jesus/provisioning
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
3c3ef47f7f
provisioning/taskservs/nushell/default/env.nu.j2
Jesús Pérez 3c3ef47f7f
feat(taskserv): implement real-time version checking with configurable HTTP client 
- Add: GitHub API integration for live version checking in taskserv management
- Add: HTTP client configuration option (http.use_curl) in config.defaults.toml
- Add: Helper function fetch_latest_version with curl/http get support
- Fix: Settings path structure for prov_data_dirpath access pattern
- Remove: Legacy simulation code for version checking
- Update: Core configuration name from "provisioning-system" to "provisioning"
- Clean: Remove obsolete example configs and infrastructure files
2025-09-24 01:55:06 +01:00

93 lines
4.2 KiB
Django/Jinja
Raw Blame History

# Nushell Environment Variables for Infrastructure Servers
# Security-focused environment setup
# Core environment paths
$env.NUSHELL_HOME = "{{taskserv.admin_user_home}}/nushell"
$env.NUSHELL_CONFIG_DIR = "{{taskserv.admin_user_home}}/.config/nushell"
$env.NUSHELL_DATA_DIR = "{{taskserv.admin_user_home}}/.local/share/nushell"
# Security environment variables
$env.NUSHELL_EXECUTION_MODE = "{{taskserv.nushell_execution_mode | default('restricted')}}"
$env.NUSHELL_READONLY_MODE = {% if taskserv.nushell_readonly | default(true) %}true{% else %}false{% endif %}
$env.NUSHELL_AUDIT_ENABLED = {% if taskserv.nushell_audit | default(true) %}true{% else %}false{% endif %}
$env.NUSHELL_AUDIT_FILE = "{{taskserv.admin_user_home}}/nushell/audit.log"
# Resource limits
$env.NUSHELL_MAX_MEMORY = "{{taskserv.nushell_max_memory | default('256MB')}}"
$env.NUSHELL_SESSION_TIMEOUT = {{taskserv.nushell_session_timeout | default(900)}}
# Command restrictions
$env.NUSHELL_ALLOWED_COMMANDS = "{{taskserv.nushell_allowed_commands | default('ls,cat,grep,ps,df,free,uptime,systemctl,kubectl')}}"
$env.NUSHELL_BLOCKED_COMMANDS = "{{taskserv.nushell_blocked_commands | default('rm,mv,cp,chmod,chown,sudo,su')}}"
$env.NUSHELL_ALLOWED_PATHS = "{{taskserv.nushell_allowed_paths | default('/tmp,/var/log,/proc,/sys')}}"
# Plugin configuration
$env.NUSHELL_PLUGINS_ENABLED = {% if taskserv.nushell_plugins | default(false) %}true{% else %}false{% endif %}
{% if taskserv.nushell_plugins | default(false) %}
$env.NUSHELL_PLUGIN_ALLOWLIST = "{{taskserv.nushell_plugin_allowlist | default('nu_plugin_kcl,nu_plugin_tera,nu_plugin_polars')}}"
{% endif %}
# KCL integration
$env.KCL_ENABLED = {% if taskserv.kcl_enabled | default(false) %}true{% else %}false{% endif %}
{% if taskserv.kcl_enabled | default(false) %}
$env.KCL_BINARY_PATH = "{{taskserv.kcl_binary_path | default('/usr/local/bin/kcl')}}"
{% endif %}
# Observability settings
$env.NUSHELL_METRICS_ENABLED = {% if taskserv.nushell_metrics | default(true) %}true{% else %}false{% endif %}
$env.NUSHELL_LOG_COLLECTION = {% if taskserv.nushell_log_collection | default(false) %}true{% else %}false{% endif %}
{% if taskserv.nushell_telemetry_endpoint | default("") != "" %}
$env.NUSHELL_TELEMETRY_ENDPOINT = "{{taskserv.nushell_telemetry_endpoint}}"
{% endif %}
# Provisioning integration
$env.PROVISIONING_NUSHELL_VERSION = "1.0.0"
$env.PROVISIONING_NUSHELL_MODE = "infrastructure"
# Security: Sanitize PATH to prevent privilege escalation
$env.PATH = ($env.PATH | split row (char esep) | where $it =~ "^/(usr/)?(local/)?bin$|^/(usr/)?sbin$" | str join (char esep))
# Add Nushell tools to PATH if they exist
if ("{{taskserv.admin_user_home}}/.local/bin" | path exists) {
$env.PATH = ($env.PATH | split row (char esep) | prepend "{{taskserv.admin_user_home}}/.local/bin" | str join (char esep))
}
# Default editor for security (read-only contexts)
{% if taskserv.nushell_readonly | default(true) %}
$env.EDITOR = "cat"
$env.VISUAL = "cat"
{% else %}
$env.EDITOR = "{{taskserv.editor | default('nano')}}"
$env.VISUAL = "{{taskserv.visual_editor | default('nano')}}"
{% endif %}
# Logging configuration
$env.NU_LOG_LEVEL = "{{taskserv.nushell_log_level | default('info')}}"
$env.NU_LOG_FORMAT = "json"
$env.NU_LOG_DATE_FORMAT = "%Y-%m-%d %H:%M:%S"
# Network restrictions
{% if taskserv.nushell_network | default(false) %}
$env.NUSHELL_NETWORK_ENABLED = true
{% else %}
$env.NUSHELL_NETWORK_ENABLED = false
# Disable network access for security
$env.http_proxy = "127.0.0.1:9999"
$env.https_proxy = "127.0.0.1:9999"
{% endif %}
# Session information
$env.NUSHELL_SESSION_ID = (random uuid)
$env.NUSHELL_SESSION_START = (date now | format date "%Y-%m-%d %H:%M:%S")
$env.NUSHELL_SERVER_ROLE = "{{server.role | default('worker')}}"
$env.NUSHELL_SERVER_HOSTNAME = "{{server.hostname | default('unknown')}}"
# Startup message
if not ($env.NUSHELL_QUIET? | default false) {
print $"🔧 Nushell Infrastructure Runtime v($env.PROVISIONING_NUSHELL_VERSION)"
print $"🏷️ Server: ($env.NUSHELL_SERVER_HOSTNAME) | Role: ($env.NUSHELL_SERVER_ROLE)"
print $"🛡️ Security: ($env.NUSHELL_EXECUTION_MODE) mode | Readonly: ($env.NUSHELL_READONLY_MODE)"
if $env.NUSHELL_AUDIT_ENABLED {
print $"📝 Audit logging enabled: ($env.NUSHELL_AUDIT_FILE)"
}
}
Reference in New Issue View Git Blame Copy Permalink