Configuration

All runtime configuration lives in pyobs_web_admin/local_settings.py, which is not committed to version control (it’s in .gitignore since it typically holds secrets). If the file doesn’t exist, the defaults in pyobs_web_admin/settings.py apply – enough to run in development, not enough (and not safe) for production.

Django core

SECRET_KEY = "..."           # required in production -- see Installation
DEBUG = False                # set True only in development
ALLOWED_HOSTS = ["*"]        # restrict to hostname/IP in production

# HTTPS (enable once TLS is in place)
# SESSION_COOKIE_SECURE = True
# CSRF_COOKIE_SECURE = True

Sessions are signed cookies (SESSION_ENGINE = "django.contrib.sessions.backends.signed_cookies") – there is no database anywhere in this app, by design (see Architecture).

Authentication

ADMIN_USERNAME = "admin"
ADMIN_PASSWORD_HASH = "pbkdf2_sha256$..."   # see generation command in Installation

There is exactly one admin identity, no per-user accounts or roles. Anyone who can log in can do anything the UI exposes, including destructive actions – see the confirmation-UX notes in XMPP user management for how the app compensates for having no access tiers of its own.

pyobs paths

PYOBS_EXEC = "/opt/pyobs/venv/bin/pyobs"   # path to the pyobs executable
PYOBS_CONFIG_DIR = "/opt/pyobs/config"      # directory containing *.yaml module configs
PYOBS_LOG_DIR = "/opt/pyobs/log"            # directory containing *.log files
PYOBS_RUN_DIR = "/opt/pyobs/run"            # directory for PID files
PYOBS_LOG_LEVEL = "info"                    # log level passed to pyobs on start
PYOBS_LOG_BACKEND = None                    # None: auto-detect "file" vs "journald"
                                             # -- see the Logging page

Hub mode

HUB_TOKEN = ""     # token this instance accepts from a hub, if it's a spoke
HUB_HOSTS = []      # remote hosts this instance controls, if it's a hub

See Hub mode for the full picture – which side sets which of these, and what the token actually protects.

ejabberd integration (optional)

EJABBERD_ENABLED = False                       # show XMPP status/management at all
EJABBERD_HOST = "localhost"                     # "localhost" or a HUB_HOSTS name
EJABBERD_DOMAIN = ""                            # the XMPP vhost ejabberd serves
EJABBERD_API_URL = "http://127.0.0.1:5281/api"  # mod_http_api base URL (read path)
EJABBERDCTL = "ejabberdctl"                     # ejabberdctl binary/wrapper (write path)

See ejabberd / XMPP integration for what each setting actually gates, the ejabberd-side configuration required, and the security model for both the read path (mod_http_api) and the write path (ejabberdctl).