167 lines
7.4 KiB
YAML
167 lines
7.4 KiB
YAML
# ATCR AppView Configuration
|
|
# Generated with defaults — edit as needed.
|
|
|
|
# Configuration format version.
|
|
version: "0.1"
|
|
# Log level: debug, info, warn, error.
|
|
log_level: info
|
|
# Remote log shipping settings.
|
|
log_shipper:
|
|
# Log shipping backend: "victoria", "opensearch", or "loki". Empty disables shipping.
|
|
backend: ""
|
|
# Remote log service endpoint, e.g. "http://victorialogs:9428".
|
|
url: ""
|
|
# Number of log entries to buffer before flushing to the remote service.
|
|
batch_size: 100
|
|
# Maximum time between flushes, even if batch is not full.
|
|
flush_interval: 5s
|
|
# Basic auth username for the log service (optional).
|
|
username: ""
|
|
# Basic auth password for the log service (optional).
|
|
password: ""
|
|
# HTTP server and identity settings.
|
|
server:
|
|
# Listen address, e.g. ":5000" or "127.0.0.1:5000".
|
|
addr: :5000
|
|
# Public-facing URL for OAuth callbacks and JWT realm. Auto-detected if empty.
|
|
base_url: ""
|
|
# DID of the hold service for blob storage, e.g. "did:web:hold01.atcr.io" (REQUIRED).
|
|
default_hold_did: ""
|
|
# Allows HTTP (not HTTPS) for DID resolution and uses transition:generic OAuth scope.
|
|
test_mode: false
|
|
# Path to P-256 private key for OAuth client authentication. Auto-generated on first run.
|
|
oauth_key_path: /var/lib/atcr/oauth/client.key
|
|
# Display name shown on OAuth authorization screens.
|
|
client_name: AT Container Registry
|
|
# Short name used in page titles and browser tabs.
|
|
client_short_name: ATCR
|
|
# Separate domains for OCI registry API (e.g. ["buoy.cr"]). First is primary. Browser visits redirect to BaseURL.
|
|
registry_domains: []
|
|
# DIDs of holds this appview manages billing for. Tier updates are pushed to these holds.
|
|
managed_holds:
|
|
- did:web:172.28.0.3%3A8080
|
|
# Web UI settings.
|
|
ui:
|
|
# SQLite/libSQL database for OAuth sessions, stars, pull counts, and device approvals.
|
|
database_path: /var/lib/atcr/ui.db
|
|
# Visual theme name (e.g. "seamark"). Empty uses default atcr.io branding.
|
|
theme: "seamark"
|
|
# libSQL sync URL (libsql://...). Works with Turso cloud or self-hosted libsql-server. Leave empty for local-only SQLite.
|
|
libsql_sync_url: ""
|
|
# Auth token for libSQL sync. Required if libsql_sync_url is set.
|
|
libsql_auth_token: ""
|
|
# How often to sync with remote libSQL server. Default: 60s.
|
|
libsql_sync_interval: 1m0s
|
|
# Health check and cache settings.
|
|
health:
|
|
# How long to cache hold health check results.
|
|
cache_ttl: 15m0s
|
|
# How often to refresh hold health checks.
|
|
check_interval: 15m0s
|
|
# ATProto Jetstream event stream settings.
|
|
jetstream:
|
|
# Jetstream WebSocket endpoints, tried in order on failure.
|
|
urls:
|
|
- wss://jetstream2.us-west.bsky.network/subscribe
|
|
- wss://jetstream1.us-west.bsky.network/subscribe
|
|
- wss://jetstream2.us-east.bsky.network/subscribe
|
|
- wss://jetstream1.us-east.bsky.network/subscribe
|
|
# Sync existing records from PDS on startup.
|
|
backfill_enabled: true
|
|
# How often to re-run backfill to catch missed events. Set to 0 to only backfill on startup.
|
|
backfill_interval: 24h0m0s
|
|
# Relay endpoints for backfill, tried in order on failure.
|
|
relay_endpoints:
|
|
- https://relay1.us-east.bsky.network
|
|
- https://relay1.us-west.bsky.network
|
|
- https://zlay.waow.tech
|
|
# JWT authentication settings.
|
|
auth:
|
|
# RSA private key for signing registry JWTs issued to Docker clients.
|
|
key_path: /var/lib/atcr/auth/private-key.pem
|
|
# X.509 certificate matching the JWT signing key.
|
|
cert_path: /var/lib/atcr/auth/private-key.crt
|
|
# Credential helper download settings.
|
|
credential_helper:
|
|
# Tangled repository URL for credential helper downloads.
|
|
tangled_repo: ""
|
|
# Legal page customization for self-hosted instances.
|
|
legal:
|
|
# Organization name for Terms of Service and Privacy Policy. Defaults to server.client_name.
|
|
company_name: ""
|
|
# Governing law jurisdiction for legal terms.
|
|
jurisdiction: ""
|
|
# Stripe billing integration (requires -tags billing build).
|
|
billing:
|
|
# Stripe secret key. Can also be set via STRIPE_SECRET_KEY env var (takes precedence). Billing is enabled automatically when set.
|
|
stripe_secret_key: ""
|
|
# Stripe webhook signing secret. Can also be set via STRIPE_WEBHOOK_SECRET env var (takes precedence).
|
|
webhook_secret: ""
|
|
# ISO 4217 currency code (e.g. "usd").
|
|
currency: usd
|
|
# Redirect URL after successful checkout. Use {base_url} placeholder.
|
|
success_url: '{base_url}/settings#storage'
|
|
# Redirect URL after cancelled checkout. Use {base_url} placeholder.
|
|
cancel_url: '{base_url}/settings#storage'
|
|
# Subscription tiers ordered by rank (lowest to highest).
|
|
tiers:
|
|
- # Tier name. Position in list determines rank (0-based).
|
|
name: free
|
|
# Short description shown on the plan card.
|
|
description: Get started with basic storage
|
|
# List of features included in this tier.
|
|
features: []
|
|
# Stripe price ID for monthly billing. Empty = free tier.
|
|
stripe_price_monthly: ""
|
|
# Stripe price ID for yearly billing.
|
|
stripe_price_yearly: ""
|
|
# Maximum webhooks for this tier (-1 = unlimited).
|
|
max_webhooks: 1
|
|
# Allow all webhook trigger types (not just first-scan).
|
|
webhook_all_triggers: false
|
|
supporter_badge: false
|
|
- # Tier name. Position in list determines rank (0-based).
|
|
name: Supporter
|
|
# Short description shown on the plan card.
|
|
description: Get started with basic storage
|
|
# List of features included in this tier.
|
|
features: []
|
|
# Stripe price ID for monthly billing. Empty = free tier.
|
|
stripe_price_monthly: ""
|
|
# Stripe price ID for yearly billing.
|
|
stripe_price_yearly: "price_1SmK1mRROAC4bYmSwhTQ7RY9"
|
|
# Maximum webhooks for this tier (-1 = unlimited).
|
|
max_webhooks: 1
|
|
# Allow all webhook trigger types (not just first-scan).
|
|
webhook_all_triggers: false
|
|
supporter_badge: true
|
|
- # Tier name. Position in list determines rank (0-based).
|
|
name: bosun
|
|
# Short description shown on the plan card.
|
|
description: More storage with scan-on-push
|
|
# List of features included in this tier.
|
|
features: []
|
|
# Stripe price ID for monthly billing. Empty = free tier.
|
|
stripe_price_monthly: "price_1SmK4QRROAC4bYmSxpr35HUl"
|
|
# Stripe price ID for yearly billing.
|
|
stripe_price_yearly: "price_1SmJuLRROAC4bYmSUgVCwZWo"
|
|
# Maximum webhooks for this tier (-1 = unlimited).
|
|
max_webhooks: 10
|
|
# Allow all webhook trigger types (not just first-scan).
|
|
webhook_all_triggers: true
|
|
supporter_badge: true
|
|
# - # Tier name. Position in list determines rank (0-based).
|
|
# name: quartermaster
|
|
# # Short description shown on the plan card.
|
|
# description: Maximum storage for power users
|
|
# # List of features included in this tier.
|
|
# features: []
|
|
# # Stripe price ID for monthly billing. Empty = free tier.
|
|
# stripe_price_monthly: price_xxx
|
|
# # Stripe price ID for yearly billing.
|
|
# stripe_price_yearly: price_yyy
|
|
# # Maximum webhooks for this tier (-1 = unlimited).
|
|
# max_webhooks: -1
|
|
# # Allow all webhook trigger types (not just first-scan).
|
|
# webhook_all_triggers: true
|