NotAShelf/watchdog
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
watchdog/docs/configuration.md
NotAShelf 531aafb094
 docs: document configuration behaviour; notes on environment vars 
Signed-off-by: NotAShelf <raf@notashelf.dev>
Change-Id: I071c766ba98ed03e0b10928c25af0d0b6a6a6964
2026-03-02 22:38:30 +03:00

237 lines
5 KiB
Markdown
Raw Blame History

# Configuration
Watchdog supports multiple configuration sources with the following precedence
(highest to lowest):
1. **Command-line flags**
2. **Environment variables**
3. **Configuration file**
4. **Defaults**
## Configuration File
The primary configuration method is via YAML file. By default, Watchdog looks
for:
- `./config.yaml` (current directory)
- `/etc/watchdog/config.yaml` (system-wide)
Specify a custom location:
```bash
# Provide your configuration YAML file with --config
$ watchdog --config /path/to/config.yaml
```
See [config.example.yaml](../config.example.yaml) for all available options.
## Environment Variables
All configuration options can be set via environment variables with the
`WATCHDOG_` prefix.
Nested fields use underscore separators. For example:
```bash
# site.domains
$ export WATCHDOG_SITE_DOMAINS="example.com,blog.example.com"
# server.listen_addr
$ export WATCHDOG_SERVER_LISTEN_ADDR="127.0.0.1:8080"
# site.collect.pageviews
$ export WATCHDOG_SITE_COLLECT_PAGEVIEWS=true
# limits.max_paths
$ export WATCHDOG_LIMITS_MAX_PATHS=10000
```
### Common Environment Variables
```bash
# Server
WATCHDOG_SERVER_LISTEN_ADDR="127.0.0.1:8080"
WATCHDOG_SERVER_METRICS_PATH="/metrics"
WATCHDOG_SERVER_INGESTION_PATH="/api/event"
WATCHDOG_SERVER_STATE_PATH="/var/lib/watchdog/hll.state"
# Site
WATCHDOG_SITE_DOMAINS="example.com" # comma-separated for multiple
WATCHDOG_SITE_SALT_ROTATION="daily"
WATCHDOG_SITE_SAMPLING=1.0
# Collection
WATCHDOG_SITE_COLLECT_PAGEVIEWS=true
WATCHDOG_SITE_COLLECT_COUNTRY=true
WATCHDOG_SITE_COLLECT_DEVICE=true
WATCHDOG_SITE_COLLECT_REFERRER="domain"
WATCHDOG_SITE_COLLECT_DOMAIN=false
# Limits
WATCHDOG_LIMITS_MAX_PATHS=10000
WATCHDOG_LIMITS_MAX_SOURCES=500
WATCHDOG_LIMITS_MAX_CUSTOM_EVENTS=100
WATCHDOG_LIMITS_MAX_EVENTS_PER_MINUTE=10000
# Security
WATCHDOG_SECURITY_CORS_ENABLED=false
WATCHDOG_SECURITY_METRICS_AUTH_ENABLED=false
WATCHDOG_SECURITY_METRICS_AUTH_USERNAME="admin"
WATCHDOG_SECURITY_METRICS_AUTH_PASSWORD="changeme"
```
## Command-Line Flags
Command-line flags override both config file and environment variables:
```bash
# Override server address
watchdog --listen-addr :9090
# Override metrics path
watchdog --metrics-path /prometheus/metrics
# Override ingestion path
watchdog --ingestion-path /api/v1/event
# Combine multiple overrides
watchdog --config prod.yaml --listen-addr :9090 --metrics-path /metrics
```
Available flags:
- `--config string` - Path to config file
- `--listen-addr string` - Server listen address
- `--metrics-path string` - Metrics endpoint path
- `--ingestion-path string` - Ingestion endpoint path
## Configuration Precedence Example
Given:
**config.yaml:**
```yaml
server:
listen_addr: ":8080"
metrics_path: "/metrics"
```
**Environment:**
```bash
export WATCHDOG_SERVER_LISTEN_ADDR=":9090"
```
**Command:**
```bash
watchdog --metrics-path "/prometheus/metrics"
```
**Result:**
- `listen_addr`: `:9090` (from environment variable)
- `metrics_path`: `/prometheus/metrics` (from CLI flag)
## Systemd Integration
Environment variables work seamlessly with systemd:
```ini
[Service]
Environment="WATCHDOG_SERVER_LISTEN_ADDR=127.0.0.1:8080"
Environment="WATCHDOG_SITE_DOMAINS=example.com"
Environment="WATCHDOG_LIMITS_MAX_PATHS=10000"
ExecStart=/usr/local/bin/watchdog --config /etc/watchdog/config.yaml
```
Or use `EnvironmentFile`:
```ini
[Service]
EnvironmentFile=/etc/watchdog/env
ExecStart=/usr/local/bin/watchdog
```
**/etc/watchdog/env:**
```bash
WATCHDOG_SERVER_LISTEN_ADDR=127.0.0.1:8080
WATCHDOG_SITE_DOMAINS=example.com
WATCHDOG_LIMITS_MAX_PATHS=10000
```
## NixOS Integration
NixOS configuration automatically converts to the correct format:
```nix
{
services.watchdog = {
enable = true;
settings = {
site.domains = [ "example.com" ];
server.listen_addr = "127.0.0.1:8080";
limits.max_paths = 10000;
};
};
}
```
This is equivalent to setting environment variables or using a config file.
## Validation
Configuration is validated on startup. Invalid values will cause Watchdog to
exit with an error:
```bash
$ watchdog
Error: config validation failed: site.domains is required
```
Common validation errors:
- `site.domains is required` - No domains configured
- `limits.max_paths must be greater than 0` - Invalid cardinality limit
- `site.collect.referrer must be 'off', 'domain', or 'url'` - Invalid referrer
mode
- `site.sampling must be between 0.0 and 1.0` - Invalid sampling rate
## Best Practices
1. **Use config file for base configuration** - Easier to version control and
review
2. **Use environment variables for secrets** - Don't commit passwords to config
files
3. **Use CLI flags for testing/overrides** - Quick temporary changes without
editing files
Example hybrid approach:
**config.yaml:**
```yaml
site:
domains:
- example.com
collect:
pageviews: true
device: true
limits:
max_paths: 10000
```
**Environment (secrets):**
```bash
export WATCHDOG_SECURITY_METRICS_AUTH_PASSWORD="$SECRET_PASSWORD"
```
**CLI (testing):**
```bash
watchdog --listen-addr :9090 # Test on different port
```
Reference in a new issue View git blame Copy permalink