44648e3206
- Remove KCL ecosystem (~220 files deleted) - Migrate all infrastructure to Nickel schema system - Consolidate documentation: legacy docs → provisioning/docs/src/ - Add CI/CD workflows (.github/) and Rust build config (.cargo/) - Update core system for Nickel schema parsing - Update README.md and CHANGES.md for v5.0.0 release - Fix pre-commit hooks: end-of-file, trailing-whitespace - Breaking changes: KCL workspaces require migration - Migration bridge available in docs/src/development/
114 lines
2.6 KiB
Plaintext
114 lines
2.6 KiB
Plaintext
# Multi-User Mode Configuration
|
|
# Team collaboration with shared services
|
|
|
|
let contracts = import "./contracts.ncl" in
|
|
let oci_defaults = import "../oci_registry/defaults.ncl" in
|
|
|
|
{
|
|
mode_name = "multi-user",
|
|
description = "Team collaboration with shared services",
|
|
|
|
authentication = {
|
|
auth_type = "token",
|
|
token_config = {
|
|
token_path = "~/.provisioning/tokens/auth",
|
|
token_format = "jwt",
|
|
expiry_seconds = 86400,
|
|
refresh_enabled = true,
|
|
},
|
|
ssh_key_storage = "local",
|
|
},
|
|
|
|
services = {
|
|
orchestrator = {
|
|
deployment = "remote",
|
|
remote_config = {
|
|
endpoint = "orchestrator.company.local",
|
|
port = 8080,
|
|
tls_enabled = true,
|
|
verify_ssl = true,
|
|
timeout = 30,
|
|
retries = 3,
|
|
},
|
|
},
|
|
|
|
control_center = {
|
|
deployment = "remote",
|
|
remote_config = {
|
|
endpoint = "control.company.local",
|
|
port = 8081,
|
|
tls_enabled = true,
|
|
},
|
|
},
|
|
|
|
coredns = {
|
|
deployment = "remote",
|
|
remote_config = {
|
|
endpoint = "dns.company.local",
|
|
port = 53,
|
|
tls_enabled = false,
|
|
},
|
|
},
|
|
|
|
gitea = {
|
|
deployment = "remote",
|
|
remote_config = {
|
|
endpoint = "git.company.local",
|
|
port = 443,
|
|
tls_enabled = true,
|
|
},
|
|
},
|
|
|
|
oci_registry = oci_defaults.remote_harbor_registry & {
|
|
endpoint = "harbor.company.local",
|
|
namespaces = {
|
|
extensions = "provisioning-extensions",
|
|
kcl_packages = "provisioning-kcl",
|
|
platform_images = "provisioning-platform",
|
|
test_images = "provisioning-test",
|
|
},
|
|
},
|
|
},
|
|
|
|
extensions = {
|
|
source = "oci",
|
|
oci_registry = {
|
|
enabled = true,
|
|
endpoint = "harbor.company.local",
|
|
namespace = "provisioning-extensions",
|
|
auth_token_path = "~/.provisioning/tokens/oci",
|
|
tls_enabled = true,
|
|
verify_ssl = true,
|
|
cache_dir = "~/.provisioning/oci-cache",
|
|
},
|
|
},
|
|
|
|
workspaces = {
|
|
locking = "enabled",
|
|
lock_provider = "gitea",
|
|
git_integration = "required",
|
|
isolation = "user",
|
|
max_workspaces_per_user = 5,
|
|
},
|
|
|
|
security = {
|
|
encryption_at_rest = false,
|
|
encryption_in_transit = true,
|
|
dns_modification = "coredns",
|
|
audit_logging = true,
|
|
audit_log_path = "/var/log/provisioning/audit.log",
|
|
network_isolation = false,
|
|
},
|
|
|
|
resource_limits = {
|
|
max_servers_per_user = 10,
|
|
max_cpu_cores_per_user = 32,
|
|
max_memory_gb_per_user = 128,
|
|
max_storage_gb_per_user = 500,
|
|
max_total_servers = 100,
|
|
max_total_cpu_cores = 320,
|
|
max_total_memory_gb = 1024,
|
|
},
|
|
}
|
|
| contracts.ExecutionMode
|