# Configuration Options Windshift is configured through CLI flags and environment variables. Flags take precedence over environment variables. ## Server | Flag | Env Var | Default | Description | |------|---------|---------|-------------| | `--port`, `-p` | `PORT` | `8080` | HTTP server port | | `--use-proxy` | `USE_PROXY` | `false` | Trust X-Forwarded-Proto headers | | `--allowed-hosts` | `ALLOWED_HOSTS` | - | Comma-separated allowed hostnames | | `--base-url` | `BASE_URL` | - | Public URL for generating links in emails, SSO redirects, and calendar feeds | | `--allowed-port` | - | - | Port for CORS and WebAuthn origin | | `--additional-proxies` | `ADDITIONAL_PROXIES` | - | Additional trusted proxy IP addresses | | `--no-csrf` | - | `false` | Disable CSRF protection (development only) | ## Database | Flag | Env Var | Default | Description | |------|---------|---------|-------------| | `--db` | `DB_PATH` | `windshift.db` | SQLite database file path | | `--postgres-connection-string` | `POSTGRES_CONNECTION_STRING` | - | PostgreSQL connection string | | `--pg-conn` | - | - | Short alias for `--postgres-connection-string` | | - | `DB_TYPE` | - | Database type override | | `--max-read-conns` | `MAX_READ_CONNS` | `120` | Max SQLite read connections | | `--max-write-conns` | `MAX_WRITE_CONNS` | `1` | Max SQLite write connections | ## Files & Attachments | Flag | Env Var | Default | Description | |------|---------|---------|-------------| | `--attachment-path` | `ATTACHMENT_PATH` | - | Path for file attachments storage | ## TLS | Flag | Env Var | Default | Description | |------|---------|---------|-------------| | `--tls-cert` | - | - | Path to TLS certificate file | | `--tls-key` | - | - | Path to TLS private key file | ## SSH / TUI | Flag | Env Var | Default | Description | |------|---------|---------|-------------| | `--ssh` | `SSH_ENABLED` | `false` | Enable SSH TUI server | | `--ssh-port` | `SSH_PORT` | `23234` | SSH server port | | `--ssh-host` | `SSH_HOST` | `localhost` | SSH server bind address | | `--ssh-key` | - | - | Path to SSH host key file | ## Logging | Flag | Env Var | Default | Description | |------|---------|---------|-------------| | `--log-level` | `LOG_LEVEL` | `info` | Log level: debug, info, warn, error | | `--log-format` | `LOG_FORMAT` | `text` | Log format: text, json, logfmt | ## Plugins | Flag | Env Var | Default | Description | |------|---------|---------|-------------| | `--disable-plugins` | `DISABLE_PLUGINS` | `false` | Disable the plugin system | ## Authentication | Flag | Env Var | Default | Description | |------|---------|---------|-------------| | `--enable-fallback` | `ENABLE_ADMIN_FALLBACK` | `false` | Enable admin password fallback for restrictive auth setups | ## AI / LLM | Flag | Env Var | Default | Description | |------|---------|---------|-------------| | `--llm-providers` | `LLM_PROVIDERS_FILE` | - | Path to custom LLM providers JSON file | | - | `LLM_ENDPOINT` | - | LLM inference service endpoint | | - | `LOGBOOK_ENDPOINT` | - | Logbook (knowledge management) service endpoint | ## Examples ### Minimal (SQLite) ```bash ./windshift --port 3000 --db /data/windshift.db ``` ### Production (PostgreSQL + Proxy) ```bash ./windshift \ --port 8080 \ --postgres-connection-string "postgres://windshift:secret@db:5432/windshift?sslmode=require" \ --use-proxy \ --allowed-hosts windshift.example.com \ --base-url https://windshift.example.com \ --attachment-path /data/attachments \ --log-level info \ --log-format json ``` ### Development ```bash ./windshift \ --port 8080 \ --db dev.db \ --log-level debug \ --no-csrf ```