Skip to content

~/.dstack/server/config.yml

The ~/.dstack/server/config.yml file is used to configure backends and other server-level settings.

Root reference

projects - (Required) list[object] The list of projects.
encryption - (Optional) object The encryption config.
default_permissions - (Optional) object The default user permissions.
plugins - (Optional) list[str] The server-side plugins to enable.

projects[n]

name - (Required) str The name of the project.
backends - (Optional) list[object] The list of backends.

projects[n].backends

projects[n].backends[type=aws]
type - (Required) "aws" The type of the backend. Must be aws.
regions - (Optional) list[str] The list of AWS regions. Omit to use all regions.
vpc_name - (Optional) str The name of custom VPCs. All configured regions must have a VPC with this name. If your custom VPCs don't have names or have different names in different regions, use vpc_ids instead..
vpc_ids - (Optional) dict The mapping from AWS regions to VPC IDs. If default_vpcs: true, omitted regions will use default VPCs.
default_vpcs - (Optional) bool A flag to enable/disable using default VPCs in regions not configured by vpc_ids. Set to false if default VPCs should never be used. Defaults to true.
public_ips - (Optional) bool A flag to enable/disable public IP assigning on instances. public_ips: false requires at least one private subnet with outbound internet connectivity provided by a NAT Gateway or a Transit Gateway. Defaults to true.
iam_instance_profile - (Optional) str The name of the IAM instance profile to associate with EC2 instances. You can also specify the IAM role name for roles created via the AWS console. AWS automatically creates an instance profile and gives it the same name as the role.
tags - (Optional) dict The tags that will be assigned to resources created by dstack.
os_images - (Optional) object The mapping of instance categories (CPU, NVIDIA GPU) to AMI configurations.
creds - (Required) object The credentials.
projects[n].backends[type=aws].creds
type - (Required) "access_key" The type of credentials. Must be access_key.
access_key - (Required) str The access key.
secret_key - (Required) str The secret key.
type - (Required) "default" The type of credentials. Must be default.
projects[n].backends[type=aws].os_images
cpu - (Optional) object The AMI used for CPU instances.
nvidia - (Optional) object The AMI used for NVIDIA GPU instances.
projects[n].backends[type=aws].os_images.cpu
name - (Required) str The AMI name.
owner - (Optional) str The AMI owner, account ID or self. Defaults to self.
user - (Required) str The OS user for provisioning.
projects[n].backends[type=aws].os_images.nvidia
name - (Required) str The AMI name.
owner - (Optional) str The AMI owner, account ID or self. Defaults to self.
user - (Required) str The OS user for provisioning.
projects[n].backends[type=azure]
type - (Required) "azure" The type of the backend. Must be azure.
tenant_id - (Required) str The tenant ID.
subscription_id - (Required) str The subscription ID.
resource_group - (Optional) str The resource group for resources created by dstack. If not specified, dstack will create a new resource group.
regions - (Optional) list[str] The list of Azure regions (locations). Omit to use all regions.
vpc_ids - (Optional) dict The mapping from configured Azure locations to network IDs. A network ID must have a format networkResourceGroup/networkName If not specified, dstack will create a new network for every configured region.
public_ips - (Optional) bool A flag to enable/disable public IP assigning on instances. public_ips: false requires vpc_ids that specifies custom networks with outbound internet connectivity provided by NAT Gateway or other mechanism. Defaults to true.
vm_managed_identity - (Optional) str The managed identity to associate with provisioned VMs. Must have a format managedIdentityResourceGroup/managedIdentityName.
tags - (Optional) dict The tags that will be assigned to resources created by dstack.
creds - (Required) object The credentials.
projects[n].backends[type=azure].creds
type - (Required) "client" The type of credentials. Must be client.
client_id - (Required) str The client ID.
client_secret - (Required) str The client secret.
type - (Required) "default" The type of credentials. Must be default.
projects[n].backends[type=gcp]
type - (Required) "gcp" The type of backend. Must be gcp.
project_id - (Required) str The project ID.
regions - (Optional) list[str] The list of GCP regions. Omit to use all regions.
vpc_name - (Optional) str The name of a custom VPC. If not specified, the default VPC is used.
extra_vpcs - (Optional) list[str] The names of additional VPCs used for multi-NIC instances, such as those that support GPUDirect. Specify eight VPCs to maximize bandwidth in clusters with eight-GPU instances. Each VPC must have a subnet and a firewall rule allowing internal traffic across all subnets.
roce_vpcs - (Optional) list The names of additional VPCs with the RoCE network profile. Used for RDMA on GPU instances that support the MRDMA interface type. A VPC should have eight subnets to maximize the bandwidth in clusters with eight-GPU instances..
vpc_project_id - (Optional) str The shared VPC hosted project ID. Required for shared VPC only.
public_ips - (Optional) bool A flag to enable/disable public IP assigning on instances. Defaults to true.
nat_check - (Optional) bool A flag to enable/disable a check that Cloud NAT is configured for the VPC. This should be set to false when public_ips: false and outbound internet connectivity is provided by a mechanism other than Cloud NAT such as a third-party NAT appliance. Defaults to true.
vm_service_account - (Optional) str The service account to associate with provisioned VMs.
tags - (Optional) dict The tags (labels) that will be assigned to resources created by dstack.
preview_features - (Optional) list The list of preview GCP features to enable. There are currently no preview features.
creds - (Required) object The credentials.
projects[n].backends[type=gcp].creds
type - (Required) "service_account" The type of credentials. Must be service_account.
filename - (Required) str The path to the service account file.
data - (Optional) str The contents of the service account file. When configuring via server/config.yml, it's automatically filled from filename. When configuring via UI, it has to be specified explicitly.
Specifying data

To specify service account file contents as a string, use jq:

cat my-service-account-file.json | jq -c | jq -R
projects[n].backends[type=lambda]
type - (Required) "lambda" The type of backend. Must be lambda.
regions - (Optional) list[str] The list of Lambda regions. Omit to use all regions.
creds - (Required) object The credentials.
projects[n].backends[type=lambda].creds
type - (Required) "api_key" The type of credentials. Must be api_key.
api_key - (Required) str The API key.
projects[n].backends[type=nebius]
type - (Required) "nebius" The type of backend. Must be nebius.
projects - (Optional) list[str] The list of allowed Nebius project IDs. Omit to use the default project in each region. The project is considered default if it is the only project in the region or if its name starts with default.
regions - (Optional) list[str] The list of allowed Nebius regions. Omit to allow all regions.
fabrics - (Optional) list[str] The list of allowed fabrics for InfiniBand clusters. Omit to allow all fabrics.
tags - (Optional) dict The tags (labels) that will be assigned to resources created by dstack.
creds - (Required) object The credentials.
projects[n].backends[type=nebius].creds
type - (Required) "service_account" The type of credentials. Must be service_account.
service_account_id - (Optional) str Service account ID. Set automatically if filename is specified. When configuring via the UI, it must be specified explicitly.
public_key_id - (Optional) str ID of the service account public key. Set automatically if filename is specified. When configuring via the UI, it must be specified explicitly.
private_key_file - (Optional) str Path to the service account private key. Set automatically if filename or private_key_content is specified. When configuring via the UI, it must be specified explicitly.
private_key_content - (Optional) str Content of the service account private key. When configuring via server/config.yml, it's automatically filled from private_key_file. When configuring via UI, it has to be specified explicitly.
filename - (Optional) str The path to the service account credentials file.
projects[n].backends[type=runpod]
regions - (Optional) list[str] The list of RunPod regions. Omit to use all regions.
community_cloud - (Optional) bool Whether Community Cloud offers can be suggested in addition to Secure Cloud. Defaults to false.
creds - (Required) object The credentials.
projects[n].backends[type=runpod].creds
api_key - (Required) str The API key.
projects[n].backends[type=vastai]
type - (Required) "vastai" The type of backend. Must be vastai.
regions - (Optional) list[str] The list of VastAI regions. Omit to use all regions.
creds - (Required) object The credentials.
projects[n].backends[type=vastai].creds
type - (Required) "api_key" The type of credentials. Must be api_key.
api_key - (Required) str The API key.
projects[n].backends[type=oci]
type - (Required) "oci" The type of backend. Must be oci.
regions - (Optional) list[str] The list of OCI regions. Omit to use all regions.
compartment_id - (Optional) str Compartment where dstack will create all resources. Omit to instruct dstack to create a new compartment.
creds - (Required) object The credentials.
projects[n].backends[type=oci].creds
type - (Required) "client" The type of credentials. Must be client.
user - (Required) str User OCID.
tenancy - (Required) str Tenancy OCID.
key_file - (Optional) str Path to the user's private PEM key. Either this or key_content should be set.
key_content - (Optional) str Content of the user's private PEM key. Either this or key_file should be set.
pass_phrase - (Optional) str Passphrase for the private PEM key if it is encrypted.
fingerprint - (Required) str User's public key fingerprint.
region - (Required) str Name or key of any region the tenancy is subscribed to.
type - (Required) "default" The type of credentials. Must be default.
file - (Optional) str Path to the OCI CLI-compatible config file. Defaults to ~/.oci/config.
profile - (Optional) str Profile to load from the config file. Defaults to DEFAULT.
projects[n].backends[type=verda]
type - (Required) "verda" | "datacrunch" The type of backend.
regions - (Optional) list[str] The list of Verda regions. Omit to use all regions.
creds - (Required) object The credentials.
projects[n].backends[type=verda].creds
type - (Required) "api_key" The type of credentials. Must be api_key.
client_id - (Required) str The client ID.
client_secret - (Required) str The client secret.
projects[n].backends[type=kubernetes]
type - (Required) "kubernetes" The type of backend. Must be kubernetes.
proxy_jump - (Optional) object The SSH proxy jump configuration.
namespace - (Optional) str The namespace for resources managed by dstack. Defaults to default.
kubeconfig - (Required) object The kubeconfig configuration.
projects[n].backends[type=kubernetes].kubeconfig
filename - (Optional) str The path to the kubeconfig file.
data - (Optional) str The contents of the kubeconfig file. When configuring via server/config.yml, it's automatically filled from filename. When configuring via UI, it has to be specified explicitly.
Specifying data

To specify kubeconfig contents directly via data, convert it to a string:

yq -o=json ~/.kube/config | jq -c | jq -R
projects[n].backends[type=kubernetes].proxy_jump
hostname - (Optional) str The external IP address or hostname of any node.
port - (Optional) int Any port accessible outside of the cluster.
projects[n].backends[type=vultr]
type - (Required) "vultr" The type of backend. Must be vultr.
regions - (Optional) list[str] The list of Vultr regions. Omit to use all regions.
creds - (Required) object The credentials.
projects[n].backends[type=vultr].creds
type - (Required) "api_key" The type of credentials. Must be api_key.
api_key - (Required) str The API key.
projects[n].backends[type=amddevcloud]
type - (Required) "amddevcloud" | "digitalocean" The type of backend.
project_name - (Optional) str The name of the project.
regions - (Optional) list[str] The list of regions. Omit to use all regions.
creds - (Required) object The credentials.
projects[n].backends[type=amddevcloud].creds
type - (Required) "api_key" The type of credentials. Must be api_key.
api_key - (Required) str The API key.
projects[n].backends[type=digitalocean]
type - (Required) "amddevcloud" | "digitalocean" The type of backend.
project_name - (Optional) str The name of the project.
regions - (Optional) list[str] The list of regions. Omit to use all regions.
creds - (Required) object The credentials.
projects[n].backends[type=digitalocean].creds
type - (Required) "api_key" The type of credentials. Must be api_key.
api_key - (Required) str The API key.
projects[n].backends[type=crusoe]
type - (Required) "crusoe" The type of backend. Must be crusoe.
project_id - (Required) str The Crusoe project ID.
regions - (Optional) list[str] The list of allowed Crusoe regions. Omit to use all regions.
creds - (Required) object The credentials.
projects[n].backends[type=crusoe].creds
type - (Required) "access_key" The type of credentials. Must be access_key.
access_key - (Required) str The Crusoe API access key.
secret_key - (Required) str The Crusoe API secret key.
projects[n].backends[type=hotaisle]
type - (Required) "hotaisle" The type of backend. Must be hotaisle.
team_handle - (Required) str The Hot Aisle team handle.
regions - (Optional) list[str] The list of Hot Aisle regions. Omit to use all regions.
creds - (Required) object The credentials.
projects[n].backends[type=hotaisle].creds
type - (Required) "api_key" The type of credentials. Must be api_key.
api_key - (Required) str The Hot Aisle API key.
projects[n].backends[type=cloudrift]
type - (Required) "cloudrift" The type of backend. Must be cloudrift.
regions - (Optional) list[str] The list of CloudRift regions. Omit to use all regions.
creds - (Required) object The credentials.
projects[n].backends[type=cloudrift].creds
type - (Required) "api_key" The type of credentials. Must be api_key.
api_key - (Required) str The API key.

encryption

keys - (Required) list[object] The encryption keys.

encryption.keys

encryption.keys[n][type=identity]
type - (Required) "identity" The type of the key. Must be identity.
encryption.keys[n][type=aes]
type - (Required) "aes" The type of the key. Must be aes.
name - (Required) str The key name for key identification.
secret - (Required) str Base64-encoded AES-256 key.

default_permissions

allow_non_admins_create_projects - (Optional) bool This flag controls whether regular users (non-global admins) can create and manage their own projects. Defaults to True.
allow_non_admins_manage_ssh_fleets - (Optional) bool This flag controls whether regular project members (i.e. Users) can add and delete SSH fleets. Defaults to True.