Add StellaOps Authority planning artifacts and config templates

2025-10-10 06:52:41 +00:00
parent d0c95cf328
commit 3aed135fb5
14 changed files with 829 additions and 1 deletions
--- a/etc/feedser.yaml.sample
+++ b/etc/feedser.yaml.sample
@@ -0,0 +1,55 @@
+# Feedser configuration template for StellaOps deployments.
+# Copy to ../etc/feedser.yaml (relative to the web service content root)
+# and adjust the values to match your environment. Environment variables
+# (prefixed with FEEDSER_) override these settings at runtime.
+
+storage:
+  driver: mongo
+  # Mongo connection string. Use SRV URI or standard connection string.
+  dsn: "mongodb://feedser:feedser@mongo:27017/feedser?authSource=admin"
+  # Optional database name; defaults to the name embedded in the DSN or 'feedser'.
+  database: "feedser"
+  # Mongo command timeout in seconds.
+  commandTimeoutSeconds: 30
+
+plugins:
+  # Feedser resolves plug-ins relative to the content root; override as needed.
+  baseDirectory: ".."
+  directory: "PluginBinaries"
+  searchPatterns:
+    - "StellaOps.Feedser.Plugin.*.dll"
+
+telemetry:
+  enabled: true
+  enableTracing: false
+  enableMetrics: false
+  enableLogging: true
+  minimumLogLevel: "Information"
+  serviceName: "stellaops-feedser"
+  # Configure OTLP endpoint when shipping traces/metrics/logs out-of-band.
+  otlpEndpoint: ""
+  # Optional headers for OTLP exporters, for example authentication tokens.
+  otlpHeaders: {}
+  # Attach additional resource attributes to telemetry exports.
+  resourceAttributes:
+    deployment.environment: "local"
+  # Emit console exporters for local debugging.
+  exportConsole: true
+
+authority:
+  enabled: false
+  # Issuer advertised by StellaOps Authority (e.g. https://authority.stella-ops.local).
+  issuer: "https://authority.stella-ops.local"
+  # Optional explicit metadata address; defaults to {issuer}/.well-known/openid-configuration.
+  metadataAddress: ""
+  requireHttpsMetadata: true
+  backchannelTimeoutSeconds: 30
+  tokenClockSkewSeconds: 60
+  audiences:
+    - "api://feedser"
+  requiredScopes:
+    - "feedser.jobs.trigger"
+  # Networks allowed to bypass authentication (loopback by default for on-host cron jobs).
+  bypassNetworks:
+    - "127.0.0.1/32"
+    - "::1/128"