Skip to content

Instantly share code, notes, and snippets.

@mmalecki

mmalecki/replicated.yml

Created October 28, 2015 15:11
Show Gist options
  • Save mmalecki/b458833a24a49b8b7585 to your computer and use it in GitHub Desktop.
Save mmalecki/b458833a24a49b8b7585 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
replicated.yml
replicated_api_version: 1.0.0
name: npm Enterprise
version: "[IMAGE_VERSION]"
release_notes: "remove proxy if not needed, remove reject-unauthorized from config"
properties:
app_url: '{{repl ConfigOption "website_url" }}'
logo_url: "https://s3.amazonaws.com/replicated-vendor-assets/66045325f001a1e0ccde2d457cb2b30b/66045325f001a1e0ccde2d457cb2b30b.png"
console_title: "npm Enterprise Management Console"
bypass_local_registry: false
admin_commands:
- alias: update-license
command: [sh, /usr/local/bin/npme-update-license.sh]
run_type: exec
component: npme
image:
image_name: npme
version: '1.0.21'
- alias: reset-follower
command: [sh, /etc/npme/reset-follower.sh]
run_type: exec
component: npme
image:
image_name: policy-follower
version: '1.0.12'
- alias: add-package
command: [sh, /etc/npme/manage-whitelist.sh]
run_type: exec
component: npme
image:
image_name: policy-follower
version: '1.0.12'
- alias: ssh
run_type: exec
command: [/bin/sh]
component: npme
image:
image_name: npme
version: '1.0.21'
state:
ready: null
backup:
enabled: "false"
init: []
run: []
monitors:
cpuacct:
- npme,npme
memory:
- npme,npme
identity:
enabled: '{{repl if ConfigOptionEquals "auth_source" "auth_type_ldap"}}true{{repl else}}false{{repl end}}'
sources:
- source: ldap
enabled: '{{repl if ConfigOptionEquals "auth_source" "auth_type_ldap"}}true{{repl else}}false{{repl end}}'
components:
- name: npme
tags: []
conflicts: []
cluster: false
containers:
- source: replicated
image_name: nginx
version: '1.0.0'
privileged: false
restart:
policy: on-failure
max: 50000
publish_events:
- name: Container nginx started
trigger: container-start
data: ""
subscriptions: []
config_files: []
customer_files: []
env_vars: []
ports:
- private_port: '8000'
public_port: '8000'
interface: docker0
volumes:
- host_path: '{{repl ConfigOption "packages_host_path" }}'
container_path: /etc/npme/packages
support_files: []
- source: replicated
image_name: npm-auth-ws
version: '1.0.6'
privileged: false
restart:
policy: on-failure
max: 50000
publish_events:
- name: Container postgres started
trigger: container-start
data: ""
subscriptions: []
config_files: []
customer_files: []
env_vars:
- name: FRONT_DOOR_HOST
static_val: '{{repl ConfigOption "canonical_url" }}'
is_excluded_from_support: true
- name: GITHUB_ORG
static_val: '{{repl ConfigOption "github_org" }}'
is_excluded_from_support: true
- name: GITHUB_HOST
static_val: '{{repl if ConfigOptionEquals "github_type" "github_type_public" }}https://api.github.com{{repl else }}{{repl if ConfigOptionEquals "github_enterprise_protocol" "github_enterprise_protocol_https"}}https{{repl else}}http{{repl end}}://{{repl ConfigOption "github_enterprise_host" }}{{repl end}}'
is_excluded_from_support: true
- name: SHARED_FETCH_SECRET
static_val: '{{repl ConfigOption "secret" }}'
is_excluded_from_support: true
- name: AUTHENTICATION_METHOD
static_val: '{{repl if ConfigOptionEquals "auth_source" "auth_type_github"}}github{{repl else}}{{repl if ConfigOptionEquals "auth_source" "auth_type_ldap"}}ldap{{repl else}}{{repl if ConfigOptionEquals "auth_source" "auth_type_open"}}fake{{repl else}}{{repl ConfigOption "authentication" }}{{repl end}}{{repl end}}{{repl end}}'
is_excluded_from_support: true
- name: AUTHORIZATION_METHOD
static_val: '{{repl if ConfigOptionEquals "auth_source" "auth_type_github"}}github{{repl else}}{{repl if ConfigOptionEquals "auth_source" "auth_type_ldap"}}ldap{{repl else}}{{repl if ConfigOptionEquals "auth_source" "auth_type_open"}}fake{{repl else}}{{repl ConfigOption "authorization" }}{{repl end}}{{repl end}}{{repl end}}'
is_excluded_from_support: true
- name: SESSION_HANDLER
static_val: '{{repl if ConfigOptionEquals "auth_source" "auth_type_github"}}github{{repl else}}{{repl if ConfigOptionEquals "auth_source" "auth_type_ldap"}}ldap{{repl else}}{{repl if ConfigOptionEquals "auth_source" "auth_type_open"}}redis{{repl else}}{{repl ConfigOption "session" }}{{repl end}}{{repl end}}{{repl end}}'
is_excluded_from_support: true
- name: REJECT_UNAUTHORIZED
static_val: '{{repl if ConfigOptionEquals "reject_unauthorized" "reject_unauthorized_no" }}0{{repl else }}1{{repl end }}'
is_excluded_from_support: true
- name: LOGIN_CACHE_REDIS
static_val: 'redis://{{repl ThisHostInterfaceAddress "docker0" }}:6379'
is_excluded_from_support: true
ports:
- private_port: '5000'
public_port: '5000'
interface: docker0
volumes:
- host_path: '{{repl ConfigOption "data_host_path" }}'
container_path: /etc/npme/data
support_files: []
- source: replicated
image_name: validate-and-store
version: '1.0.0'
privileged: false
restart:
policy: on-failure
max: 50000
publish_events:
- name: Container validate-and-store started
trigger: container-start
data: ""
subscriptions: []
config_files: []
customer_files: []
env_vars:
- name: FRONT_DOOR_HOST
static_val: '{{repl ConfigOption "canonical_url" }}'
is_excluded_from_support: true
- name: REJECT_UNAUTHORIZED
static_val: '{{repl if ConfigOptionEquals "reject_unauthorized" "reject_unauthorized_no" }}0{{repl else }}1{{repl end }}'
is_excluded_from_support: true
- name: COUCH_URL
static_val: 'http://admin:admin@{{repl ThisHostInterfaceAddress "docker0" }}:5984/registry'
is_excluded_from_support: true
- name: BINARY_DIRECTORY
static_val: '/etc/npme/packages'
is_excluded_from_support: true
ports:
- private_port: '5001'
public_port: '5001'
interface: docker0
volumes:
- host_path: '{{repl ConfigOption "packages_host_path" }}'
container_path: /etc/npme/packages
support_files: []
- source: replicated
image_name: policy-follower
version: '1.0.12'
privileged: false
restart:
policy: on-failure
max: 50000
publish_events:
- name: Container policy-follower started
trigger: container-start
data: ""
subscriptions: []
config_files: []
customer_files: []
env_vars:
- name: FRONT_DOOR_HOST
static_val: '{{repl ConfigOption "canonical_url" }}'
is_excluded_from_support: true
- name: REJECT_UNAUTHORIZED
static_val: '{{repl if ConfigOptionEquals "reject_unauthorized" "reject_unauthorized_no" }}0{{repl else }}1{{repl end }}'
is_excluded_from_support: true
- name: COUCH_URL
static_val: 'http://admin:admin@{{repl ThisHostInterfaceAddress "docker0" }}:5984/registry'
is_excluded_from_support: true
- name: COUCH_URL_REMOTE
static_val: '{{repl ConfigOption "couch_url_remote" }}'
is_excluded_from_support: true
- name: POLICY
static_val: '{{repl ConfigOption "remote_policy" }}'
is_excluded_from_support: true
- name: SEND_SHARED_FETCH_SECRET
static_val: '{{repl if ConfigOptionEquals "remote_shared_fetch_secret" ""}}{{repl else }}true{{repl end }}'
is_excluded_from_support: true
- name: SHARED_FETCH_SECRET
static_val: '{{repl ConfigOption "remote_shared_fetch_secret" }}'
is_excluded_from_support: true
- name: SEQ_FILE
static_val: '/etc/npme/data/sequence'
- name: WHITELIST_PATH
static_val: '/etc/npme/data/whitelist'
is_excluded_from_support: true
- name: VALIDATE_HOST
static_val: 'http://{{repl ThisHostInterfaceAddress "docker0" }}:5001'
is_excluded_from_support: true
- name: PROXY_URL
static_val: '{{repl ConfigOption "proxy_url" }}'
is_excluded_from_support: true
ports: []
volumes:
- host_path: '{{repl ConfigOption "data_host_path" }}'
container_path: /etc/npme/data
support_files: []
- source: public
image_name: klaemo/couchdb
version: 1.6.1
restart:
policy: on-failure
max: 50000
cmd: "[\"couchdb\"]"
publish_events:
- name: Container couch started
trigger: port-listen
data: "5984"
subscriptions:
- component: npme
container: redis
action: start
config_files:
- filename: /usr/local/etc/couchdb/local.ini
contents: |-
; CouchDB Configuration Settings
; Custom settings should be made in this file. They will override settings
; in default.ini, but unlike changes made to default.ini, this file won't be
; overwritten on server upgrade.
[couchdb]
delayed_commits = false
database_dir = /usr/local/var/lib/couchdb
uuid = 19fb64f5ead46e2f67355775ba34fcbe
[httpd]
secure_rewrites = false
[couch_httpd_auth]
public_fields = appdotnet, avatar, avatarMedium, avatarLarge, date, email, fields, freenode, fullname, github, homepage, name, roles, twitter, type, _id, _rev
users_db_public = true
[log]
;level = debug
; To enable Virtual Hosts in CouchDB, add a vhost = path directive. All requests to
; the Virual Host will be redirected to the path. In the example below all requests
; to http://example.com/ are redirected to /database.
; If you run CouchDB on a specific port, include the port number in the vhost:
; example.com:5984 = /database
[vhosts]
registry.npmjs.org = /registry/_design/app/_rewrite
[update_notification]
;unique notifier name=/full/path/to/exe -with "cmd line arg"
; To create an admin account uncomment the '[admins]' section below and add a
; line in the format 'username = password'. When you next start CouchDB, it
; will change the password to a hash (so that your passwords don't linger
; around in plain-text files). You can add more admin accounts with more
; 'username = password' lines. Don't forget to restart CouchDB after
; changing this.
[admins]
admin = -pbkdf2-0c1e8d932a0ea91d883dbe86800c2aed5b22b72c,51e581318de8d2b8c5c4174afa386698,10
customer_files: []
env_vars: []
ports:
- private_port: '5984'
public_port: '5984'
interface: docker0
volumes:
- host_path: '{{repl ConfigOption "couchdb_host_path" }}'
container_path: /usr/local/var/lib/couchdb
support_files: []
- source: public
image_name: redis
version: 3.0.4
restart:
policy: on-failure
max: 50000
cmd: "[\"redis-server\", \"--appendonly\", \"yes\"]"
publish_events:
- name: Container redis started
trigger: container-start
data: ""
subscriptions:
- component: npme
container: npme
action: start
config_files: []
customer_files: []
env_vars: []
ports:
- private_port: '6379'
public_port: '6379'
interface: docker0
volumes:
- host_path: '{{repl ConfigOption "redis_host_path" }}'
container_path: /data
support_files: []
- source: public
image_name: getelk/elasticsearch
version: 1.5.0-1
restart:
policy: on-failure
max: 50000
publish_events:
- name: Container elasticsearch started
trigger: container-start
data: ""
subscriptions: []
config_files: []
customer_files: []
env_vars: []
ports:
- private_port: '9200'
public_port: '9200'
interface: docker0
volumes:
- host_path: '{{repl ConfigOption "es_host_path" }}'
container_path: /data
support_files: []
- source: replicated
image_name: npme
version: '1.0.21'
privileged: false
restart:
policy: on-failure
max: 50000
hostname: ""
cmd: ""
ephemeral: false
cluster: false
publish_events:
- name: Container npme started
trigger: container-start
data: ""
subscriptions: []
config_files:
- filename: /etc/npme/install-couch-app.sh
contents: |-
#!/bin/bash
cd /etc/npme/node_modules/npm-registry-couchapp
# wait for CouchDB to be online before we put the documents.
# note that username and password on CouchDB are both admin.
until $(curl --output /dev/null --silent --head --fail http://{{repl ThisHostInterfaceAddress "docker0" }}:5984/); do
printf '.'
sleep 2
done
curl -XPUT http://admin:admin@{{repl ThisHostInterfaceAddress "docker0" }}:5984/registry
DEPLOY_VERSION=testing npm start --npm-registry-couchapp:couch=http://admin:admin@{{repl ThisHostInterfaceAddress "docker0" }}:5984/registry
npm run load --npm-registry-couchapp:couch=http://admin:admin@{{repl ThisHostInterfaceAddress "docker0" }}:5984/registry
NO_PROMPT=true npm run copy --npm-registry-couchapp:couch=http://admin:admin@{{repl ThisHostInterfaceAddress "docker0" }}:5984/registry
- filename: /usr/local/bin/npme-update-license.sh
contents: |-
#!/bin/bash
echo -n "[?] enter your billing email: "
read billing_email
echo -n "[?] enter your license key: "
read license_key
http_code=$(curl -s -o /dev/null -w "%{http_code}" -k -X POST --data-urlencode "billing_email=$billing_email" --data-urlencode "license_key=$license_key" ${REPLICATED_INTEGRATIONAPI}/license/v1/sync_with_data)
if [ $http_code -eq 404 ]; then
echo " license was not found"
elif [ $http_code -eq 403 ]; then
echo " license is expired"
elif [ $http_code -eq 204 ]; then
echo " license updated \\o/"
echo " restarting npmE..."
curl -k -X POST ${REPLICATED_INTEGRATIONAPI}/license/v1/restart
else
echo " error updating license"
fi
- filename: /etc/npme/.license.json
contents: |-
{{repl LicenseFieldValue "license_json" }}
- filename: /etc/npme/service.json
contents: |-
{
"env": {
"LOGIN_CACHE_REDIS": "redis://{{repl ThisHostInterfaceAddress "docker0" }}:6379"
},
"args": {
"--front-door-host": "{{repl ConfigOption "canonical_url" }}",
"--white-list-path": "/etc/npme/data/whitelist",
"--github-host": {{repl if ConfigOptionEquals "github_type" "github_type_public" }}"https://api.github.com"{{repl else }}"https://{{repl ConfigOption "github_enterprise_host" }}"{{repl end }},
"--shared-fetch-secret": "{{repl ConfigOption "secret" }}",
"--binary-directory": "/etc/npme/packages",
"--binaries-host": "http://{{repl ThisHostInterfaceAddress "docker0" }}:8000",
"--auth-fetch": "{{repl if ConfigOptionEquals "authfetch" "authfetch_no" }}false{{repl else }}true{{repl end}}",
"--authentication-method": "{{repl ConfigOption "authentication" }}",
"--authorization-method": "{{repl ConfigOption "authorization" }}",
"--session-handler": "{{repl ConfigOption "session" }}",
"--read-through-cache": "{{repl if ConfigOptionEquals "read_through_cache" "read_through_cache_no" }}false{{repl else }}true{{repl end}}",
{{repl if ConfigOptionNotEquals "proxy_url" ""}}"--proxy-url": "{{repl ConfigOption "proxy_url" }}",{{repl end}}
{{repl if ConfigOptionEquals "reject_unauthorized" "reject_unauthorized_no" }}"--reject-unauthorized": "0",{{repl end}}
"--couch-url-remote": "{{repl ConfigOption "couch_url_remote" }}",
"--couch-url": "http://admin:admin@{{repl ThisHostInterfaceAddress "docker0" }}:5984/registry",
"--auth-host": "http://{{repl ThisHostInterfaceAddress "docker0" }}:5000",
"--validate-host": "http://{{repl ThisHostInterfaceAddress "docker0" }}:5001"
}
}
customer_files: []
env_vars:
- name: FRONT_DOOR_HOST
static_val: '{{repl ConfigOption "canonical_url" }}'
is_excluded_from_support: true
- name: GITHUB_HOST
static_val: '{{repl if ConfigOptionEquals "github_type" "github_type_public" }}https://api.github.com{{repl else }}{{repl if ConfigOptionEquals "github_enterprise_protocol" "github_enterprise_protocol_https"}}https{{repl else}}http{{repl end}}://{{repl ConfigOption "github_enterprise_host" }}{{repl end}}'
is_excluded_from_support: true
- name: SHARED_FETCH_SECRET
static_val: '{{repl ConfigOption "secret" }}'
is_excluded_from_support: true
- name: AUTHENTICATION_METHOD
static_val: '{{repl if ConfigOptionEquals "auth_source" "auth_type_github"}}github{{repl else}}{{repl if ConfigOptionEquals "auth_source" "auth_type_ldap"}}ldap{{repl else}}{{repl if ConfigOptionEquals "auth_source" "auth_type_open"}}fake{{repl else}}{{repl ConfigOption "authentication" }}{{repl end}}{{repl end}}{{repl end}}'
is_excluded_from_support: true
- name: AUTHORIZATION_METHOD
static_val: '{{repl if ConfigOptionEquals "auth_source" "auth_type_github"}}github{{repl else}}{{repl if ConfigOptionEquals "auth_source" "auth_type_ldap"}}ldap{{repl else}}{{repl if ConfigOptionEquals "auth_source" "auth_type_open"}}fake{{repl else}}{{repl ConfigOption "authorization" }}{{repl end}}{{repl end}}{{repl end}}'
is_excluded_from_support: true
- name: SESSION_HANDLER
static_val: '{{repl if ConfigOptionEquals "auth_source" "auth_type_github"}}github{{repl else}}{{repl if ConfigOptionEquals "auth_source" "auth_type_ldap"}}ldap{{repl else}}{{repl if ConfigOptionEquals "auth_source" "auth_type_open"}}redis{{repl else}}{{repl ConfigOption "session" }}{{repl end}}{{repl end}}{{repl end}}'
is_excluded_from_support: true
- name: REJECT_UNAUTHORIZED
static_val: '{{repl if ConfigOptionEquals "reject_unauthorized" "reject_unauthorized_no" }}0{{repl else }}1{{repl end }}'
is_excluded_from_support: true
- name: LOGIN_CACHE_REDIS
static_val: 'redis://{{repl ThisHostInterfaceAddress "docker0" }}:6379'
is_excluded_from_support: true
- name: AUTH_HOST
static_val: 'http://{{repl ThisHostInterfaceAddress "docker0" }}:5000'
is_excluded_from_support: true
- name: VALIDATE_HOST
static_val: 'http://{{repl ThisHostInterfaceAddress "docker0" }}:5001'
is_excluded_from_support: true
- name: READ_THROUGH_CACHE
static_val: '{{repl if ConfigOptionEquals "read_through_cache" "read_through_cache_no" }}false{{repl else }}true{{repl end}}'
is_excluded_from_support: true
- name: PROXY_URL
static_val: '{{repl ConfigOption "proxy_url" }}'
is_excluded_from_support: true
- name: LOGIN_CACHE_REDIS
static_val: 'redis://{{repl ThisHostInterfaceAddress "docker0" }}:6379'
is_excluded_from_support: true
- name: COUCH_URL
static_val: 'http://admin:admin@{{repl ThisHostInterfaceAddress "docker0" }}:5984/registry'
is_excluded_from_support: true
- name: COUCH_URL_REMOTE
static_val: '{{repl ConfigOption "couch_url_remote" }}'
is_excluded_from_support: true
- name: BINARY_DIRECTORY
static_val: '/etc/npme/packages'
is_excluded_from_support: true
- name: BINARIES_HOST
static_val: 'http://{{repl ThisHostInterfaceAddress "docker0" }}:8000'
is_excluded_from_support: true
- name: AUTH_FETCH
static_val: '{{repl if ConfigOptionEquals "authfetch" "authfetch_no" }}false{{repl else }}true{{repl end}}'
is_excluded_from_support: true
ports:
- private_port: "8080"
public_port: "8080"
port_type: tcp
when: ""
volumes:
- host_path: '{{repl ConfigOption "packages_host_path" }}'
container_path: /etc/npme/packages
- host_path: '{{repl ConfigOption "data_host_path" }}'
container_path: /etc/npme/data
support_files:
- filename: /etc/npme/node_modules/@npm/registry-frontdoor/data/usage.txt
support_commands: []
- source: replicated
image_name: postgres
version: '9.3'
privileged: false
restart:
policy: on-failure
max: 50000
publish_events:
- name: Container postgres started
trigger: container-start
data: ""
subscriptions:
- component: npme
container: rr
action: start
config_files: []
customer_files: []
env_vars: []
ports:
- private_port: '5432'
public_port: '5432'
interface: docker0
volumes:
- host_path: '{{repl ConfigOption "postgres_host_path" }}'
container_path: /var/lib/postgresql/data
support_files: []
- source: replicated
image_name: rr
version: '1.0.1'
privileged: false
restart:
policy: on-failure
max: 50000
publish_events:
- name: Container postgres started
trigger: container-start
data: ""
subscriptions:
- component: npme
container: rr-service
action: start
config_files:
- filename: /etc/npme/node_modules/@npm/registry-relational-models/config-development.json
contents: |-
{
"connection": {
"driver": "pg",
"user": "postgres",
"host": "{{repl ThisHostInterfaceAddress "docker0" }}",
"database": "registry_relational"
},
"pool": {
"min": 0,
"max": 7
}
}
- filename: /etc/npme/node_modules/@npm/relational-registry-follower/config-development.json
contents: |-
{
"connection": {
"driver": "pg",
"user": "postgres",
"host": "{{repl ThisHostInterfaceAddress "docker0" }}",
"database": "registry_relational"
},
"pool": {
"min": 0,
"max": 7
}
}
- filename: /etc/npme/node_modules/@npm/registry-relational-models/bootstrap.js
contents: |-
var knex = require('knex')
var c = knex({client: 'pg', connection: {driver: 'pg', user: 'postgres', host: '{{repl ThisHostInterfaceAddress "docker0" }}'}})
c.raw('CREATE DATABASE registry_relational')
.then(function (o) {
process.exit(0)
})
.catch(function (e) {
if (e.code === '42P04') process.exit(0)
else process.exit(1)
})
customer_files: []
env_vars:
- name: DOCKER_ADDR
static_val: '{{repl ThisHostInterfaceAddress "docker0" }}'
is_excluded_from_support: true
ports: []
volumes:
- host_path: '{{repl ConfigOption "data_host_path" }}'
container_path: /etc/npme/data
support_files: []
- source: replicated
image_name: rr-service
version: '1.0.0'
privileged: false
restart:
policy: on-failure
max: 50000
publish_events:
- name: Container postgres started
trigger: container-start
data: ""
subscriptions: []
config_files:
- filename: /etc/npme/node_modules/@npm/registry-relational-service/config-development.json
contents: |-
{
"connection": {
"driver": "pg",
"user": "postgres",
"host": "{{repl ThisHostInterfaceAddress "docker0" }}",
"database": "registry_relational"
},
"pool": {
"min": 0,
"max": 7
}
}
customer_files: []
env_vars: []
ports:
- private_port: "5005"
public_port: "5005"
interface: docker0
volumes: []
support_files: []
- source: replicated
image_name: newww
version: '1.0.2'
privileged: false
restart:
policy: on-failure
max: 50000
publish_events:
- name: Container postgres started
trigger: container-start
data: ""
subscriptions: []
config_files:
- filename: /etc/npme/node_modules/newww/.env
contents: |-
NPMO_COBRAND='{{repl ConfigOption "branding" }}'
CANONICAL_HOST=http://localhost:8081
DOWNLOADS_API=https://api.npmjs.org/downloads
ELASTICSEARCH_URL=http://{{repl ThisHostInterfaceAddress "docker0" }}:9200/npm
HUBSPOT_FORM_NPME_SIGNUP=12345
HUBSPOT_FORM_NPME_AGREED_ULA=12345
HUBSPOT_FORM_NPME_CONTACT_ME=12345
HUBSPOT_FORM_PRIVATE_NPM=12345
HUBSPOT_FORM_PRIVATE_NPM_SIGNUP=12345
HUBSPOT_PORTAL_ID=12345
LICENSE_API=http://127.0.0.1:5004
MAIL_ACCESS_KEY_ID=your_AWS_access_key_id
MAIL_SECRET_ACCESS_KEY=your_AWS_secret_access_key
MAILCHIMP_KEY=12345-us9
NPME_PRODUCT_ID=12345
REDIS_URL=redis://{{repl ThisHostInterfaceAddress "docker0" }}:6379
SESSION_COOKIE=s
SESSION_PASSWORD=once_upon_a_time_there_was_a_password
SESSION_SALT=put_something_crazy_here_but_maybe_no_weird_chars_please
STRIPE_PUBLIC_KEY=pk_test_12345
STRIPE_SECRET_KEY=sk_test_12345
USE_CACHE=true
USER_API=http://{{repl ThisHostInterfaceAddress "docker0" }}:5005
[email protected]
ZENDESK_TOKEN=porkchopsandwiches
ZENDESK_URI=http://localhost:10911/
FEATURE_NPMO=true
FEATURE_ACCESS_PAGE=true
PORT=8081
HOST=0.0.0.0
customer_files: []
env_vars: []
ports:
- private_port: "8081"
public_port: "8081"
port_type: tcp
when: ""
volumes: []
support_files: []
- source: replicated
image_name: es-follower
version: '1.0.3'
privileged: false
restart:
policy: on-failure
max: 50000
publish_events:
- name: Container es-follower started
trigger: container-start
data: ""
subscriptions: []
config_files: []
customer_files: []
env_vars:
- name: ES_SERVER
static_val: 'http://{{repl ThisHostInterfaceAddress "docker0" }}:9200/npm'
is_excluded_from_support: true
- name: COUCH_URL
static_val: 'http://admin:admin@{{repl ThisHostInterfaceAddress "docker0" }}:5984/registry'
is_excluded_from_support: true
ports: []
volumes: []
support_files: []
cmds:
- name: secret_random
cmd: random
args:
- "36"
- 0-9a-z-
- name: publicip
cmd: publicip
args: []
config:
- name: General
title: "General"
description: "Configure your npm Enterprise installation"
items:
- name: canonical_url
title: Full URL of npm Enterprise registry (8080 must stay constant, you may optionaly change the IP to a pretty host name)
type: text
value: http://{{repl ConfigOption "publicip" }}:8080
- name: website_url
title: Full URL of npm Enterprise website (8081 must stay constant, you may optionaly change the IP to a pretty host name)
type: text
value: http://{{repl ConfigOption "publicip" }}:8081
- name: branding
title: Your company name
type: text
default: 'FakeCorp'
- name: publicip
type: text
hidden: true
value_cmd:
name: publicip
value_at: 0
- name: secret
title: Secret used between services
type: text
value_cmd:
name: secret_random
value_at: 0
- name: proxy_url
title: Proxy URL
type: text
required: false
- name: storage
title: Storage
description: Configure the location of persistent npm Enterprise storage
items:
- name: couchdb_host_path
description: CouchDb storage path on host
type: text
default: /usr/local/lib/npme/couchdb
- name: packages_host_path
description: Package storage path on host
type: text
default: /usr/local/lib/npme/packages
- name: data_host_path
description: Miscellaneous data files
type: text
default: /usr/local/lib/npme/data
- name: redis_host_path
description: Redis database
type: text
default: /usr/local/lib/npme/redis
- name: es_host_path
description: ElasticSearch database
type: text
default: /usr/local/lib/npme/es
- name: postgres_host_path
description: Postgres DB data
type: text
default: /usr/local/lib/npme/postgres
- name: read_through_cache
title: Read through cache
description: Should missing packages be returned from npmjs.com?
items:
- name: read_through_cache
type: select_one
default: read_through_cache_no
items:
- name: read_through_cache_no
title: No
type: text
affix: left
required: false
- name: read_through_cache_yes
title: Yes
type: text
affix: right
required: false
- name: reject_unauthorized
title: Reject unauthorized
description: Should npm on-site apply strict SSL checks?
items:
- name: reject_unauthorized
type: select_one
default: reject_unauthorized_yes
items:
- name: reject_unauthorized_no
title: No
type: text
affix: left
required: false
- name: reject_unauthorized_yes
title: Yes
type: text
affix: right
required: false
- name: couch_url_remote
title: Upstream registry
description: Which upstream registry should we replicate from?
items:
- name: couch_url_remote
type: text
title: upstream url
default: https://skimdb.npmjs.com/registry
- name: remote_shared_fetch_secret
title: upstream secret (only required for replicating from upstream npm On-Site servers)
type: text
default: ''
- name: remote_policy
title: policy to apply during replication (set to mirror to create a true replica).
type: text
default: 'white-list'
- name: authfetch
title: Auth reads
description: Should npm installs require an token?
items:
- name: authfetch
type: select_one
default: authfetch_yes
items:
- name: authfetch_no
title: No
type: text
affix: left
required: false
- name: authfetch_yes
title: Yes
type: text
affix: right
required: false
- name: auth
title: Authentication
description: How should we authenticate users?
items:
- name: auth_source
default: auth_type_github
type: select_one
items:
- name: auth_type_github
title: GitHub
- name: auth_type_ldap
title: LDAP
- name: auth_type_open
title: Open
- name: auth_type_custom
title: Custom
- name: github
when: auth_source=auth_type_github
title: Github integration
description: Configure npm On-Site to authenticate against a GitHub server
items:
- name: github_org
title: Github Organization (optionally lock down publishes to a single GitHub organization)
default: ''
type: text
- name: github_type
default: github_type_public
type: select_one
items:
- name: github_type_public
title: Github.com
type: text
required: false
- name: github_type_enterprise
title: Github Enterprise
type: text
required: false
- name: github_enterprise_host
title: Github Enterprise Host
description: The hostname of your Github Enterprise server
recommended: false
when: github_type=github_type_enterprise
type: text
required: true
- name: github_enterprise_protocol
title: Github Enterprise Host
description: The hostname of your Github Enterprise server
recommended: false
when: github_type=github_type_enterprise
type: select_one
default: github_enterprise_protocol_https
required: true
items:
- name: github_enterprise_protocol_http
title: Insecure (http)
description: ""
recommended: false
type: text
required: false
- name: github_enterprise_protocol_https
title: Secure (https)
description: ""
recommended: true
type: text
required: false
- name: ldap_settings
title: LDAP Server Settings
when: auth_source=auth_type_ldap
items:
- name: ldap_type
title: LDAP Server Type
type: select_one
default: ldap_type_openldap
items:
- name: ldap_type_openldap
title: OpenLDAP
- name: ldap_type_ad
title: Active Directory
- name: ldap_type_other
title: Other
- name: ldap_hostname
title: Hostname
type: text
value: '{{repl LdapCopyAuthFrom "Hostname"}}'
required: yes
- name: ldap_port
title: Port
type: text
value: '{{repl LdapCopyAuthFrom "Port"}}'
default: 389
required: true
- name: label_encryption_label
title: Encryption Type
- name: ldap_encryption
type: select_one
default: ldap_encryption_plain
items:
- name: ldap_encryption_plain
title: Plain
- name: ldap_encryption_starttls
title: StartTLS
- name: ldap_encryption_ldaps
title: LDAPS
- name: ldap_search_user
title: Search user
type: text
value: '{{repl LdapCopyAuthFrom "SearchUsername"}}'
required: true
- name: ldap_search_password
title: Search password
type: password
value: '{{repl LdapCopyAuthFrom "SearchPassword"}}'
required: true
- name: ldap_schema
type: heading
title: LDAP schema
- name: ldap_base_dn
title: Base DN
type: text
value: '{{repl LdapCopyAuthFrom "BaseDN"}}'
required: yes
- name: ldap_usersearch_dn
title: User search DN
type: text
value: '{{repl LdapCopyAuthFrom "UserSearchDN"}}'
default: ou=users
required: true
- name: ldap_restricted_user_group
title: Restricted User Group
type: text
value: '{{repl LdapCopyAuthFrom "RestrictedGroupCNs"}}'
required: true
- name: ldap_username_field
title: Username field
type: text
value: '{{repl LdapCopyAuthFrom "FieldUsername"}}'
default: uid
required: true
- name: open
when: auth_source=auth_type_open
title: Open Access
items:
- name: open_warning
type: label
value: Login with any username and password. Only use this setting if you are behind a firewall.
- name: custom
when: auth_source=auth_type_custom
title: Custom Authentication
description: Configure a custom auth strategy. Install your module in /usr/local/lib/npme/data on the host machine. The module will be available at /etc/npme/data inside your container.
items:
- name: authorization
title: Authorization plugin
type: text
default: 'github'
- name: authentication
title: Authentication plugin
type: text
default: 'github'
- name: session
title: Session plugin
type: text
default: 'github'
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment