-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathchalk.example.toml
More file actions
113 lines (95 loc) · 3.06 KB
/
chalk.example.toml
File metadata and controls
113 lines (95 loc) · 3.06 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
# Chalk Configuration
# Copy this file to chalk.toml and update with your settings.
[chalk]
instance_name = "My School District"
data_dir = "/var/lib/chalk"
# public_url = "https://chalk.example.com"
[chalk.database]
driver = "sqlite"
path = "/var/lib/chalk/chalk.db"
[chalk.telemetry]
enabled = false
[sis]
enabled = true
provider = "PowerSchool" # PowerSchool | InfiniteCampus | Skyward
base_url = "https://your-sis.example.com"
# token_url = "" # Required for Infinite Campus and Skyward
client_id = "your-client-id"
client_secret = "your-client-secret"
sync_schedule = "0 2 * * *" # Daily at 2:00 AM
# Identity Provider — SAML SSO, QR badges, picture passwords
[idp]
enabled = false
# qr_badge_login = true
# picture_passwords = true
# saml_cert_path = "/var/lib/chalk/saml_cert.pem"
# saml_key_path = "/var/lib/chalk/saml_key.pem"
# session_timeout_minutes = 480
# default_password_pattern = "{lastName}{birthYear}"
# default_password_roles = ["student"]
# [idp.google]
# entity_id = ""
# acs_url = ""
# workspace_domain = ""
# Google Workspace Sync — user provisioning and OU management
[google_sync]
enabled = false
# provision_users = true
# manage_ous = true
# suspend_inactive = false
# sync_schedule = "0 3 * * *"
# service_account_key_path = "/var/lib/chalk/google-sa.json"
# admin_email = "admin@yourdomain.com"
# workspace_domain = "yourdomain.com"
# [google_sync.ou_mapping]
# students = "/Students/{school}/{grade}"
# teachers = "/Teachers/{school}"
# staff = "/Staff/{school}"
# Active Directory Sync — LDAP user provisioning from SIS data
[ad_sync]
enabled = false
# sync_schedule = "0 2 * * *"
# [ad_sync.connection]
# server = "ldaps://dc01.example.com:636"
# bind_dn = "CN=Chalk Service,OU=Service Accounts,DC=example,DC=com"
# bind_password = "your-bind-password"
# base_dn = "DC=example,DC=com"
# tls_verify = true
# tls_ca_cert = "/var/lib/chalk/ad-ca.crt"
# [ad_sync.ou_mapping]
# students = "Students/{school}/{grade}"
# teachers = "Teachers/{school}"
# staff = "Staff/{school}"
# [ad_sync.passwords]
# pattern = "{first:1}{Last:1}{sis_id}!"
# min_length = 12
# [ad_sync.options]
# provision_users = true
# deprovision_action = "disable" # disable | move_to_ou | delete
# deprovision_ou = "OU=Disabled,DC=example,DC=com"
# manage_ous = true
# manage_groups = false
# SSO Partners — Clever-compatible, ClassLink-compatible, SAML, or OIDC
# Uncomment and duplicate to add partners.
# [[sso_partners]]
# name = "Khan Academy"
# protocol = "clever_compat" # clever_compat | classlink_compat | saml | oidc
# enabled = true
# oidc_client_id = "your-client-id"
# oidc_client_secret = "your-client-secret"
# oidc_redirect_uris = ["https://vendor.com/auth/callback"]
# roles = "student,teacher"
# icon = "khan-academy"
# [[sso_partners]]
# name = "McGraw Hill"
# protocol = "classlink_compat"
# enabled = true
# oidc_client_id = "your-client-id"
# oidc_client_secret = "your-client-secret"
# oidc_redirect_uris = ["https://vendor.com/sso/callback"]
# roles = "student,teacher"
# icon = "mcgraw-hill"
[agent]
enabled = false
[marketplace]
enabled = false