# Attune Docker Environment Configuration # # This file is mounted into containers at /opt/attune/config/config.yaml. # It provides base values for Docker deployments. # # Sensitive values (jwt_secret, encryption_key) are overridden by environment # variables set in docker-compose.yaml using the ATTUNE__ prefix convention: # ATTUNE__SECURITY__JWT_SECRET=... # ATTUNE__SECURITY__ENCRYPTION_KEY=... # # The `config` crate does NOT support ${VAR} shell interpolation in YAML. # All overrides must use ATTUNE__
__ environment variables. environment: docker # Docker database (PostgreSQL container) database: url: postgresql://attune:attune@postgres:5432/attune max_connections: 20 min_connections: 5 connect_timeout: 30 idle_timeout: 600 log_statements: false schema: "public" # Docker message queue (RabbitMQ container) message_queue: url: amqp://attune:attune@rabbitmq:5672 exchange: attune enable_dlq: true message_ttl: 3600 # seconds # Docker cache (Redis container) redis: url: redis://redis:6379 pool_size: 10 # API server configuration server: host: 0.0.0.0 port: 8080 request_timeout: 60 enable_cors: true cors_origins: - http://localhost - http://localhost:3000 - http://localhost:3001 - http://localhost:3002 - http://localhost:5173 - http://127.0.0.1:3000 - http://127.0.0.1:3001 - http://127.0.0.1:3002 - http://127.0.0.1:5173 - http://web - http://web:3000 max_body_size: 10485760 # 10MB # Logging configuration log: level: info format: json # Structured logs for container environments console: true # Security settings # jwt_secret and encryption_key are intentional placeholders — they MUST be # overridden via ATTUNE__SECURITY__JWT_SECRET and ATTUNE__SECURITY__ENCRYPTION_KEY # environment variables in docker-compose.yaml (or a .env file). security: jwt_secret: override-via-ATTUNE__SECURITY__JWT_SECRET-env-var jwt_access_expiration: 3600 # 1 hour jwt_refresh_expiration: 604800 # 7 days encryption_key: override-via-ATTUNE__SECURITY__ENCRYPTION_KEY-env-var enable_auth: true allow_self_registration: false login_page: show_local_login: true show_oidc_login: true show_ldap_login: true oidc: enabled: false # Uncomment and configure for your OIDC provider: # discovery_url: https://auth.example.com/.well-known/openid-configuration # client_id: your-client-id # client_secret: your-client-secret # provider_name: sso # provider_label: SSO Login # provider_icon_url: https://auth.example.com/favicon.ico # redirect_uri: http://localhost:3000/auth/callback # post_logout_redirect_uri: http://localhost:3000/login # scopes: # - groups # Packs directory (mounted volume in containers) packs_base_dir: /opt/attune/packs # Runtime environments directory (isolated envs like virtualenvs, node_modules). # Kept separate from packs so pack directories remain clean and read-only. # Pattern: {runtime_envs_dir}/{pack_ref}/{runtime_name} runtime_envs_dir: /opt/attune/runtime_envs # Artifacts directory (shared volume for file-based artifact storage). # File-type artifacts are written here by execution processes and served by the API. # Pattern: {artifacts_dir}/{ref_slug}/v{version}.{ext} artifacts_dir: /opt/attune/artifacts # Executor service configuration executor: scheduled_timeout: 300 # 5 minutes - fail executions stuck in SCHEDULED timeout_check_interval: 60 # Check every minute for stale executions enable_timeout_monitor: true # Worker service configuration worker: worker_type: container max_concurrent_tasks: 20 heartbeat_interval: 10 # Reduced from 30s for faster stale detection (staleness = 30s) task_timeout: 300 max_stdout_bytes: 10485760 # 10MB max_stderr_bytes: 10485760 # 10MB shutdown_timeout: 30 stream_logs: true # Sensor service configuration sensor: max_concurrent_sensors: 50 heartbeat_interval: 10 # Reduced from 30s for faster stale detection poll_interval: 10 sensor_timeout: 300 shutdown_timeout: 30 # Notifier service configuration notifier: host: 0.0.0.0 port: 8081 max_connections: 1000 # Agent binary distribution (serves the agent binary via API for remote downloads) agent: binary_dir: /opt/attune/agent