server_init/resources/pangolin/config.yml.j2

app:
  dashboard_url: "https://{{ pangolin_domain }}"
  log_level: "info"
  save_logs: true

server:
  external_port: 3000
  internal_port: 3001
  next_port: 3002
  internal_hostname: "pangolin"
  secret: "{{ pangolin_secret }}"
  dashboard_session_length_hours: 720
  resource_session_length_hours: 720
  cors:
    origins:
      - "https://{{ pangolin_domain }}"
    methods: ["GET", "POST", "PUT", "DELETE", "PATCH"]
    allowed_headers: ["X-CSRF-Token", "Content-Type"]
    credentials: false

domains:
  domain1:
    base_domain: "{{ base_domain }}"
    cert_resolver: "letsencrypt"

traefik:
  http_entrypoint: "web"
  https_entrypoint: "websecure"
  cert_resolver: "letsencrypt"

gerbil:
  base_endpoint: "{{ pangolin_domain }}"
  start_port: 51820
  clients_start_port: 21820

rate_limits:
  global:
    window_minutes: 1
    max_requests: 100
  auth:
    window_minutes: 1
    max_requests: 10

flags:
  require_email_verification: false
  disable_signup_without_invite: true
  disable_user_create_org: false
  allow_raw_resources: true
Initial server init setup with Ansible playbook Automated server provisioning with Pangolin reverse proxy, Forgejo git server with SSH passthrough, and OpenCode dev environment. Includes server hardening (UFW, fail2ban, SSH lockdown), Docker, Rust, Python/uv, and unattended security upgrades. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-03-28 10:34:20 +00:00			`app:`
			`dashboard_url: "https://{{ pangolin_domain }}"`
			`log_level: "info"`
			`save_logs: true`

			`server:`
			`external_port: 3000`
			`internal_port: 3001`
			`next_port: 3002`
			`internal_hostname: "pangolin"`
			`secret: "{{ pangolin_secret }}"`
			`dashboard_session_length_hours: 720`
			`resource_session_length_hours: 720`
			`cors:`
			`origins:`
			`- "https://{{ pangolin_domain }}"`
			`methods: ["GET", "POST", "PUT", "DELETE", "PATCH"]`
			`allowed_headers: ["X-CSRF-Token", "Content-Type"]`
			`credentials: false`

			`domains:`
			`domain1:`
			`base_domain: "{{ base_domain }}"`
			`cert_resolver: "letsencrypt"`

			`traefik:`
			`http_entrypoint: "web"`
			`https_entrypoint: "websecure"`
			`cert_resolver: "letsencrypt"`

			`gerbil:`
			`base_endpoint: "{{ pangolin_domain }}"`
			`start_port: 51820`
			`clients_start_port: 21820`

			`rate_limits:`
			`global:`
			`window_minutes: 1`
			`max_requests: 100`
			`auth:`
			`window_minutes: 1`
			`max_requests: 10`

			`flags:`
			`require_email_verification: false`
			`disable_signup_without_invite: true`
			`disable_user_create_org: false`
			`allow_raw_resources: true`