Complete configuration
Configuration options
You can look current settings with the following command:
interdiode-ctl configuration show
Here is the complete list of settings:
/etc/interdiode/settings.ini
[auth]
allow_basic_auth = true
# Allow HTTP basic auth using the local user database ('true'/'false').
create_users = true
# Allow users to create their account themselves ('true'/'false').
group_readonly_attributes =
# Comma-separated list of group attributes that user cannot change.
# Add "username" to disable manual group creation, "permissions" to disallow permissions changes.
#
local_users = true
# Activate the local user database ('true'/'false').
remote_user_groups = Users
# Comma-separated list of group names, for new users that are automatically created when authenticated by remote_user_header. Missing groups are automatically created.
remote_user_header =
# Set it if the reverse-proxy authenticates users, a common value is "HTTP_REMOTE_USER". Note: the HTTP_ prefix is automatically added, just set REMOTE_USER in the reverse-proxy configuration.
use_authorization_token = true
# Allow users to authenticate with their API token ('true'/'false').
user_readonly_attributes =
# comma-separated list of user attributes that user cannot change.
# Add "username" to disable manual user creation, "password" to disallow password changes.
# Other attributes are "is_active,is_superuser,groups,user_permissions,first_name,last_name,
# email,black_username,black_email"
validate_new_users = true
# Require new users to be validated by an administrator ('true'/'false').
[database]
db_url = postgres://username:password@localhost:5432/database
# URL of the database: (postgresql|mysql)://user:password@host:port/database
[email]
email_url =
# SMTP server for sending admin emails.
# smtp+tls://account@example.com:password@smtp.example.com:587/
from = webmaster@localhost
# Sender address displayed
[global]
admin_email = admin@localhost
# e-mail address for receiving logged errors
daily_upkeep = true
# Activate the launch of daily upkeep tasks ('true'/'false').
data = ./django_data
# Directory where all data will be stored (uploaded or temporary files, …). If you change it, you must run the 'interdiode-ctl configuration apply' command again.
html_title = InterDiode
# displayed title
http_proxy =
# HTTP proxy for all HTTP requests, like [user:passwd@]proxy.server:port
language_code = fr
# default to fr_FR
listen_address = localhost:8000
# Address listen by your web server (like 127.0.0.1:8000 or :8000).
log_directory = django_data/log/
# Write all local logs to this directory.
log_level =
# Log level (one of 'debug', 'info', 'warn', 'error' or 'critical'). Valid choices: "debug", "info", "warn", "error", "critical"
log_remote_access = true
# If true, log of HTTP connections are also sent to syslog/logd ('true'/'false')..
log_remote_url =
# Send logs to a syslog service.
# Examples: syslog+tcp://localhost:514/user, syslog:///local7 or syslog:///dev/log/daemon.
log_sentry_dsn =
# Sentry DSN (see https://sentry.io/) used for reporting errors.
log_slow_query_duration_in_s = 10.0
# Log slow queries that take more than this time (in seconds).
main_storage_directory = django_data/files/
# Directory for uploaded or downloaded media.Set absolute path of the main storage directory. Use s3:http[s]://access-key:secret-key@domain.name:port/bucket for S3 storage.
max_upload_size = 10000000000
# max size of POST request, large enough for uploading files like Vagrant boxes.
mode = black
# InterDiode mode (black on internet or red on intranet). Valid choices: "black", "red"
pid_directory = django_data/run/
# Directory for PID files.
s3_region =
# S3 storage regions, when S3 storage is used for downloaded or uploaded media.
server_url = http://localhost:8000/
# Public URL of your website.
# Default to "http://{listen_address}/" but should be different if you use a reverse proxy like Apache or Nginx. Example: https://www.example.org/.
time_zone = Europe/Paris
# default to Europe/Paris
[secrets]
license = 1234567890
# Activate more functions of InterDiode.
path = gpg
# Path of the gpg binary
shared_transfer_key = secret_key
# Secret shared between black and red instances for authenticating transfers.
[sources]
chrome_path = /Users/flanker/Library/Caches/ms-playwright/chromium-1140/chrome-mac/Chromium.app/Contents/MacOS/Chromium
# Path of the 'chrome' executable.
git_allow_lfs = true
# Allow git-lfs usage when git-lfs installed ('true'/'false').
git_path = git
# Path of the 'git' executable.
hidden_css_selectors =
# When downloading HTML pages as PDFs, mark these CSS selectors (one per line) as not displayed.
kept_transfers_size = 10000000000
# Total size of finished transfers before removing data. The more reliable is your transfer method, the lower you can set this value.
prune_action_count = 100
# Number of actions to keep for each source. Older actions will be removed, assuming that data have been transfered.Deleted actions and data must also be older than the 'prune_retention' delay.
prune_retention = 30
# Retention delay (in days) before actually cleaning old data from the database.
ssh_path = ssh
# Path of the 'ssh' executable.
[ssl]
cacertsfile =
# CA certificates file
certificatefile =
# SSL certificate file
ciphers =
# SSL Cipher suite to use, in the format of an OpenSSL cipher list.
keyfile =
# SSL key file
[transfer]
chunk_size =
# size of redundancy blocks of UDP transfers
destination_ip =
# IP address of your red-side InterDiode server
destination_mac =
# MAC address of your red-side InterDiode server
destination_port = 15124
# Port number of your red-side InterDiode server
downloaded_file_analyzer =
# Dotted path of a Python function to analyze downloaded files.
end_delay = 5
# Time to wait (in seconds) between two transfers
exported_file_analyzer =
# Dotted path of a Python function to analyze exported files.
imported_file_analyzer =
# Dotted path of a Python function to analyze imported files.
keep_corrupted_imports = false
# Do not delete corrupted import data, e.g. for post-mortem analysis ('true'/'false').
keep_failed_imports = false
# Do not delete failed imports, e.g. for post-mortem analysis ('true'/'false').
keep_imports = false
# Do not delete successfully imported exports ('true'/'false').
keep_transfers = false
# Do not automatically remove hairgap transfer data ('true'/'false').
kept_transfers_count = 100
# Number of finished transfers to keep before removing data. The more reliable is your transfer method, the lower you can set this value.
mode = udp
# Transfer method: UDP, TCP or manually transfer files. Valid choices: "udp", "tcp", "file"
redundancy = 6.0
# Redundancy factor of UDP transfers
timeout_s =
# transfer timeout, in seconds of UDP transfers
transfer_path = django_data/transfers/
# Storage path for export/import operations.
verify_exported_files = true
# verify the SHA3 checksum of all exported files ('true'/'false').
verify_imported_files = true
# verify the SHA3 checksum before importing files ('true'/'false').
[twitter]
consumer_key =
# Default private consumer key
consumer_secret =
# Default private consumer secret
token_key =
# Default private token key
token_secret =
# Default private token secret
[usb]
registration_dir =
# Configuration directory for registered devices.
[workers]
processes = 2
# Number of processes for background tasks
redis_url = redis://:password@localhost:6379/1
# Redis database URL.
You can use environment variables if you prefer:
.env
ADMIN_EMAIL=admin@localhost
# e-mail address for receiving logged errors
ALLOW_LOCAL_USERS=true
# Activate the local user database ('true'/'false').
ALLOW_USER_CREATION=true
# Allow users to create their account themselves ('true'/'false').
DAILY_UPKEEP=true
# Activate the launch of daily upkeep tasks ('true'/'false').
DATABASE_URL=postgres://username:password@localhost:5432/database
# URL of the database: (postgresql|mysql)://user:password@host:port/database
DATA_ROOT=./django_data
# Directory where all data will be stored (uploaded or temporary files, …). If you change it, you must run the 'interdiode-ctl configuration apply' command again.
DEFAULT_TWITTER_ACCESS_TOKEN_KEY=''
# Default private token key
DEFAULT_TWITTER_ACCESS_TOKEN_SECRET=''
# Default private token secret
DEFAULT_TWITTER_CONSUMER_KEY=''
# Default private consumer key
DEFAULT_TWITTER_CONSUMER_SECRET=''
# Default private consumer secret
DOWNLOAD_FILE_ANALYZER=''
# Dotted path of a Python function to analyze downloaded files.
EMAIL_FROM=webmaster@localhost
# Sender address displayed
EMAIL_HOST_URL=''
# SMTP server for sending admin emails.
# smtp+tls://account@example.com:password@smtp.example.com:587/
EXPORT_FILE_ANALYZER=''
# Dotted path of a Python function to analyze exported files.
FILE_UPLOAD_MAX_MEMORY_SIZE=10000000000
# max size of POST request, large enough for uploading files like Vagrant boxes.
GIT_ALLOW_LFS=true
# Allow git-lfs usage when git-lfs installed ('true'/'false').
GIT_EXEC_PATH=git
# Path of the 'git' executable.
GNUPG_PATH=gpg
# Path of the gpg binary
GROUP_DISABLED_ATTRIBUTES=''
# Comma-separated list of group attributes that user cannot change.
# Add "username" to disable manual group creation, "permissions" to disallow permissions changes.
#
HAIRGAP_DESTINATION_IP=''
# IP address of your red-side InterDiode server
HAIRGAP_DESTINATION_MAC=''
# MAC address of your red-side InterDiode server
HAIRGAP_DESTINATION_PORT=15124
# Port number of your red-side InterDiode server
HAIRGAP_END_DELAY_S=5
# Time to wait (in seconds) between two transfers
HAIRGAP_ERROR_CHUNK_SIZE=''
# size of redundancy blocks of UDP transfers
HAIRGAP_KEEP_TRANSFERS=false
# Do not automatically remove hairgap transfer data ('true'/'false').
HAIRGAP_REDUNDANCY=6.0
# Redundancy factor of UDP transfers
HAIRGAP_TIMEOUT_S=''
# transfer timeout, in seconds of UDP transfers
HEADLESS_CHROME_PATH=/Users/flanker/Library/Caches/ms-playwright/chromium-1140/chrome-mac/Chromium.app/Contents/MacOS/Chromium
# Path of the 'chrome' executable.
HIDDEN_CSS_SELECTORS=''
# When downloading HTML pages as PDFs, mark these CSS selectors (one per line) as not displayed.
HTML_TITLE=InterDiode
# displayed title
HTTP_REMOTE_USER_HEADER=''
# Set it if the reverse-proxy authenticates users, a common value is "HTTP_REMOTE_USER". Note: the HTTP_ prefix is automatically added, just set REMOTE_USER in the reverse-proxy configuration.
HTTP_SSL_CA_CERTS=''
# CA certificates file
HTTP_SSL_CERTFILE=''
# SSL certificate file
HTTP_SSL_CIPHERS=''
# SSL Cipher suite to use, in the format of an OpenSSL cipher list.
HTTP_SSL_KEYFILE=''
# SSL key file
IMPORT_FILE_ANALYZER=''
# Dotted path of a Python function to analyze imported files.
INTERDIODE_MODE=black
# InterDiode mode (black on internet or red on intranet). Valid choices: "black", "red"
INTERDIODE_PLUGINS=''
# List of plugins
KEEP_HAIRGAP_COUNT=100
# Number of finished transfers to keep before removing data. The more reliable is your transfer method, the lower you can set this value.
KEEP_HAIRGAP_SIZE=10000000000
# Total size of finished transfers before removing data. The more reliable is your transfer method, the lower you can set this value.
KEEP_SOURCE_ACTION_COUNT=100
# Number of actions to keep for each source. Older actions will be removed, assuming that data have been transfered.Deleted actions and data must also be older than the 'prune_retention' delay.
LANGUAGE_CODE=fr
# default to fr_FR
LICENSE_KEY=1234567890
# Activate more functions of InterDiode.
LISTEN_ADDRESS=localhost:8000
# Address listen by your web server (like 127.0.0.1:8000 or :8000).
LOG_DIRECTORY=django_data/log/
# Write all local logs to this directory.
LOG_LEVEL=''
# Log level (one of 'debug', 'info', 'warn', 'error' or 'critical'). Valid choices: "debug", "info", "warn", "error", "critical"
LOG_REMOTE_ACCESS=true
# If true, log of HTTP connections are also sent to syslog/logd ('true'/'false')..
LOG_REMOTE_URL=''
# Send logs to a syslog service.
# Examples: syslog+tcp://localhost:514/user, syslog:///local7 or syslog:///dev/log/daemon.
LOG_SLOW_QUERY_DURATION_IN_S=10.0
# Log slow queries that take more than this time (in seconds).
MAIN_STORAGE_DIR=django_data/files/
# Directory for uploaded or downloaded media.Set absolute path of the main storage directory. Use s3:http[s]://access-key:secret-key@domain.name:port/bucket for S3 storage.
PURGE_RETENTION_DAYS=30
# Retention delay (in days) before actually cleaning old data from the database.
REDIS_URL=redis://:password@localhost:6379/1
# Redis database URL.
REMOTE_USER_DEFAULT_GROUPS=Users
# Comma-separated list of group names, for new users that are automatically created when authenticated by remote_user_header. Missing groups are automatically created.
REQUIRE_NEW_USER_VALIDATION=true
# Require new users to be validated by an administrator ('true'/'false').
RUN_DATA_DIR=django_data/run/
# Directory for PID files.
S3_REGION=''
# S3 storage regions, when S3 storage is used for downloaded or uploaded media.
SENTRY_DSN=''
# Sentry DSN (see https://sentry.io/) used for reporting errors.
SERVER_BASE_URL=http://localhost:8000/
# Public URL of your website.
# Default to "http://{listen_address}/" but should be different if you use a reverse proxy like Apache or Nginx. Example: https://www.example.org/.
SHARED_TRANSFER_KEY=secret_key
# Secret shared between black and red instances for authenticating transfers.
SSH_PATH=ssh
# Path of the 'ssh' executable.
TIME_ZONE=Europe/Paris
# default to Europe/Paris
TRANSFER_DIR=django_data/transfers/
# Storage path for export/import operations.
TRANSFER_EXPORT_CHECKSUMS=true
# verify the SHA3 checksum of all exported files ('true'/'false').
TRANSFER_IMPORT_CHECKSUMS=true
# verify the SHA3 checksum before importing files ('true'/'false').
TRANSFER_KEEP_CORRUPTED_IMPORTS=false
# Do not delete corrupted import data, e.g. for post-mortem analysis ('true'/'false').
TRANSFER_KEEP_FAILED_IMPORTS=false
# Do not delete failed imports, e.g. for post-mortem analysis ('true'/'false').
TRANSFER_KEEP_IMPORTS=false
# Do not delete successfully imported exports ('true'/'false').
TRANSFER_MODE=udp
# Transfer method: UDP, TCP or manually transfer files. Valid choices: "udp", "tcp", "file"
USB_SOURCE_CONFIG_DIR=''
# Configuration directory for registered devices.
USER_DISABLED_ATTRIBUTES=''
# comma-separated list of user attributes that user cannot change.
# Add "username" to disable manual user creation, "password" to disallow password changes.
# Other attributes are "is_active,is_superuser,groups,user_permissions,first_name,last_name,
# email,black_username,black_email"
USE_AUTHORIZATION_TOKEN=true
# Allow users to authenticate with their API token ('true'/'false').
USE_HTTP_BASIC_AUTH=true
# Allow HTTP basic auth using the local user database ('true'/'false').
WORKER_PROCESSES=2
# Number of processes for background tasks
http_proxy=''
# HTTP proxy for all HTTP requests, like [user:passwd@]proxy.server:port