Initial work on Outline

Todo: clean up defaults
This commit is contained in:
Sangelo 2024-01-29 10:02:41 +01:00
parent ab86026f8a
commit a18778de36
12 changed files with 776 additions and 0 deletions

View file

@ -0,0 +1,33 @@
proxmox_id: 2008
common_firewall_enable: false
core_groups:
- name: "mgmt"
state: present
- name: "outline"
state: present
core_users:
- name: "sangelo"
password: "!"
groups: ["sudo", "mgmt"]
state: present
authorized_keys:
- "sangelo"
- "sangelo-access"
- name: "outline"
password: "{{ sec_outline_pass }}"
groups: ["docker", "outline"]
state: present
authorized_keys:
- "sangelo"
- "sangelo-access"
# Configuration for Outline located in defaults, move to here is a WIP.
# Storj Gateway ST setup
storj_gateway_user: outline
storj_gateway_access_grant: '{{ sec_outline_storj_gateway_access_grant }}'
storj_gateway_minio_access_key: '{{ sec_outline_storj_gateway_minio_access_key }}'
storj_gateway_minio_secret_key: '{{ sec_outline_storj_gateway_minio_secret_key }}'

View file

@ -5,6 +5,9 @@
[headscale_exit_nodes]
10.1.0.15
[outline]
10.2.0.8
[gitpot]
; 10.5.0.1

View file

@ -0,0 +1,11 @@
---
- name: Install Outline
hosts: outline
remote_user: root
roles:
- lunivity.common.all
# - lunivity.core.docker
- lunivity.core.users
- storj-gateway
- outline

View file

@ -0,0 +1,199 @@
# REQUIRED
# Server Base Directory. This is the directory that will contain the docker-compose file, and the config.
outline_server_base_dir: /var/outline/
# The user and group that this stack should run as.
outline_user: outline
outline_group: outline
outline_node_env: production
# Generate a hex-encoded 32-byte random key. You should use `openssl rand -hex 32`
# in your terminal to generate a random value.
outline_secret_key: '{{ sec_outline_secret_key }}'
outline_utils_secret: '{{ sec_outline_utils_secret }}'
# For redis you can either specify an ioredis compatible url like this
outline_redis_url: redis://redis:6379
# or alternatively, if you would like to provide additional connection options,
# use a base64 encoded JSON connection option object. Refer to the ioredis documentation
# for a list of available options.
# Example: Use Redis Sentinel for high availability
# {"sentinels":[{"host":"sentinel-0","port":26379},{"host":"sentinel-1","port":26379}],"name":"mymaster"}
# REDIS_URL=ioredis://eyJzZW50aW5lbHMiOlt7Imhvc3QiOiJzZW50aW5lbC0wIiwicG9ydCI6MjYzNzl9LHsiaG9zdCI6InNlbnRpbmVsLTEiLCJwb3J0IjoyNjM3OX1dLCJuYW1lIjoibXltYXN0ZXIifQ==
# URL should point to the fully qualified, publicly accessible URL. If using a
# proxy the port in URL and PORT may be different.
outline_url: https://docs.lunivity.com
outline_port: 3000
# See [documentation](docs/SERVICES.md) on running a separate collaboration
# server, for normal operation this does not need to be set.
outline_collaboration_url: ''
# For production point these at your databases, in development the default
# should work out of the box.
outline_database_url: '{{ sec_outline_database_url }}'
outline_database_url_test: '{{ sec_outline_database_url_test }}'
outline_database_connection_pool_min: ''
outline_database_connection_pool_max: ''
# To support uploading of images for avatars and document attachments an
# s3-compatible storage must be provided. AWS S3 is recommended for redundancy
# however if you want to keep all file storage local an alternative such as
# minio (https://github.com/minio/minio) can be used.
# A more detailed guide on setting up S3 is available here:
# => https://wiki.generaloutline.com/share/125de1cc-9ff6-424b-8415-0d58c809a40f
#
outline_aws_key_id: '{{ sec_outline_aws_key_id }}'
# outline_aws_key_id: '{{ sec_outline_storj_gateway_minio_access_key }}'
outline_aws_secret_access_key: '{{ sec_outline_aws_secret_access_key }}'
# outline_aws_secret_access_key: '{{ sec_outline_storj_gateway_minio_secret_key }}'
# outline_aws_region: xx-xxxx-x
outline_aws_region: global
outline_aws_accelerate_url: ''
outline_aws_upload_bucket_url: https://gateway.storjshare.io
# outline_aws_upload_bucket_url: http://localhost:7777
outline_aws_upload_bucket_name: outline
outline_aws_force_path_style: "true"
outline_aws_acl: private
# Specify what storage system to use. Possible value is one of "s3" or "local".
# For "local", the avatar images and document attachments will be saved on local disk.
outline_file_storage: s3
# If "local" is configured for FILE_STORAGE above, then this sets the parent directory under
# which all attachments/images go. Make sure that the process has permissions to create
# this path and also to write files to it.
outline_file_storage_local_root_dir: /var/lib/outline/data
# Maximum allowed size for the uploaded attachment.
outline_file_storage_upload_max_size: 26214400
# AUTHENTICATION
# Third party signin credentials, at least ONE OF EITHER Google, Slack,
# or Microsoft is required for a working installation or you'll have no sign-in
# options.
# To configure Slack auth, you'll need to create an Application at
# => https://api.slack.com/apps
#
# When configuring the Client ID, add a redirect URL under "OAuth & Permissions":
# https://<URL>/auth/slack.callback
outline_slack_client_id: ''
outline_slack_client_secret: ''
# To configure Google auth, you'll need to create an OAuth Client ID at
# => https://console.cloud.google.com/apis/credentials
#
# When configuring the Client ID, add an Authorized redirect URI:
# https://<URL>/auth/google.callback
outline_google_client_id: ''
outline_google_client_secret: ''
# To configure Microsoft/Azure auth, you'll need to create an OAuth Client. See
# the guide for details on setting up your Azure App:
# => https://wiki.generaloutline.com/share/dfa77e56-d4d2-4b51-8ff8-84ea6608faa4
outline_azure_client_id: ''
outline_azure_client_secret: ''
outline_azure_resource_app_id: ''
# To configure generic OIDC auth, you'll need some kind of identity provider.
# See documentation for whichever IdP you use to acquire the following info:
# Redirect URI is https://<URL>/auth/oidc.callback
outline_oidc_client_id: '{{ sec_outline_oidc_client_id }}'
outline_oidc_client_secret: '{{ sec_outline_oidc_client_secret }}'
outline_oidc_auth_uri: 'https://auth.lunivity.com/application/o/authorize/'
outline_oidc_token_uri: 'https://auth.lunivity.com/application/o/token/'
outline_oidc_userinfo_uri: 'https://auth.lunivity.com/application/o/userinfo/'
# Specify which claims to derive user information from
# Supports any valid JSON path with the JWT payload
outline_oidc_username_clame: preferred_username
# Display name for OIDC authentication
outline_oidc_display_name: Lunivity Auth
# Space separated auth scopes.
outline_oidc_scopes: openid profile email
# OPTIONAL
# Base64 encoded private key and certificate for HTTPS termination. This is only
# required if you do not use an external reverse proxy. See documentation:
# https://wiki.generaloutline.com/share/1c922644-40d8-41fe-98f9-df2b67239d45
outline_ssl_key: ''
outline_ssl_cert: ''
# If using a Cloudfront/Cloudflare distribution or similar it can be set below.
# This will cause paths to javascript, stylesheets, and images to be updated to
# the hostname defined in CDN_URL. In your CDN configuration the origin server
# should be set to the same as URL.
outline_cdn_url: ''
# Auto-redirect to https in production. The default is true but you may set to
# false if you can be sure that SSL is terminated at an external loadbalancer.
outline_force_https: "true"
# Have the installation check for updates by sending anonymized statistics to
# the maintainers
outline_enable_updates: "true"
# How many processes should be spawned. As a reasonable rule divide your servers
# available memory by 512 for a rough estimate
outline_web_concurrency: 8
# Override the maximum size of document imports, could be required if you have
# especially large Word documents with embedded imagery
outline_max_import_size: 5120000
# You can remove this value if your reverse proxy already logs incoming http
# requests and this ends up being duplicative
outline_debug: http
# Configure lowest severity level for server logs. Should be one of
# error, warn, info, http, verbose, debug and silly
outline_log_level: info
# For a complete Slack integration with search and posting to channels the
# following configs are also needed, some more details
# => https://wiki.generaloutline.com/share/be25efd1-b3ef-4450-b8e5-c4a4fc11e02a
#
outline_slack_verification_token: ''
outline_slack_app_id: ''
outline_slack_message_actions: "true"
# Optionally enable google analytics to track pageviews in the knowledge base
outline_google_analytics_id: ''
# Optionally enable Sentry (sentry.io) to track errors and performance,
# and optionally add a Sentry proxy tunnel for bypassing ad blockers in the UI:
# https://docs.sentry.io/platforms/javascript/troubleshooting/#using-the-tunnel-option)
outline_sentry_dsn: ''
outline_sentry_tunnel: ''
# To support sending outgoing transactional emails such as "document updated" or
# "you've been invited" you'll need to provide authentication for an SMTP server
outline_smtp_host: mail.lunivity.com
outline_smtp_port: 465
outline_smtp_username: no-reply@lunivity.com
outline_smtp_password: '{{ sec_outline_smtp_password }}'
outline_smtp_from_email: no-reply@lunivity.com
outline_smtp_reply_email: no-reply@lunivity.com
outline_smtp_tls_ciphers: ''
outline_smtp_secure: "true"
# The default interface language. See translate.getoutline.com for a list of
# available language codes and their rough percentage translated.
outline_default_lang: en_US
# Optionally enable rate limiter at application web server
outline_rate_limiter_enabled: "true"
# Configure default throttling parameters for rate limiter
outline_rate_limiter_requests: 1000
outline_rate_limiter_duration_window: 60

View file

View file

@ -0,0 +1,34 @@
---
# roles/outline/tasks/main.yml
- name: Make sure Outline's base dir exists
ansible.builtin.file:
path: '{{ outline_server_base_dir }}'
state: directory
owner: '{{ outline_user }}'
group: '{{ outline_group }}'
mode: '0740'
- name: Create outline.env file
ansible.builtin.template:
src: outline.env.j2
dest: '{{ outline_server_base_dir }}/outline.env'
owner: '{{ outline_user }}'
group: '{{ outline_group }}'
mode: '0640'
- name: Create docker-compose.yml
ansible.builtin.template:
src: docker-compose.yml.j2
dest: '{{ outline_server_base_dir }}/docker-compose.yml'
owner: '{{ outline_user }}'
group: '{{ outline_group }}'
mode: '0640'
- name: Create redis.conf
ansible.builtin.file:
path: '{{ outline_server_base_dir }}/redis.conf'
state: file
owner: 'root'
group: '{{ outline_group }}'
mode: '0644'

View file

@ -0,0 +1,52 @@
version: "3.2"
services:
outline:
image: docker.getoutline.com/outlinewiki/outline:0.74.0
env_file: ./outline.env
ports:
- "3000:3000"
volumes:
- storage-data:/var/lib/outline/data
depends_on:
- redis
redis:
image: redis
env_file: ./outline.env
ports:
- "6379:6379"
volumes:
- ./redis.conf:/redis.conf
command: ["redis-server", "/redis.conf"]
healthcheck:
test: ["CMD", "redis-cli", "ping"]
interval: 10s
timeout: 30s
retries: 3
https-portal:
image: steveltn/https-portal
env_file: ./outline.env
ports:
- "80:80"
- "443:443"
links:
- outline
restart: always
volumes:
- https-portal-data:/var/lib/https-portal
healthcheck:
test: ["CMD", "service", "nginx", "status"]
interval: 30s
timeout: 20s
retries: 3
environment:
DOMAINS: "docs.mycompany.com -> http://outline:3000"
STAGE: "production"
WEBSOCKET: "true"
CLIENT_MAX_BODY_SIZE: "0"
volumes:
https-portal-data:
storage-data:
database-data:

View file

@ -0,0 +1,202 @@
# ---------- REQUIRED ----------
NODE_ENV={{ outline_node_env }}
# Generate a hex-encoded 32-byte random key. You should use `openssl rand -hex 32`
# in your terminal to generate a random value.
SECRET_KEY={{ outline_secret_key }}
# Generate a unique random key. The format is not important but you could still use
# `openssl rand -hex 32` in your terminal to produce this.
UTILS_SECRET={{ outline_utils_secret }}
# For production point these at your databases, in development the default
# should work out of the box.
DATABASE_URL={{ outline_database_url }}
DATABASE_URL_TEST={{ outline_database_url_test }}
DATABASE_CONNECTION_POOL_MIN={{ outline_database_connection_pool_min }}
DATABASE_CONNECTION_POOL_MAX={{ outline_database_connection_pool_max }}
# Uncomment this to disable SSL for connecting to Postgres
# PGSSLMODE=disable
# For redis you can either specify an ioredis compatible url like this
REDIS_URL={{ outline_redis_url }}
# or alternatively, if you would like to provide additional connection options,
# use a base64 encoded JSON connection option object. Refer to the ioredis documentation
# for a list of available options.
# Example: Use Redis Sentinel for high availability
# {"sentinels":[{"host":"sentinel-0","port":26379},{"host":"sentinel-1","port":26379}],"name":"mymaster"}
# REDIS_URL=ioredis://eyJzZW50aW5lbHMiOlt7Imhvc3QiOiJzZW50aW5lbC0wIiwicG9ydCI6MjYzNzl9LHsiaG9zdCI6InNlbnRpbmVsLTEiLCJwb3J0IjoyNjM3OX1dLCJuYW1lIjoibXltYXN0ZXIifQ==
# URL should point to the fully qualified, publicly accessible URL. If using a
# proxy the port in URL and PORT may be different.
URL={{ outline_url }}
PORT={{ outline_port }}
# See [documentation](docs/SERVICES.md) on running a separate collaboration
# server, for normal operation this does not need to be set.
COLLABORATION_URL={{ outline_collaboration_url }}
# To support uploading of images for avatars and document attachments an
# s3-compatible storage must be provided. AWS S3 is recommended for redundancy
# however if you want to keep all file storage local an alternative such as
# minio (https://github.com/minio/minio) can be used.
# A more detailed guide on setting up S3 is available here:
# => https://wiki.generaloutline.com/share/125de1cc-9ff6-424b-8415-0d58c809a40f
#
AWS_ACCESS_KEY_ID={{ outline_aws_key_id }}
AWS_SECRET_ACCESS_KEY={{ outline_aws_secret_access_key }}
AWS_REGION={{ outline_aws_region }}
AWS_S3_ACCELERATE_URL={{ outline_aws_accelerate_url }}
AWS_S3_UPLOAD_BUCKET_URL={{ outline_aws_upload_bucket_url }}
AWS_S3_UPLOAD_BUCKET_NAME={{ outline_aws_upload_bucket_name }}
AWS_S3_FORCE_PATH_STYLE={{ outline_aws_force_path_style }}
AWS_S3_ACL={{ outline_aws_acl }}
# Specify what storage system to use. Possible value is one of "s3" or "local".
# For "local", the avatar images and document attachments will be saved on local disk.
FILE_STORAGE={{ outline_file_storage }}
# If "local" is configured for FILE_STORAGE above, then this sets the parent directory under
# which all attachments/images go. Make sure that the process has permissions to create
# this path and also to write files to it.
FILE_STORAGE_LOCAL_ROOT_DIR={{ outline_file_storage_local_root_dir }}
# Maximum allowed size for the uploaded attachment.
FILE_STORAGE_UPLOAD_MAX_SIZE={{ outline_file_storage_upload_max_size }}
# ---------- AUTHENTICATION ----------
# Third party signin credentials, at least ONE OF EITHER Google, Slack,
# or Microsoft is required for a working installation or you'll have no sign-in
# options.
# To configure Slack auth, you'll need to create an Application at
# => https://api.slack.com/apps
#
# When configuring the Client ID, add a redirect URL under "OAuth & Permissions":
# https://<URL>/auth/slack.callback
SLACK_CLIENT_ID={{ outline_slack_client_id }}
SLACK_CLIENT_SECRET={{ outline_slack_client_secret }}
# To configure Google auth, you'll need to create an OAuth Client ID at
# => https://console.cloud.google.com/apis/credentials
#
# When configuring the Client ID, add an Authorized redirect URI:
# https://<URL>/auth/google.callback
GOOGLE_CLIENT_ID={{ outline_google_client_id }}
GOOGLE_CLIENT_SECRET={{ outline_google_client_secret }}
# To configure Microsoft/Azure auth, you'll need to create an OAuth Client. See
# the guide for details on setting up your Azure App:
# => https://wiki.generaloutline.com/share/dfa77e56-d4d2-4b51-8ff8-84ea6608faa4
AZURE_CLIENT_ID={{ outline_azure_client_id }}
AZURE_CLIENT_SECRET={{ outline_azure_client_secret }}
AZURE_RESOURCE_APP_ID={{ outline_azure_resource_app_id }}
# To configure generic OIDC auth, you'll need some kind of identity provider.
# See documentation for whichever IdP you use to acquire the following info:
# Redirect URI is https://<URL>/auth/oidc.callback
OIDC_CLIENT_ID={{ outline_oidc_client_id }}
OIDC_CLIENT_SECRET={{ outline_oidc_client_secret }}
OIDC_AUTH_URI={{ outline_oidc_auth_uri }}
OIDC_TOKEN_URI={{ outline_oidc_token_uri }}
OIDC_USERINFO_URI={{ outline_oidc_userinfo_uri }}
# Specify which claims to derive user information from
# Supports any valid JSON path with the JWT payload
OIDC_USERNAME_CLAIM={{ outline_oidc_username_clame }}
# Display name for OIDC authentication
OIDC_DISPLAY_NAME={{ outline_oidc_display_name }}
# Space separated auth scopes.
OIDC_SCOPES={{ outline_oidc_scopes }}
# ---------- OPTIONAL ----------
# Base64 encoded private key and certificate for HTTPS termination. This is only
# required if you do not use an external reverse proxy. See documentation:
# https://wiki.generaloutline.com/share/1c922644-40d8-41fe-98f9-df2b67239d45
SSL_KEY={{ outline_ssl_key }}
SSL_CERT={{ outline_ssl_cert }}
# If using a Cloudfront/Cloudflare distribution or similar it can be set below.
# This will cause paths to javascript, stylesheets, and images to be updated to
# the hostname defined in CDN_URL. In your CDN configuration the origin server
# should be set to the same as URL.
CDN_URL={{ outline_cdn_url }}
# Auto-redirect to https in production. The default is true but you may set to
# false if you can be sure that SSL is terminated at an external loadbalancer.
FORCE_HTTPS={{ outline_force_https }}
# Have the installation check for updates by sending anonymized statistics to
# the maintainers
ENABLE_UPDATES={{ outline_enable_updates }}
# How many processes should be spawned. As a reasonable rule divide your servers
# available memory by 512 for a rough estimate
WEB_CONCURRENCY={{ outline_web_concurrency }}
# Override the maximum size of document imports, could be required if you have
# especially large Word documents with embedded imagery
MAXIMUM_IMPORT_SIZE={{ outline_max_import_size }}
# You can remove this line if your reverse proxy already logs incoming http
# requests and this ends up being duplicative
DEBUG={{ outline_debug }}
# Configure lowest severity level for server logs. Should be one of
# error, warn, info, http, verbose, debug and silly
LOG_LEVEL={{ outline_log_level }}
# For a complete Slack integration with search and posting to channels the
# following configs are also needed, some more details
# => https://wiki.generaloutline.com/share/be25efd1-b3ef-4450-b8e5-c4a4fc11e02a
#
SLACK_VERIFICATION_TOKEN={{ outline_slack_verification_token }}
SLACK_APP_ID={{ outline_slack_app_id }}
SLACK_MESSAGE_ACTIONS={{ outline_slack_message_actions }}
# Optionally enable google analytics to track pageviews in the knowledge base
GOOGLE_ANALYTICS_ID={{ outline_google_analytics_id }}
# Optionally enable Sentry (sentry.io) to track errors and performance,
# and optionally add a Sentry proxy tunnel for bypassing ad blockers in the UI:
# https://docs.sentry.io/platforms/javascript/troubleshooting/#using-the-tunnel-option)
SENTRY_DSN={{ outline_sentry_dsn }}
SENTRY_TUNNEL={{ outline_sentry_tunnel }}
# To support sending outgoing transactional emails such as "document updated" or
# "you've been invited" you'll need to provide authentication for an SMTP server
SMTP_HOST={{ outline_smtp_host }}
SMTP_PORT={{ outline_smtp_port }}
SMTP_USERNAME={{ outline_smtp_username }}
SMTP_PASSWORD={{ outline_smtp_password }}
SMTP_FROM_EMAIL={{ outline_smtp_from_email }}
SMTP_REPLY_EMAIL={{ outline_smtp_reply_email }}
SMTP_TLS_CIPHERS={{ outline_smtp_tls_ciphers }}
SMTP_SECURE={{ outline_smtp_secure }}
# The default interface language. See translate.getoutline.com for a list of
# available language codes and their rough percentage translated.
DEFAULT_LANGUAGE={{ outline_default_lang }}
# Optionally enable rate limiter at application web server
RATE_LIMITER_ENABLED={{ outline_rate_limiter_enabled }}
# Configure default throttling parameters for rate limiter
RATE_LIMITER_REQUESTS={{ outline_rate_limiter_requests }}
RATE_LIMITER_DURATION_WINDOW={{ outline_rate_limiter_duration_window }}
# Iframely API config
# IFRAMELY_URL=
# IFRAMELY_API_KEY=
# Enable unsafe-inline in script-src CSP directive
# Setting it to true allows React dev tools add-on in
# Firefox to successfully detect the project
DEVELOPMENT_UNSAFE_INLINE_CSP=false

View file

@ -0,0 +1,11 @@
[Unit]
Description=Gateway ST User Service
After=network.target
[Service]
Type=simple
ExecStart=/usr/local/bin/gateway run
Restart=on-failure
[Install]
WantedBy=default.target

View file

@ -0,0 +1,15 @@
- name: reload systemd
ansible.builtin.systemd:
daemon_reload: yes
user: yes
become: true
become_user: '{{ storj_gateway_user }}'
- name: start gateway
ansible.builtin.systemd:
name: gateway-st
enabled: yes
state: started
user: yes
become: true
become_user: '{{ storj_gateway_user }}'

View file

@ -0,0 +1,97 @@
---
# roles/storj-gateway/tasks/main.yml
- name: Install zip and curl
apt:
update_cache: yes
cache_valid_time: 3600
name:
- unzip
- curl
state: present
- name: Check if Uplink is already installed
command: which uplink
ignore_errors: true
register: uplink_installed
- name: Download Storj Uplink CLI
when: uplink_installed.rc != 0
get_url:
url: https://github.com/storj/storj/releases/latest/download/uplink_linux_amd64.zip
dest: /tmp/uplink_linux_amd64.zip
- name: Unzip Storj Uplink CLI
when: uplink_installed.rc != 0
unarchive:
src: /tmp/uplink_linux_amd64.zip
dest: /tmp
remote_src: true
- name: Install Uplink binary
when: uplink_installed.rc != 0
command:
cmd: install /tmp/uplink /usr/local/bin/uplink
- name: Check if Gateway ST is already installed
command: which gateway
ignore_errors: true
register: gateway_installed
- name: Download Gateway ST
when: gateway_installed.rc != 0
get_url:
url: https://github.com/storj/gateway-st/releases/latest/download/gateway_linux_amd64.zip
dest: /tmp/gateway_linux_amd64.zip
- name: Unzip Gateway ST
when: gateway_installed.rc != 0
unarchive:
src: /tmp/gateway_linux_amd64.zip
dest: /tmp
remote_src: true
- name: Set execute permissions on Gateway binary
when: gateway_installed.rc != 0
file:
path: /tmp/gateway
mode: 0755
- name: Move Gateway binary to /usr/local/bin
when: gateway_installed.rc != 0
command:
cmd: mv /tmp/gateway /usr/local/bin/gateway
- name: Make sure config dir exists
# when: gateway_installed.rc != 0
file:
path: /home/{{ storj_gateway_user }}/.local/share/storj/gateway/
state: directory
mode: '0700'
- name: Setup Gateway configuration file
# when: gateway_installed.rc != 0
template:
src: config.yaml.j2
dest: "/home/{{ storj_gateway_user }}/.local/share/storj/gateway/config.yaml"
become: true
become_user: "{{ storj_gateway_user }}"
- name: Ensure .config/systemd/user directory exists
file:
path: "/home/{{ storj_gateway_user }}/.config/systemd/user"
state: directory
mode: 0755
become: true
become_user: "{{ storj_gateway_user }}"
- name: Copy gateway-st.service to user systemd directory
copy:
src: ../files/gateway-st.service
dest: "/home/{{ storj_gateway_user }}/.config/systemd/user/gateway-st.service"
mode: 0644
become: true
become_user: "{{ storj_gateway_user }}"
notify:
- reload systemd
- start gateway

View file

@ -0,0 +1,119 @@
# the serialized access, or name of the access to use
access: {{ storj_gateway_access_grant }}
# if used in with -h, print advanced flags help
# advanced: false
# additional value appended to User-Agent
# client.additional-user-agent: ""
# User-Agent used for connecting to the satellite
# client.user-agent: ""
# address to listen on for debug endpoints
# debug.addr: 127.0.0.1:0
# If set, a path to write a process trace SVG to
# debug.trace-out: ""
# if true, log function filename and line number
# log.caller: false
# if true, set logging to development mode
# log.development: false
# configures log encoding. can either be 'console', 'json', 'pretty', or 'gcloudlogging'.
# log.encoding: ""
# the minimum log level to log
# log.level: info
# can be stdout, stderr, or a filename
# log.output: stderr
# if true, log stack traces
# log.stack: false
# address(es) to send telemetry to (comma-separated)
# metrics.addr: collectora.storj.io:9000
# application name for telemetry identification. Ignored for certain applications.
# metrics.app: gateway
# application suffix. Ignored for certain applications.
# metrics.app-suffix: -release
# address(es) to send telemetry to (comma-separated)
# metrics.event-addr: eventkitd.datasci.storj.io:9002
# instance id prefix
# metrics.instance-prefix: ""
# how frequently to send up telemetry. Ignored for certain applications.
# metrics.interval: 1m0s
# Minio Access Key to use
minio.access-key: {{ storj_gateway_minio_access_key }}
# Minio generic server config path
# minio.dir: /home/outline/.local/share/storj/gateway/minio
# Minio Secret Key to use
minio.secret-key: {{ storj_gateway_minio_secret_key }}
# The default number of iterations for each check
# quickchecks: 100
# how many objects to delete in parallel with DeleteObjects
# s3.delete-objects-concurrency: 100
# return 501 (Not Implemented) for CopyObject calls
# s3.disable-copy-object: false
# make ListObjects(V2) fully S3-compatible (specifically: always return lexicographically ordered results) but slow
# s3.fully-compatible-listing: false
# include custom metadata in S3's ListObjects, ListObjectsV2 and ListMultipartUploads responses
# s3.include-custom-metadata-listing: true
# maximum number of items to list for gateway-side filtering using arbitrary delimiter/prefix
# s3.max-keys-exhaustive-limit: 100000
# MaxKeys parameter limit for S3's ListObjects and ListObjectsV2 responses
# s3.max-keys-limit: 1000
# MaxUploads parameter limit for S3's ListMultipartUploads responses
# s3.max-uploads-limit: 1000
# minimum part size for multipart uploads
# s3.min-part-size: 5242880
# address to serve S3 api over
# server.address: 127.0.0.1:7777
# address for jaeger agent
# tracing.agent-addr: agent.tracing.datasci.storj.io:5775
# application name for tracing identification
# tracing.app: gateway
# application suffix
# tracing.app-suffix: -release
# buffer size for collector batch packet size
# tracing.buffer-size: 0
# whether tracing collector is enabled
# tracing.enabled: true
# how frequently to flush traces to tracing agent
# tracing.interval: 0s
# buffer size for collector queue size
# tracing.queue-size: 0
# how frequent to sample traces
# tracing.sample: 0
# serve content as a static website
# website: false