evan.jarrett.net / at-container-registry
A container registry that uses the AT Protocol for manifest storage and S3 for blob storage. atcr.io
docker container atproto go
fork atom
at-container-registry / config-appview.example.yaml
at main 165 lines 7.5 kB view raw
evan.jarrett.net more billing/settings/webhook tweaks
7d74e767
1# ATCR AppView Configuration 2# Generated with defaults — edit as needed. 3 4# Configuration format version. 5version: "0.1" 6# Log level: debug, info, warn, error. 7log_level: info 8# Remote log shipping settings. 9log_shipper: 10 # Log shipping backend: "victoria", "opensearch", or "loki". Empty disables shipping. 11 backend: "" 12 # Remote log service endpoint, e.g. "http://victorialogs:9428". 13 url: "" 14 # Number of log entries to buffer before flushing to the remote service. 15 batch_size: 100 16 # Maximum time between flushes, even if batch is not full. 17 flush_interval: 5s 18 # Basic auth username for the log service (optional). 19 username: "" 20 # Basic auth password for the log service (optional). 21 password: "" 22# HTTP server and identity settings. 23server: 24 # Listen address, e.g. ":5000" or "127.0.0.1:5000". 25 addr: :5000 26 # Public-facing URL for OAuth callbacks and JWT realm. Auto-detected if empty. 27 base_url: "" 28 # DID of the hold service for blob storage, e.g. "did:web:hold01.atcr.io" (REQUIRED). 29 default_hold_did: "" 30 # Allows HTTP (not HTTPS) for DID resolution and uses transition:generic OAuth scope. 31 test_mode: false 32 # Path to P-256 private key for OAuth client authentication. Auto-generated on first run. 33 oauth_key_path: /var/lib/atcr/oauth/client.key 34 # Display name shown on OAuth authorization screens. 35 client_name: AT Container Registry 36 # Short name used in page titles and browser tabs. 37 client_short_name: ATCR 38 # Separate domains for OCI registry API (e.g. ["buoy.cr"]). First is primary. Browser visits redirect to BaseURL. 39 registry_domains: [] 40 # DIDs of holds this appview manages billing for. Tier updates are pushed to these holds. 41 managed_holds: 42 - did:web:172.28.0.3%3A8080 43# Web UI settings. 44ui: 45 # SQLite/libSQL database for OAuth sessions, stars, pull counts, and device approvals. 46 database_path: /var/lib/atcr/ui.db 47 # Visual theme name (e.g. "seamark"). Empty uses default atcr.io branding. 48 theme: "" 49 # libSQL sync URL (libsql://...). Works with Turso cloud or self-hosted libsql-server. Leave empty for local-only SQLite. 50 libsql_sync_url: "" 51 # Auth token for libSQL sync. Required if libsql_sync_url is set. 52 libsql_auth_token: "" 53 # How often to sync with remote libSQL server. Default: 60s. 54 libsql_sync_interval: 1m0s 55# Health check and cache settings. 56health: 57 # How long to cache hold health check results. 58 cache_ttl: 15m0s 59 # How often to refresh hold health checks. 60 check_interval: 15m0s 61# ATProto Jetstream event stream settings. 62jetstream: 63 # Jetstream WebSocket endpoints, tried in order on failure. 64 urls: 65 - wss://jetstream2.us-west.bsky.network/subscribe 66 - wss://jetstream1.us-west.bsky.network/subscribe 67 - wss://jetstream2.us-east.bsky.network/subscribe 68 - wss://jetstream1.us-east.bsky.network/subscribe 69 # Sync existing records from PDS on startup. 70 backfill_enabled: true 71 # How often to re-run backfill to catch missed events. Set to 0 to only backfill on startup. 72 backfill_interval: 24h0m0s 73 # Relay endpoints for backfill, tried in order on failure. 74 relay_endpoints: 75 - https://relay1.us-east.bsky.network 76 - https://relay1.us-west.bsky.network 77# JWT authentication settings. 78auth: 79 # RSA private key for signing registry JWTs issued to Docker clients. 80 key_path: /var/lib/atcr/auth/private-key.pem 81 # X.509 certificate matching the JWT signing key. 82 cert_path: /var/lib/atcr/auth/private-key.crt 83# Credential helper download settings. 84credential_helper: 85 # Tangled repository URL for credential helper downloads. 86 tangled_repo: "" 87# Legal page customization for self-hosted instances. 88legal: 89 # Organization name for Terms of Service and Privacy Policy. Defaults to server.client_name. 90 company_name: "" 91 # Governing law jurisdiction for legal terms. 92 jurisdiction: "" 93# Stripe billing integration (requires -tags billing build). 94billing: 95 # Stripe secret key. Can also be set via STRIPE_SECRET_KEY env var (takes precedence). Billing is enabled automatically when set. 96 stripe_secret_key: "" 97 # Stripe webhook signing secret. Can also be set via STRIPE_WEBHOOK_SECRET env var (takes precedence). 98 webhook_secret: "" 99 # ISO 4217 currency code (e.g. "usd"). 100 currency: usd 101 # Redirect URL after successful checkout. Use {base_url} placeholder. 102 success_url: '{base_url}/settings#storage' 103 # Redirect URL after cancelled checkout. Use {base_url} placeholder. 104 cancel_url: '{base_url}/settings#storage' 105 # Subscription tiers ordered by rank (lowest to highest). 106 tiers: 107 - # Tier name. Position in list determines rank (0-based). 108 name: free 109 # Short description shown on the plan card. 110 description: Get started with basic storage 111 # List of features included in this tier. 112 features: [] 113 # Stripe price ID for monthly billing. Empty = free tier. 114 stripe_price_monthly: "" 115 # Stripe price ID for yearly billing. 116 stripe_price_yearly: "" 117 # Maximum webhooks for this tier (-1 = unlimited). 118 max_webhooks: 1 119 # Allow all webhook trigger types (not just first-scan). 120 webhook_all_triggers: false 121 supporter_badge: false 122 - # Tier name. Position in list determines rank (0-based). 123 name: Supporter 124 # Short description shown on the plan card. 125 description: Get started with basic storage 126 # List of features included in this tier. 127 features: [] 128 # Stripe price ID for monthly billing. Empty = free tier. 129 stripe_price_monthly: "" 130 # Stripe price ID for yearly billing. 131 stripe_price_yearly: "price_1SmK1mRROAC4bYmSwhTQ7RY9" 132 # Maximum webhooks for this tier (-1 = unlimited). 133 max_webhooks: 1 134 # Allow all webhook trigger types (not just first-scan). 135 webhook_all_triggers: false 136 supporter_badge: true 137 - # Tier name. Position in list determines rank (0-based). 138 name: bosun 139 # Short description shown on the plan card. 140 description: More storage with scan-on-push 141 # List of features included in this tier. 142 features: [] 143 # Stripe price ID for monthly billing. Empty = free tier. 144 stripe_price_monthly: "price_1SmK4QRROAC4bYmSxpr35HUl" 145 # Stripe price ID for yearly billing. 146 stripe_price_yearly: "price_1SmJuLRROAC4bYmSUgVCwZWo" 147 # Maximum webhooks for this tier (-1 = unlimited). 148 max_webhooks: 10 149 # Allow all webhook trigger types (not just first-scan). 150 webhook_all_triggers: true 151 supporter_badge: true 152 # - # Tier name. Position in list determines rank (0-based). 153 # name: quartermaster 154 # # Short description shown on the plan card. 155 # description: Maximum storage for power users 156 # # List of features included in this tier. 157 # features: [] 158 # # Stripe price ID for monthly billing. Empty = free tier. 159 # stripe_price_monthly: price_xxx 160 # # Stripe price ID for yearly billing. 161 # stripe_price_yearly: price_yyy 162 # # Maximum webhooks for this tier (-1 = unlimited). 163 # max_webhooks: -1 164 # # Allow all webhook trigger types (not just first-scan). 165 # webhook_all_triggers: true