version: 1

# GLOBAL CONFIGURATION

auth-server:
  url: https://your-server-name.com:30080/auth
  realm: AnacondaPlatform
  realm-key: ''

db:
  drivername: postgresql
  host: postgres
  port: 5432
  username: postgres
  password: ''

auth-escrow:
  url: https://your-server-name.com:30091/api/v1

https:
  certificate-authority: /etc/secrets/certs/rootca.crt
  # certificate-authority: /etc/ssl/certs/DST_Root_CA_X3.pem  # For lets encrypt

images:
  app: apiserver:5000/ap-app:5.1.0
  app_proxy: apiserver:5000/ap-app-proxy:5.1.0
  editor: apiserver:5000/ap-editor:5.1.0

kubernetes:
  server: https://kubernetes.default.svc.cluster.local
  use_service_account: true
  max_cores_per_app: 2
  max_ram_mb_per_app: 2048

license:
  # number: PASTE_LICENSE_CODE_OR_CLIENT_ID_HERE
  # key: PASTE_OFFLINE_KEY_HERE_FOR_OFFLINE_ACTIVATION
  working-directory: /tmp/anaconda
  security:
    x: 207
    y: 705
    z: 278
  analytics:
    enabled: true

admin:
  users:
    # Any user matching the users, group affiliations, or roles (in the auth service)
    # described below is a platform-wide administrator.
    users: []
    groups:
      - admins
    roles:
      - ae-admin

# PER-SERVICE CONFIGURATION

auth:
  port: 9080
  db:
    database: anaconda_auth
  https:
    keystore: /etc/secrets/certs/keystore.jks
    keystore-password: anaconda
    key-alias: auth
    truststore: null  # optional
    truststore-password: null  # optional
  debug: False
  import-file: /etc/secrets/keycloak/keycloak.json
  api:
    port: 9090
    limit: 12
    https:
      key: /etc/secrets/certs/server.key
      certificate: /etc/secrets/certs/server.crt
  escrow:
    port: 9091
    db:
      database: anaconda_auth_escrow
    hosts:
      - your-server-name.com:30091
    prefix: ''
    https:
      key: /etc/secrets/certs/server.key
      certificate: /etc/secrets/certs/server.crt
    auth-server:
      client-secret: 12345678-912345678-1234-567891234567
      client-id: anaconda-platform

deploy:
  port: 8081
  prefix: ''
  url: https://your-server-name.com:30081/
  https:
    key: /etc/secrets/certs/server.key
    certificate: /etc/secrets/certs/server.crt
  hosts:
    - your-server-name.com:30081
  db:
    database: anaconda_deploy
  users: '*'
  deployers:
    users: []
    groups: []
    roles:
      - ae-deployer
  superusers:
    users: []
    groups: []
    roles:
      - ae-admin
  auth-server:
    client-id: anaconda-deploy
  apps-host: your-server-name.com
  auth-proxy:
    client-id: anaconda-deploy-proxy
    dns-server: 10.100.0.4
    https:
      key: /etc/secrets/certs/wildcard.key
      certificate: /etc/secrets/certs/wildcard.crt

  debug: False

spaces:
  port: 8090
  prefix: ''
  url: https://your-server-name.com:30095/
  https:
    key: /etc/secrets/certs/server.key
    certificate: /etc/secrets/certs/server.crt
  hosts:
    - your-server-name.com:30095
  db:
    database: anaconda_spaces
    # increased pool size to accommodate for Kubernetes slowness
    pool:
      size: 10
      overflow: 20
      timeout: 60

  users: '*'
  superusers:
    users: []
    groups: []
    roles:
      - ae-admin

  auth-server:
    client-id: anaconda-spaces-api
  spaces-host: your-server-name.com
  auth-proxy:
    client-id: anaconda-spaces
    dns-server: 10.100.0.4
    https:
      key: /etc/secrets/certs/wildcard.key
      certificate: /etc/secrets/certs/wildcard.crt

  debug: False

storage:
  host: your-server-name.com
  port: 8086
  prefix: ''
  hosts:
    - your-server-name.com:30086
  url: https://your-server-name.com:30086
  db:
    database: anaconda_storage
  https:
    key: /etc/secrets/certs/server.key
    certificate: /etc/secrets/certs/server.crt
  git:
    default:
      name: Example.com Anaconda Enterprise Server
      type: internal
      # use 127.0.0.1 for all network connections including hairpin
      url: https://127.0.0.1:8088
      repository: '{owner}-{id}'
      auth-header: Anaconda-User
      username: anaconda
      # no password needed when using auth-header
      proxy:
        url: https://your-server-name.com:30085
        client-id: anaconda-git-proxy
        dns-server: 10.100.0.4
        run-as-user: www-data
        api-key: 1234567891234567891234567891234567891234567891234567891234567891
        port: 8095
        probe-port: 8096
        https:
          key: /etc/secrets/certs/server.key
          certificate: /etc/secrets/certs/server.crt
  objects:
    projects:
      bucket: anaconda-projects
      path: projects/{owner}-{id}
    global:
      bucket: anaconda-objects
      path: 'global/'
    public:
      bucket: anaconda-objects
      path: 'public/'
  users: '*'
  creators:
    users: []
    groups: []
    roles:
      - ae-creator
  superusers:
    users: []
    groups: []
    roles:
      - ae-admin

repository:
  url: https://your-server-name.com:30089/
  port: 8089
  hosts:
    - your-server-name.com:30089
    - 127.0.0.1:8089
  prefix: ''
  db:
    database: anaconda_repository
  https:
    key: /etc/secrets/certs/server.key
    certificate: /etc/secrets/certs/server.crt
  users: '*'
  uploaders:
    users: []
    groups: []
    roles:
      - ae-uploader
  superusers:
    users: []
    groups: []
    roles:
      - ae-admin
  bucket: anaconda-repository
  auth-escrow:
    url: https://your-server-name.com:30091/api/v1
  cleanup-upload-seconds: 3600
  cleanup-period-seconds: 73
  index-update-cooldown-seconds: 7
  index-update-period-seconds: 23

s3:
  host: 0.0.0.0
  port: 8087
  https:
    key: /etc/secrets/certs/server.key
    certificate: /etc/secrets/certs/server.crt
  access-key: 's3-access-key'
  secret-key: 's3-secret-key'
  directory: /export

s3-client:
  endpoint-url: https://your-server-name.com:30087
  access-key: 's3-access-key'
  secret-key: 's3-secret-key'
  region-name: 'us-east-1'

git:
  url: https://your-server-name.com:30088
  host: your-server-name.com
  port: 8088
  https:
    key: /etc/secrets/certs/server.key
    certificate: /etc/secrets/certs/server.crt
  db:
    database: anaconda_git
  directory: /export
  username: anaconda
  lfs-secret: 1234567891234567891234567891234567891234567
  secret-key: 123456789123456789123456789123456789123456789123456789

# when installing in airgap replace channel: defaults with the following
# - https://your-server-name.com:30089/conda/anaconda
conda:
  channels:
    - defaults
  default-channels: []
  channel-alias: https://your-server-name.com:30089/conda

sync:
  lfs-threshold: 1000000
  prefix: ''
  hosts: []
  port: 8093
  project-dir: ''

offline_docs:
  url: https://your-server-name.com:30071
  hosts:
    - your-server-name.com:30071
  port: 8091
  https:
    key: /etc/secrets/certs/server.key
    certificate: /etc/secrets/certs/server.crt
  directory: docs/_build/
  prefix: ''

ui:
  base-url: /
  cookie-secret: this-is-a-very-insecure-secret
  cookie-session:
    name: anaconda-platform-ui-session-v1
  cookie-next:
    name: anaconda-platform-ui-next-v1
  db:
    database: anaconda_ui
  debug: False
  host: your-server-name.com
  public-url: https://your-server-name.com:30090/
  https:
    key: /etc/secrets/certs/server.key
    certificate: /etc/secrets/certs/server.crt
  port: 6990
  auth-server:
    client-secret: 123456789123456789123456789123456789123456789123456789
    client-id: anaconda-platform
  services:
    anaconda-storage:
      storage:
        icon: fa-anaconda
        label: Storage
        url: https://your-server-name.com:30086/api/v1
    anaconda-deploy:
      deploy:
        icon: fa-anaconda
        label: Deploy
        url: https://your-server-name.com:30081/api/v1
    anaconda-spaces:
      spaces:
        icon: fa-anaconda
        label: Spaces
        url: https://your-server-name.com:30095/api/v1
        options:
          spaces:
            tools:
              notebook:
                default: true
                label: Jupyter Notebook Classic
                packages: [notebook]
              lab-pre:
                label: JupyterLab
                packages: [jupyterlab]
              sync:
                label: Anaconda Project Sync
                packages: [anaconda-platform-sync]
            templates:
              jupyter-5:
                label: Jupyter Notebook Classic
                tools:
                  - notebook
                  - sync
              jupyterlab:
                label: JupyterLab
                default: true
                tools:
                  - lab-pre
                  - sync
    anaconda-repo:
      anaconda-org:
        html-url: https://anaconda.org
        icon: fa-anaconda
        label: Repository
        url: https://api.anaconda.org
        options:
          extra-shared-namespaces:
            - anaconda-enterprise
        disabled: true

    anaconda-repo5:
      repo:
        html-url: https://your-server-name.com:30089
        icon: fa-anaconda
        label: Repo Service
        url: https://your-server-name.com:30089/api

    auth-api:
      auth-api:
        icon: fa-anaconda
        label: Auth API
        url: https://your-server-name.com:30082/api/v1
    anaconda-enterprise-notebooks:
      aen:
        html-url: https://notebooks.example.com
        icon: fa-anaconda
        label: Enterprise Notebooks
        disabled: true
    documentation:
      offline_docs:
        html-url: https://your-server-name.com:30071
        icon: fa-anaconda
        label: Documentation
        url: https://your-server-name.com:30071
    github:
      github_com:
        html-url: https://github.com
        icon: fa-github
        label: GitHub
        url: https://api.github.com
        disabled: true
  help:
    docs:
      label: Anaconda Documentation - Home
      external: true
      href: https://your-server-name.com:30071
      position: 0
    started:
      label: Getting Started with Anaconda Enterprise
      external: true
      href: https://your-server-name.com:30071/user-guide/getting-started/
      position: 1
    release:
      label: Release Notes
      external: true
      href: https://your-server-name.com:30071/release-notes.html
      position: 2
    support:
      label: Support
      external: true
      href: https://your-server-name.com:30071/help-support.html
      position: 3
    feedback:
      label: Feedback
      external: true
      href: https://continuum.typeform.com/to/TnHsme
      position: 4

  js_application:
    analytics:
      hotjar:
        hjid: 000000
        hjsv: 0
        baseURL: //static.hotjar.com/c/hotjar-

postgresql:
  port: 7080
