jesus/provisioning
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
provisioning/templates/docs/configuration-guide.md.j2

307 lines
6.4 KiB
Plaintext
Raw Normal View History

chore: complete nickel migration and consolidate legacy configs - Remove KCL ecosystem (~220 files deleted) - Migrate all infrastructure to Nickel schema system - Consolidate documentation: legacy docs → provisioning/docs/src/ - Add CI/CD workflows (.github/) and Rust build config (.cargo/) - Update core system for Nickel schema parsing - Update README.md and CHANGES.md for v5.0.0 release - Fix pre-commit hooks: end-of-file, trailing-whitespace - Breaking changes: KCL workspaces require migration - Migration bridge available in docs/src/development/
2026-01-08 09:55:37 +00:00
# Workspace {{ workspace_name | title }} - Configuration Guide
**Purpose**: Reference guide for configuring {{ workspace_name }} infrastructure
**Configuration Files**:
- Master config: `config/config.ncl`
- KMS config: `config/kms.toml`
- Provider configs: `config/providers/`
- Infrastructure configs: `infra/{%- for i in infrastructures -%}{{ i }}{%- if not loop.last %},{% endif %}{%- endfor %}/`
---
## Configuration Hierarchy
The workspace uses a 3-layer configuration system:
1. **System Defaults**: Default settings for all workspaces
2. **Workspace Configuration**: Settings specific to this workspace
3. **Infrastructure Configuration**: Settings specific to each infrastructure (highest priority)
---
## Master Configuration (config.ncl)
The master configuration defines workspace metadata, providers, and platform services.
### Workspace Metadata
**File**: `config/config.ncl`
```nickel
workspace = {
name = "{{ workspace_name }}",
path = "{{ workspace_path }}",
description = "{{ workspace_description }}",
metadata = {
owner = "your-name",
created = "2025-01-07",
environment = "production",
},
}
```
**Editable Fields**:
- `description`: Workspace purpose
- `metadata.owner`: Owner name or email
- `metadata.environment`: "production", "staging", "development", "testing"
---
## Provider Configuration
### {{ primary_provider | title }} Provider Settings
**File**: `config/providers/{{ primary_provider | lower }}.toml`
```toml
[provider]
name = "{{ primary_provider | lower }}"
{% for key, value in provider_defaults %}
{{ key }} = "{{ value }}"
{% endfor %}
[defaults]
{% for key, value in provider_zone_defaults %}
{{ key }} = "{{ value }}"
{% endfor %}
```
**Configurable Options**:
- `zone`: Deploy region
- `plan`: Server size/plan
- `storage_type`: Storage class
- `storage_size`: Storage size in GB
---
## Infrastructure Configuration
Each infrastructure has configuration files:
### File Structure
```
infra/{{ default_infra }}/
├── main.ncl # Main aggregator
├── settings.ncl # Infrastructure settings
├── servers.ncl # Server definitions
└── taskservs/ # Task service configurations
```
### Server Definitions
**File**: `infra/{{ default_infra }}/servers.ncl`
```nickel
servers = [
{% for server in servers -%}
{
hostname = "{{ server.name }}",
provider = "{{ server.provider }}",
zone = "{{ server.zone }}",
plan = "{{ server.plan }}",
storage_size = {{ server.storage }},
network_public_ip = true,
network_private_ip = true,
ssh_key_path = "~/.ssh/id_deployment.pub",
taskservs = [],
},
{% endfor -%}
]
```
**Editable Fields**:
- `hostname`: Server name (must be unique)
- `plan`: Server size ({{ server_plans | join(sep=', ') }})
- `zone`: Region ({{ available_zones | join(sep=', ') }})
- `storage_size`: Storage in GB
- `taskservs`: Services to install
### Common Configuration Changes
#### Change Server Plan
```nickel
# Current
plan = "{{ servers[0].plan }}"
# Change to
plan = "4xCPU-8GB"
```
#### Add New Server
```nickel
servers = [
{%- for server in servers %}
{ hostname = "{{ server.name }}", ... },
{%- endfor %}
{
hostname = "{{ workspace_name }}-new-0",
provider = "{{ primary_provider | lower }}",
zone = "{{ primary_zone }}",
plan = "{{ servers[0].plan }}",
storage_size = 35,
taskservs = [],
},
]
```
#### Change Zone/Region
```nickel
# Current
zone = "{{ primary_zone }}"
# Change to
zone = "{{ alternate_zone }}"
```
---
## Task Services Configuration
Available task services:
{% for ts in taskservs -%}
- `{{ ts }}`
{% endfor %}
Each taskserv has configuration in `infra/{{ default_infra }}/taskservs/`:
```nickel
{
name = "service-name",
version = "1.0.0",
config = {
key = "value",
},
}
```
---
## Environment Variables
Override configuration with environment variables:
```bash
export PROVISIONING_WORKSPACE="{{ workspace_name }}"
export PROVISIONING_INFRA="{{ default_infra }}"
export PROVISIONING_ENVIRONMENT="production"
```
**Provider Variables**:
{% for var, hint in provider_env_vars %}
```bash
export {{ var }}="your-{{ hint | lower }}"
```
{% endfor %}
---
## Configuration Validation
### Validate Nickel Syntax
```bash
cd {{ workspace_path }}
nickel typecheck config/config.ncl
{% for infra in infrastructures -%}
nickel typecheck infra/{{ infra }}/main.ncl
{% endfor %}
```
### Validate Configuration
```bash
nu workspace.nu validate
provisioning validate config
```
### Export Configuration
```bash
provisioning config export
```
---
## Configuration Best Practices
1. **Commit changes**: `git add infra/ && git commit -m "Update configuration"`
2. **Validate before deploying**: `nickel typecheck infra/{{ default_infra }}/main.ncl`
3. **Use descriptive names**: `{{ workspace_name }}-cp-0`, not `server1`
4. **Document decisions**: Add comments to explain why
5. **Separate secrets**: Use SOPS for encrypted secrets
---
## SOPS Secret Encryption
Encrypt sensitive data:
**File**: `infra/sops.yaml`
```yaml
creation_rules:
- path_regex: \.enc\.(yaml|json)$
age: "age1your-public-key"
```
**Usage**:
```bash
# Encrypt
sops -e infra/secrets.yaml > infra/secrets.enc.yaml
# Decrypt
sops -d infra/secrets.enc.yaml
```
---
## Troubleshooting Configuration
**Issue**: Nickel type-check failed
- Check error message: `nickel typecheck config/config.ncl`
- Fix syntax errors
- Retry type-check
**Issue**: Configuration export failed
- Verify Nickel files are valid: `nickel export infra/{{ default_infra }}/main.ncl | jq`
- Re-run export command
**Issue**: Unknown configuration parameter
- Check Nickel schema for valid parameters
- Review example configuration files
---
## Configuration Reference
| File | Purpose | Editable |
|------|---------|----------|
| `config/config.ncl` | Master configuration | Yes |
| `config/kms.toml` | KMS settings | Yes |
| `config/providers/{{ primary_provider | lower }}.toml` | Provider defaults | Yes |
| `infra/{{ default_infra }}/main.ncl` | Infrastructure aggregator | No |
| `infra/{{ default_infra }}/settings.ncl` | Infrastructure settings | Yes |
| `infra/{{ default_infra }}/servers.ncl` | Server definitions | Yes |
| `config/generated/*.toml` | Exported configs | No |
---
## Next Steps
After configuring:
1. Validate configuration (see Validation section)
2. Perform dry-run deployment
3. Deploy infrastructure
4. Verify deployment
For troubleshooting, see `troubleshooting.md`.
Reference in New Issue Copy Permalink