# External Services Default Configuration # Per-deployment-mode defaults for database, OCI registry, Git sources, and cache let es_schema = import "../../common/external-services.ncl" in { # Solo/Development Mode: No external infrastructure # - Filesystem storage for orchestrator # - Local filesystem for extensions (no OCI) # - Local directory cache solo | es_schema.ExternalServicesConfig = { database = { backend = "filesystem", path = "~/.provisioning/data/orchestrator", retry = true, }, # Solo mode doesn't configure OCI registries or Git sources # Extensions are discovered and loaded from local filesystem oci_registries = [], git_sources = [], extension_path = { path = "~/.provisioning/extensions", writable = true, }, cache = { mode = "local", path = "~/.provisioning/oci-cache", }, }, # Multiuser/Team Mode: Local Docker services # - SurrealDB server running in local Docker # - Zot OCI registry in local Docker # - Forgejo Git source in local Docker # - Local directory cache multiuser | es_schema.ExternalServicesConfig = { database = { backend = "surrealdb_server", connection_string = "ws://localhost:8000", namespace = "provisioning", database = "main", credentials = { username = "root", password = "root", }, retry = true, }, oci_registries = [ { id = "local-zot", registry = "localhost:5000", namespace = "provisioning", verify_ssl = false, }, ], git_sources = [ { id = "local-forgejo", provider = "forgejo", url = "http://localhost:3000", organization = "provisioning", token_path = "~/.provisioning/secrets/forgejo-token.txt", verify_ssl = false, }, ], cache = { mode = "local", path = "~/.provisioning/oci-cache", }, }, # CI/CD Mode: Containerized, temporary infrastructure # - SurrealDB server (temporary) # - Zot OCI registry (temporary) # - Forgejo Git source (temporary or external) # - Local cache for CI runners cicd | es_schema.ExternalServicesConfig = { database = { backend = "surrealdb_server", connection_string = "ws://localhost:8000", namespace = "provisioning", database = "cicd", credentials = { username = "cicd", password = "cicd_temp", }, retry = true, }, oci_registries = [ { id = "ci-zot", registry = "localhost:5000", namespace = "provisioning/ci", verify_ssl = false, }, ], git_sources = [ { id = "ci-forgejo", provider = "forgejo", url = "http://localhost:3000", organization = "provisioning-ci", token_path = "/tmp/forgejo-token.txt", verify_ssl = false, }, ], cache = { mode = "local", path = "/tmp/provisioning-cache", }, }, # Enterprise/Production Mode: Remote, high-availability services # - SurrealDB cluster (remote, replicated) # - Zot OCI registry with failover # - Forgejo + GitHub for source diversity # - Redis for distributed cache # NOTE: These are placeholder values. Users MUST override with actual infrastructure. enterprise | es_schema.ExternalServicesConfig = { database = { backend = "surrealdb_server", connection_string = "ws://surrealdb-primary.internal:8000", namespace = "provisioning", database = "production", credentials = { username = "provisioning", password = "REPLACE_WITH_SECRET_FROM_VAULT", }, retry = true, max_retries = "5", }, oci_registries = [ { id = "primary-zot", registry = "zot-primary.internal:5000", namespace = "provisioning/extensions", verify_ssl = true, }, { id = "secondary-harbor", registry = "harbor-backup.internal:443", namespace = "provisioning", auth_token_path = "/etc/secrets/harbor-token.txt", verify_ssl = true, }, ], git_sources = [ { id = "primary-forgejo", provider = "forgejo", url = "https://forge.internal:3000", organization = "provisioning", token_path = "/etc/secrets/forgejo-token.txt", verify_ssl = true, }, { id = "company-github", provider = "github", organization = "company-provisioning", token_path = "/etc/secrets/github-token.txt", verify_ssl = true, }, ], cache = { mode = "remote", url = "redis://redis-primary.internal:6379", }, }, }