-
Notifications
You must be signed in to change notification settings - Fork 0
/
config.toml
101 lines (70 loc) · 3.44 KB
/
config.toml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
[server]
### The externally-reachable root URL of this registry.
## This is required, and it will be used to populate the response for the /index/config.json file.
##
## NOTE: If you get mysterious 404s on publish, try removing trailing slashes from this setting,
## or set RUST_DEBUG=quartermaster=debug and inspect the logs to see what URLs cargo is requesting.
##
## For example, with the setting below, you shoould set the registry URL in `.cargo/config.toml` to
## `sparse+https://foo.bar/index/`
root_url = "https://foo.bar"
### Addresses to bind to. Defaults to 0.0.0.0:8000 and [::]:8000.
#bind = ["10.1.1.1:1234"]
[crates]
### The maximum size of a crate publish payload allowed by this registry. Defaults to 100 MiB.
## Supports human-readable prefixes (KB, MB, KiB, etc.)
#max_publish_size = "100 MiB"
[auth]
### Disable auth entirely, and allow all requests.
## This is generally a bad idea, even with a reverse proxy or VPN in front of Quartermaster.
type = "none"
### Simple auth based on a single token hash provided by the configuration.
##
## The config doesn't store the token itself to prevent accidentally leaking it, and instead it
## stores a SHA-512 hash of it.
## The token is any arbitrary string, and should be generated using cryptographically secure
## randomness, with sufficient entropy to resist a brute-force cracking attempt should an attacker
## gain access to the hash.
##
## For example, on Linux you can generate a 64-byte (512 bits of entropy) token and hash like this:
## `openssl rand -hex 64 | tee token | tr -d '\n' | sha512sum | awk '{print $1}' > token_hash`
#type = "token"
#token_hash = "a very secure token hash"
[storage]
### Local filesystem storage.
## Stores all crates and index files using local files.
type = "local"
path = "/crates"
### S3 storage.
## Stores all crates and index files using S3. The directory layout is identical to the local storage.
## The bucket and region keys are required.
#type = "s3"
#bucket = "my-crates"
#region = "ap-southeast-2"
### Automatically try to find credentials.
## If none of the specific credential settings are specified and `auto_credentials` is true,
## rust-s3 will attempt to find valid credentials automatically by looking at standard
## used environment variables and config files.
## This generally does the right thing and is fine for testing, but you should turn it off and
## specify the credentials manually in a production environment.
#auto_credentials = true
### Explicit access/secret key credentials, and optionally a security/session token.
## The environment variables `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`, `AWS_SECURITY_TOKEN`
## and `AWS_SESSION_TOKEN` are also checked if the corresponding config value isn't set.
#aws_access_key_id = "foo"
#aws_secret_access_key = "shoosh"
#aws_security_token = "foo"
#aws_session_token = "foo"
### Fetch credentials through an STS request.
## The environment variables `AWS_ROLE_ARN` and `AWS_WEB_IDENTITY_TOKEN_FILE` are also checked if
## the corresponding config value isn't set.
#sts_session_name = "quartermaster"
#sts_role_arn = "foo"
#sts_web_identity_token_file = "foo"
### Use profile credentials. This reads from `~/.aws/credentials`.
## If `profile_section` is specified, use that particular section in the credential file instead of
## the top-level section.
#use_profile_credentials = true
#profile_section = "quartermaster"
### Fetche credentials from an EC2 instance's metadata.
#use_instance_credentials = true