# RFS S3 (Garage) configuration for flist storage and HTTP read endpoint # Copy this file to config/rfs.conf and fill in real values (do not commit secrets). # S3 API endpoint of your Garage server, including scheme and optional port # Examples: # https://hub.grid.tf # http://minio:9000 S3_ENDPOINT="https://hub.grid.tf" # AWS region string expected by the S3-compatible API S3_REGION="garage" # Bucket and key prefix used for RFS store (content-addressed blobs) # The RFS store path will be: s3://...// S3_BUCKET="zos" S3_PREFIX="zos/store" # Access credentials (required by rfs pack to push blobs) S3_ACCESS_KEY="REPLACE_ME" S3_SECRET_KEY="REPLACE_ME" # Optional: HTTP(S) web endpoint used at runtime to fetch blobs without signed S3 # This is the base URL that serves the same objects as the S3 store, typically a # public or authenticated gateway in front of Garage that allows read access. # The scripts will patch the .fl (sqlite) stores table to use this endpoint. # Ensure this path maps to the same content-addressed layout expected by rfs. # Example: # https://hub.grid.tf/zos/zosbuilder/store WEB_ENDPOINT="https://hub.grid.tf/zos/zosbuilder/store" # Optional: where to upload the .fl manifest sqlite file (separate from blob store) # If you want to keep manifests alongside blobs, a common pattern is: # s3:////manifests/ # Scripts will create manifests/ under S3_PREFIX automatically if left default. MANIFESTS_SUBPATH="manifests" # Behavior flags (can be overridden by CLI flags or env) # Whether to keep s3:// store as a fallback entry in the .fl after adding WEB_ENDPOINT KEEP_S3_FALLBACK="true" # Whether to attempt uploading .fl manifests to S3 (requires MinIO Client: mc) UPLOAD_MANIFESTS="true" # Read-only credentials for route URL in manifest (optional; defaults to write keys above) # These will be embedded into the flist 'route.url' so runtime mounts can read directly from Garage. # If not set, scripts fall back to S3_ACCESS_KEY/S3_SECRET_KEY. READ_ACCESS_KEY="REPLACE_ME_READ" READ_SECRET_KEY="REPLACE_ME_READ" # Route endpoint and parameters for flist route URL patching # - ROUTE_ENDPOINT: host:port base for Garage gateway (scheme is ignored; host:port is extracted) # If not set, defaults to S3_ENDPOINT # - ROUTE_PATH: path to the blob route (default: /blobs) # - ROUTE_REGION: region string for Garage (default: garage) ROUTE_ENDPOINT="https://hub.grid.tf" ROUTE_PATH="/zos/store" ROUTE_REGION="garage" # RESP/DB-style blob store (design-time placeholders; optional) # Enable to allow pack scripts or future rfs CLI to upload blobs to a RESP-compatible store. # This does not change the existing S3 flow; RESP acts as an additional backend. # # Example URI semantics (see docs/rfs-flists.md additions): # resp://host:port/db?prefix=blobs # resp+tls://host:port/db?prefix=blobs&ca=/etc/ssl/certs/ca.pem # resp+sentinel://sentinelHost:26379/mymaster?prefix=blobs # # Minimal keys for a direct RESP endpoint RESP_ENABLED="false" RESP_ENDPOINT="localhost:6379" # host:port RESP_DB="0" # integer DB index RESP_PREFIX="zos/blobs" # namespace/prefix for content-addressed keys RESP_USERNAME="" # optional RESP_PASSWORD="" # optional RESP_TLS="false" # true/false RESP_CA="" # path to CA bundle when RESP_TLS=true # Optional: Sentinel topology (overrides RESP_ENDPOINT for discovery) RESP_SENTINEL="" # sentinelHost:port (comma-separated for multiple) RESP_MASTER="" # Sentinel master name (e.g., "mymaster")