A container registry that uses the AT Protocol for manifest storage and S3 for blob storage.
1# ATCR AppView Configuration
2# Generated with defaults — edit as needed.
3
4# Configuration format version.
5version: "0.1"
6# Log level: debug, info, warn, error.
7log_level: info
8# Remote log shipping settings.
9log_shipper:
10 # Log shipping backend: "victoria", "opensearch", or "loki". Empty disables shipping.
11 backend: ""
12 # Remote log service endpoint, e.g. "http://victorialogs:9428".
13 url: ""
14 # Number of log entries to buffer before flushing to the remote service.
15 batch_size: 100
16 # Maximum time between flushes, even if batch is not full.
17 flush_interval: 5s
18 # Basic auth username for the log service (optional).
19 username: ""
20 # Basic auth password for the log service (optional).
21 password: ""
22# HTTP server and identity settings.
23server:
24 # Listen address, e.g. ":5000" or "127.0.0.1:5000".
25 addr: :5000
26 # Public-facing URL for OAuth callbacks and JWT realm. Auto-detected if empty.
27 base_url: ""
28 # DID of the hold service for blob storage, e.g. "did:web:hold01.atcr.io" (REQUIRED).
29 default_hold_did: ""
30 # Allows HTTP (not HTTPS) for DID resolution and uses transition:generic OAuth scope.
31 test_mode: false
32 # Path to P-256 private key for OAuth client authentication. Auto-generated on first run.
33 oauth_key_path: /var/lib/atcr/oauth/client.key
34 # Display name shown on OAuth authorization screens.
35 client_name: AT Container Registry
36 # Short name used in page titles and browser tabs.
37 client_short_name: ATCR
38 # Separate domains for OCI registry API (e.g. ["buoy.cr"]). First is primary. Browser visits redirect to BaseURL.
39 registry_domains: []
40# Web UI settings.
41ui:
42 # SQLite/libSQL database for OAuth sessions, stars, pull counts, and device approvals.
43 database_path: /var/lib/atcr/ui.db
44 # Visual theme name (e.g. "seamark"). Empty uses default atcr.io branding.
45 theme: ""
46 # libSQL sync URL (libsql://...). Works with Turso cloud or self-hosted libsql-server. Leave empty for local-only SQLite.
47 libsql_sync_url: ""
48 # Auth token for libSQL sync. Required if libsql_sync_url is set.
49 libsql_auth_token: ""
50 # How often to sync with remote libSQL server. Default: 60s.
51 libsql_sync_interval: 1m0s
52# Health check and cache settings.
53health:
54 # How long to cache hold health check results.
55 cache_ttl: 15m0s
56 # How often to refresh hold health checks.
57 check_interval: 15m0s
58# ATProto Jetstream event stream settings.
59jetstream:
60 # Jetstream WebSocket endpoints, tried in order on failure.
61 urls:
62 - wss://jetstream2.us-west.bsky.network/subscribe
63 - wss://jetstream1.us-west.bsky.network/subscribe
64 - wss://jetstream2.us-east.bsky.network/subscribe
65 - wss://jetstream1.us-east.bsky.network/subscribe
66 # Sync existing records from PDS on startup.
67 backfill_enabled: true
68 # Relay endpoints for backfill, tried in order on failure.
69 relay_endpoints:
70 - https://relay1.us-east.bsky.network
71 - https://relay1.us-west.bsky.network
72# JWT authentication settings.
73auth:
74 # RSA private key for signing registry JWTs issued to Docker clients.
75 key_path: /var/lib/atcr/auth/private-key.pem
76 # X.509 certificate matching the JWT signing key.
77 cert_path: /var/lib/atcr/auth/private-key.crt
78# Credential helper download settings.
79credential_helper:
80 # Tangled repository URL for credential helper downloads.
81 tangled_repo: ""
82# Legal page customization for self-hosted instances.
83legal:
84 # Organization name for Terms of Service and Privacy Policy. Defaults to server.client_name.
85 company_name: ""
86 # Governing law jurisdiction for legal terms.
87 jurisdiction: ""