance. Setting a retention duration to 0 disables automatic purging for
# that data type.
retention:
  # How long audit log entries are retained. Set to 0 to disable (keep
  # indefinitely). We advise keeping audit logs for at least a year, and in
  # accordance with your compliance requirements.
  # (default: 0, type: duration)
  audit_logs: 0s
  # How long connection log entries are retained. Set to 0 to disable (keep
  # indefinitely).
  # (default: 0, type: duration)
  connection_logs: 0s
  # How long expired API keys are retained before being deleted. Keeping expired
  # keys allows the backend to return a more helpful error when a user tries to use
  # an expired key. Set to 0 to disable automatic deletion of expired keys.
  # (default: 7d, type: duration)
  api_keys: 168h0m0s
  # How long workspace agent logs are retained. Logs from non-latest builds are
  # deleted if the agent hasn't connected within this period. Logs from the latest
  # build are always retained. Set to 0 to disable automatic deletion.
  # (default: 7d, type: duration)
  workspace_agent_logs: 168h0m0s
templateBuilder:
  # Disable the template builder feature for guided template creation. When
  # disabled, all /api/v2/templatebuilder/* endpoints return 404.
  # (default: <unset>, type: bool)
  disabled: false
  # The base URL of the module registry used by the template builder for module
  # source paths.
  # (default: https://registry.coder.com, type: string)
  registryURL: https://registry.coder.com