shishantbiswas/coder
1
0
Fork 0
mirror of https://github.com/coder/coder.git synced 2026-06-02 20:48:20 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
ddc0e99c693e1f7a67fb7fee5d27bad2dc2508c1
coder/cli/testdata/server-config.yaml.golden
T
Paweł Banaszewski 46e93e6325 chore: add ai_gateway options that alias aibridge options (#25061) 
Adds options matching new AI Gateway naming.
New options are added as alias for old options. Old options are still
working.
Old options have deprecated message.
No conflict detection was added.

Updated documentation so it mentions only new options. Added note about
old options still working.

> Various AI tools where used to create this PR
2026-05-21 11:14:11 +02:00

1101 lines
52 KiB
Plaintext
Raw Blame History

networking:
# The URL that users will use to access the Coder deployment.
# (default: <unset>, type: url)
accessURL:
# Specifies the wildcard hostname to use for workspace applications in the form
# "*.example.com".
# (default: <unset>, type: string)
wildcardAccessURL: ""
# Specifies the custom docs URL.
# (default: https://coder.com/docs, type: url)
docsURL: https://coder.com/docs
# Specifies whether to redirect requests that do not match the access URL host.
# (default: <unset>, type: bool)
redirectToAccessURL: false
http:
# HTTP bind address of the server. Unset to disable the HTTP endpoint.
# (default: 127.0.0.1:3000, type: string)
httpAddress: 127.0.0.1:3000
# Coder configures a Content Security Policy (CSP) to protect against XSS attacks.
# This setting allows you to add additional CSP directives, which can open the
# attack surface of the deployment. Format matches the CSP directive format, e.g.
# --additional-csp-policy="script-src https://example.com".
# (default: <unset>, type: string-array)
additionalCSPPolicy: []
# The maximum lifetime duration users can specify when creating an API token.
# (default: 876600h0m0s, type: duration)
maxTokenLifetime: 876600h0m0s
# The maximum lifetime duration administrators can specify when creating an API
# token.
# (default: 168h0m0s, type: duration)
maxAdminTokenLifetime: 168h0m0s
# The token expiry duration for browser sessions. Sessions may last longer if they
# are actively making requests, but this functionality can be disabled via
# --disable-session-expiry-refresh.
# (default: 24h0m0s, type: duration)
sessionDuration: 24h0m0s
# Disable automatic session expiry bumping due to activity. This forces all
# sessions to become invalid after the session expiry duration has been reached.
# (default: <unset>, type: bool)
disableSessionExpiryRefresh: false
# Disable password authentication. This is recommended for security purposes in
# production deployments that rely on an identity provider. Any user with the
# owner role will be able to sign in with their password regardless of this
# setting to avoid potential lock out. If you are locked out of your account, you
# can use the `coder server create-admin` command to create a new admin user
# directly in the database.
# (default: <unset>, type: bool)
disablePasswordAuth: false
# The interval in which coderd should be checking the status of workspace proxies.
# (default: 1m0s, type: duration)
proxyHealthInterval: 1m0s
# Configure TLS / HTTPS for your Coder deployment. If you're running
# Coder behind a TLS-terminating reverse proxy or are accessing Coder over a
# secure link, you can safely ignore these settings.
tls:
# HTTPS bind address of the server.
# (default: 127.0.0.1:3443, type: host:port)
address: 127.0.0.1:3443
# Whether TLS will be enabled.
# (default: <unset>, type: bool)
enable: false
# Whether HTTP requests will be redirected to the access URL (if it's a https URL
# and TLS is enabled). Requests to local IP addresses are never redirected
# regardless of this setting.
# (default: true, type: bool)
redirectHTTP: true
# Path to each certificate for TLS. It requires a PEM-encoded file. To configure
# the listener to use a CA certificate, concatenate the primary certificate and
# the CA certificate together. The primary certificate should appear first in the
# combined file.
# (default: <unset>, type: string-array)
certFiles: []
# PEM-encoded Certificate Authority file used for checking the authenticity of
# client.
# (default: <unset>, type: string)
clientCAFile: ""
# Policy the server will follow for TLS Client Authentication. Accepted values are
# "none", "request", "require-any", "verify-if-given", or "require-and-verify".
# (default: none, type: string)
clientAuth: none
# Paths to the private keys for each of the certificates. It requires a
# PEM-encoded file.
# (default: <unset>, type: string-array)
keyFiles: []
# Minimum supported version of TLS. Accepted values are "tls10", "tls11", "tls12"
# or "tls13".
# (default: tls12, type: string)
minVersion: tls12
# Path to certificate for client TLS authentication. It requires a PEM-encoded
# file.
# (default: <unset>, type: string)
clientCertFile: ""
# Path to key for client TLS authentication. It requires a PEM-encoded file.
# (default: <unset>, type: string)
clientKeyFile: ""
# Specify specific TLS ciphers that allowed to be used. See
# https://github.com/golang/go/blob/master/src/crypto/tls/cipher_suites.go#L53-L75.
# (default: <unset>, type: string-array)
tlsCiphers: []
# By default, only ciphers marked as 'secure' are allowed to be used. See
# https://github.com/golang/go/blob/master/src/crypto/tls/cipher_suites.go#L82-L95.
# (default: false, type: bool)
tlsAllowInsecureCiphers: false
# Controls if the 'Strict-Transport-Security' header is set on all static file
# responses. This header should only be set if the server is accessed via HTTPS.
# This value is the MaxAge in seconds of the header.
# (default: 0, type: int)
strictTransportSecurity: 0
# Two optional fields can be set in the Strict-Transport-Security header;
# 'includeSubDomains' and 'preload'. The 'strict-transport-security' flag must be
# set to a non-zero value for these options to be used.
# (default: <unset>, type: string-array)
strictTransportSecurityOptions: []
# Most Coder deployments never have to think about DERP because all connections
# between workspaces and users are peer-to-peer. However, when Coder cannot
# establish
# a peer to peer connection, Coder uses a distributed relay network backed by
# Tailscale and WireGuard.
derp:
# Whether to enable or disable the embedded DERP relay server.
# (default: true, type: bool)
enable: true
# Region ID to use for the embedded DERP server.
# (default: 999, type: int)
regionID: 999
# Region code to use for the embedded DERP server.
# (default: coder, type: string)
regionCode: coder
# Region name that for the embedded DERP server.
# (default: Coder Embedded Relay, type: string)
regionName: Coder Embedded Relay
# Addresses for STUN servers to establish P2P connections. It's recommended to
# have at least two STUN servers to give users the best chance of connecting P2P
# to workspaces. Each STUN server will get it's own DERP region, with region IDs
# starting at `--derp-server-region-id + 1`. Use special value 'disable' to turn
# off STUN completely.
# (default:
# stun.l.google.com:19302,stun1.l.google.com:19302,stun2.l.google.com:19302,stun3.l.google.com:19302,stun4.l.google.com:19302,
# type: string-array)
stunAddresses:
- stun.l.google.com:19302
- stun1.l.google.com:19302
- stun2.l.google.com:19302
- stun3.l.google.com:19302
- stun4.l.google.com:19302
# An HTTP URL that is accessible by other replicas to relay DERP traffic. Required
# for high availability.
# (default: <unset>, type: url)
relayURL:
# Block peer-to-peer (aka. direct) workspace connections. All workspace
# connections from the CLI will be proxied through Coder (or custom configured
# DERP servers) and will never be peer-to-peer when enabled. Workspaces may still
# reach out to STUN servers to get their address until they are restarted after
# this change has been made, but new connections will still be proxied regardless.
# (default: <unset>, type: bool)
blockDirect: false
# Force clients and agents to always use WebSocket to connect to DERP relay
# servers. By default, DERP uses `Upgrade: derp`, which may cause issues with some
# reverse proxies. Clients may automatically fallback to WebSocket if they detect
# an issue with `Upgrade: derp`, but this does not work in all situations.
# (default: <unset>, type: bool)
forceWebSockets: false
# URL to fetch a DERP mapping on startup. See:
# https://tailscale.com/kb/1118/custom-derp-servers/.
# (default: <unset>, type: string)
url: ""
# Path to read a DERP mapping from. See:
# https://tailscale.com/kb/1118/custom-derp-servers/.
# (default: <unset>, type: string)
configPath: ""
# Headers to trust for forwarding IP addresses. e.g. Cf-Connecting-Ip,
# True-Client-Ip, X-Forwarded-For.
# (default: <unset>, type: string-array)
proxyTrustedHeaders: []
# Origin addresses to respect "proxy-trusted-headers". e.g. 192.168.1.0/24.
# (default: <unset>, type: string-array)
proxyTrustedOrigins: []
# Controls if the 'Secure' property is set on browser session cookies.
# (default: false, type: bool)
secureAuthCookie: false
# Controls the 'SameSite' property is set on browser session cookies.
# (default: lax, type: enum[lax\|none])
sameSiteAuthCookie: lax
# Recommended to be enabled. Enables `__Host-` prefix for cookies to guarantee
# they are only set by the right domain. This change is disruptive to any
# workspaces built before release 2.31, requiring a workspace restart.
# (default: false, type: bool)
hostPrefixCookie: false
# Whether Coder only allows connections to workspaces via the browser.
# (default: <unset>, type: bool)
browserOnly: false
# Interval to poll for scheduled workspace builds.
# (default: 1m0s, type: duration)
autobuildPollInterval: 1m0s
# Interval to poll for hung and pending jobs and automatically terminate them.
# (default: 1m0s, type: duration)
jobHangDetectorInterval: 1m0s
introspection:
statsCollection:
usageStats:
# Enable the collection of application and workspace usage along with the
# associated API endpoints and the template insights page. Disabling this will
# also disable traffic and connection insights in the deployment stats shown to
# admins in the bottom bar of the Coder UI, and will prevent Prometheus collection
# of these values.
# (default: true, type: bool)
enable: true
prometheus:
# Serve prometheus metrics on the address defined by prometheus address.
# (default: <unset>, type: bool)
enable: false
# The bind address to serve prometheus metrics.
# (default: 127.0.0.1:2112, type: host:port)
address: 127.0.0.1:2112
# Collect agent stats (may increase charges for metrics storage).
# (default: <unset>, type: bool)
collect_agent_stats: false
# When collecting agent stats, aggregate metrics by a given set of comma-separated
# labels to reduce cardinality. Accepted values are agent_name, template_name,
# username, workspace_name.
# (default: agent_name,template_name,username,workspace_name, type: string-array)
aggregate_agent_stats_by:
- agent_name
- template_name
- username
- workspace_name
# Collect database query metrics (may increase charges for metrics storage). If
# set to false, a reduced set of database metrics are still collected.
# (default: false, type: bool)
collect_db_metrics: false
pprof:
# Serve pprof metrics on the address defined by pprof address.
# (default: <unset>, type: bool)
enable: false
# The bind address to serve pprof.
# (default: 127.0.0.1:6060, type: host:port)
address: 127.0.0.1:6060
tracing:
# Whether application tracing data is collected. It exports to a backend
# configured by environment variables. See:
# https://github.com/open-telemetry/opentelemetry-specification/blob/main/specification/protocol/exporter.md.
# (default: <unset>, type: bool)
enable: false
# Enables capturing of logs as events in traces. This is useful for debugging, but
# may result in a very large amount of events being sent to the tracing backend
# which may incur significant costs.
# (default: <unset>, type: bool)
captureLogs: false
# Enables sending Go runtime traces to the local DataDog agent.
# (default: false, type: bool)
dataDog: false
logging:
# Output debug-level logs.
# (default: <unset>, type: bool)
verbose: false
# Filter debug logs by matching against a given regex. Use .* to match all debug
# logs.
# (default: <unset>, type: string-array)
filter: []
# Output human-readable logs to a given file.
# (default: /dev/stderr, type: string)
humanPath: /dev/stderr
# Output JSON logs to a given file.
# (default: <unset>, type: string)
jsonPath: ""
# Output Stackdriver compatible logs to a given file.
# (default: <unset>, type: string)
stackdriverPath: ""
# Allow administrators to enable Terraform debug output.
# (default: false, type: bool)
enableTerraformDebugMode: false
healthcheck:
# Refresh interval for healthchecks.
# (default: 10m0s, type: duration)
refresh: 10m0s
# The threshold for the database health check. If the median latency of the
# database exceeds this threshold over 5 attempts, the database is considered
# unhealthy. The default value is 15ms.
# (default: 15ms, type: duration)
thresholdDatabase: 15ms
oauth2:
github:
# Client ID for Login with GitHub.
# (default: <unset>, type: string)
clientID: ""
# Enable device flow for Login with GitHub.
# (default: false, type: bool)
deviceFlow: false
# Enable the default GitHub OAuth2 provider managed by Coder.
# (default: true, type: bool)
defaultProviderEnable: true
# Organizations the user must be a member of to Login with GitHub.
# (default: <unset>, type: string-array)
allowedOrgs: []
# Teams inside organizations the user must be a member of to Login with GitHub.
# Structured as: <organization-name>/<team-slug>.
# (default: <unset>, type: string-array)
allowedTeams: []
# Whether new users can sign up with GitHub.
# (default: <unset>, type: bool)
allowSignups: false
# Allow all logins, setting this option means allowed orgs and teams must be
# empty.
# (default: <unset>, type: bool)
allowEveryone: false
# Base URL of a GitHub Enterprise deployment to use for Login with GitHub.
# (default: <unset>, type: string)
enterpriseBaseURL: ""
oidc:
# Whether new users can sign up with OIDC.
# (default: true, type: bool)
allowSignups: true
# Client ID to use for Login with OIDC.
# (default: <unset>, type: string)
clientID: ""
# Pem encoded RSA private key to use for oauth2 PKI/JWT authorization. This can be
# used instead of oidc-client-secret if your IDP supports it.
# (default: <unset>, type: string)
oidcClientKeyFile: ""
# Pem encoded certificate file to use for oauth2 PKI/JWT authorization. The public
# certificate that accompanies oidc-client-key-file. A standard x509 certificate
# is expected.
# (default: <unset>, type: string)
oidcClientCertFile: ""
# Email domains that clients logging in with OIDC must match.
# (default: <unset>, type: string-array)
emailDomain: []
# Issuer URL to use for Login with OIDC.
# (default: <unset>, type: string)
issuerURL: ""
# Scopes to grant when authenticating with OIDC.
# (default: openid,profile,email, type: string-array)
scopes:
- openid
- profile
- email
# Ignore the email_verified claim from the upstream provider.
# (default: <unset>, type: bool)
ignoreEmailVerified: false
# OIDC claim field to use as the username.
# (default: preferred_username, type: string)
usernameField: preferred_username
# OIDC claim field to use as the name.
# (default: name, type: string)
nameField: name
# OIDC claim field to use as the email.
# (default: email, type: string)
emailField: email
# OIDC auth URL parameters to pass to the upstream provider.
# (default: {"access_type": "offline"}, type: struct[map[string]string])
authURLParams:
access_type: offline
# Ignore the userinfo endpoint and only use the ID token for user information.
# (default: false, type: bool)
ignoreUserInfo: false
# Source supplemental user claims from the 'access_token'. This assumes the token
# is a jwt signed by the same issuer as the id_token. Using this requires setting
# 'oidc-ignore-userinfo' to true. This setting is not compliant with the OIDC
# specification and is not recommended. Use at your own risk.
# (default: false, type: bool)
accessTokenClaims: false
# This field must be set if using the organization sync feature. Set to the claim
# to be used for organizations.
# (default: <unset>, type: string)
organizationField: ""
# If set to true, users will always be added to the default organization. If
# organization sync is enabled, then the default org is always added to the user's
# set of expectedorganizations.
# (default: true, type: bool)
organizationAssignDefault: true
# A map of OIDC claims and the organizations in Coder it should map to. This is
# required because organization IDs must be used within Coder.
# (default: {}, type: struct[map[string][]uuid.UUID])
organizationMapping: {}
# This field must be set if using the group sync feature and the scope name is not
# 'groups'. Set to the claim to be used for groups.
# (default: <unset>, type: string)
groupField: ""
# A map of OIDC group IDs and the group in Coder it should map to. This is useful
# for when OIDC providers only return group IDs.
# (default: {}, type: struct[map[string]string])
groupMapping: {}
# Automatically creates missing groups from a user's groups claim.
# (default: false, type: bool)
enableGroupAutoCreate: false
# If provided any group name not matching the regex is ignored. This allows for
# filtering out groups that are not needed. This filter is applied after the group
# mapping.
# (default: .*, type: regexp)
groupRegexFilter: .*
# If provided any group name not in the list will not be allowed to authenticate.
# This allows for restricting access to a specific set of groups. This filter is
# applied after the group mapping and before the regex filter.
# (default: <unset>, type: string-array)
groupAllowed: []
# This field must be set if using the user roles sync feature. Set this to the
# name of the claim used to store the user's role. The roles should be sent as an
# array of strings.
# (default: <unset>, type: string)
userRoleField: ""
# A map of the OIDC passed in user roles and the groups in Coder it should map to.
# This is useful if the group names do not match. If mapped to the empty string,
# the role will ignored.
# (default: {}, type: struct[map[string][]string])
userRoleMapping: {}
# If user role sync is enabled, these roles are always included for all
# authenticated users. The 'member' role is always assigned.
# (default: <unset>, type: string-array)
userRoleDefault: []
# The text to show on the OpenID Connect sign in button.
# (default: OpenID Connect, type: string)
signInText: OpenID Connect
# URL pointing to the icon to use on the OpenID Connect login button.
# (default: <unset>, type: url)
iconURL:
# The custom text to show on the error page informing about disabled OIDC signups.
# Markdown format is supported.
# (default: <unset>, type: string)
signupsDisabledText: ""
# OIDC issuer urls must match in the request, the id_token 'iss' claim, and in the
# well-known configuration. This flag disables that requirement, and can lead to
# an insecure OIDC configuration. It is not recommended to use this flag.
# (default: <unset>, type: bool)
dangerousSkipIssuerChecks: false
# Optional override of the default redirect url which uses the deployment's access
# url. Useful in situations where a deployment has more than 1 domain. Using this
# setting can also break OIDC, so use with caution.
# (default: <unset>, type: url)
oidc-redirect-url:
# Telemetry is critical to our ability to improve Coder. We strip all personal
# information before sending data to our servers. Please only disable telemetry
# when required by your organization's security policy.
telemetry:
# Whether telemetry is enabled or not. Coder collects anonymized usage data to
# help improve our product.
# (default: false, type: bool)
enable: false
# URL to send telemetry.
# (default: https://telemetry.coder.com, type: url)
url: https://telemetry.coder.com
# Tune the behavior of the provisioner, which is responsible for creating,
# updating, and deleting workspace resources.
provisioning:
# Number of provisioner daemons to create on start. If builds are stuck in queued
# state for a long time, consider increasing this.
# (default: 3, type: int)
daemons: 3
# The supported job types for the built-in provisioners. By default, this is only
# the terraform type. Supported types: terraform,echo.
# (default: terraform, type: string-array)
daemonTypes:
- terraform
# Deprecated and ignored.
# (default: 1s, type: duration)
daemonPollInterval: 1s
# Deprecated and ignored.
# (default: 100ms, type: duration)
daemonPollJitter: 100ms
# Time to force cancel provisioning tasks that are stuck.
# (default: 10m0s, type: duration)
forceCancelInterval: 10m0s
# Enable one or more experiments. These are not ready for production. Separate
# multiple experiments with commas, or enter '*' to opt-in to all available
# experiments.
# (default: <unset>, type: string-array)
experiments: []
# Periodically check for new releases of Coder and inform the owner. The check is
# performed once per day.
# (default: false, type: bool)
updateCheck: false
# The default lifetime duration for API tokens. This value is used when creating a
# token without specifying a duration, such as when authenticating the CLI or an
# IDE plugin.
# (default: 168h0m0s, type: duration)
defaultTokenLifetime: 168h0m0s
# The default lifetime duration for OAuth2 refresh tokens. This controls how long
# refresh tokens remain valid after issuance or rotation.
# (default: 720h0m0s, type: duration)
defaultOAuthRefreshLifetime: 720h0m0s
# Expose the swagger endpoint via /swagger.
# (default: <unset>, type: bool)
enableSwagger: false
# The directory to cache temporary files. If unspecified and $CACHE_DIRECTORY is
# set, it will be used for compatibility with systemd. This directory is NOT safe
# to be configured as a shared directory across coderd/provisionerd replicas.
# (default: [cache dir], type: string)
cacheDir: [cache dir]
# Controls whether Coder data, including built-in Postgres, will be stored in a
# temporary directory and deleted when the server is stopped.
# (default: <unset>, type: bool)
ephemeralDeployment: false
# Type of auth to use when connecting to postgres. For AWS RDS, using IAM
# authentication (awsiamrds) is recommended.
# (default: password, type: enum[password\|awsiamrds])
pgAuth: password
# Maximum number of open connections to the database. Defaults to 10.
# (default: 10, type: int)
pgConnMaxOpen: 10
# Maximum number of idle connections to the database. Set to "auto" (the default)
# to use max open / 3. Value must be greater or equal to 0; 0 means explicitly no
# idle connections.
# (default: auto, type: string)
pgConnMaxIdle: auto
# A URL to an external Terms of Service that must be accepted by users when
# logging in.
# (default: <unset>, type: string)
termsOfServiceURL: ""
# The algorithm to use for generating ssh keys. Accepted values are "ed25519",
# "ecdsa", or "rsa4096".
# (default: ed25519, type: string)
sshKeygenAlgorithm: ed25519
# URL to use for agent troubleshooting when not set in the template.
# (default: https://coder.com/docs/admin/templates/troubleshooting, type: url)
agentFallbackTroubleshootingURL: https://coder.com/docs/admin/templates/troubleshooting
# Disable workspace apps that are not served from subdomains. Path-based apps can
# make requests to the Coder API and pose a security risk when the workspace
# serves malicious JavaScript. This is recommended for security purposes if a
# --wildcard-access-url is configured.
# (default: <unset>, type: bool)
disablePathApps: false
# Remove the permission for the 'owner' role to have workspace execution on all
# workspaces. This prevents the 'owner' from ssh, apps, and terminal access based
# on the 'owner' role. They still have their user permissions to access their own
# workspaces.
# (default: <unset>, type: bool)
disableOwnerWorkspaceAccess: false
# Disable workspace sharing. Workspace ACL checking is disabled and only owners
# can have ssh, apps and terminal access to workspaces. Access based on the
# 'owner' role is also allowed unless disabled via
# --disable-owner-workspace-access.
# (default: <unset>, type: bool)
disableWorkspaceSharing: false
# Disable chat sharing. Chat ACL checking is disabled and only owners can access
# their chats.
# (default: <unset>, type: bool)
disableChatSharing: false
# These options change the behavior of how clients interact with the Coder.
# Clients include the Coder CLI, Coder Desktop, IDE extensions, and the web UI.
client:
# Deprecated: use workspace-hostname-suffix instead. The SSH deployment prefix is
# used in the Host of the ssh config.
# (default: coder., type: string)
sshHostnamePrefix: coder.
# Workspace hostnames use this suffix in SSH config and Coder Connect on Coder
# Desktop. By default it is coder, resulting in names like myworkspace.coder.
# (default: coder, type: string)
workspaceHostnameSuffix: coder
# These SSH config options will override the default SSH config options. Provide
# options in "key=value" or "key value" format separated by commas.Using this
# incorrectly can break SSH to your deployment, use cautiously.
# (default: <unset>, type: string-array)
sshConfigOptions: []
# The upgrade message to display to users when a client/server mismatch is
# detected. By default it instructs users to update using 'curl -L
# https://coder.com/install.sh | sh'.
# (default: <unset>, type: string)
cliUpgradeMessage: ""
# The renderer to use when opening a web terminal. Valid values are 'canvas',
# 'webgl', or 'dom'.
# (default: canvas, type: string)
webTerminalRenderer: canvas
# Hide AI tasks from the dashboard.
# (default: false, type: bool)
hideAITasks: false
# Support links to display in the top right drop down menu.
# (default: <unset>, type: struct[[]codersdk.LinkConfig])
supportLinks: []
# External Authentication providers.
# (default: <unset>, type: struct[[]codersdk.ExternalAuthConfig])
externalAuthProviders: []
# Enable the default GitHub external auth provider managed by Coder.
# (default: true, type: bool)
externalAuthGithubDefaultProviderEnable: true
# Hostname of HTTPS server that runs https://github.com/coder/wgtunnel. By
# default, this will pick the best available wgtunnel server hosted by Coder. e.g.
# "tunnel.example.com".
# (default: <unset>, type: string)
wgtunnelHost: ""
# Allow users to set quiet hours schedules each day for workspaces to avoid
# workspaces stopping during the day due to template scheduling.
userQuietHoursSchedule:
# The default daily cron schedule applied to users that haven't set a custom quiet
# hours schedule themselves. The quiet hours schedule determines when workspaces
# will be force stopped due to the template's autostop requirement, and will round
# the max deadline up to be within the user's quiet hours window (or default). The
# format is the same as the standard cron format, but the day-of-month, month and
# day-of-week must be *. Only one hour and minute can be specified (ranges or
# comma separated values are not supported).
# (default: CRON_TZ=UTC 0 0 * * *, type: string)
defaultQuietHoursSchedule: CRON_TZ=UTC 0 0 * * *
# Allow users to set their own quiet hours schedule for workspaces to stop in
# (depending on template autostop requirement settings). If false, users can't
# change their quiet hours schedule and the site default is always used.
# (default: true, type: bool)
allowCustomQuietHours: true
# Allow users to rename their workspaces. WARNING: Renaming a workspace can cause
# Terraform resources that depend on the workspace name to be destroyed and
# recreated, potentially causing data loss. Only enable this if your templates do
# not use workspace names in resource identifiers, or if you understand the risks.
# (default: false, type: bool)
allowWorkspaceRenames: false
# Configure how emails are sent.
email:
# The sender's address to use.
# (default: <unset>, type: string)
from: ""
# The intermediary SMTP host through which emails are sent.
# (default: <unset>, type: string)
smarthost: ""
# The hostname identifying the SMTP server.
# (default: localhost, type: string)
hello: localhost
# Force a TLS connection to the configured SMTP smarthost.
# (default: false, type: bool)
forceTLS: false
# Configure SMTP authentication options.
emailAuth:
# Identity to use with PLAIN authentication.
# (default: <unset>, type: string)
identity: ""
# Username to use with PLAIN/LOGIN authentication.
# (default: <unset>, type: string)
username: ""
# File from which to load password for use with PLAIN/LOGIN authentication.
# (default: <unset>, type: string)
passwordFile: ""
# Configure TLS for your SMTP server target.
emailTLS:
# Enable STARTTLS to upgrade insecure SMTP connections using TLS.
# (default: <unset>, type: bool)
startTLS: false
# Server name to verify against the target certificate.
# (default: <unset>, type: string)
serverName: ""
# Skip verification of the target server's certificate (insecure).
# (default: <unset>, type: bool)
insecureSkipVerify: false
# CA certificate file to use.
# (default: <unset>, type: string)
caCertFile: ""
# Certificate file to use.
# (default: <unset>, type: string)
certFile: ""
# Certificate key file to use.
# (default: <unset>, type: string)
certKeyFile: ""
# Configure how notifications are processed and delivered.
notifications:
# Which delivery method to use (available options: 'smtp', 'webhook').
# (default: smtp, type: string)
method: smtp
# How long to wait while a notification is being sent before giving up.
# (default: 1m0s, type: duration)
dispatchTimeout: 1m0s
# Configure how email notifications are sent.
email:
# The sender's address to use.
# (default: <unset>, type: string)
from: ""
# The intermediary SMTP host through which emails are sent.
# (default: <unset>, type: string)
smarthost: ""
# The hostname identifying the SMTP server.
# (default: <unset>, type: string)
hello: localhost
# Force a TLS connection to the configured SMTP smarthost.
# (default: <unset>, type: bool)
forceTLS: false
# Configure SMTP authentication options.
emailAuth:
# Identity to use with PLAIN authentication.
# (default: <unset>, type: string)
identity: ""
# Username to use with PLAIN/LOGIN authentication.
# (default: <unset>, type: string)
username: ""
# File from which to load password for use with PLAIN/LOGIN authentication.
# (default: <unset>, type: string)
passwordFile: ""
# Configure TLS for your SMTP server target.
emailTLS:
# Enable STARTTLS to upgrade insecure SMTP connections using TLS.
# (default: <unset>, type: bool)
startTLS: false
# Server name to verify against the target certificate.
# (default: <unset>, type: string)
serverName: ""
# Skip verification of the target server's certificate (insecure).
# (default: <unset>, type: bool)
insecureSkipVerify: false
# CA certificate file to use.
# (default: <unset>, type: string)
caCertFile: ""
# Certificate file to use.
# (default: <unset>, type: string)
certFile: ""
# Certificate key file to use.
# (default: <unset>, type: string)
certKeyFile: ""
webhook:
# The endpoint to which to send webhooks.
# (default: <unset>, type: url)
endpoint:
inbox:
# Enable Coder Inbox.
# (default: true, type: bool)
enabled: true
# The upper limit of attempts to send a notification.
# (default: 5, type: int)
maxSendAttempts: 5
# The minimum time between retries.
# (default: 5m0s, type: duration)
retryInterval: 5m0s
# The notifications system buffers message updates in memory to ease pressure on
# the database. This option controls how often it synchronizes its state with the
# database. The shorter this value the lower the change of state inconsistency in
# a non-graceful shutdown - but it also increases load on the database. It is
# recommended to keep this option at its default value.
# (default: 2s, type: duration)
storeSyncInterval: 2s
# The notifications system buffers message updates in memory to ease pressure on
# the database. This option controls how many updates are kept in memory. The
# lower this value the lower the change of state inconsistency in a non-graceful
# shutdown - but it also increases load on the database. It is recommended to keep
# this option at its default value.
# (default: 50, type: int)
storeSyncBufferSize: 50
# How long a notifier should lease a message. This is effectively how long a
# notification is 'owned' by a notifier, and once this period expires it will be
# available for lease by another notifier. Leasing is important in order for
# multiple running notifiers to not pick the same messages to deliver
# concurrently. This lease period will only expire if a notifier shuts down
# ungracefully; a dispatch of the notification releases the lease.
# (default: 2m0s, type: duration)
leasePeriod: 2m0s
# How many notifications a notifier should lease per fetch interval.
# (default: 20, type: int)
leaseCount: 20
# How often to query the database for queued notifications.
# (default: 15s, type: duration)
fetchInterval: 15s
# Configure how workspace prebuilds behave.
workspace_prebuilds:
# How often to reconcile workspace prebuilds state.
# (default: 1m0s, type: duration)
reconciliation_interval: 1m0s
# Interval to increase reconciliation backoff by when prebuilds fail, after which
# a retry attempt is made.
# (default: 1m0s, type: duration)
reconciliation_backoff_interval: 1m0s
# Interval to look back to determine number of failed prebuilds, which influences
# backoff.
# (default: 1h0m0s, type: duration)
reconciliation_backoff_lookback_period: 1h0m0s
# Maximum number of consecutive failed prebuilds before a preset hits the hard
# limit; disabled when set to zero.
# (default: 3, type: int)
failure_hard_limit: 3
# Configure the background chat processing daemon.
chat:
# How many pending chats a worker should acquire per polling cycle.
# (default: 10, type: int)
acquireBatchSize: 10
# Force chat debug logging on for every chat, bypassing the runtime admin and user
# opt-in settings.
# (default: false, type: bool)
debugLoggingEnabled: false
aibridge:
# Deprecated: use --ai-gateway-enabled or CODER_AI_GATEWAY_ENABLED instead.
# Whether to start an in-memory aibridged instance.
# (default: false, type: bool)
enabled: false
# Deprecated: use --ai-gateway-openai-base-url or CODER_AI_GATEWAY_OPENAI_BASE_URL
# instead. The base URL of the OpenAI API.
# (default: https://api.openai.com/v1/, type: string)
openai_base_url: https://api.openai.com/v1/
# Deprecated: use --ai-gateway-anthropic-base-url or
# CODER_AI_GATEWAY_ANTHROPIC_BASE_URL instead. The base URL of the Anthropic API.
# (default: https://api.anthropic.com/, type: string)
anthropic_base_url: https://api.anthropic.com/
# Deprecated: use --ai-gateway-bedrock-base-url or
# CODER_AI_GATEWAY_BEDROCK_BASE_URL instead. The base URL to use for the AWS
# Bedrock API. Use this setting to specify an exact URL to use. Takes precedence
# over CODER_AIBRIDGE_BEDROCK_REGION.
# (default: <unset>, type: string)
bedrock_base_url: ""
# Deprecated: use --ai-gateway-bedrock-region or CODER_AI_GATEWAY_BEDROCK_REGION
# instead. The AWS Bedrock API region to use. Constructs a base URL to use for the
# AWS Bedrock API in the form of 'https://bedrock-runtime.<region>.amazonaws.com'.
# (default: <unset>, type: string)
bedrock_region: ""
# Deprecated: use --ai-gateway-bedrock-model or CODER_AI_GATEWAY_BEDROCK_MODEL
# instead. The model to use when making requests to the AWS Bedrock API.
# (default: global.anthropic.claude-sonnet-4-5-20250929-v1:0, type: string)
bedrock_model: global.anthropic.claude-sonnet-4-5-20250929-v1:0
# Deprecated: use --ai-gateway-bedrock-small-fastmodel or
# CODER_AI_GATEWAY_BEDROCK_SMALL_FAST_MODEL instead. The small fast model to use
# when making requests to the AWS Bedrock API. Claude Code uses Haiku-class models
# to perform background tasks. See
# https://docs.claude.com/en/docs/claude-code/settings#environment-variables.
# (default: global.anthropic.claude-haiku-4-5-20251001-v1:0, type: string)
bedrock_small_fast_model: global.anthropic.claude-haiku-4-5-20251001-v1:0
# Deprecated: Injected MCP in AI Gateway is deprecated and will be removed in a
# future release. This option is an alias for --ai-gateway-inject-coder-mcp-tools.
# (default: false, type: bool)
inject_coder_mcp_tools: false
# Deprecated: use --ai-gateway-retention or CODER_AI_GATEWAY_RETENTION instead.
# Length of time to retain data such as interceptions and all related records
# (token, prompt, tool use).
# (default: 60d, type: duration)
retention: 1440h0m0s
# Deprecated: use --ai-gateway-max-concurrency or CODER_AI_GATEWAY_MAX_CONCURRENCY
# instead. Maximum number of concurrent AI Bridge requests per replica. Set to 0
# to disable (unlimited).
# (default: 0, type: int)
max_concurrency: 0
# Deprecated: use --ai-gateway-rate-limit or CODER_AI_GATEWAY_RATE_LIMIT instead.
# Maximum number of AI Bridge requests per second per replica. Set to 0 to disable
# (unlimited).
# (default: 0, type: int)
rate_limit: 0
# Deprecated: use --ai-gateway-structured-logging or
# CODER_AI_GATEWAY_STRUCTURED_LOGGING instead. Emit structured logs for AI Bridge
# interception records. Use this for exporting these records to external SIEM or
# observability systems.
# (default: false, type: bool)
structured_logging: false
# Deprecated: use --ai-gateway-send-actor-headers or
# CODER_AI_GATEWAY_SEND_ACTOR_HEADERS instead. Once enabled, extra headers will be
# added to upstream requests to identify the user (actor) making requests to AI
# Bridge. This is only needed if you are using a proxy between AI Bridge and an
# upstream AI provider. This will send X-Ai-Bridge-Actor-Id (the ID of the user
# making the request) and X-Ai-Bridge-Actor-Metadata-Username (their username).
# (default: false, type: bool)
send_actor_headers: false
# Deprecated: use --ai-gateway-allow-byok or CODER_AI_GATEWAY_ALLOW_BYOK instead.
# Allow users to provide their own LLM API keys or subscriptions. When disabled,
# only centralized key authentication is permitted.
# (default: true, type: bool)
allow_byok: true
# Deprecated: use --ai-gateway-circuit-breaker-enabled or
# CODER_AI_GATEWAY_CIRCUIT_BREAKER_ENABLED instead. Enable the circuit breaker to
# protect against cascading failures from upstream AI provider overload (503,
# 529).
# (default: false, type: bool)
circuit_breaker_enabled: false
# Deprecated: use --ai-gateway-circuit-breaker-failure-threshold or
# CODER_AI_GATEWAY_CIRCUIT_BREAKER_FAILURE_THRESHOLD instead. Number of
# consecutive failures that triggers the circuit breaker to open.
# (default: 5, type: int)
circuit_breaker_failure_threshold: 5
# Deprecated: use --ai-gateway-circuit-breaker-interval or
# CODER_AI_GATEWAY_CIRCUIT_BREAKER_INTERVAL instead. Cyclic period of the closed
# state for clearing internal failure counts.
# (default: 10s, type: duration)
circuit_breaker_interval: 10s
# Deprecated: use --ai-gateway-circuit-breaker-timeout or
# CODER_AI_GATEWAY_CIRCUIT_BREAKER_TIMEOUT instead. How long the circuit breaker
# stays open before transitioning to half-open state.
# (default: 30s, type: duration)
circuit_breaker_timeout: 30s
# Deprecated: use --ai-gateway-circuit-breaker-max-requests or
# CODER_AI_GATEWAY_CIRCUIT_BREAKER_MAX_REQUESTS instead. Maximum number of
# requests allowed in half-open state before deciding to close or re-open the
# circuit.
# (default: 3, type: int)
circuit_breaker_max_requests: 3
ai_gateway:
# Whether to start an in-memory AI Gateway instance.
# (default: false, type: bool)
enabled: false
# The base URL of the OpenAI API.
# (default: https://api.openai.com/v1/, type: string)
openai_base_url: https://api.openai.com/v1/
# The base URL of the Anthropic API.
# (default: https://api.anthropic.com/, type: string)
anthropic_base_url: https://api.anthropic.com/
# The base URL to use for the AWS Bedrock API. Use this setting to specify an
# exact URL to use. Takes precedence over CODER_AI_GATEWAY_BEDROCK_REGION.
# (default: <unset>, type: string)
bedrock_base_url: ""
# The AWS Bedrock API region to use. Constructs a base URL to use for the AWS
# Bedrock API in the form of 'https://bedrock-runtime.<region>.amazonaws.com'.
# (default: <unset>, type: string)
bedrock_region: ""
# The model to use when making requests to the AWS Bedrock API.
# (default: global.anthropic.claude-sonnet-4-5-20250929-v1:0, type: string)
bedrock_model: global.anthropic.claude-sonnet-4-5-20250929-v1:0
# The small fast model to use when making requests to the AWS Bedrock API. Claude
# Code uses Haiku-class models to perform background tasks. See
# https://docs.claude.com/en/docs/claude-code/settings#environment-variables.
# (default: global.anthropic.claude-haiku-4-5-20251001-v1:0, type: string)
bedrock_small_fast_model: global.anthropic.claude-haiku-4-5-20251001-v1:0
# Deprecated: Injected MCP in AI Gateway is deprecated and will be removed in a
# future release. Whether to inject Coder's MCP tools into intercepted AI Gateway
# requests (requires the "oauth2" and "mcp-server-http" experiments to be
# enabled).
# (default: false, type: bool)
inject_coder_mcp_tools: false
# Length of time to retain data such as interceptions and all related records
# (token, prompt, tool use).
# (default: 60d, type: duration)
retention: 1440h0m0s
# Maximum number of concurrent AI Gateway requests per replica. Set to 0 to
# disable (unlimited).
# (default: 0, type: int)
max_concurrency: 0
# Maximum number of AI Gateway requests per second per replica. Set to 0 to
# disable (unlimited).
# (default: 0, type: int)
rate_limit: 0
# Emit structured logs for AI Gateway interception records. Use this for exporting
# these records to external SIEM or observability systems.
# (default: false, type: bool)
structured_logging: false
# Once enabled, extra headers will be added to upstream requests to identify the
# user (actor) making requests to AI Gateway. This is only needed if you are using
# a proxy between AI Gateway and an upstream AI provider. This will send
# X-Ai-Bridge-Actor-Id (the ID of the user making the request) and
# X-Ai-Bridge-Actor-Metadata-Username (their username).
# (default: false, type: bool)
send_actor_headers: false
# Allow users to provide their own LLM API keys or subscriptions. When disabled,
# only centralized key authentication is permitted.
# (default: true, type: bool)
allow_byok: true
# Enable the circuit breaker to protect against cascading failures from upstream
# AI provider overload (503, 529).
# (default: false, type: bool)
circuit_breaker_enabled: false
# Number of consecutive failures that triggers the circuit breaker to open.
# (default: 5, type: int)
circuit_breaker_failure_threshold: 5
# Cyclic period of the closed state for clearing internal failure counts.
# (default: 10s, type: duration)
circuit_breaker_interval: 10s
# How long the circuit breaker stays open before transitioning to half-open state.
# (default: 30s, type: duration)
circuit_breaker_timeout: 30s
# Maximum number of requests allowed in half-open state before deciding to close
# or re-open the circuit.
# (default: 3, type: int)
circuit_breaker_max_requests: 3
# Determines the effective group when a user belongs to multiple groups with AI
# budgets. "highest" selects the group with the largest spend limit, and is
# currently the only supported value.
# (default: highest, type: enum[highest])
budget_policy: highest
# Determines when accumulated AI spend resets to zero, aligned to UTC calendar
# boundaries. Only "month" is currently supported.
# (default: month, type: enum[month])
budget_period: month
aibridgeproxy:
# Deprecated: use --ai-gateway-proxy-enabled or CODER_AI_GATEWAY_PROXY_ENABLED
# instead. Enable the AI Bridge MITM Proxy for intercepting and decrypting AI
# provider requests.
# (default: false, type: bool)
enabled: false
# Deprecated: use --ai-gateway-proxy-listen-addr or
# CODER_AI_GATEWAY_PROXY_LISTEN_ADDR instead. The address the AI Bridge Proxy will
# listen on.
# (default: :8888, type: string)
listen_addr: :8888
# Deprecated: use --ai-gateway-proxy-tls-cert-file or
# CODER_AI_GATEWAY_PROXY_TLS_CERT_FILE instead. Path to the TLS certificate file
# for the AI Bridge Proxy listener. Must be set together with AI Bridge Proxy TLS
# Key File.
# (default: <unset>, type: string)
tls_cert_file: ""
# Deprecated: use --ai-gateway-proxy-tls-key-file or
# CODER_AI_GATEWAY_PROXY_TLS_KEY_FILE instead. Path to the TLS private key file
# for the AI Bridge Proxy listener. Must be set together with AI Bridge Proxy TLS
# Certificate File.
# (default: <unset>, type: string)
tls_key_file: ""
# Deprecated: use --ai-gateway-proxy-cert-file or CODER_AI_GATEWAY_PROXY_CERT_FILE
# instead. Path to the CA certificate file used to intercept (MITM) HTTPS traffic
# from AI clients. This CA must be trusted by AI clients for the proxy to decrypt
# their requests.
# (default: <unset>, type: string)
cert_file: ""
# Deprecated: use --ai-gateway-proxy-key-file or CODER_AI_GATEWAY_PROXY_KEY_FILE
# instead. Path to the CA private key file used to intercept (MITM) HTTPS traffic
# from AI clients.
# (default: <unset>, type: string)
key_file: ""
# Deprecated: This value is now derived automatically from the configured AI
# providers' base URLs. Setting this value has no effect. This option will be
# removed in a future release.
# (default: <unset>, type: string-array)
domain_allowlist: []
# Deprecated: use --ai-gateway-proxy-upstream or CODER_AI_GATEWAY_PROXY_UPSTREAM
# instead. URL of an upstream HTTP proxy to chain tunneled (non-allowlisted)
# requests through. Format: http://[user:pass@]host:port or
# https://[user:pass@]host:port.
# (default: <unset>, type: string)
upstream_proxy: ""
# Deprecated: use --ai-gateway-proxy-upstream-ca or
# CODER_AI_GATEWAY_PROXY_UPSTREAM_CA instead. Path to a PEM-encoded CA certificate
# to trust for the upstream proxy's TLS connection. Only needed for HTTPS upstream
# proxies with certificates not trusted by the system. If not provided, the system
# certificate pool is used.
# (default: <unset>, type: string)
upstream_proxy_ca: ""
# Deprecated: use --ai-gateway-proxy-allowed-private-cidrs or
# CODER_AI_GATEWAY_PROXY_ALLOWED_PRIVATE_CIDRS instead. Comma-separated list of
# CIDR ranges that are permitted even though they fall within blocked
# private/reserved IP ranges. By default all private ranges are blocked to prevent
# SSRF attacks. Use this to allow access to specific internal networks.
# (default: <unset>, type: string-array)
allowed_private_cidrs: []
# Deprecated: use --ai-gateway-proxy-dump-dir or CODER_AI_GATEWAY_PROXY_DUMP_DIR
# instead. Directory for dumping MITM request/response pairs to disk for
# debugging. When set, each proxied request produces .req.txt and .resp.txt files
# organized by provider. Sensitive headers are redacted. Leave empty to disable.
# (default: <unset>, type: string)
api_dump_dir: ""
ai_gateway_proxy:
# Enable the AI Gateway MITM Proxy for intercepting and decrypting AI provider
# requests.
# (default: false, type: bool)
enabled: false
# The address the AI Gateway Proxy will listen on.
# (default: :8888, type: string)
listen_addr: :8888
# Path to the TLS certificate file for the AI Gateway Proxy listener. Must be set
# together with AI Gateway Proxy TLS Key File.
# (default: <unset>, type: string)
tls_cert_file: ""
# Path to the TLS private key file for the AI Gateway Proxy listener. Must be set
# together with AI Gateway Proxy TLS Certificate File.
# (default: <unset>, type: string)
tls_key_file: ""
# Path to the CA certificate file used to intercept (MITM) HTTPS traffic from AI
# clients. This CA must be trusted by AI clients for the proxy to decrypt their
# requests.
# (default: <unset>, type: string)
cert_file: ""
# Path to the CA private key file used to intercept (MITM) HTTPS traffic from AI
# clients.
# (default: <unset>, type: string)
key_file: ""
# Deprecated: This value is now derived automatically from the configured AI
# Gateway providers' base URLs. Setting this value has no effect. This option will
# be removed in a future release.
# (default: <unset>, type: string-array)
domain_allowlist: []
# URL of an upstream HTTP proxy to chain tunneled (non-allowlisted) requests
# through. Format: http://[user:pass@]host:port or https://[user:pass@]host:port.
# (default: <unset>, type: string)
upstream_proxy: ""
# Path to a PEM-encoded CA certificate to trust for the upstream proxy's TLS
# connection. Only needed for HTTPS upstream proxies with certificates not trusted
# by the system. If not provided, the system certificate pool is used.
# (default: <unset>, type: string)
upstream_proxy_ca: ""
# Comma-separated list of CIDR ranges that are permitted even though they fall
# within blocked private/reserved IP ranges. By default all private ranges are
# blocked to prevent SSRF attacks. Use this to allow access to specific internal
# networks.
# (default: <unset>, type: string-array)
allowed_private_cidrs: []
# Directory for dumping MITM request/response pairs to disk for debugging. When
# set, each proxied request produces .req.txt and .resp.txt files organized by
# provider. Sensitive headers are redacted. Leave empty to disable.
# (default: <unset>, type: string)
api_dump_dir: ""
# Configure data retention policies for various database tables. Retention
# policies automatically purge old data to reduce database size and improve
# performance. Setting a retention duration to 0 disables automatic purging for
# that data type.
retention:
# How long audit log entries are retained. Set to 0 to disable (keep
# indefinitely). We advise keeping audit logs for at least a year, and in
# accordance with your compliance requirements.
# (default: 0, type: duration)
audit_logs: 0s
# How long connection log entries are retained. Set to 0 to disable (keep
# indefinitely).
# (default: 0, type: duration)
connection_logs: 0s
# How long expired API keys are retained before being deleted. Keeping expired
# keys allows the backend to return a more helpful error when a user tries to use
# an expired key. Set to 0 to disable automatic deletion of expired keys.
# (default: 7d, type: duration)
api_keys: 168h0m0s
# How long workspace agent logs are retained. Logs from non-latest builds are
# deleted if the agent hasn't connected within this period. Logs from the latest
# build are always retained. Set to 0 to disable automatic deletion.
# (default: 7d, type: duration)
workspace_agent_logs: 168h0m0s
templateBuilder:
# Disable the template builder feature for guided template creation. When
# disabled, all /api/v2/templatebuilder/* endpoints return 404.
# (default: <unset>, type: bool)
disabled: false
# The base URL of the module registry used by the template builder for module
# source paths.
# (default: https://registry.coder.com, type: string)
registryURL: https://registry.coder.com
Reference in New Issue View Git Blame Copy Permalink