plotpress/plotpress.yaml

plotpress.yaml lives at the workspace root, above dashboards/. It configures the backend itself: where to listen, where SQLite lives, how authentication works. It never references any dashboard’s data sources or users — those are per-dashboard.

Schema

server:
  listen: string              # default ":8080"
  base_url: string            # public URL, default "http://localhost:8080"

storage:
  sqlite_path: string         # default "/var/lib/plotpress/plotpress.db"

dashboards:
  root: string                # default "./dashboards"
  watch: bool                 # default true in dev, false in prod

auth:
  mode: oidc | email_otp      # default email_otp
  session_duration: duration  # default 24h

  # required when mode is oidc
  oidc:
    issuer: string
    client_id: string
    client_secret: string     # ${VAR} expansion supported
    scopes: [string]          # default [openid, email, profile, groups]

  # required when mode is email_otp
  email_otp:
    smtp_host: string
    smtp_port: int
    smtp_username: string
    smtp_password: string     # ${VAR} expansion supported
    from: string
    code_ttl: duration        # default 10m

Minimal example (single-user demo)

server:
  listen: ":8080"
  base_url: "https://plotpress.example.com"

auth:
  mode: email_otp
  email_otp:
    smtp_host: smtp.fastmail.com
    smtp_port: 587
    smtp_username: ${SMTP_USERNAME}
    smtp_password: ${SMTP_PASSWORD}
    from: plotpress@example.com

Production example (OIDC behind Authentik)

server:
  listen: ":8080"
  base_url: "https://plotpress.example.com"

storage:
  sqlite_path: /var/lib/plotpress/plotpress.db

dashboards:
  root: /workspace/dashboards
  watch: false

auth:
  mode: oidc
  session_duration: 12h
  oidc:
    issuer: https://auth.example.com/application/o/plotpress/
    client_id: plotpress
    client_secret: ${OIDC_CLIENT_SECRET}
    scopes: [openid, email, profile, groups]