168 lines
9.4 KiB
YAML
168 lines
9.4 KiB
YAML
apiVersion: v1
|
|
kind: ConfigMap
|
|
metadata:
|
|
labels:
|
|
app.kubernetes.io/name: attic
|
|
name: attic-config
|
|
namespace: attic
|
|
data:
|
|
config.toml: |
|
|
# src: https://github.com/zhaofengli/attic/blob/main/server/src/config-template.toml
|
|
|
|
# Socket address to listen on
|
|
listen = "[::]:8080"
|
|
|
|
# Allowed `Host` headers
|
|
#
|
|
# This _must_ be configured for production use. If unconfigured or the
|
|
# list is empty, all `Host` headers are allowed.
|
|
allowed-hosts = []
|
|
|
|
# The canonical API endpoint of this server
|
|
#
|
|
# This is the endpoint exposed to clients in `cache-config` responses.
|
|
#
|
|
# This _must_ be configured for production use. If not configured, the
|
|
# API endpoint is synthesized from the client's `Host` header which may
|
|
# be insecure.
|
|
#
|
|
# The API endpoint _must_ end with a slash (e.g., `https://domain.tld/attic/`
|
|
# not `https://domain.tld/attic`).
|
|
api-endpoint = "https://attic.srv.oceanbox.io/"
|
|
|
|
# Whether to soft-delete caches
|
|
#
|
|
# If this is enabled, caches are soft-deleted instead of actually
|
|
# removed from the database. Note that soft-deleted caches cannot
|
|
# have their names reused as long as the original database records
|
|
# are there.
|
|
#soft-delete-caches = false
|
|
|
|
# Whether to require fully uploading a NAR if it exists in the global cache.
|
|
#
|
|
# If set to false, simply knowing the NAR hash is enough for
|
|
# an uploader to gain access to an existing NAR in the global
|
|
# cache.
|
|
#require-proof-of-possession = true
|
|
|
|
# Database connection
|
|
[database]
|
|
# Connection URL
|
|
#
|
|
# For production use it's recommended to use PostgreSQL.
|
|
url = "postgresql://app:mZP1BnmnpDU33B7UZvomYKOSS1laRJ4bvUR7jNDZ1AJqPdNxH2rLXykghczg7Bgy@attic-db-rw:5432/app"
|
|
|
|
# Whether to enable sending on periodic heartbeat queries
|
|
#
|
|
# If enabled, a heartbeat query will be sent every minute
|
|
#heartbeat = false
|
|
|
|
# File storage configuration
|
|
[storage]
|
|
# Storage type
|
|
#
|
|
# Can be "local" or "s3".
|
|
type = "local"
|
|
|
|
# ## Local storage
|
|
|
|
# The directory to store all files under
|
|
path = "/attic"
|
|
|
|
# ## S3 Storage (set type to "s3" and uncomment below)
|
|
|
|
# The AWS region
|
|
#region = "us-east-1"
|
|
|
|
# The name of the bucket
|
|
#bucket = "some-bucket"
|
|
|
|
# Custom S3 endpoint
|
|
#
|
|
# Set this if you are using an S3-compatible object storage (e.g., Minio).
|
|
#endpoint = "https://xxx.r2.cloudflarestorage.com"
|
|
|
|
# Credentials
|
|
#
|
|
# If unset, the credentials are read from the `AWS_ACCESS_KEY_ID` and
|
|
# `AWS_SECRET_ACCESS_KEY` environment variables.
|
|
#[storage.credentials]
|
|
# access_key_id = ""
|
|
# secret_access_key = ""
|
|
|
|
# Data chunking
|
|
#
|
|
# Warning: If you change any of the values here, it will be
|
|
# difficult to reuse existing chunks for newly-uploaded NARs
|
|
# since the cutpoints will be different. As a result, the
|
|
# deduplication ratio will suffer for a while after the change.
|
|
[chunking]
|
|
# The minimum NAR size to trigger chunking
|
|
#
|
|
# If 0, chunking is disabled entirely for newly-uploaded NARs.
|
|
# If 1, all NARs are chunked.
|
|
nar-size-threshold = 65536 # chunk files that are 64 KiB or larger
|
|
|
|
# The preferred minimum size of a chunk, in bytes
|
|
min-size = 16384 # 16 KiB
|
|
|
|
# The preferred average size of a chunk, in bytes
|
|
avg-size = 65536 # 64 KiB
|
|
|
|
# The preferred maximum size of a chunk, in bytes
|
|
max-size = 262144 # 256 KiB
|
|
|
|
# Compression
|
|
[compression]
|
|
# Compression type
|
|
#
|
|
# Can be "none", "brotli", "zstd", or "xz"
|
|
type = "zstd"
|
|
|
|
# Compression level
|
|
#level = 8
|
|
|
|
# Garbage collection
|
|
[garbage-collection]
|
|
# The frequency to run garbage collection at
|
|
#
|
|
# By default it's 12 hours. You can use natural language
|
|
# to specify the interval, like "1 day".
|
|
#
|
|
# If zero, automatic garbage collection is disabled, but
|
|
# it can still be run manually with `atticd --mode garbage-collector-once`.
|
|
interval = "1 week"
|
|
|
|
# Default retention period
|
|
#
|
|
# Zero (default) means time-based garbage-collection is
|
|
# disabled by default. You can enable it on a per-cache basis.
|
|
default-retention-period = "6 months"
|
|
|
|
[jwt]
|
|
# WARNING: Changing _anything_ in this section will break any existing
|
|
# tokens. If you need to regenerate them, ensure that you use the the
|
|
# correct secret and include the `iss` and `aud` claims.
|
|
|
|
# JWT `iss` claim
|
|
#
|
|
# Set this to the JWT issuer that you want to validate.
|
|
# If this is set, all received JWTs will validate that the `iss` claim
|
|
# matches this value.
|
|
#token-bound-issuer = "some-issuer"
|
|
|
|
# JWT `aud` claim
|
|
#
|
|
# Set this to the JWT audience(s) that you want to validate.
|
|
# If this is set, all received JWTs will validate that the `aud` claim
|
|
# contains at least one of these values.
|
|
#token-bound-audiences = ["some-audience1", "some-audience2"]
|
|
|
|
[jwt.signing]
|
|
# JWT RS256 secret key
|
|
#
|
|
# Set this to the base64-encoded private half of an RSA PEM PKCS1 key.
|
|
# You can also set it via the `ATTIC_SERVER_TOKEN_RS256_SECRET_BASE64`
|
|
# environment variable.
|
|
token-rs256-secret-base64 = "LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlKS2dJQkFBS0NBZ0VBdlZrMHQyZUtvdjhpV3prVFFtQzJtRklvd0gxc2liNlVpUFhUaGVwcURiWHMyaERFCnFYa1pKUXRjTnY0T2RtcldmZ2tsbjVyblJNQk5yL1B5dE05OFFMVVJnbzFSU2VTeUVjcmxSU1N4MElVRlhkM3YKV0U0aTJJTktsSzgxblJoY0o4czRUM09iYUpvSUQweEpqS2IzMkhxZmpOSU1vcVdBRk1ES2YyMUM5OWxQeTRXSgpVUUVnYTRzbHo5RzZHVi8wZW5qbFNMa2RRNjEvdEwyRE1ISHgvV2VRUEtpWkF4c2Fwczd3ZVJiNVBrS3J0MVlGClRxa1lJSjY3eDFiNDR1N0NmdWdVbHhMM2JCQ1lqVXVXNnoxdGU3T2ZQUUhoM1FPU2lFZTczQ3I4dU1lSkplV0wKN2VKc1hWSG9uVzBMZWl0aDk5WmJTUTF3YlhieDVPZzNTQ3ZWYnkyZE90Y3Rud2Y2aDN5YlJ3SUNoc24xbk4zMwowRkMyOXlFY0ExQ2VFVzRsMVVHNmxoMGw5cEpiWEhRNlFJS1paempaTlgxZTRGRW5TdytGNGhXd3R1Z2JtKzZnCnVPdEE5QVJxYndJOTFLeEtoT204Q0RJQlRwWThSZG1SaElicWUrc3czT3p3dGk0eTVkU3FMREsrT3Y5b05ucngKQW9TN21TaXNQeDVJS3JwaFhMT3JvVmI2L1puSmNOK3ljaExuenptMDY2Zk5RaTBLNHhzaitvWkphaXVjZnBacAphSElHZGpaY1U3aE5FUzdJNVliVEFqUDdkaDRzdXJnMk1xTUtxbUxsa2ZPcGFoRTlMQTZVVFZRZHZLVFVGNWZwCkdYSnhaT1RKWlpiOGNQTFYxZFdXbnBMaEZNV2h2OUZQTCtDVGZQVUFvQmtmOTE3TzFLdkE3bGsvcTJzQ0F3RUEKQVFLQ0FnQU9WZ3k1dmlzdkFDWTN4ZkNCWEJVM0h6RmFzYVJnSVgvWmh0TkhGbUtGT3pyOW43dGtJWGtYNXU1SwpjNTNndFdJY0ZORTJibUlJUUk4aFBWVW8vM1NtNlk2ejFjTkwxdmJzaGZJcDlBZEtoR2ZOblpvYmszN3I2YlRoCjRRb3NKTVlGZFV1RUtIcWh4dGZKWUx0STNQTnkvb1hLQWJWWE16U3BYWmQzWW14cG01aUJEbEZCUXRhVGpldUUKK3BvZWhiZGE5b0JWcXo1ZCsycnA0bGRtZVpvYTE1YUNJVG5FbEc3R0puRHFtaVN3NUJkZ1FERVNyWmJZRVd5aQpRU0dDL1JUWXl2V1VJcWw5RXh5WnhobGRJaitCMkMyOFRzSXRHN0lpZzF2ajVaVlE0RHF3RmRzc1hiSmF0bkxvClNITlFBcXplT09xY2Mxb0p6N0dzNVRBYVZNZEtEQXZCZm1JMFBMcDNqNmVFOFFIYlduMHk2NzVYbnlqWllLUUcKaWx5R0pUNVRzMWZHWHlPSXBrNG4yQjM1V3dHcjIyTkxnYUd5cnZjRkgxN3JoZGVnaGlrZFJRd1FOcXRsZjBIZApMWDVRQWVwcUt3SE9uR1BGVy9XU2xGU0lEdkt1VFZSVGtvQmFSMTA3OFpiS2JXckZBbEdqYTFvbnNXQUh1YW5UClh5dFE4dWoxUEFFeWFMZUJEaUJxRVJ2am1VVFQ1ZktCOTdaVnRJenVBZ0lyWWZ6YjIyVEk2VFJ6OVZiQ2VyWG8KdTc0cnoxMjM2TXMrbmg5Y2xYd3VtQlBOU1d1eE9OdldOWEZ6VWdIOURzdlFRMWRsMFRJWEFQMGhFYkRHRkNBQwowUlg2M0lpcXFzUG1ZZUZNTGR5K2tVWjViNzI1TlhXWFRHbDRnQ1Y3NFVRU01ya0xrUUtDQVFFQStobXIwYjdnClVYcWRKaGtLRXVsa29IVzVuYzZ4QmhobCtuTkFucVFSTm5tQWpiaDlCeDVpLzQ2WUwxcHFYQUY5cTNIRlowSDIKZEJRZXN2Q0pxbmtSTHVwTi95VE1KSlo0ZE5kMHZqRzZ0UGhMUjZuRmRabHU0TFBRMXRKcU5XZkhZeCtwQ3N2SQo4Wkx3VG8rRGFxSjArZDk3WWF0b0dWNUZHOWtUSjhBYWFXb0Q1R1AyOGtOd0djKzI0b2VNYnJtU0ppQ2I2UlJoCjA5WWJaMGpXdkFHaXJyMzFOTW5nR0dtVmRPMThoOXVMUStLNzFUQWt1eFEzZEhpUzh6UVd6YythRnM1THgyUnIKeXppcEJhR3VySmFJQ05XNklFQm5ndFcvZEZaYXpMbjhQcDVrQlJzQ1NyN1JpQkNFSFZmeHBYVFNoS3cwVWp4NQo2a0gwc01YZnFoOFpMUUtDQVFFQXdkQ3BPUXBRa1RhK0t6Z0VrWGdMVnk2QmZJKzRWdC9BYjRtK2pFSm85aUIzCnN4dEtKNU5tNXltNldXcmFWS25zekxNZy85Mi9vSVZreUlNSklrOWNYdEpuaEU5ak1aVzc2ZjhYbW5CUnJIMnAKVHVmNWtYWWdVUHZLQ2g1U1g5Q2w0UHJENHNSb3cwNHJjbHVxSE1MT2g1MncxUmJPalRrb05tNXBHWlFoVkhxeApaUzh3aVk3bzhLNFZJQXZOVlZOdGlIZFNOY2Y0cDMxL0F6SU5aQjJWdlczeWJHTWNIdDByekQ5TkpZLzhTekc3CktEME5mRTgzeng2OWxHTlhUcURGSnBTV2ZNVlFwSGVCM0FTRTV1YVhVM1c5S3EwN2NDOEJWSHRaK3B5a1B0RTYKOHgrZE9NYWh6UElaMjRqbkIzZkVsaWc0Rk5zd01LZm9aeDdKYUJLRjl3S0NBUUVBdWJUTUgwOWpVenovYVdXWQpWRmlYVG9wN3pGRElvNlVFUEFiT1NiMjd4ajVNRlcrUzd2RkNRMDZIZEVubnhlK1pkKzlmeS85djE5dUV2QXZkCnZRWnVtdTZDQWQwNTlFVUNwb2ZCZU9TR0paQmtuWTdUUHpJeDRZbkRuVy9hUzFPRyt2UnNXY2JkcTNzWEVzNS8KbjNPSDltNWFPRGpGY0dqT1doSkNwZlovNWh4QlRacG9xSlVvclJIT1U4Q2dweXNGK1dlblBWZlVHQzdZWkVYeQpwT0YyQWRpdE5ZaGM3T09oaFpRK0xzYjNUdTRSMlFnSmpoeEIzU3NXdXAzSC9RU1UvekFwbHFIYlpLZnE0WEtmCnVDbUNVMFVZRXBDZ0M4ZFpoVElGOUJSNTE2bFd6Vyt6c1BxbHJTbk9YOWVJWi9vcHd6ZjNGY1V3SmFEWjUxVFcKY29UcTlRS0NBUUVBckhtVTdpYkl0Y0Zpa0RGa2wxT2R1L0t0MW54TFRqd0dFdndnYnM3MmV2ay9yRXEvdmVKRgpzN2NGbDJjb2JpbGRpbmhxQ0doOGpFdkkrVXJxeVBhWXUrVS9xNVcrTHpVUnFkV1JXcVZUZVUzR2FtcXpSQWc4CkQvVlJ3WmxrTXRJSm0rRnNpcFBBcXZVWVlzZEI1aUJTREl0Ky90SXg4NmtHcVJHdVE4MzNyeWNVVUhnakdIYnQKd3FrWU1aRnZJOXgvWCs3WFlQYll4Nnc5YUVtVmN4K0V6ck5XQmJCWktQb25iTFowWDlYM2JhOE8zMnNkWWg5WgpDZDlRVkFubmV4aEUrZVZHMmpmNVlMTGRCRCtkU2FHd3p0dTdBSXh5bFkydkFGQlpMVlZTTUhpZm5oWG5Jc3hZCjFub29HcDZGQWJkS1lWbmZObWdzUlZCVzE5V2s1QkYvMXdLQ0FRRUFqVnR1RXdYZzU5NERIaVN4UjlWbGRBaHYKcXF5dlpieVhPT2pnNHNKZjFLUlpxZkkzV28yL05IQWN0MlZlREE1bnlEM001YndHWEwrdVZGaUlMVk1ZMUp0WQp6MmlHWHgwZVdlbFJya2tRZHFncTI1TE9BQ2dxYTFMNW9tQS9tMGcwQWljWVdYa1FYSXpXRkhwb0ZqcU9KZHpTCnZ0MHhLV2lpWHUxVk5YeDJibFR1dXBCa1JUZUlQNTVxdWdyOUh0ZmY1MHc5MHhwTllaMFR3d0lDMG1neVVMMWEKRkdVdHlPUTlqVFBUUUdGM3h6REJCQ2U2MW5uZUV0TThRMEJ1MXh3Rm90aWFYSE9NaGhiMFBndVkzNHhiekNHYgpHcTlsWjVaN2lRVXByUWNNYjhrUzZ1WFk3VHBDTmUzaDBiTTM5dVlKeHNYNXUzcmVNRWsyZlBNT3dnTlFjdz09Ci0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg=="
|