Skip to content

~/.dstack/server/config.yml

The ~/.dstack/server/config.yml file is used to configure backends and other sever-level settings.

Root reference

projects - The list of projects.
encryption - (Optional) The encryption config.
default_permissions - (Optional) The default user permissions.

projects[n]

name - The name of the project.
backends - (Optional) The list of backends.

projects[n].backends

projects[n].backends[type=aws]
type - The type of the backend. Must be aws.
regions - (Optional) The list of AWS regions. Omit to use all regions.
vpc_name - (Optional) The name of custom VPCs. All configured regions must have a VPC with this name. If your custom VPCs don't have names or have different names in different regions, use vpc_ids instead..
vpc_ids - (Optional) The mapping from AWS regions to VPC IDs. If default_vpcs: true, omitted regions will use default VPCs.
default_vpcs - (Optional) A flag to enable/disable using default VPCs in regions not configured by vpc_ids. Set to false if default VPCs should never be used. Defaults to true.
public_ips - (Optional) A flag to enable/disable public IP assigning on instances. public_ips: false requires at least one private subnet with outbound internet connectivity provided by a NAT Gateway or a Transit Gateway. Defaults to true.
tags - (Optional) The tags that will be assigned to resources created by dstack.
os_images - (Optional) The mapping of instance categories (CPU, NVIDIA GPU) to AMI configurations.
creds - The credentials.
projects[n].backends[type=aws].creds
type - The type of credentials. Must be access_key.
access_key - The access key.
secret_key - The secret key.
type - The type of credentials. Must be default.
projects[n].backends[type=aws].os_images
cpu - (Optional) The AMI used for CPU instances.
nvidia - (Optional) The AMI used for NVIDIA GPU instances.
projects[n].backends[type=aws].os_images.cpu
name - The AMI name.
owner - (Optional) The AMI owner, account ID or self. Defaults to self.
user - The OS user for provisioning.
projects[n].backends[type=aws].os_images.nvidia
name - The AMI name.
owner - (Optional) The AMI owner, account ID or self. Defaults to self.
user - The OS user for provisioning.
projects[n].backends[type=azure]
type - The type of the backend. Must be azure.
tenant_id - The tenant ID.
subscription_id - The subscription ID.
resource_group - (Optional) The resource group for resources created by dstack. If not specified, dstack will create a new resource group.
regions - (Optional) The list of Azure regions (locations). Omit to use all regions.
vpc_ids - (Optional) The mapping from configured Azure locations to network IDs. A network ID must have a format networkResourceGroup/networkName If not specified, dstack will create a new network for every configured region.
public_ips - (Optional) A flag to enable/disable public IP assigning on instances. public_ips: false requires vpc_ids that specifies custom networks with outbound internet connectivity provided by NAT Gateway or other mechanism. Defaults to true.
tags - (Optional) The tags that will be assigned to resources created by dstack.
creds - The credentials.
projects[n].backends[type=azure].creds
type - The type of credentials. Must be client.
client_id - The client ID.
client_secret - The client secret.
type - The type of credentials. Must be default.
projects[n].backends[type=gcp]
type - The type of backend. Must be gcp.
project_id - The project ID.
regions - (Optional) The list of GCP regions. Omit to use all regions.
vpc_name - (Optional) The name of a custom VPC.
vpc_project_id - (Optional) The shared VPC hosted project ID. Required for shared VPC only.
public_ips - (Optional) A flag to enable/disable public IP assigning on instances. Defaults to true.
nat_check - (Optional) A flag to enable/disable a check that Cloud NAT is configured for the VPC. This should be set to false when public_ips: false and outbound internet connectivity is provided by a mechanism other than Cloud NAT such as a third-party NAT appliance. Defaults to true.
vm_service_account - (Optional) The service account associated with provisioned VMs.
tags - (Optional) The tags (labels) that will be assigned to resources created by dstack.
creds - The credentials.
projects[n].backends[type=gcp].creds
type - The type of credentials. Must be service_account.
filename - The path to the service account file.
data - (Optional) The contents of the service account file. When configuring via server/config.yml, it's automatically filled from filename. When configuring via UI, it has to be specified explicitly.
Specifying data

To specify service account file contents as a string, use jq:

cat my-service-account-file.json | jq -c | jq -R
type - The type of credentials. Must be default.
projects[n].backends[type=lambda]
type - The type of backend. Must be lambda.
regions - (Optional) The list of Lambda regions. Omit to use all regions.
creds - The credentials.
projects[n].backends[type=lambda].creds
type - The type of credentials. Must be api_key.
api_key - The API key.
projects[n].backends[type=runpod]
regions - (Optional) The list of RunPod regions. Omit to use all regions.
creds - The credentials.
projects[n].backends[type=runpod].creds
api_key - The API key.
projects[n].backends[type=vastai]
type - The type of backend. Must be vastai.
regions - (Optional) The list of VastAI regions. Omit to use all regions.
creds - The credentials.
projects[n].backends[type=vastai].creds
type - The type of credentials. Must be api_key.
api_key - The API key.
projects[n].backends[type=tensordock]
type - The type of backend. Must be tensordock.
regions - (Optional) The list of TensorDock regions. Omit to use all regions.
creds - The credentials.
projects[n].backends[type=tensordock].creds
type - The type of credentials. Must be api_key.
api_key - The API key.
api_token - The API token.
projects[n].backends[type=oci]
type - The type of backend. Must be oci.
creds - The credentials.
regions - (Optional) The list of OCI regions. Omit to use all regions.
compartment_id - (Optional) Compartment where dstack will create all resources. Omit to instruct dstack to create a new compartment.
projects[n].backends[type=oci].creds
type - The type of credentials. Must be client.
user - User OCID.
tenancy - Tenancy OCID.
key_file - (Optional) Path to the user's private PEM key. Either this or key_content should be set.
key_content - (Optional) Content of the user's private PEM key. Either this or key_file should be set.
pass_phrase - (Optional) Passphrase for the private PEM key if it is encrypted.
fingerprint - User's public key fingerprint.
region - Name or key of any region the tenancy is subscribed to.
type - The type of credentials. Must be default.
file - (Optional) Path to the OCI CLI-compatible config file. Defaults to ~/.oci/config.
profile - (Optional) Profile to load from the config file. Defaults to DEFAULT.
projects[n].backends[type=cudo]
type - The type of backend. Must be cudo.
regions - (Optional) The list of Cudo regions. Omit to use all regions.
project_id - The project ID.
creds - The credentials.
projects[n].backends[type=cudo].creds
type - The type of credentials. Must be api_key.
api_key - The API key.
projects[n].backends[type=datacrunch]
type - The type of backend. Must be datacrunch.
regions - (Optional) The list of DataCrunch regions. Omit to use all regions.
creds - The credentials.
projects[n].backends[type=datacrunch].creds
type - The type of credentials. Must be api_key.
client_id - The client ID.
client_secret - The client secret.
projects[n].backends[type=kubernetes]
type - The type of backend. Must be kubernetes.
kubeconfig - The kubeconfig configuration.
networking - (Optional) The networking configuration.
projects[n].backends[type=kubernetes].kubeconfig
# filename - The path to the kubeconfig file.
data - (Optional) The contents of the kubeconfig file. When configuring via server/config.yml, it's automatically filled from filename. When configuring via UI, it has to be specified explicitly.
Specifying data

To specify service account file contents as a string, use jq:

cat my-service-account-file.json | jq -c | jq -R
projects[n].backends[type=kubernetes].networking
# ssh_host - (Optional) The external IP address of any node.
ssh_port - (Optional) Any port accessible outside of the cluster.
projects[n].backends[type=vultr]
type - The type of backend. Must be vultr.
regions - (Optional) The list of Vultr regions. Omit to use all regions.
creds - The credentials.
projects[n].backends[type=vultr].creds
type - The type of credentials. Must be api_key.
api_key - The API key.

encryption

keys - The encryption keys.

encryption.keys

encryption.keys[n][type=identity]
type - The type of the key. Must be identity.
encryption.keys[n][type=aes]
type - The type of the key. Must be aes.
name - The key name for key identification.
secret - Base64-encoded AES-256 key.

default_permissions

allow_non_admins_create_projects - (Optional) This flag controls whether regular users (non-global admins) can create and manage their own projects. Defaults to True.
allow_non_admins_manage_ssh_fleets - (Optional) This flag controls whether regular project members (i.e. Users) can add and delete SSH fleets. Defaults to True.