# Provisioning Platform Environment Configuration # Copy this file to .env and customize for your deployment #============================================================================== # PLATFORM MODE #============================================================================== # Deployment mode: solo, multi-user, cicd, enterprise PROVISIONING_MODE=solo # Platform metadata PLATFORM_NAME=provisioning PLATFORM_VERSION=3.0.0 PLATFORM_ENVIRONMENT=development #============================================================================== # NETWORK CONFIGURATION #============================================================================== # Docker network subnet NETWORK_SUBNET=172.20.0.0/16 NETWORK_GATEWAY=172.20.0.1 # External access EXTERNAL_DOMAIN=provisioning.local ENABLE_TLS=false TLS_CERT_PATH=/etc/ssl/certs/provisioning.crt TLS_KEY_PATH=/etc/ssl/private/provisioning.key #============================================================================== # ORCHESTRATOR SERVICE #============================================================================== ORCHESTRATOR_ENABLED=true ORCHESTRATOR_HOST=0.0.0.0 ORCHESTRATOR_PORT=8080 ORCHESTRATOR_WORKERS=4 ORCHESTRATOR_LOG_LEVEL=info ORCHESTRATOR_DATA_DIR=/data ORCHESTRATOR_STORAGE_TYPE=filesystem ORCHESTRATOR_MAX_CONCURRENT_TASKS=5 ORCHESTRATOR_RETRY_ATTEMPTS=3 # CPU and memory limits ORCHESTRATOR_CPU_LIMIT=2000m ORCHESTRATOR_MEMORY_LIMIT=2048M #============================================================================== # CONTROL CENTER SERVICE #============================================================================== CONTROL_CENTER_ENABLED=true CONTROL_CENTER_HOST=0.0.0.0 CONTROL_CENTER_PORT=8081 CONTROL_CENTER_LOG_LEVEL=info CONTROL_CENTER_DATABASE_TYPE=rocksdb CONTROL_CENTER_SESSION_TIMEOUT=3600 # JWT Configuration CONTROL_CENTER_JWT_SECRET=CHANGE_ME_RANDOM_SECRET_HERE CONTROL_CENTER_ACCESS_TOKEN_EXPIRATION=3600 CONTROL_CENTER_REFRESH_TOKEN_EXPIRATION=86400 # CPU and memory limits CONTROL_CENTER_CPU_LIMIT=1000m CONTROL_CENTER_MEMORY_LIMIT=1024M #============================================================================== # COREDNS SERVICE #============================================================================== COREDNS_ENABLED=true COREDNS_PORT=53 COREDNS_TCP_PORT=53 COREDNS_ZONES_DIR=/zones COREDNS_LOG_LEVEL=info # CPU and memory limits COREDNS_CPU_LIMIT=500m COREDNS_MEMORY_LIMIT=512M #============================================================================== # GITEA SERVICE (Multi-user mode and above) #============================================================================== GITEA_ENABLED=false GITEA_HTTP_PORT=3000 GITEA_SSH_PORT=222 GITEA_DOMAIN=localhost GITEA_ROOT_URL=http://localhost:3000/ GITEA_DB_TYPE=sqlite3 GITEA_SECRET_KEY=CHANGE_ME_GITEA_SECRET_KEY # Admin user (created on first run) GITEA_ADMIN_USERNAME=provisioning GITEA_ADMIN_PASSWORD=CHANGE_ME_ADMIN_PASSWORD GITEA_ADMIN_EMAIL=admin@provisioning.local # CPU and memory limits GITEA_CPU_LIMIT=1000m GITEA_MEMORY_LIMIT=1024M #============================================================================== # OCI REGISTRY SERVICE #============================================================================== OCI_REGISTRY_ENABLED=true OCI_REGISTRY_TYPE=zot OCI_REGISTRY_PORT=5000 OCI_REGISTRY_NAMESPACE=provisioning-extensions OCI_REGISTRY_LOG_LEVEL=info # Authentication (disabled for solo mode) OCI_REGISTRY_AUTH_ENABLED=false OCI_REGISTRY_AUTH_HTPASSWD_PATH=/etc/registry/htpasswd # Storage OCI_REGISTRY_STORAGE_ROOT=/var/lib/registry OCI_REGISTRY_DEDUPE_ENABLED=true # CPU and memory limits OCI_REGISTRY_CPU_LIMIT=1000m OCI_REGISTRY_MEMORY_LIMIT=1024M #============================================================================== # EXTENSION REGISTRY SERVICE #============================================================================== EXTENSION_REGISTRY_ENABLED=true EXTENSION_REGISTRY_HOST=0.0.0.0 EXTENSION_REGISTRY_PORT=8082 EXTENSION_REGISTRY_LOG_LEVEL=info EXTENSION_REGISTRY_DATA_DIR=/app/data # OCI integration EXTENSION_REGISTRY_OCI_URL=http://oci-registry:5000 EXTENSION_REGISTRY_NAMESPACE=provisioning-extensions # CPU and memory limits EXTENSION_REGISTRY_CPU_LIMIT=500m EXTENSION_REGISTRY_MEMORY_LIMIT=512M #============================================================================== # PROVISIONING API SERVER SERVICE #============================================================================== API_SERVER_ENABLED=false API_SERVER_HOST=0.0.0.0 API_SERVER_PORT=8083 API_SERVER_LOG_LEVEL=info # JWT Configuration API_SERVER_JWT_SECRET=CHANGE_ME_API_SERVER_JWT_SECRET API_SERVER_TOKEN_EXPIRATION=3600 # Integration API_SERVER_ORCHESTRATOR_URL=http://orchestrator:8080 API_SERVER_CONTROL_CENTER_URL=http://control-center:8081 # CPU and memory limits API_SERVER_CPU_LIMIT=1000m API_SERVER_MEMORY_LIMIT=1024M #============================================================================== # MCP SERVER SERVICE (Optional) #============================================================================== MCP_SERVER_ENABLED=false MCP_SERVER_HOST=0.0.0.0 MCP_SERVER_PORT=8084 MCP_SERVER_PROTOCOL=http MCP_SERVER_LOG_LEVEL=info # Capabilities MCP_SERVER_TOOLS_ENABLED=true MCP_SERVER_PROMPTS_ENABLED=true MCP_SERVER_RESOURCES_ENABLED=true # CPU and memory limits MCP_SERVER_CPU_LIMIT=500m MCP_SERVER_MEMORY_LIMIT=512M #============================================================================== # DATABASE SERVICE (PostgreSQL for enterprise mode) #============================================================================== POSTGRES_ENABLED=false POSTGRES_HOST=postgres POSTGRES_PORT=5432 POSTGRES_DB=provisioning POSTGRES_USER=provisioning POSTGRES_PASSWORD=CHANGE_ME_POSTGRES_PASSWORD # CPU and memory limits POSTGRES_CPU_LIMIT=2000m POSTGRES_MEMORY_LIMIT=2048M #============================================================================== # COSMIAN KMS SERVICE (Enterprise mode) #============================================================================== KMS_ENABLED=false KMS_SERVER=http://kms:9998 KMS_AUTH_METHOD=certificate KMS_CERT_PATH=/etc/kms/client.crt KMS_KEY_PATH=/etc/kms/client.key # CPU and memory limits KMS_CPU_LIMIT=1000m KMS_MEMORY_LIMIT=1024M #============================================================================== # HARBOR REGISTRY (Enterprise mode alternative to Zot) #============================================================================== HARBOR_ENABLED=false HARBOR_ADMIN_PASSWORD=CHANGE_ME_HARBOR_ADMIN_PASSWORD HARBOR_DATABASE_PASSWORD=CHANGE_ME_HARBOR_DB_PASSWORD HARBOR_CORE_SECRET=CHANGE_ME_HARBOR_CORE_SECRET HARBOR_JOBSERVICE_SECRET=CHANGE_ME_HARBOR_JOBSERVICE_SECRET # CPU and memory limits HARBOR_CORE_CPU_LIMIT=2000m HARBOR_CORE_MEMORY_LIMIT=2048M #============================================================================== # MONITORING STACK (Prometheus, Grafana) #============================================================================== MONITORING_ENABLED=false PROMETHEUS_PORT=9090 PROMETHEUS_RETENTION_TIME=15d GRAFANA_PORT=3001 GRAFANA_ADMIN_PASSWORD=CHANGE_ME_GRAFANA_PASSWORD # CPU and memory limits PROMETHEUS_CPU_LIMIT=2000m PROMETHEUS_MEMORY_LIMIT=2048M GRAFANA_CPU_LIMIT=500m GRAFANA_MEMORY_LIMIT=512M #============================================================================== # LOGGING STACK (Loki, Promtail) #============================================================================== LOGGING_ENABLED=false LOKI_PORT=3100 LOKI_RETENTION_PERIOD=168h # CPU and memory limits LOKI_CPU_LIMIT=1000m LOKI_MEMORY_LIMIT=1024M #============================================================================== # ELASTICSEARCH + KIBANA (Enterprise audit logs) #============================================================================== ELASTICSEARCH_ENABLED=false ELASTICSEARCH_PORT=9200 ELASTICSEARCH_CLUSTER_NAME=provisioning-logs ELASTICSEARCH_HEAP_SIZE=1g KIBANA_PORT=5601 # CPU and memory limits ELASTICSEARCH_CPU_LIMIT=2000m ELASTICSEARCH_MEMORY_LIMIT=2048M KIBANA_CPU_LIMIT=1000m KIBANA_MEMORY_LIMIT=1024M #============================================================================== # NGINX REVERSE PROXY #============================================================================== NGINX_ENABLED=false NGINX_HTTP_PORT=80 NGINX_HTTPS_PORT=443 NGINX_WORKER_PROCESSES=4 NGINX_WORKER_CONNECTIONS=1024 # Rate limiting NGINX_RATE_LIMIT_ENABLED=true NGINX_RATE_LIMIT_REQUESTS=100 NGINX_RATE_LIMIT_PERIOD=1m # CPU and memory limits NGINX_CPU_LIMIT=500m NGINX_MEMORY_LIMIT=256M #============================================================================== # BACKUP CONFIGURATION #============================================================================== BACKUP_ENABLED=false BACKUP_SCHEDULE=0 2 * * * BACKUP_RETENTION_DAYS=7 BACKUP_STORAGE_PATH=/backup #============================================================================== # SECURITY CONFIGURATION #============================================================================== # Enable security scanning SECURITY_SCAN_ENABLED=false # Secrets encryption SECRETS_ENCRYPTION_ENABLED=false SECRETS_KEY_PATH=/etc/provisioning/secrets.key # Network policies NETWORK_POLICIES_ENABLED=false #============================================================================== # RESOURCE LIMITS DEFAULTS #============================================================================== DEFAULT_CPU_LIMIT=1000m DEFAULT_MEMORY_LIMIT=1024M DEFAULT_RESTART_POLICY=unless-stopped #============================================================================== # HEALTHCHECK CONFIGURATION #============================================================================== HEALTHCHECK_INTERVAL=30s HEALTHCHECK_TIMEOUT=10s HEALTHCHECK_RETRIES=3 HEALTHCHECK_START_PERIOD=30s #============================================================================== # LOGGING CONFIGURATION #============================================================================== LOG_DRIVER=json-file LOG_MAX_SIZE=10m LOG_MAX_FILE=3 #============================================================================== # USER AND PERMISSION CONFIGURATION #============================================================================== USER_UID=1000 USER_GID=1000