jesus/provisioning
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
provisioning/schemas/platform/defaults/common/external-services-defaults.ncl

169 lines
4.6 KiB
Text
Raw Blame History

# External Services Default Configuration
# Per-deployment-mode defaults for database, OCI registry, Git sources, and cache
let es_schema = import "../../common/external-services.ncl" in
{
# Solo/Development Mode: No external infrastructure
# - Filesystem storage for orchestrator
# - Local filesystem for extensions (no OCI)
# - Local directory cache
solo | es_schema.ExternalServicesConfig = {
database = {
backend = "filesystem",
path = "~/.provisioning/data/orchestrator",
retry = true,
},
# Solo mode doesn't configure OCI registries or Git sources
# Extensions are discovered and loaded from local filesystem
oci_registries = [],
git_sources = [],
extension_path = {
path = "~/.provisioning/extensions",
writable = true,
},
cache = {
mode = "local",
path = "~/.provisioning/oci-cache",
},
},
# Multiuser/Team Mode: Local Docker services
# - SurrealDB server running in local Docker
# - Zot OCI registry in local Docker
# - Forgejo Git source in local Docker
# - Local directory cache
multiuser | es_schema.ExternalServicesConfig = {
database = {
backend = "surrealdb_server",
connection_string = "ws://localhost:8000",
namespace = "provisioning",
database = "main",
credentials = {
username = "root",
password = "root",
},
retry = true,
},
oci_registries = [
{
id = "local-zot",
registry = "localhost:5000",
namespace = "provisioning",
verify_ssl = false,
},
],
git_sources = [
{
id = "local-forgejo",
provider = "forgejo",
url = "http://localhost:3000",
organization = "provisioning",
token_path = "~/.provisioning/secrets/forgejo-token.txt",
verify_ssl = false,
},
],
cache = {
mode = "local",
path = "~/.provisioning/oci-cache",
},
},
# CI/CD Mode: Containerized, temporary infrastructure
# - SurrealDB server (temporary)
# - Zot OCI registry (temporary)
# - Forgejo Git source (temporary or external)
# - Local cache for CI runners
cicd | es_schema.ExternalServicesConfig = {
database = {
backend = "surrealdb_server",
connection_string = "ws://localhost:8000",
namespace = "provisioning",
database = "cicd",
credentials = {
username = "cicd",
password = "cicd_temp",
},
retry = true,
},
oci_registries = [
{
id = "ci-zot",
registry = "localhost:5000",
namespace = "provisioning/ci",
verify_ssl = false,
},
],
git_sources = [
{
id = "ci-forgejo",
provider = "forgejo",
url = "http://localhost:3000",
organization = "provisioning-ci",
token_path = "/tmp/forgejo-token.txt",
verify_ssl = false,
},
],
cache = {
mode = "local",
path = "/tmp/provisioning-cache",
},
},
# Enterprise/Production Mode: Remote, high-availability services
# - SurrealDB cluster (remote, replicated)
# - Zot OCI registry with failover
# - Forgejo + GitHub for source diversity
# - Redis for distributed cache
# NOTE: These are placeholder values. Users MUST override with actual infrastructure.
enterprise | es_schema.ExternalServicesConfig = {
database = {
backend = "surrealdb_server",
connection_string = "ws://surrealdb-primary.internal:8000",
namespace = "provisioning",
database = "production",
credentials = {
username = "provisioning",
password = "REPLACE_WITH_SECRET_FROM_VAULT",
},
retry = true,
max_retries = "5",
},
oci_registries = [
{
id = "primary-zot",
registry = "zot-primary.internal:5000",
namespace = "provisioning/extensions",
verify_ssl = true,
},
{
id = "secondary-harbor",
registry = "harbor-backup.internal:443",
namespace = "provisioning",
auth_token_path = "/etc/secrets/harbor-token.txt",
verify_ssl = true,
},
],
git_sources = [
{
id = "primary-forgejo",
provider = "forgejo",
url = "https://forge.internal:3000",
organization = "provisioning",
token_path = "/etc/secrets/forgejo-token.txt",
verify_ssl = true,
},
{
id = "company-github",
provider = "github",
organization = "company-provisioning",
token_path = "/etc/secrets/github-token.txt",
verify_ssl = true,
},
],
cache = {
mode = "remote",
url = "redis://redis-primary.internal:6379",
},
},
}
Reference in a new issue View git blame Copy permalink