provisioning/config/installer-config.toml.template

# Provisioning Platform Installer Configuration Template
# Version: 3.5.0
#
# This template defines all available configuration options for the installer.
# Copy this file to `installer-config.toml` and customize as needed.

# =============================================================================
# INSTALLER SETTINGS
# =============================================================================
[installer]
# Installation mode
# Options: "interactive" (TUI wizard), "headless" (non-interactive), "config-driven" (from config file)
mode = "interactive"

# Platform auto-detection
# If true, installer will auto-detect available container platforms
auto_detect_platform = true

# Skip confirmation prompts in headless mode
# WARNING: Only use in automated environments
skip_confirmations = false

# Verbose output
# Enable detailed logging during installation
verbose = false

# Installation timeout in seconds
# Maximum time to wait for installation to complete
timeout = 1800  # 30 minutes

# Dry run mode
# Validate configuration without making changes
dry_run = false

# =============================================================================
# DEPLOYMENT CONFIGURATION
# =============================================================================
[deployment]
# Container platform
# Options: "docker", "podman", "kubernetes", "orbstack"
# If not specified, installer will use auto-detected platform
platform = "docker"

# Deployment mode
# Options: "solo", "multi-user", "cicd", "enterprise"
# Determines which services are deployed and resource requirements
mode = "solo"

# Base domain for services
# All services will be accessible under this domain
# For local development, use "localhost" or a .local domain
domain = "localhost"

# Deployment location
# Options: "local" (current machine), "remote" (SSH to remote host)
location = "local"

# Remote deployment settings (only used if location = "remote")
[deployment.remote]
# SSH connection string (user@host:port)
host = ""

# SSH private key path
# Leave empty to use default SSH key (~/.ssh/id_rsa)
ssh_key = ""

# Use SSH agent for authentication
use_ssh_agent = true

# Remote installation path
# Directory on remote host where platform will be installed
install_path = "/opt/provisioning"

# =============================================================================
# RESOURCE REQUIREMENTS
# =============================================================================
[resources]
# Minimum CPU cores required
# Will be auto-calculated based on deployment mode if not specified
min_cpu_cores = 2

# Minimum memory in GB
# Will be auto-calculated based on deployment mode if not specified
min_memory_gb = 4.0

# Minimum disk space in GB
min_disk_gb = 20.0

# Override resource checks
# WARNING: Only use if you understand the implications
skip_resource_check = false

# Resource allocation strategy
# Options: "auto" (installer decides), "minimal" (minimum resources), "recommended" (recommended resources)
allocation_strategy = "auto"

# =============================================================================
# SERVICE CONFIGURATION
# =============================================================================
[services]
# Core services (always installed)
# These services are required for basic platform operation

[services.orchestrator]
enabled = true
port = 8080
# CPU limit in millicores (1000m = 1 CPU core)
cpu_limit = "1000m"
# Memory limit
memory_limit = "512Mi"
# Restart policy: "always", "on-failure", "unless-stopped"
restart_policy = "always"

[services.control_center]
enabled = true
port = 8081
cpu_limit = "500m"
memory_limit = "256Mi"
restart_policy = "always"

[services.coredns]
enabled = true
port = 5353
cpu_limit = "100m"
memory_limit = "128Mi"
restart_policy = "always"

# Optional services (can be enabled/disabled based on deployment mode)

[services.mcp_server]
# Model Context Protocol server for AI integration
enabled = false
port = 8084
cpu_limit = "500m"
memory_limit = "512Mi"
restart_policy = "always"

[services.api_gateway]
# REST API gateway
enabled = false
port = 8085
cpu_limit = "500m"
memory_limit = "256Mi"
restart_policy = "always"

[services.extension_registry]
# Extension package hosting
enabled = false
port = 8082
cpu_limit = "200m"
memory_limit = "256Mi"
restart_policy = "always"

[services.oci_registry]
# OCI container registry (Zot)
enabled = false
port = 5000
cpu_limit = "500m"
memory_limit = "512Mi"
restart_policy = "always"
# Registry storage path
storage_path = "/var/lib/provisioning/registry"

[services.gitea]
# Git server for multi-user mode
enabled = false
port = 3000
cpu_limit = "1000m"
memory_limit = "1Gi"
restart_policy = "always"
# Gitea data path
data_path = "/var/lib/provisioning/gitea"

[services.postgres]
# Shared database for multi-user/enterprise modes
enabled = false
port = 5432
cpu_limit = "1000m"
memory_limit = "1Gi"
restart_policy = "always"
# PostgreSQL data path
data_path = "/var/lib/provisioning/postgres"
# PostgreSQL version
version = "15"

[services.harbor]
# Harbor OCI registry (enterprise mode)
enabled = false
port = 5000
cpu_limit = "2000m"
memory_limit = "2Gi"
restart_policy = "always"
# Harbor data path
data_path = "/var/lib/provisioning/harbor"

[services.kms]
# Cosmian KMS for enterprise secrets management
enabled = false
port = 9998
cpu_limit = "500m"
memory_limit = "512Mi"
restart_policy = "always"

[services.prometheus]
# Metrics collection
enabled = false
port = 9090
cpu_limit = "1000m"
memory_limit = "1Gi"
restart_policy = "always"
# Retention period
retention_days = 15

[services.grafana]
# Metrics dashboards
enabled = false
port = 3001
cpu_limit = "500m"
memory_limit = "512Mi"
restart_policy = "always"

[services.loki]
# Log aggregation
enabled = false
port = 3100
cpu_limit = "1000m"
memory_limit = "1Gi"
restart_policy = "always"
# Log retention period
retention_days = 7

[services.nginx]
# Reverse proxy (enterprise mode)
enabled = false
port = 80
cpu_limit = "500m"
memory_limit = "256Mi"
restart_policy = "always"
# SSL/TLS configuration
[services.nginx.tls]
enabled = false
cert_path = ""
key_path = ""
# Auto-generate self-signed cert for development
auto_generate = false

# =============================================================================
# SECRETS MANAGEMENT
# =============================================================================
[secrets]
# Auto-generate secrets
# If true, installer will generate secure random secrets
auto_generate = true

# Secrets storage backend
# Options: "file" (local files), "env" (environment variables), "kms" (Cosmian KMS)
storage_backend = "file"

# Secrets file path (only used if storage_backend = "file")
secrets_path = "/var/lib/provisioning/secrets"

# Use SOPS for secret encryption
use_sops = false

# SOPS age key path
sops_age_key = ""

# KMS endpoint (only used if storage_backend = "kms")
kms_endpoint = "http://localhost:9998"

# Pre-defined secrets (leave empty to auto-generate)
[secrets.database]
postgres_password = ""
postgres_user = "provisioning"

[secrets.registry]
admin_password = ""
admin_user = "admin"

[secrets.gitea]
admin_password = ""
admin_user = "gitadmin"
secret_key = ""
internal_token = ""

[secrets.jwt]
# JWT signing key for API authentication
signing_key = ""
# Token expiration in hours
expiration_hours = 24

# =============================================================================
# MCP (MODEL CONTEXT PROTOCOL) INTEGRATION
# =============================================================================
[mcp]
# Enable MCP server
enabled = false

# MCP server mode
# Options: "stdio" (standard input/output), "http" (HTTP server), "sse" (Server-Sent Events)
mode = "http"

# HTTP/SSE endpoint (only used if mode = "http" or "sse")
endpoint = "http://localhost:8084"

# Auto-configure Claude Desktop integration
# If true, installer will update Claude Desktop config with MCP server
auto_configure_claude = false

# Claude Desktop config path
# Leave empty to use default platform-specific path
claude_config_path = ""

# MCP tools to enable
# Available tools: workspace, config, server, taskserv, cluster, workflow, batch
enabled_tools = [
    "workspace",
    "config",
    "server",
    "taskserv",
    "cluster"
]

# MCP server startup timeout in seconds
startup_timeout = 30

# =============================================================================
# UNATTENDED INSTALLATION
# =============================================================================
[unattended]
# Enable completely unattended installation
# Requires valid configuration file, no user interaction
enabled = false

# Accept all defaults for missing configuration
accept_defaults = true

# Skip all confirmation prompts
skip_all_prompts = true

# Email for installation notifications (optional)
notification_email = ""

# Post-installation script
# Script to run after installation completes
post_install_script = ""

# Post-installation script timeout in seconds
post_install_timeout = 300

# Generate installation report
# If true, creates detailed report at installation completion
generate_report = true

# Report output path
report_path = "/var/log/provisioning/installer-report.json"

# =============================================================================
# ADVANCED SETTINGS
# =============================================================================
[advanced]
# Container image registry
# Base registry for pulling platform images
image_registry = "ghcr.io/provisioning"

# Image pull policy
# Options: "always", "if-not-present", "never"
image_pull_policy = "if-not-present"

# Network configuration
[advanced.network]
# Container network name
network_name = "provisioning-net"
# Network driver: "bridge", "host", "overlay"
network_driver = "bridge"
# Network subnet (CIDR notation)
subnet = "172.20.0.0/16"
# DNS servers
dns_servers = ["8.8.8.8", "8.8.4.4"]

# Storage configuration
[advanced.storage]
# Base storage path
base_path = "/var/lib/provisioning"
# Storage driver: "local", "overlay2", "zfs", "btrfs"
driver = "overlay2"
# Enable volume encryption
encrypt_volumes = false

# Logging configuration
[advanced.logging]
# Log level: "debug", "info", "warn", "error"
level = "info"
# Log format: "json", "text"
format = "text"
# Log output: "stdout", "file", "both"
output = "both"
# Log file path (only used if output includes "file")
file_path = "/var/log/provisioning/installer.log"
# Max log file size in MB
max_size_mb = 100
# Max number of log files to keep
max_backups = 5

# Health check configuration
[advanced.health_check]
# Enable health checks during installation
enabled = true
# Health check interval in seconds
interval = 5
# Health check timeout in seconds
timeout = 30
# Number of retries before failure
max_retries = 10

# Rollback configuration
[advanced.rollback]
# Enable automatic rollback on failure
enabled = true
# Create backup before installation
create_backup = true
# Backup path
backup_path = "/var/lib/provisioning/backups"
# Keep backups after successful installation
keep_backups = true
# Maximum number of backups to keep
max_backups = 3
chore update projects 2025-10-07 11:12:02 +01:00			`# Provisioning Platform Installer Configuration Template`
			`# Version: 3.5.0`
			`#`
			`# This template defines all available configuration options for the installer.`
			# Copy this file to `installer-config.toml` and customize as needed.

			`# =============================================================================`
			`# INSTALLER SETTINGS`
			`# =============================================================================`
			`[installer]`
			`# Installation mode`
			`# Options: "interactive" (TUI wizard), "headless" (non-interactive), "config-driven" (from config file)`
			`mode = "interactive"`

			`# Platform auto-detection`
			`# If true, installer will auto-detect available container platforms`
			`auto_detect_platform = true`

			`# Skip confirmation prompts in headless mode`
			`# WARNING: Only use in automated environments`
			`skip_confirmations = false`

			`# Verbose output`
			`# Enable detailed logging during installation`
			`verbose = false`

			`# Installation timeout in seconds`
			`# Maximum time to wait for installation to complete`
			`timeout = 1800 # 30 minutes`

			`# Dry run mode`
			`# Validate configuration without making changes`
			`dry_run = false`

			`# =============================================================================`
			`# DEPLOYMENT CONFIGURATION`
			`# =============================================================================`
			`[deployment]`
			`# Container platform`
			`# Options: "docker", "podman", "kubernetes", "orbstack"`
			`# If not specified, installer will use auto-detected platform`
			`platform = "docker"`

			`# Deployment mode`
			`# Options: "solo", "multi-user", "cicd", "enterprise"`
			`# Determines which services are deployed and resource requirements`
			`mode = "solo"`

			`# Base domain for services`
			`# All services will be accessible under this domain`
			`# For local development, use "localhost" or a .local domain`
			`domain = "localhost"`

			`# Deployment location`
			`# Options: "local" (current machine), "remote" (SSH to remote host)`
			`location = "local"`

			`# Remote deployment settings (only used if location = "remote")`
			`[deployment.remote]`
			`# SSH connection string (user@host:port)`
			`host = ""`

			`# SSH private key path`
			`# Leave empty to use default SSH key (~/.ssh/id_rsa)`
			`ssh_key = ""`

			`# Use SSH agent for authentication`
			`use_ssh_agent = true`

			`# Remote installation path`
			`# Directory on remote host where platform will be installed`
			`install_path = "/opt/provisioning"`

			`# =============================================================================`
			`# RESOURCE REQUIREMENTS`
			`# =============================================================================`
			`[resources]`
			`# Minimum CPU cores required`
			`# Will be auto-calculated based on deployment mode if not specified`
			`min_cpu_cores = 2`

			`# Minimum memory in GB`
			`# Will be auto-calculated based on deployment mode if not specified`
			`min_memory_gb = 4.0`

			`# Minimum disk space in GB`
			`min_disk_gb = 20.0`

			`# Override resource checks`
			`# WARNING: Only use if you understand the implications`
			`skip_resource_check = false`

			`# Resource allocation strategy`
			`# Options: "auto" (installer decides), "minimal" (minimum resources), "recommended" (recommended resources)`
			`allocation_strategy = "auto"`

			`# =============================================================================`
			`# SERVICE CONFIGURATION`
			`# =============================================================================`
			`[services]`
			`# Core services (always installed)`
			`# These services are required for basic platform operation`

			`[services.orchestrator]`
			`enabled = true`
			`port = 8080`
			`# CPU limit in millicores (1000m = 1 CPU core)`
			`cpu_limit = "1000m"`
			`# Memory limit`
			`memory_limit = "512Mi"`
			`# Restart policy: "always", "on-failure", "unless-stopped"`
			`restart_policy = "always"`

			`[services.control_center]`
			`enabled = true`
			`port = 8081`
			`cpu_limit = "500m"`
			`memory_limit = "256Mi"`
			`restart_policy = "always"`

			`[services.coredns]`
			`enabled = true`
			`port = 5353`
			`cpu_limit = "100m"`
			`memory_limit = "128Mi"`
			`restart_policy = "always"`

			`# Optional services (can be enabled/disabled based on deployment mode)`

			`[services.mcp_server]`
			`# Model Context Protocol server for AI integration`
			`enabled = false`
			`port = 8084`
			`cpu_limit = "500m"`
			`memory_limit = "512Mi"`
			`restart_policy = "always"`

			`[services.api_gateway]`
			`# REST API gateway`
			`enabled = false`
			`port = 8085`
			`cpu_limit = "500m"`
			`memory_limit = "256Mi"`
			`restart_policy = "always"`

			`[services.extension_registry]`
			`# Extension package hosting`
			`enabled = false`
			`port = 8082`
			`cpu_limit = "200m"`
			`memory_limit = "256Mi"`
			`restart_policy = "always"`

			`[services.oci_registry]`
			`# OCI container registry (Zot)`
			`enabled = false`
			`port = 5000`
			`cpu_limit = "500m"`
			`memory_limit = "512Mi"`
			`restart_policy = "always"`
			`# Registry storage path`
			`storage_path = "/var/lib/provisioning/registry"`

			`[services.gitea]`
			`# Git server for multi-user mode`
			`enabled = false`
			`port = 3000`
			`cpu_limit = "1000m"`
			`memory_limit = "1Gi"`
			`restart_policy = "always"`
			`# Gitea data path`
			`data_path = "/var/lib/provisioning/gitea"`

			`[services.postgres]`
			`# Shared database for multi-user/enterprise modes`
			`enabled = false`
			`port = 5432`
			`cpu_limit = "1000m"`
			`memory_limit = "1Gi"`
			`restart_policy = "always"`
			`# PostgreSQL data path`
			`data_path = "/var/lib/provisioning/postgres"`
			`# PostgreSQL version`
			`version = "15"`

			`[services.harbor]`
			`# Harbor OCI registry (enterprise mode)`
			`enabled = false`
			`port = 5000`
			`cpu_limit = "2000m"`
			`memory_limit = "2Gi"`
			`restart_policy = "always"`
			`# Harbor data path`
			`data_path = "/var/lib/provisioning/harbor"`

			`[services.kms]`
			`# Cosmian KMS for enterprise secrets management`
			`enabled = false`
			`port = 9998`
			`cpu_limit = "500m"`
			`memory_limit = "512Mi"`
			`restart_policy = "always"`

			`[services.prometheus]`
			`# Metrics collection`
			`enabled = false`
			`port = 9090`
			`cpu_limit = "1000m"`
			`memory_limit = "1Gi"`
			`restart_policy = "always"`
			`# Retention period`
			`retention_days = 15`

			`[services.grafana]`
			`# Metrics dashboards`
			`enabled = false`
			`port = 3001`
			`cpu_limit = "500m"`
			`memory_limit = "512Mi"`
			`restart_policy = "always"`

			`[services.loki]`
			`# Log aggregation`
			`enabled = false`
			`port = 3100`
			`cpu_limit = "1000m"`
			`memory_limit = "1Gi"`
			`restart_policy = "always"`
			`# Log retention period`
			`retention_days = 7`

			`[services.nginx]`
			`# Reverse proxy (enterprise mode)`
			`enabled = false`
			`port = 80`
			`cpu_limit = "500m"`
			`memory_limit = "256Mi"`
			`restart_policy = "always"`
			`# SSL/TLS configuration`
			`[services.nginx.tls]`
			`enabled = false`
			`cert_path = ""`
			`key_path = ""`
			`# Auto-generate self-signed cert for development`
			`auto_generate = false`

			`# =============================================================================`
			`# SECRETS MANAGEMENT`
			`# =============================================================================`
			`[secrets]`
			`# Auto-generate secrets`
			`# If true, installer will generate secure random secrets`
			`auto_generate = true`

			`# Secrets storage backend`
			`# Options: "file" (local files), "env" (environment variables), "kms" (Cosmian KMS)`
			`storage_backend = "file"`

			`# Secrets file path (only used if storage_backend = "file")`
			`secrets_path = "/var/lib/provisioning/secrets"`

			`# Use SOPS for secret encryption`
			`use_sops = false`

			`# SOPS age key path`
			`sops_age_key = ""`

			`# KMS endpoint (only used if storage_backend = "kms")`
			`kms_endpoint = "http://localhost:9998"`

			`# Pre-defined secrets (leave empty to auto-generate)`
			`[secrets.database]`
			`postgres_password = ""`
			`postgres_user = "provisioning"`

			`[secrets.registry]`
			`admin_password = ""`
			`admin_user = "admin"`

			`[secrets.gitea]`
			`admin_password = ""`
			`admin_user = "gitadmin"`
			`secret_key = ""`
			`internal_token = ""`

			`[secrets.jwt]`
			`# JWT signing key for API authentication`
			`signing_key = ""`
			`# Token expiration in hours`
			`expiration_hours = 24`

			`# =============================================================================`
			`# MCP (MODEL CONTEXT PROTOCOL) INTEGRATION`
			`# =============================================================================`
			`[mcp]`
			`# Enable MCP server`
			`enabled = false`

			`# MCP server mode`
			`# Options: "stdio" (standard input/output), "http" (HTTP server), "sse" (Server-Sent Events)`
			`mode = "http"`

			`# HTTP/SSE endpoint (only used if mode = "http" or "sse")`
			`endpoint = "http://localhost:8084"`

			`# Auto-configure Claude Desktop integration`
			`# If true, installer will update Claude Desktop config with MCP server`
			`auto_configure_claude = false`

			`# Claude Desktop config path`
			`# Leave empty to use default platform-specific path`
			`claude_config_path = ""`

			`# MCP tools to enable`
			`# Available tools: workspace, config, server, taskserv, cluster, workflow, batch`
			`enabled_tools = [`
			`"workspace",`
			`"config",`
			`"server",`
			`"taskserv",`
			`"cluster"`
			`]`

			`# MCP server startup timeout in seconds`
			`startup_timeout = 30`

			`# =============================================================================`
			`# UNATTENDED INSTALLATION`
			`# =============================================================================`
			`[unattended]`
			`# Enable completely unattended installation`
			`# Requires valid configuration file, no user interaction`
			`enabled = false`

			`# Accept all defaults for missing configuration`
			`accept_defaults = true`

			`# Skip all confirmation prompts`
			`skip_all_prompts = true`

			`# Email for installation notifications (optional)`
			`notification_email = ""`

			`# Post-installation script`
			`# Script to run after installation completes`
			`post_install_script = ""`

			`# Post-installation script timeout in seconds`
			`post_install_timeout = 300`

			`# Generate installation report`
			`# If true, creates detailed report at installation completion`
			`generate_report = true`

			`# Report output path`
			`report_path = "/var/log/provisioning/installer-report.json"`

			`# =============================================================================`
			`# ADVANCED SETTINGS`
			`# =============================================================================`
			`[advanced]`
			`# Container image registry`
			`# Base registry for pulling platform images`
			`image_registry = "ghcr.io/provisioning"`

			`# Image pull policy`
			`# Options: "always", "if-not-present", "never"`
			`image_pull_policy = "if-not-present"`

			`# Network configuration`
			`[advanced.network]`
			`# Container network name`
			`network_name = "provisioning-net"`
			`# Network driver: "bridge", "host", "overlay"`
			`network_driver = "bridge"`
			`# Network subnet (CIDR notation)`
			`subnet = "172.20.0.0/16"`
			`# DNS servers`
			`dns_servers = ["8.8.8.8", "8.8.4.4"]`

			`# Storage configuration`
			`[advanced.storage]`
			`# Base storage path`
			`base_path = "/var/lib/provisioning"`
			`# Storage driver: "local", "overlay2", "zfs", "btrfs"`
			`driver = "overlay2"`
			`# Enable volume encryption`
			`encrypt_volumes = false`

			`# Logging configuration`
			`[advanced.logging]`
			`# Log level: "debug", "info", "warn", "error"`
			`level = "info"`
			`# Log format: "json", "text"`
			`format = "text"`
			`# Log output: "stdout", "file", "both"`
			`output = "both"`
			`# Log file path (only used if output includes "file")`
			`file_path = "/var/log/provisioning/installer.log"`
			`# Max log file size in MB`
			`max_size_mb = 100`
			`# Max number of log files to keep`
			`max_backups = 5`

			`# Health check configuration`
			`[advanced.health_check]`
			`# Enable health checks during installation`
			`enabled = true`
			`# Health check interval in seconds`
			`interval = 5`
			`# Health check timeout in seconds`
			`timeout = 30`
			`# Number of retries before failure`
			`max_retries = 10`

			`# Rollback configuration`
			`[advanced.rollback]`
			`# Enable automatic rollback on failure`
			`enabled = true`
			`# Create backup before installation`
			`create_backup = true`
			`# Backup path`
			`backup_path = "/var/lib/provisioning/backups"`
			`# Keep backups after successful installation`
			`keep_backups = true`
			`# Maximum number of backups to keep`
			`max_backups = 3`