Skip to main content
floo’s primary config file is floo.app.toml. Services are declared inline under [services.<name>]. Managed services (Postgres, Redis, Storage) are top-level sections in the same file. floo.service.toml is an optional per-service config file used only when you want service configuration to live alongside each service’s code (the “delegated” layout). floo init creates floo.app.toml with your service declared inline. This page is the full reference.

Config shapes

ShapeFilesWhen to use
Single servicefloo.app.tomlOne service, with or without managed services
Inline multi-servicefloo.app.tomlAll services defined in one file
Delegated multi-servicefloo.app.toml + per-service floo.service.tomlService config lives alongside service code

Single service

[app]
name = "my-app"
access_mode = "public"

[services.web]
type = "web"
port = 3000
ingress = "public"
env_file = ".env"

[resources]
cpu = "1"
memory = "512Mi"
max_instances = 10

Single service with managed services

[app]
name = "crm"

[postgres]
tier = "basic"

[redis]

[storage]

[services.web]
type = "web"
path = "."
port = 3000
ingress = "public"

Inline multi-service

[app]
name = "full-stack"
access_mode = "password"

[postgres]
tier = "basic"

[redis]

[resources]
cpu = "1"
memory = "512Mi"
max_instances = 10

[services.web]
type = "web"
path = "./web"
port = 3000
ingress = "public"

[services.api]
type = "api"
path = "./api"
port = 8080
env_file = "./api/.env"

[services.worker]
type = "worker"
path = "./worker"
port = 8081
ingress = "internal"
cpu = "2"
memory = "2Gi"
Inline and delegated are mutually exclusive per service. If a service has type and port in floo.app.toml, do not also place a floo.service.toml in that service’s directory. The CLI rejects this during preflight.

Delegated multi-service

Root floo.app.toml: 
[app]
name = "full-stack"

[postgres]

[services.web]
path = "./web"

[services.api]
path = "./api"
web/floo.service.toml: 
[app]
name = "full-stack"

[service]
name = "web"
type = "web"
port = 3000
ingress = "public"
api/floo.service.toml: 
[app]
name = "full-stack"

[service]
name = "api"
type = "api"
port = 8080
ingress = "public"
env_file = ".env"

Field reference

[app]

FieldTypeDefaultDescription
namestringrequiredApp name (DNS-safe)
access_modestring"public"public, password, accounts, sso (coming soon)

[services.<name>]

FieldTypeDefaultDescription
typestringrequiredweb, api, worker
portintegerrequiredPort the service listens on
ingressstring"public"public (internet-facing) or internal (only reachable by other services in the same app)
env_filestringnoneRelative path to env file synced on deploy
pathstring.Relative path to service directory (multi-service apps)
dev_commandstringnoneShell command run by floo dev to start the service locally. Example: "npm run dev"
migrate_commandstringnoneShell command run before floo dev starts the service (and after each deploy). Example: "alembic upgrade head"
domainstringnoneCustom domain for this service. Example: "api.example.com"

[service] (floo.service.toml)

Used only in the delegated multi-service layout, where each service keeps its own floo.service.toml alongside its code.
FieldTypeDefaultDescription
namestringrequiredService name (DNS-safe, 2-21 chars)
typestringrequiredweb, api, worker
portintegerrequiredPort the service listens on
ingressstring"public"public or internal
env_filestringnoneRelative path to env file synced on deploy

[resources]

FieldTypeDefaultDescription
cpustring"1"vCPU allocation
memorystring"512Mi"Memory allocation
min_instancesinteger0Min instance count (0 allows scale to zero)
max_instancesinteger10Max instance count
Per-service resource fields override the global [resources] section.

[postgres], [redis], [storage]

Managed services are top-level sections in floo.app.toml — not placed under [services.*].
FieldTypeDefaultDescription
tierstring"basic"Postgres only: basic, standard, performance. Redis and Storage use a single shared tier — omit the field.

[auth]

FieldTypeDefaultDescription
redirect_urisarraynoneOAuth callback URLs for accounts mode

[environments.<name>]

FieldTypeDefaultDescription
access_modestringnoneOverride access mode per environment

[cron.<name>]

Scheduled jobs run by the platform. Declared as [cron.<name>] sections in floo.app.toml.
FieldTypeDefaultDescription
schedulestringrequiredCron expression, e.g. "0 9 * * *" for 9am UTC daily
commandstringrequiredShell command executed in the target service container
servicestringrequiredName of the service whose image runs the command
timeoutinteger300Maximum execution time in seconds
Example: 
[cron.daily-report]
schedule = "0 9 * * *"
command = "python -m reports.daily"
service = "api"
timeout = 600

[github]

Controls GitHub integration behavior for the connected repo.
FieldTypeDefaultDescription
deploy_on_pushbooleantrueWhen false, GitHub push webhooks do not trigger deploys — the agent deploys manually

Precedence

When you run a command without --app, the CLI resolves the app in this order:
  1. --app <name> flag
  2. Nearest floo.service.toml
  3. Nearest floo.app.toml
Access mode resolution:
  1. [environments.<env>].access_mode
  2. [app].access_mode in floo.app.toml
Resource precedence: per-service values override global [resources].

Validation

floo preflight --json
The CLI fails preflight if:
  • service names are duplicated
  • a service port is invalid
  • an inline service also has a floo.service.toml in its directory
  • a multi-service app has no public service
  • managed service sections are placed in floo.service.toml instead of floo.app.toml