David Culbreth
4df621c5c8
Some checks failed
CI / Rustfmt (push) Failing after 21s
CI / Cargo Audit & Deny (push) Failing after 33s
CI / Web Blocking Checks (push) Successful in 50s
CI / Security Blocking Checks (push) Successful in 7s
CI / Web Advisory Checks (push) Successful in 33s
CI / Security Advisory Checks (push) Successful in 34s
Publish Images And Chart / Resolve Publish Metadata (push) Successful in 1s
Publish Images And Chart / Publish init-packs (push) Failing after 11s
Publish Images And Chart / Publish init-user (push) Failing after 10s
Publish Images And Chart / Publish migrations (push) Failing after 11s
Publish Images And Chart / Publish sensor (push) Failing after 10s
Publish Images And Chart / Publish web (push) Failing after 10s
Publish Images And Chart / Publish worker (push) Failing after 10s
Publish Images And Chart / Publish api (push) Failing after 7s
Publish Images And Chart / Publish executor (push) Failing after 9s
Publish Images And Chart / Publish notifier (push) Failing after 10s
Publish Images And Chart / Publish Helm Chart (push) Has been skipped
CI / Clippy (push) Successful in 18m52s
CI / Tests (push) Has been cancelled
162 lines
4.7 KiB
YAML
162 lines
4.7 KiB
YAML
# Attune Configuration Example
|
|
# Copy this file to config.yaml and customize for your environment
|
|
# For production, use environment variables to override sensitive values
|
|
|
|
# Service metadata
|
|
service_name: attune
|
|
environment: development
|
|
|
|
# Database configuration
|
|
database:
|
|
# PostgreSQL connection URL
|
|
# Format: postgresql://username:password@host:port/database
|
|
url: postgresql://postgres:postgres@localhost:5432/attune
|
|
|
|
# Connection pool settings
|
|
max_connections: 50
|
|
min_connections: 5
|
|
connect_timeout: 30 # seconds
|
|
idle_timeout: 600 # seconds
|
|
|
|
# Enable SQL statement logging (useful for debugging)
|
|
log_statements: false
|
|
|
|
# PostgreSQL schema name (defaults to "attune" if not specified)
|
|
schema: "attune"
|
|
|
|
# Redis configuration (optional, for caching and pub/sub)
|
|
redis:
|
|
url: redis://localhost:6379
|
|
pool_size: 10
|
|
|
|
# Message queue configuration (optional, for async processing)
|
|
message_queue:
|
|
url: amqp://guest:guest@localhost:5672/%2f
|
|
exchange: attune
|
|
enable_dlq: true
|
|
message_ttl: 3600 # seconds
|
|
|
|
# Server configuration
|
|
server:
|
|
host: 0.0.0.0
|
|
port: 8080
|
|
request_timeout: 30 # seconds
|
|
enable_cors: true
|
|
|
|
# Allowed CORS origins
|
|
# Add your frontend URLs here
|
|
cors_origins:
|
|
- http://localhost:3000
|
|
- http://localhost:5173
|
|
- http://127.0.0.1:3000
|
|
- http://127.0.0.1:5173
|
|
|
|
# Maximum request body size (bytes)
|
|
max_body_size: 10485760 # 10MB
|
|
|
|
# Logging configuration
|
|
log:
|
|
# Log level: trace, debug, info, warn, error
|
|
level: info
|
|
|
|
# Log format: json (for production), pretty (for development)
|
|
format: json
|
|
|
|
# Enable console logging
|
|
console: true
|
|
|
|
# Optional: log to file
|
|
# file: /var/log/attune/attune.log
|
|
|
|
# Security configuration
|
|
security:
|
|
# JWT secret key - CHANGE THIS!
|
|
# Generate with: openssl rand -base64 64
|
|
jwt_secret: your-secret-key-change-this
|
|
|
|
# JWT token expiration times (seconds)
|
|
jwt_access_expiration: 3600 # 1 hour
|
|
jwt_refresh_expiration: 604800 # 7 days
|
|
|
|
# Encryption key for secrets - CHANGE THIS!
|
|
# Must be at least 32 characters
|
|
# Generate with: openssl rand -base64 32
|
|
encryption_key: dev-encryption-key-at-least-32-characters-long-change-this
|
|
|
|
# Enable authentication
|
|
enable_auth: true
|
|
|
|
# Login page defaults for the web UI. Users can still override with:
|
|
# /login?auth=direct
|
|
# /login?auth=<provider_name>
|
|
login_page:
|
|
show_local_login: true
|
|
show_oidc_login: true
|
|
show_ldap_login: true
|
|
|
|
# Optional OIDC browser login configuration
|
|
oidc:
|
|
enabled: false
|
|
discovery_url: https://auth.example.com/.well-known/openid-configuration
|
|
client_id: your-confidential-client-id
|
|
provider_name: sso
|
|
provider_label: Example SSO
|
|
provider_icon_url: https://auth.example.com/assets/logo.svg
|
|
client_secret: your-confidential-client-secret
|
|
redirect_uri: http://localhost:3000/auth/callback
|
|
post_logout_redirect_uri: http://localhost:3000/login
|
|
scopes:
|
|
- groups
|
|
|
|
# Optional LDAP authentication configuration
|
|
ldap:
|
|
enabled: false
|
|
url: ldap://ldap.example.com:389
|
|
# Direct-bind mode: construct DN from template
|
|
# bind_dn_template: "uid={login},ou=users,dc=example,dc=com"
|
|
# Search-and-bind mode: search for user with a service account
|
|
user_search_base: "ou=users,dc=example,dc=com"
|
|
user_filter: "(uid={login})"
|
|
search_bind_dn: "cn=readonly,dc=example,dc=com"
|
|
search_bind_password: "readonly-password"
|
|
login_attr: uid
|
|
email_attr: mail
|
|
display_name_attr: cn
|
|
group_attr: memberOf
|
|
starttls: false
|
|
danger_skip_tls_verify: false
|
|
provider_name: ldap
|
|
provider_label: Company LDAP
|
|
|
|
# Worker configuration (optional, for worker services)
|
|
# Uncomment and configure if running worker processes
|
|
# worker:
|
|
# name: attune-worker-1
|
|
# worker_type: local
|
|
# max_concurrent_tasks: 10
|
|
# heartbeat_interval: 30 # seconds
|
|
# task_timeout: 300 # seconds
|
|
|
|
# Packs directory (where automation pack files are stored)
|
|
# packs_base_dir: /opt/attune/packs
|
|
|
|
# Runtime environments directory (isolated envs like virtualenvs, node_modules)
|
|
# Kept separate from pack directories so packs remain clean and read-only.
|
|
# Pattern: {runtime_envs_dir}/{pack_ref}/{runtime_name}
|
|
# Example: /opt/attune/runtime_envs/python_example/python
|
|
# runtime_envs_dir: /opt/attune/runtime_envs
|
|
|
|
# Environment Variable Overrides
|
|
# ==============================
|
|
# You can override any setting using environment variables with the ATTUNE__ prefix.
|
|
# Use double underscores (__) to separate nested keys.
|
|
#
|
|
# Examples:
|
|
# ATTUNE__DATABASE__URL=postgresql://user:pass@localhost/attune
|
|
# ATTUNE__SERVER__PORT=3000
|
|
# ATTUNE__LOG__LEVEL=debug
|
|
# ATTUNE__SECURITY__JWT_SECRET=your-secret-here
|
|
# ATTUNE__SERVER__CORS_ORIGINS=https://app.com,https://www.app.com
|
|
#
|
|
# For production deployments, use environment variables for all sensitive values!
|