-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathwafflemaker.example.toml
192 lines (153 loc) · 6.07 KB
/
wafflemaker.example.toml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
# The base agent configuration
[agent]
# The port and address where the agent should listen to receive webhooks
address = "127.0.0.1:8000"
# The logging specification in the RUST_LOG format, can be overridden
# by the RUST_LOG environment variable
# Default: "info"
log = "info"
# An optional Sentry ingest URL for your application
# Sentry is used for real-time error monitoring of our application
#sentry = "https://abcdef0123456789.ingest.sentry.io/1234567"
# The number of deployment processors to run
workers = 2
[dependencies]
# The PostgreSQL URL template for services to connect to
# The variables `username` and `password` are automatically substituted for
# the credentials generated by Vault. The `database` variable will be
# substituted for the name of the service
postgres = "postgres://{{username}}:{{password}}@127.0.0.1:5432/{{database}}"
# The Redis url for services to connect to
redis = "redis://127.0.0.1:6379"
# The deployment engine configuration
[deployment]
# The base domain where services are deployed on
domain = "wafflehacks.tech"
# The type of deployer to use
# Current supports:
# - docker (or any docker-compatible runtime)
type = "docker"
# How to connect to docker
# Options:
# - local connect via unix socket or local pipe
# - http connect using unsecured HTTP
# - ssl connect using HTTPS
connection = "local"
# The endpoint to connect to
# Expects a path for `local`, and a URL for `http` or `ssl`
endpoint = "unix:///var/run/docker.sock"
# The Docker network that the containers should be attached to.
# This network should also be configured to have Traefik listening on it.
network = "traefik"
# Where the server state should be stored
state = "./state"
# How long to wait in seconds for a request to complete
timeout = 120
# SSL only
# The certificate authority to use
#ca = "./ca.pem"
# SSL only
# The certificate to use
#certificate = "./cert.pem"
# SSL only
# The certificate key to use
#key = "./key.pem"
# Configuration for internal DNS networking
[dns]
# The DNS server the services should use
server = "127.0.0.1:1053"
# The Redis store to put DNS records in for consumption by CoreDNS
redis = "redis://127.0.0.1:6379"
# The prefix to give to all DNS keys in Redis
key_prefix = "dns:"
# The internal DNS zone for the services
zone = "wafflemaker.internal"
# Configuration for the services repository
[git]
# Where to clone the configuration repository to
# The directory will be created if it does not exist
clone_to = "./configuration"
# The repository to pull configuration from
repository = "WaffleHacks/waffles"
# The branch that gets deployed
branch = "master"
# Configuration for the management interface
# NOTE: this allows access to the entire system, it should not be publicly available
[management]
# Whether to enable the interface
enabled = true
# The port and address the management interface should listen on
address = "127.0.0.1:8001"
# The token required to be present on each request to authenticate with the API
token = "please-change-me"
# Configuration for notifying of deployment status
# There are two types of notifications: service and deployment.
# Service notifications are sent when a service is updated, deleted, deployed, or stops unexpectedly.
# Deployment notifications are sent when a deployment plan is published.
#
# A notifier is enabled so long as it is configured. If you would like to disable a notifier
# comment it out or delete it.
[[notifiers]]
# The type of notifier being configured
# Options: (supported notifications in parentheses)
# - discord (service, deployment)
# - github (deployment)
type = "discord"
# The URL to send webhooks to
webhook = "https://discord.com/api/webhooks/<id>/<key>"
[[notifiers]]
type = "github"
## The repository to send notifications to
## Defaults to `git.repository`
# repository = "owner/repo"
# The ID of the installation on to the account containing the specified repository
installation_id = "12345678"
# The ID of the GitHub application
app_id = "123456"
# The private key for a GitHub app that has read-write permissions for
# "Commit statuses" on the desired repository.
key = "./github-app.private-key.pem"
# Configuration for the Hashicorp Vault instance. WaffleMaker assumes
# that the following services are enabled and properly configured on
# the following paths:
# - kv v2 on /services
# - database on /database with a postgresql database configured named "postgresql"
# - aws on /aws
[secrets]
# The address where Vault can be accessed
address = "http://127.0.0.1:8200"
# How often to check for expiring credential leases.
# Supported suffixes are:
# - hour: h
# - minute: m
# - second: s
# Defaults to minutes (m) if not specified or a valid prefix is not found.
lease_interval = "1m"
# The percent of the TTL that should be used before renewing a credential lease.
# Leases are checked every minute to see if they should be refreshed.
lease_percent = 0.75
# A Vault token that has the following permissions:
# - create, read, update on services/data/*
# - list, create, delete on database/roles/+ for a database named "postgresql"
# - read on database/creds/+
# - read on aws/creds/+
# The token should not have a max TTL and be able to renew itself
token = "s.some-token"
# How often to extend the token's lifetime. This should be slightly shorter than the token's
# max TTL.
# Supported suffixes are:
# - hour: h
# - minute: m
# - second: s
# Defaults to minutes (m) if not specified or a valid prefix is not found.
token_interval = "24h"
# Configuration for incoming webhooks
[webhooks]
# DockerHub is used for notifying of updated images.
# This must be webhook authentication token for HTTP basic auth
# Must be in the format:
# <something>:<something>
docker = "please-change:this-token"
# GitHub for receiving service configuration updates.
# This must be the webhook signing secret.
github = "please-change-this-secret"