Skip to content

docs(config): document missing admin-configurable config keys #59911

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
miaulalala wants to merge 1 commit into
base: master
Choose a base branch
from
+162 −0
Open

docs(config): document missing admin-configurable config keys #59911

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
162 changes: 162 additions & 0 deletions config/config.sample.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -303,6 +303,34 @@
*/
'allow_user_to_change_display_name' => true,

/**
* ``true`` allows users to change their email address (on their Personal
* pages), and ``false`` prevents them from changing their email address.
* Falls back to ``allow_user_to_change_display_name`` if not set.
*
* Defaults to ``true``
*/
'allow_user_to_change_email' => true,

/**
* ``true`` allows users to create app passwords (tokens) in their personal
* security settings. Set to ``false`` to prevent users from generating app
* passwords, for example when SSO is enforced and app passwords would
* bypass it.
*
* Defaults to ``true``
*/
'auth_can_create_app_token' => true,

/**
* Validity period (in seconds) for one-time authentication tokens, such as
* those used for email-based login or share link authentication.
* The minimum value is ``120``.
*
* Defaults to ``120``
*/
'auth_onetime_token_validity' => 120,

/**
* The directory where the skeleton files are located. These files will be
* copied to the data directory of new users. Set empty string to not copy any
Expand Down Expand Up @@ -408,6 +436,30 @@
*/
'token_auth_enforced' => false,

/**
* Enforce two-factor authentication for all users, or for members of specific
* groups. Managed via ``occ twofactorauth:enforce``.
*
* Defaults to ``'false'`` (stored as string)
*/
'twofactor_enforced' => 'false',

/**
* When ``twofactor_enforced`` is ``'true'``, restrict enforcement to these
* groups. All other users are not affected. Empty array enforces for all users.
*
* Defaults to ``[]``
*/
'twofactor_enforced_groups' => [],

/**
* Exclude specific groups from two-factor authentication enforcement.
* Only relevant when ``twofactor_enforced`` is ``'true'``.
*
* Defaults to ``[]``
*/
'twofactor_enforced_excluded_groups' => [],

/**
* The interval at which token activity should be updated.
* Increasing this value means that the last activity on the security page gets
Expand Down Expand Up @@ -827,6 +879,16 @@
*/
'allow_local_remote_servers' => true,

/**
* Enable DNS pinning for outbound HTTP requests. When enabled, Nextcloud
* resolves the hostname of a request target once and rejects the connection
* if the resolved IP changes during the request. This prevents DNS rebinding
* attacks at the cost of slightly increased latency on the first request.
*
* Defaults to ``true``
*/
'dns_pinning' => true,

/**
* Add the URL of the Nextcloud server in User-Agent headers HTTP calls.
*
Expand Down Expand Up @@ -1327,6 +1389,15 @@
'customclient_fdroid'
=> 'https://f-droid.org/packages/com.nextcloud.client/',

/**
* URL shown as a sign-up / registration link on the login page. Set to a
* custom URL to point users to your own registration flow.
* Set to empty string ``''`` to hide the link entirely.
*
* Defaults to ``'https://nextcloud.com/register'``
*/
'registration_link' => 'https://nextcloud.com/register',

/**
* Activity
*
Expand Down Expand Up @@ -1385,13 +1456,40 @@
*/
'defaultapp' => 'dashboard,files',

/**
* Interval (in seconds) at which sync clients poll the server for changes.
* Lowering this value increases server load; increasing it reduces update
* frequency for connected clients.
*
* Defaults to ``60``
*/
'pollinterval' => 60,

/**
* WebDAV root path exposed to clients. Override this only if you are serving
* Nextcloud under a custom path prefix or need a non-standard WebDAV URL.
*
* Defaults to ``'remote.php/webdav'``
*/
'webdav-root' => 'remote.php/webdav',
Copy link
Copy Markdown
Contributor

@come-nc come-nc Apr 27, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

the only use I can find is in CoreCapabilities, does this actually have any effect?


/**
* When enabled, admins may install apps from the Nextcloud app store.
*
* Defaults to ``true``
*/
'appstoreenabled' => true,

/**
* Allow installing apps that declare a maximum version requirement lower than
* the current Nextcloud version. List the app IDs to override.
*
* Use with care: apps may be incompatible with the current server version.
*
* Defaults to ``[]``
*/
Comment on lines +1483 to +1490
Copy link
Copy Markdown
Contributor

@come-nc come-nc Apr 27, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe it should be noted that applications enabled with app:enable --force end up in there?

'app_install_overwrite' => [],

/**
* Enables the installation of apps from a self-hosted apps store.
* Requires that at least one of the configured apps directories is writable.
Expand Down Expand Up @@ -1444,6 +1542,14 @@
*
* Defaults to ``true``
*/
/**
* ``true`` enables avatar support. Set to ``false`` to disable avatars
* server-wide, which also removes the avatar section from personal settings.
*
* Defaults to ``true``
*/
'enable_avatars' => true,

'enable_previews' => true,

/**
Expand Down Expand Up @@ -1540,6 +1646,18 @@
*/
'preview_imaginary_url' => 'http://previews_hpb:8088/',

/**
* Image format used when generating preview thumbnails via the Imaginary
* service. Applies only when ``preview_imaginary_url`` is configured.
* Accepted values: ``jpeg``, ``webp``, ``png``.
*
* ``webp`` produces smaller files at comparable quality. ``jpeg`` has the
* broadest client compatibility.
*
* Defaults to ``'jpeg'``
*/
'preview_format' => 'jpeg',

/**
* If you want to set an API key for Imaginary.
*/
Expand Down Expand Up @@ -2593,6 +2711,16 @@
* Defaults to ``3600`` seconds (1 hour) or the PHP ``max_execution_time``,
* whichever is higher.
*/
/**
* Enable transactional file locking. This prevents simultaneous processes
* from writing to the same files, which can cause data corruption.
* Disabling this is strongly discouraged unless you are using an external
* file locking provider.
*
* Defaults to ``true``
*/
'filelocking.enabled' => true,

'filelocking.ttl' => 60 * 60,
Comment on lines +2714 to 2724
Copy link
Copy Markdown
Contributor

@come-nc come-nc Apr 27, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same issue


/**
Expand Down Expand Up @@ -2980,4 +3108,38 @@
* Defaults to ``0``.
*/
'preview_expiration_days' => 0,

/**
* Set server-wide default values for user config keys managed by the Config
* Lexicon. These defaults are used when the user has not explicitly set a value.
* The structure mirrors the app config lexicon: ``appId => [ configKey => value ]``.
*
* Example::
*
* 'lexicon.default.userconfig' => [
* 'files' => [
* 'show_hidden' => 'false',
* ],
* ],
*
* Defaults to ``[]``
*/
'lexicon.default.userconfig' => [],

/**
* Enforce server-wide values for user config keys managed by the Config
* Lexicon. Users cannot override enforced values. The structure is the same
* as ``lexicon.default.userconfig``.
*
* Example::
*
* 'lexicon.default.userconfig.enforced' => [
* 'files' => [
* 'show_hidden' => 'false',
* ],
* ],
*
* Defaults to ``[]``
*/
'lexicon.default.userconfig.enforced' => [],
];
Loading