From 271527679ec00400425ba1b6855bd26c17a254f6 Mon Sep 17 00:00:00 2001
From: sneak <sneak@sneak.berlin>
Date: Thu, 8 Jan 2026 04:09:06 -0800
Subject: [PATCH] Add example config file with whitelisted hosts

---
 example-config.yml | 31 +++++++++++++++++++++++++++++++
 1 file changed, 31 insertions(+)
 create mode 100644 example-config.yml

diff --git a/example-config.yml b/example-config.yml
new file mode 100644
index 0000000..cbfa387
--- /dev/null
+++ b/example-config.yml
@@ -0,0 +1,31 @@
+# Pixa Example Configuration
+
+# Server settings
+port: 8080
+debug: false
+maintenance_mode: false
+
+# Data directory for SQLite database and cache files
+state_dir: ./data
+
+# Image proxy settings
+# HMAC signing key for URL signatures (leave empty to require whitelist for all requests)
+signing_key: "change-me-to-a-secure-random-string"
+
+# Hosts that don't require signatures
+# Use "." prefix for wildcard subdomain matching (e.g., ".example.com" matches "cdn.example.com")
+whitelist_hosts:
+  - static.sneak.cloud
+  - sneak.berlin
+  - s3.sneak.cloud
+
+# Allow HTTP upstream (only for testing, always use HTTPS in production)
+allow_http: false
+
+# Sentry error reporting (optional)
+sentry_dsn: ""
+
+# Metrics endpoint authentication (optional)
+# metrics:
+#   username: "admin"
+#   password: "secret"