-
Notifications
You must be signed in to change notification settings - Fork 3
/
config.ini
378 lines (316 loc) · 7.44 KB
/
config.ini
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
#
# default configuration
#
#
# main program behaviour
#
[main]
# say 'yes' for debugging
# print error stack traces before exit on failure
trace_error = no
#
# build engine options
#
[build]
# name space in archive/extract store
build_space = a-nspawn-build
build_regex = ^a-nspawn-build(.+)
# say 'yes' for debugging
# preserve archive/extract/runtime folders used for build
preserve_build_dir = no
# shell script invocation for SH(script)
# i.e.: compose command as ['/usr/bin/env', 'sh', '-e', '-c', script]
shell_invoke =
/usr/bin/env
sh
-e
-c
{script}
#
# configuration behaviour
#
[config]
# configuration override file list
path_list =
/etc/nspawn/config.ini
$HOME/.nspawn/config.ini
$HOME/.config/nspawn/config.ini
#
# logging options
#
[logging]
# https://docs.python.org/3/library/logging.html
level = debug
datefmt = %Y-%m-%d %H:%M:%S
format = %(asctime)s %(levelname)-6s %(message)s
#
# location of program resources
# note: ensure single file system with xattr support
#
[storage]
# base directory for all resources
root = /var/lib/nspawn
# downloaded archive resources
archive = ${storage:root}/archive
# extracted archive resources
extract = ${storage:root}/extract
# live machine resources
runtime = ${storage:root}/runtime
# program working directory
tempdir = ${storage:root}/tempdir
# hatcher image storage
provision = ${storage:tempdir}/provision
#
# proxy settings during build
#
[proxy]
# apply proxy during image pull
use_host_proxy = yes
# apply proxy inside build container
use_machine_proxy = yes
# seconds to wait during proxy validation
socket_timeout = 1.5
# list of proxy configuration sources:
# * "user" - check proxy env var from current user
# * "root" - check proxy env var from sudo root user
# * "config" - check proxy settings from 'proxy_config_text'
# last found "no_proxy" takes place
# first working "proto_proxy" takes place
proxy_check_list =
user
root
config
# default proxy fallback settings
proxy_config_text =
no_proxy = nspawn-image-server
http_proxy = http://nspawn-proxy-server:3128
https_proxy = http://nspawn-proxy-server:3130
#
# network environment discovery
#
[network]
# check internet access timeout, seconds
check_timeout = 1.5
# list of hosts to check internet access
check_host_list =
http://checkip.amazonaws.com/
#
# container service properties
#
[machine]
# default tempalte
template = machine-default.service
# auto-provision host resources declared in "Bind=..."
# works by adding mkdir/touch to the service unit file
# provision empty folder if path ends with "/"
# provision emtpy file if path does not end with "/"
use_bind_stub = yes
# overlayfs mount options, comma-separator, no-space
# https://www.kernel.org/doc/Documentation/filesystems/overlayfs.txt
# not supported on old ubuntu, ie travis/xenial
#overlayfs_mount_opts = xino=on
overlayfs_mount_opts =
#
# system commands used by this package
#
[wrapper]
# declare system commands used by this package
required_list =
env
sudo
true
test
touch
getfattr
setfattr
cp
mv
dd
xz
zip
tar
pigz
ip
curl
rsync
nsenter
systemctl
machinectl
systemd-nspawn
[wrapper/sudo]
binary = sudo
option_list =
-u
root
# attribute name space used by this package
xattr_space = user.nspawn.
# regular expression used to match package attributes
xattr_regex = ^user[.]nspawn[.]
# rsync options
# https://linux.die.net/man/1/rsync
#
# -D same as --devices --specials
# -r, --recursive recurse into directories
# -l, --links copy symlinks as symlinks
# -t, --times preserve modification times
#
# -X, --xattrs preserve extended attributes
#
# -A, --acls preserve ACLs
# -p, --perms preserve permissions
#
# -g, --group preserve group
# -o, --owner preserve owner
# options for DSL.COPY, DSL.CAST
rsync_base = -Drlt -Ap
# options for DSL.PULL, DSL.PUSH
rsync_full = -Drlt -Ap -go
#
# https://curl.haxx.se/docs/manpage.html
#
[wrapper/curl]
binary = curl
option_list =
# ignore $HOME/.curlrc
--disable
# enable redirect response 3XX
--location
# ignore ssl validation
--insecure
# report non-2XX via non-zero rc
--fail
# suppress progress or error
--silent
# still display non-2XX errors
--show-error
# manage connection delays
--connect-timeout
5
# retry on transient errors
--retry
3
--retry-delay
1
--retry-max-time
15
[wrapper/tar]
binary = tar
option_list =
# keep access
--acls
# keep attributes
--xattrs
# preserve user/group
--same-owner
# preserve rwx persmissions
--same-permissions
# supported image formats
suffix_list =
.tar.gz
.tar.xz
[wrapper/zip]
binary = zip
option_list =
[wrapper/unzip]
binary = unzip
option_list =
[wrapper/systemctl]
binary = systemctl
option_list =
--no-pager
[wrapper/machinectl]
binary = machinectl
option_list =
--no-pager
[wrapper/systemd_nspawn]
binary = systemd-nspawn
option_list =
# suppress "press to escape" message
--quiet
# do not expose service via machinectl
--register=no
# connect process stdin,stdout,stderr
--console=pipe
# elevate priveleges during build
--capability=all
# use private system log
--link-journal=no
[wrapper/nsenter]
binary = nsenter
option_list =
# enter mount namespace
-m
# enter UTS namespace (hostname etc)
-u
# enter System V IPC namespace
-i
# enter network namespace
-n
# enter pid namespace
-p
#
# authentication entry
# image server provided by hatcher
#
[auth/image]
# using username:password
type = basic
# using host name re-mapping
host = nspawn-image-server
# default username
username = default
# default password
password = default
#
# local image server
#
[hatcher/image-server]
# alpine nginx user identity
service_gid = 101
service_uid = 100
# machine container identity
machine_name = nspawn-image-server
# service data store
service_home = /home/${hatcher/image-server:machine_name}
service_log_dir = ${hatcher/image-server:service_home}/log
service_store_dir = ${hatcher/image-server:service_home}/store
service_user_file = ${hatcher/image-server:service_home}/etc/user.conf
#
# amazon aws s3 image syncer
#
[hatcher/image-syncer]
# machine container identity
machine_name = nspawn-image-syncer
# service data store, shared
service_home = /home/${hatcher/image-syncer:machine_name}
service_log_dir = ${hatcher/image-syncer:service_home}/log
service_store_dir = ${hatcher/image-server:service_home}/store
# service aws s3 replication parameters
# see: https://github.com/random-python/file_sync_s3
service_access_key = invalid
service_secret_key = invalid
service_region_name = invalid
service_bucket_name = invalid
service_object_mode = public-read
service_include_list =
.+[.]gz\Z
.+[.]zst\Z
.+[.]html\Z
service_exclude_list =
.+/invalid/.+
service_use_expire = yes
service_expire_days = 50
service_expire_period = 12:00:00
#
# local image proxy
#
[hatcher/image-proxy]
# alpine squid user identity
service_gid = 31
service_uid = 31
# machine container identity
machine_name = nspawn-proxy-server
# service data store
service_home = /home/${hatcher/image-proxy:machine_name}
service_log_dir = ${hatcher/image-proxy:service_home}/log
service_store_dir = ${hatcher/image-proxy:service_home}/store