4.4 KiB
4.4 KiB
Settings Matrix (Admin + Personal)
This file tracks whether each visible setting is active, what it controls, and where it is enforced.
Admin Settings
| Setting | Status | Effective Scope | Notes |
|---|---|---|---|
| Broker Base URL | Active | Nextcloud app + broker API calls | Required for most admin/user API actions. |
| Broker Internal API Token | Active | Broker internal API auth | Must match broker env BROKER_INTERNAL_API_TOKEN. |
| External Auth Base URL | Active | Broker runtime/env | Used by broker to call external-auth. |
| External Auth App ID / Secret | Active | Broker runtime/env | Required for broker-authenticated daemon calls. |
| External Auth Docs URL | Informational | Admin UI only | Convenience link/reference, not runtime behavior. |
| External Auth Node URL | Active | External-auth daemon runtime/env | Used by daemon for node API/render calls. |
| External Auth Node API Key | Active | External-auth daemon runtime/env | Required when node enforces X-API-KEY. |
| External Auth Node API Key Mode | Simplified Active | External-auth daemon runtime/env | UI now enforces paths only. |
| External Auth Node API Key Paths | Active | External-auth daemon runtime/env | / sends API key for all node paths. |
| OIDC Issuer URL | Active | OIDC provider setup | Used in generated/applied user_oidc setup. |
| OIDC Client ID / Secret | Active | OIDC provider setup | Used in generated/applied user_oidc setup. |
| Policy Mode Override | Active | Broker OIDC policy | Admin override persisted in app settings. |
| Guard Override | Active | Broker OIDC policy | Admin override persisted in app settings. |
| Invite TTL Override | Active | Broker OIDC policy | Admin override persisted in app settings. |
| Redirect Allowlist Override | Active | Broker OIDC policy | Admin override persisted in app settings. |
| Nextcloud Public URL | Active | Setup helper + UI links | Used for setup plan and links. |
| Qortal Node URL | Active | Q-Apps render + node calls | Used by gateway proxy and node API usage. |
| Qortal Node API Key | Active | Node API calls + runtime fallback | Used directly for node calls; also runtime fallback for external-auth key sync. |
| Qortal Gateway URL | Active | Gateway proxy fallback | Used when direct node URL is not used. |
| Allow Insecure Gateway TLS | Active | Gateway proxy/node client | Disables TLS verification when enabled. |
| Feature QDN Backups toggle | Active | UI flow gating | Enables/disables QDN backup workflow surfaces. |
| Feature Q-Mail toggle | Active | UI flow gating | Enables/disables Q-Mail workflow surfaces. |
| Q-Apps Enabled | Active | App menu + Q-Apps UI | Controls Q-Apps availability. |
| Q-Apps Full Browser Enabled | Active | Q-Apps UI | Enables full browser launch card. |
| Q-Apps Full Browser Address | Active | Q-Apps UI | Default address for browser mode. |
| Q-Apps Debug Enabled | Active | Q-Apps UI | Enables debug panel by default. |
| Q-Apps List | Active | App menu + Q-Apps page | Approved app registry. |
Personal/User Settings
| Setting | Status | Effective Scope | Notes |
|---|---|---|---|
| Default Approval Policy | Active | Q-Apps approval modal defaults | Used to preselect approval behavior. |
| Default X Minutes | Active | Q-Apps approval modal defaults | Used with temporary type approval mode. |
| Default unlock for 10 min | Active | Q-Apps approval modal defaults | Prechecks unlock TTL option when wallet is locked. |
| Default keep unlocked for 20 min | Active | Unlock modal defaults | Prechecks unlock session duration option. |
| Persisted approval rules list | Active | Q-Apps permission management | Reads/stores per-user rule snapshots and revoke actions. |
Removed/Simplified Controls
External Auth Node API Key Mode=autowas removed from the Admin UI.- Reason: behavior was ambiguous and caused operator confusion.
- Current behavior: Admin UI enforces
pathsmode and defaults path list to/.
Operational Note
For bundled/containerized external-auth, node API key should still be set in .env.devprod as:
QORTAL_AUTH_NODE_API_KEY=...QORTAL_AUTH_NODE_API_KEY_MODE=pathsQORTAL_AUTH_NODE_API_KEY_PATHS=/
The Admin UI runtime sync is best-effort and should be treated as a convenience override, not the primary source of truth for container restarts.
Broker internal API token should also be set in env for containerized setups:
BROKER_INTERNAL_API_TOKEN=...- Optional:
BROKER_CORS_ALLOWED_ORIGINS=https://your-nextcloud-domain