# ATCR AppView Configuration
# Generated with defaults — edit as needed.

# Configuration format version.
version: "0.1"
# Log level: debug, info, warn, error.
log_level: info
# Remote log shipping settings.
log_shipper:
    # Log shipping backend: "victoria", "opensearch", or "loki". Empty disables shipping.
    backend: ""
    # Remote log service endpoint, e.g. "http://victorialogs:9428".
    url: ""
    # Number of log entries to buffer before flushing to the remote service.
    batch_size: 100
    # Maximum time between flushes, even if batch is not full.
    flush_interval: 5s
    # Basic auth username for the log service (optional).
    username: ""
    # Basic auth password for the log service (optional).
    password: ""
# HTTP server and identity settings.
server:
    # Listen address, e.g. ":5000" or "127.0.0.1:5000".
    addr: :5000
    # Public-facing URL for OAuth callbacks and JWT realm. Auto-detected if empty.
    base_url: ""
    # DID of the hold service for blob storage, e.g. "did:web:hold01.atcr.io" (REQUIRED).
    default_hold_did: ""
    # Allows HTTP (not HTTPS) for DID resolution and uses transition:generic OAuth scope.
    test_mode: false
    # Path to P-256 private key for OAuth client authentication. Auto-generated on first run.
    oauth_key_path: /var/lib/atcr/oauth/client.key
    # Display name shown on OAuth authorization screens.
    client_name: AT Container Registry
    # Short name used in page titles and browser tabs.
    client_short_name: ATCR
    # Separate domains for OCI registry API (e.g. ["buoy.cr"]). First is primary. Browser visits redirect to BaseURL.
    registry_domains: []
# Web UI settings.
ui:
    # SQLite/libSQL database for OAuth sessions, stars, pull counts, and device approvals.
    database_path: /var/lib/atcr/ui.db
    # Visual theme name (e.g. "seamark"). Empty uses default atcr.io branding.
    theme: ""
    # libSQL sync URL (libsql://...). Works with Turso cloud or self-hosted libsql-server. Leave empty for local-only SQLite.
    libsql_sync_url: ""
    # Auth token for libSQL sync. Required if libsql_sync_url is set.
    libsql_auth_token: ""
    # How often to sync with remote libSQL server. Default: 60s.
    libsql_sync_interval: 1m0s
# Health check and cache settings.
health:
    # How long to cache hold health check results.
    cache_ttl: 15m0s
    # How often to refresh hold health checks.
    check_interval: 15m0s
# ATProto Jetstream event stream settings.
jetstream:
    # Jetstream WebSocket endpoints, tried in order on failure.
    urls:
        - wss://jetstream2.us-west.bsky.network/subscribe
        - wss://jetstream1.us-west.bsky.network/subscribe
        - wss://jetstream2.us-east.bsky.network/subscribe
        - wss://jetstream1.us-east.bsky.network/subscribe
    # Sync existing records from PDS on startup.
    backfill_enabled: true
    # Relay endpoints for backfill, tried in order on failure.
    relay_endpoints:
        - https://relay1.us-east.bsky.network
        - https://relay1.us-west.bsky.network
# JWT authentication settings.
auth:
    # RSA private key for signing registry JWTs issued to Docker clients.
    key_path: /var/lib/atcr/auth/private-key.pem
    # X.509 certificate matching the JWT signing key.
    cert_path: /var/lib/atcr/auth/private-key.crt
# Credential helper download settings.
credential_helper:
    # Tangled repository URL for credential helper downloads.
    tangled_repo: ""
# Legal page customization for self-hosted instances.
legal:
    # Organization name for Terms of Service and Privacy Policy. Defaults to server.client_name.
    company_name: ""
    # Governing law jurisdiction for legal terms.
    jurisdiction: ""