6a59d34bb1
Update configuration files, templates, and internal documentation for the provisioning repository system. Configuration Updates: - KMS configuration modernization - Plugin system settings - Service port mappings - Test cluster topologies - Installation configuration examples - VM configuration defaults - Cedar authorization policies Documentation Updates: - Library module documentation - Extension API guides - AI system documentation - Service management guides - Test environment setup - Plugin usage guides - Validator configuration documentation All changes are backward compatible.
269 lines
6.6 KiB
TOML
269 lines
6.6 KiB
TOML
# Default configuration for Provisioning System
|
|
# This file provides default values for all configuration options
|
|
|
|
[core]
|
|
version = "1.0.0"
|
|
name = "provisioning"
|
|
|
|
[paths]
|
|
generate = "generate"
|
|
run_clusters = "clusters"
|
|
run_taskservs = "taskservs"
|
|
extensions = "{{paths.base}}/.provisioning-extensions"
|
|
infra = "{{paths.base}}/infra"
|
|
base = "/Users/Akasha/project-provisioning/provisioning"
|
|
kloud = "{{paths.base}}/infra"
|
|
providers = "{{paths.base}}/extensions/providers"
|
|
taskservs = "{{paths.base}}/extensions/taskservs"
|
|
clusters = "{{paths.base}}/extensions/clusters"
|
|
workflows = "{{paths.base}}/extensions/workflows"
|
|
resources = "{{paths.base}}/resources"
|
|
templates = "{{paths.base}}/templates"
|
|
tools = "{{paths.base}}/tools"
|
|
core = "{{paths.base}}/core"
|
|
|
|
[paths.files]
|
|
defs = "defs.toml"
|
|
req_versions = "{{paths.core}}/versions.yaml"
|
|
vars = "{{paths.base}}/vars.yaml"
|
|
settings_file = "settings.k"
|
|
keys = "{{paths.base}}/keys.yaml"
|
|
requirements = "{{paths.base}}/requirements.yaml"
|
|
notify_icon = "{{paths.base}}/resources/icon.png"
|
|
|
|
[cache]
|
|
# Configuration Caching System
|
|
# Enable/disable cache for configuration loading operations
|
|
enabled = true
|
|
|
|
# Maximum cache size in bytes (100 MB default)
|
|
# Cache will clean up oldest entries when exceeded
|
|
max_cache_size = 104857600
|
|
|
|
# Path to runtime cache configuration (user-specific overrides)
|
|
runtime_config_path = "{{env.HOME}}/.provisioning/cache/config/settings.json"
|
|
|
|
# Version Caching (legacy, for version checking)
|
|
path = "{{paths.base}}/.cache/versions"
|
|
infra_cache = "{{paths.infra}}/{{infra.current}}/cache/versions"
|
|
grace_period = 86400 # 24 hours default
|
|
check_updates = false
|
|
|
|
[cache.ttl]
|
|
# Time-to-live (TTL) settings for different cache types
|
|
# Values in seconds
|
|
|
|
# Final merged configuration cache
|
|
# Short TTL (5 minutes) for safety - aggressive invalidation
|
|
final_config = 300
|
|
|
|
# KCL compilation cache
|
|
# Longer TTL (30 minutes) - KCL compilation is deterministic
|
|
kcl_compilation = 1800
|
|
|
|
# SOPS decryption cache
|
|
# Medium TTL (15 minutes) - balance between security and performance
|
|
sops_decryption = 900
|
|
|
|
# Provider configuration cache
|
|
# Standard TTL (10 minutes)
|
|
provider_config = 600
|
|
|
|
# Platform configuration cache
|
|
# Standard TTL (10 minutes)
|
|
platform_config = 600
|
|
|
|
[cache.paths]
|
|
# Cache directory structure
|
|
base = "{{env.HOME}}/.provisioning/cache/config"
|
|
|
|
[cache.security]
|
|
# Security settings for sensitive caches (SOPS, secrets, etc.)
|
|
|
|
# SOPS cache file permissions (must be 0600 for security)
|
|
sops_file_permissions = "0600"
|
|
|
|
# SOPS cache directory permissions (must be 0700)
|
|
sops_dir_permissions = "0700"
|
|
|
|
[cache.validation]
|
|
# Cache validation strictness
|
|
|
|
# Strict mtime validation: check all source files on cache hit
|
|
# When true: validates modification times of ALL source files
|
|
# When false: only checks TTL expiration
|
|
strict_mtime = true
|
|
|
|
[http]
|
|
use_curl = false # Use curl instead of nushell's http get for API calls
|
|
|
|
[infra]
|
|
current = "default" # Current infra context
|
|
|
|
[debug]
|
|
enabled = true
|
|
metadata = false
|
|
check = false
|
|
remote = false
|
|
log_level = "info"
|
|
no_terminal = false
|
|
no_titles = false
|
|
|
|
[output]
|
|
file_viewer = "bat"
|
|
format = "yaml"
|
|
|
|
[sops]
|
|
use_sops = true
|
|
config_path = "{{paths.base}}/.sops.yaml"
|
|
key_search_paths = [
|
|
"{{paths.base}}/keys/age.txt",
|
|
"~/.config/sops/age/keys.txt"
|
|
]
|
|
|
|
[taskservs]
|
|
run_path = "{{paths.base}}/run/taskservs"
|
|
|
|
[clusters]
|
|
run_path = "{{paths.base}}/run/clusters"
|
|
|
|
[generation]
|
|
dir_path = "{{paths.base}}/generated"
|
|
defs_file = "defs.toml"
|
|
|
|
# Environment-specific overrides
|
|
[environments.dev]
|
|
debug.enabled = true
|
|
debug.log_level = "debug"
|
|
|
|
[environments.test]
|
|
debug.check = true
|
|
|
|
[environments.prod]
|
|
debug.enabled = false
|
|
debug.log_level = "warn"
|
|
|
|
# Provider configurations
|
|
[providers]
|
|
default = "local"
|
|
|
|
[providers.aws]
|
|
api_url = ""
|
|
auth = ""
|
|
interface = "CLI" # API or CLI
|
|
|
|
[providers.upcloud]
|
|
api_url = "https://api.upcloud.com/1.3"
|
|
auth = ""
|
|
interface = "CLI" # API or CLI
|
|
|
|
[providers.local]
|
|
api_url = ""
|
|
auth = ""
|
|
interface = "CLI" # API or CLI
|
|
|
|
# Tool Detection and Plugin Configuration
|
|
[tools]
|
|
use_kcl = true
|
|
use_kcl_plugin = true
|
|
use_tera_plugin = true
|
|
|
|
# KCL Module Configuration
|
|
[kcl]
|
|
# Core provisioning schemas (local path for development)
|
|
core_module = "{{paths.base}}/kcl"
|
|
core_version = "0.0.1"
|
|
core_package_name = "provisioning_core"
|
|
|
|
# Dynamic module loading for extensions
|
|
use_module_loader = true
|
|
module_loader_path = "{{paths.core}}/cli/module-loader"
|
|
|
|
# Workspace KCL module directory
|
|
modules_dir = ".kcl-modules"
|
|
|
|
# Distribution Configuration
|
|
[distribution]
|
|
# Where to generate KCL packages
|
|
pack_path = "{{paths.base}}/distribution/packages"
|
|
registry_path = "{{paths.base}}/distribution/registry"
|
|
cache_path = "{{paths.base}}/distribution/cache"
|
|
|
|
# Registry type: local | oci | git
|
|
registry_type = "local"
|
|
|
|
# Package metadata
|
|
[distribution.metadata]
|
|
maintainer = "JesusPerezLorenzo"
|
|
repository = "https://repo.jesusperez.pro/provisioning"
|
|
license = "MIT"
|
|
homepage = "https://github.com/jesusperezlorenzo/provisioning"
|
|
|
|
# AI Integration Configuration
|
|
[ai]
|
|
enabled = false
|
|
provider = "openai"
|
|
api_key = ""
|
|
model = "gpt-4"
|
|
timeout = 30
|
|
|
|
# SSH Configuration
|
|
[ssh]
|
|
user = ""
|
|
options = ["StrictHostKeyChecking=accept-new", "UserKnownHostsFile=/dev/null"]
|
|
timeout = 30
|
|
debug = false
|
|
|
|
# Extension System Configuration
|
|
[extensions]
|
|
path = ""
|
|
mode = "full"
|
|
profile = ""
|
|
allowed = ""
|
|
blocked = ""
|
|
custom_providers = ""
|
|
custom_taskservs = ""
|
|
|
|
# Key Management Service Configuration
|
|
[kms]
|
|
server = ""
|
|
auth_method = "certificate"
|
|
client_cert = ""
|
|
client_key = ""
|
|
ca_cert = ""
|
|
api_token = ""
|
|
username = ""
|
|
password = ""
|
|
timeout = 30
|
|
verify_ssl = true
|
|
|
|
# Security Configuration
|
|
[security]
|
|
#require_auth = true # Require authentication for all operations
|
|
require_auth = false # Require authentication for all operations
|
|
require_mfa_for_production = true # Require MFA for production environment
|
|
require_mfa_for_destructive = true # Require MFA for delete/destroy operations
|
|
auth_timeout = 3600 # Authentication timeout in seconds (1 hour)
|
|
audit_log_path = "{{paths.base}}/logs/audit.log" # Path to audit log file
|
|
|
|
[security.bypass]
|
|
# allow_skip_auth = false # Allow PROVISIONING_SKIP_AUTH environment variable (dev/test only)
|
|
allow_skip_auth = true # Allow PROVISIONING_SKIP_AUTH environment variable (dev/test only)
|
|
|
|
# Plugin Configuration
|
|
[plugins]
|
|
auth_enabled = true # Enable nu_plugin_auth for authentication
|
|
|
|
# Platform Services Configuration
|
|
# Configuration per workspace in: workspace_name/config/platform/deployment.toml
|
|
# These are fallback defaults if workspace config not found
|
|
|
|
[platform.orchestrator]
|
|
endpoint = "http://localhost:9090/health"
|
|
|
|
[platform.control_center]
|
|
url = "http://localhost:3000" # Control Center URL for authentication
|
|
|
|
[platform.kms]
|
|
endpoint = "http://localhost:3001/health"
|