diff --git a/app.py b/app.py
index f196ca9..d2bdbc1 100755
--- a/app.py
+++ b/app.py
@@ -1,20 +1,38 @@
 #!/usr/bin/env python
 # -*- coding: utf-8 -*-
-import os, time, subprocess
+import os, time, subprocess, toml
 from flask import Flask, flash, request, redirect, url_for
 # HTTP auth
 from flask_httpauth import HTTPBasicAuth
 from werkzeug.security import generate_password_hash, check_password_hash
 # FILE UPLOAD
 from werkzeug.utils import secure_filename
-UPLOAD_FOLDER = os.path.expanduser('~/Videos')
-ALLOWED_EXTENSIONS = {'avi', 'mkv', 'mp4'}
+
+app = Flask(__name__)
+
+app.config.from_file("defaults.toml", load=toml.load)
+config_locations = ["./", "~/.", "~/.config/"]
+for location in config_locations:
+    # Optional config files, ~ is expanded to $HOME on *nix, %USERPROFILE% on windows
+    # ~ app.config.from_file("videopi.toml", load=toml.load, silent=True)
+    if app.config.from_file(os.path.expanduser( location + "pilpil-client.toml"), load=toml.load, silent=True):
+        print("Found configuration file in " + os.path.expanduser( location ))
+
+
+#UPLOAD_FOLDER = os.path.expanduser('~/Videos')
+#ALLOWED_EXTENSIONS = {'avi', 'mkv', 'mp4'}
+
+UPLOAD_FOLDER = os.path.expanduser(app.config['DEFAULT']['media_folder_local'])
+ALLOWED_EXTENSIONS = app.config['DEFAULT']['media_exts']
+HTTP_SECRET = str(app.config['DEFAULT']['auth'])
+local_bin=os.path.expanduser(app.config['DEFAULT']['local_bin'])
+DEBUG = app.config['DEFAULT']['debug']
+
 #HTTPS
-ASSETS_DIR = os.path.dirname(os.path.abspath(__file__))
+#ASSETS_DIR = os.path.dirname(os.path.abspath(__file__))
 # HTTP Serve
 from waitress import serve
 
-app = Flask(__name__)
 #app.secret_key = b'flafoudi'
 app.config['UPLOAD_FOLDER'] = UPLOAD_FOLDER
 # Max upload size 100M ( see nginx default also )
@@ -22,7 +40,7 @@ app.config['MAX_CONTENT_LENGTH'] = 100 * 1000 * 1000
 
 auth = HTTPBasicAuth()
 users = {
-    "": generate_password_hash("secret"),
+    "": generate_password_hash(HTTP_SECRET),
 }
 
 @auth.verify_password
@@ -30,11 +48,8 @@ def verify_password(username, password):
     if username in users and check_password_hash(users.get(username), password):
         return username
 
-local_bin="/home/pi/.local/bin/"
 signal = 0
 
-DEBUG = 0
-
 # Check file extension is allowed
 def allowed_file(filename):
     # Check for dot in filename
@@ -106,18 +121,9 @@ def upload_file():
             return 'No selected file'
         if file and allowed_file(file.filename):
             filename = secure_filename(file.filename)
-            file.save(os.path.join(app.config['UPLOAD_FOLDER'], filename))
+            file.save(os.path.join(UPLOAD_FOLDER, filename))
             return "File saved in " + UPLOAD_FOLDER
     return "OK"
-#    return '''
-#    <!doctype html>
-#    <title>Upload new File</title>
-#    <h1>Upload new File</h1>
-#    <form method=post enctype=multipart/form-data>
-#      <input type=file name=file>
-#      <input type=submit value=Upload>
-#    </form>
-#    '''
 
 if __name__ == '__main__':
 #    app.run()
diff --git a/defaults.toml b/defaults.toml
new file mode 100644
index 0000000..bea720c
--- /dev/null
+++ b/defaults.toml
@@ -0,0 +1,6 @@
+[DEFAULT]
+debug = 0
+local_bin = "~/.local/bin/"
+auth  = "secret" 
+media_folder_local = "~/Videos"
+media_exts = ["mp4", "avi", "mkv"]