58 lines
1.6 KiB
Plaintext
58 lines
1.6 KiB
Plaintext
# Service Manifest
|
|
#
|
|
# Defines applications, their git repos, data services, and deployment targets.
|
|
#
|
|
# Usage:
|
|
# ansible-playbook playbooks/data-service.yml -e "service=myapp"
|
|
|
|
git_base_url: "git@git.infra.example:org"
|
|
|
|
services:
|
|
myapp:
|
|
description: "Example web application"
|
|
host: app-server
|
|
deploy_path: /opt/myapp
|
|
repos:
|
|
- name: myapp
|
|
dest: myapp
|
|
version: main
|
|
postgres:
|
|
enabled: true
|
|
# restore_from: "databases/dumps/myapp.dump" # Optional: restore from backup
|
|
valkey:
|
|
enabled: true
|
|
key_prefix: "myapp" # Access to myapp:* keys only
|
|
s3:
|
|
enabled: true
|
|
bucket: "myapp-media"
|
|
vault_roles:
|
|
- app # 1h TTL, DML only (SELECT, INSERT, UPDATE, DELETE)
|
|
- migrate # 15m TTL, DDL+DML (for migrations)
|
|
|
|
another-service:
|
|
description: "Another example service"
|
|
host: another-server
|
|
deploy_path: /opt/another
|
|
repos:
|
|
- name: another
|
|
dest: another
|
|
version: main
|
|
postgres:
|
|
enabled: true
|
|
valkey:
|
|
enabled: true
|
|
key_prefix: "another"
|
|
vault_roles:
|
|
- app
|
|
- migrate
|
|
|
|
# Valkey key prefix allocation:
|
|
# All services use database /0 with key prefixes for namespace isolation.
|
|
# Each service gets an ACL user that can only access {service}:* keys.
|
|
# Credentials are provisioned by data-service.yml and stored in Vault.
|
|
|
|
# S3 bucket allocation:
|
|
# Each service gets its own bucket (default: {service}-media) with a dedicated API key.
|
|
# Buckets are created on the Garage cluster with read/write permissions.
|
|
# Credentials are provisioned by data-service.yml and stored in Vault at secret/{service}/s3.
|