nomad

HCL and Docker files for Nomad deployments
git clone https://git.in0rdr.ch/nomad.git
Log | Files | Refs | Pull requests |Archive

config.ini.tmpl (5154B)


      1 # https://git.sr.ht/~sircmpwn/todo.sr.ht/tree/master/item/config.example.ini
      2 
      3 [sr.ht]
      4 #
      5 # The name of your network of sr.ht-based sites
      6 site-name=p0c
      7 #
      8 # The top-level info page for your site
      9 site-info=https://p0c.ch
     10 #
     11 # site-name, site-blurb
     12 site-blurb=proof of concepts for fun and profit
     13 #
     14 # If this != production, we add a banner to each page
     15 environment=production
     16 #
     17 # Contact information for the site owners
     18 owner-name=Andreas Gruhler
     19 owner-email=contact@p0c.ch
     20 #
     21 # The source code for your fork of sr.ht
     22 source-url=https://git.sr.ht/~sircmpwn/srht
     23 #
     24 # A key used for encrypting session cookies. Use `srht-keygen service` to
     25 # generate the service key. This must be shared between each node of the same
     26 # service (e.g. git1.sr.ht and git2.sr.ht), but different services may use
     27 # different keys. If you configure all of your services with the same
     28 # config.ini, you may use the same service-key for all of them.
     29 service-key={{with secret "kv/todo"}}{{index .Data.data.service_key}}{{end}}
     30 #
     31 # A secret key to encrypt internal messages with. Use `srht-keygen network` to
     32 # generate this key. It must be consistent between all services and nodes.
     33 network-key={{with secret "kv/todo"}}{{index .Data.data.network_key}}{{end}}
     34 #
     35 # The redis host URL. This is used for caching and temporary storage, and must
     36 # be shared between nodes (e.g. git1.sr.ht and git2.sr.ht), but need not be
     37 # shared between services. It may be shared between services, however, with no
     38 # ill effect, if this better suits your infrastructure.
     39 redis-host=redis://{{ env "NOMAD_ADDR_redis" }}
     40 #
     41 # Path to static asses (default PREFIX from make installation)
     42 # https://git.sr.ht/~sircmpwn/core.sr.ht/tree/master/item/Makefile
     43 assets=/usr/local/share/sourcehut
     44 
     45 [mail]
     46 #
     47 # Outgoing SMTP settings
     48 smtp-host={{with secret "kv/todo"}}{{index .Data.data.smtp_host}}{{end}}
     49 smtp-port={{with secret "kv/todo"}}{{index .Data.data.smtp_port}}{{end}}
     50 smtp-from={{with secret "kv/todo"}}{{index .Data.data.smtp_from}}{{end}}
     51 #
     52 # Default: starttls
     53 # Options: starttls, tls, insecure
     54 smtp-encryption=starttls
     55 #
     56 # Default: plain
     57 # Options: plain, none
     58 smtp-auth=plain
     59 # user is required as it is used in Sender e-mail header
     60 smtp-user={{with secret "kv/todo"}}{{index .Data.data.smtp_user}}{{end}}
     61 # password is required if smtp-auth is plain
     62 smtp-password={{with secret "kv/todo"}}{{index .Data.data.smtp_password}}{{end}}
     63 #
     64 # Application exceptions are emailed to this address
     65 error-to=contact@p0c.ch
     66 error-from=contact@p0c.ch
     67 #
     68 # You should generate a PGP key to allow users to authenticate emails received
     69 # from your services. Use `gpg --edit-key [key id]` to remove the password from
     70 # your private key, then export it to a file and set pgp-privkey to the path to
     71 # that file. pgp-pubkey should be set to the path to your public key, and
     72 # pgp-key-id should be set to the key ID string. Outgoing emails are signed with
     73 # this PGP key.
     74 pgp-privkey={{ env "NOMAD_SECRETS_DIR" }}/pgp_privkey.pem
     75 pgp-pubkey={{ env "NOMAD_SECRETS_DIR" }}/pgp_pubkey.pem
     76 pgp-key-id={{with secret "kv/todo"}}{{index .Data.data.pgp_key_id}}{{end}}
     77 
     78 [webhooks]
     79 #
     80 # base64-encoded Ed25519 key for signing webhook payloads. This should be
     81 # consistent between all services.
     82 #
     83 # Use the `srht-keygen webhook` command to generate this key. Put the private
     84 # key here and distribute the public key to anyone who would want to verify
     85 # webhook payloads from your service.
     86 private-key={{with secret "kv/todo"}}{{index .Data.data.webhook_private_key}}{{end}}
     87 
     88 [todo.sr.ht]
     89 #
     90 # URL todo.sr.ht is being served at (protocol://domain)
     91 origin=https://todo.p0c.ch
     92 #
     93 # Address and port to bind the debug server to
     94 #debug-host=0.0.0.0
     95 #debug-port={{ env "NOMAD_PORT_web" }}
     96 #
     97 # Configures the SQLAlchemy connection string for the database.
     98 connection-string=postgresql://todo:{{with secret "kv/todo"}}{{index .Data.data.postgresql_password}}{{end}}@postgres.lan/todo
     99 #
    100 # Set to "yes" to automatically run migrations on package upgrade.
    101 migrate-on-upgrade=yes
    102 #
    103 # todo.sr.ht's OAuth client ID and secret for meta.sr.ht
    104 # Register your client at meta.example.org/oauth
    105 oauth-client-id={{with secret "kv/todo"}}{{index .Data.data.oauth_client_id}}{{end}}
    106 oauth-client-secret={{with secret "kv/todo"}}{{index .Data.data.oauth_client_secret}}{{end}}
    107 #
    108 # Outgoing email for notifications generated by users
    109 notify-from=no-reply@p0c.ch
    110 #
    111 # The redis connection used for the webhooks worker
    112 webhooks=redis://{{ env "NOMAD_ADDR_redis" }}/1
    113 #
    114 # Origin URL for the API
    115 # Only needed if not run behind a reverse proxy, e.g. for local development.
    116 # By default, the API port is 100 more than the web port
    117 #api-origin=http://{{ env "NOMAD_ADDR_api" }}
    118 
    119 [todo.sr.ht::mail]
    120 #
    121 # Path for the lmtp daemon's unix socket. Direct incoming mail to this socket.
    122 # Alternatively, specify IP:PORT and an SMTP server will be run instead.
    123 sock=/tmp/todo.sr.ht-lmtp.sock
    124 #
    125 # The lmtp daemon will make the unix socket group-read/write for users in this
    126 # group.
    127 sock-group=postfix
    128 #
    129 # Fill this in with the name of the domain to which emails should be sent.
    130 # Leave blank to disable email submission.
    131 posting-domain=
    132 
    133 [meta.sr.ht]
    134 origin=https://meta.p0c.ch