jesus/provisioning
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
b0f0655a71
provisioning/taskservs/nushell/default/config.nu.j2
Jesús Pérez 3c3ef47f7f
feat(taskserv): implement real-time version checking with configurable HTTP client 
- Add: GitHub API integration for live version checking in taskserv management
- Add: HTTP client configuration option (http.use_curl) in config.defaults.toml
- Add: Helper function fetch_latest_version with curl/http get support
- Fix: Settings path structure for prov_data_dirpath access pattern
- Remove: Legacy simulation code for version checking
- Update: Core configuration name from "provisioning-system" to "provisioning"
- Clean: Remove obsolete example configs and infrastructure files
2025-09-24 01:55:06 +01:00

143 lines
4.3 KiB
Django/Jinja
Raw Blame History

# Secure Nushell Configuration for Infrastructure Servers
# Auto-generated by provisioning system
# Security-first configuration
$env.config = {
show_banner: false
use_ansi_coloring: true
edit_mode: emacs
# Security settings
shell_integration: false
cd_with_abbreviations: false
filesize_metric: true
table_mode: rounded
# History settings (limited for security)
history: {
max_size: 1000
sync_on_enter: true
file_format: "plaintext"
isolation: true
}
# Completion settings
completions: {
case_sensitive: false
quick: true
partial: true
algorithm: "prefix"
external: {
enable: {% if taskserv.nushell_external_completions | default(false) %}true{% else %}false{% endif %}
max_results: 100
completer: null
}
}
# Performance limits
table: {
mode: rounded
index_mode: always
trim: {
methodology: wrapping
wrapping_try_keep_words: true
truncating_suffix: "..."
}
}
# Error handling
error_style: "fancy"
# Hooks for security and audit
hooks: {
pre_prompt: [{
condition: {|| true }
code: {||
# Audit logging
if ($env.NUSHELL_AUDIT_ENABLED? | default false) {
$"(date now | format date '%Y-%m-%d %H:%M:%S') - Session active" | save -a $env.NUSHELL_AUDIT_FILE
}
}
}]
pre_execution: [{
condition: {|| true }
code: {|| |cmd|
# Command validation and audit
if ($env.NUSHELL_AUDIT_ENABLED? | default false) {
$"(date now | format date '%Y-%m-%d %H:%M:%S') - Command: ($cmd)" | save -a $env.NUSHELL_AUDIT_FILE
}
# Security check for blocked commands
let blocked = ($env.NUSHELL_BLOCKED_COMMANDS? | default "" | split row ",")
let cmd_name = ($cmd | split row " " | first)
if $cmd_name in $blocked {
error make {msg: $"Command '($cmd_name)' is blocked for security reasons"}
}
}
}]
command_not_found: [{
condition: {|| true }
code: {|| |cmd_name|
$"Command '($cmd_name)' not found. Available commands are restricted for security."
}
}]
}
# Menus disabled for security
menus: []
# Keybindings (minimal for security)
keybindings: [
{
name: completion_menu
modifier: none
keycode: tab
mode: [emacs vi_normal vi_insert]
event: {
until: [
{ send: menu name: completion_menu }
{ send: menunext }
]
}
}
]
}
# Security aliases (read-only operations)
alias ll = ls -la
alias df = df -h
alias free = free -h
alias pstree = ps aux --forest
# Restricted environment setup
{% if taskserv.nushell_readonly | default(true) %}
# Read-only mode - disable write operations
def rm [] { error make {msg: "rm command disabled in read-only mode"} }
def mv [] { error make {msg: "mv command disabled in read-only mode"} }
def cp [] { error make {msg: "cp command disabled in read-only mode"} }
def chmod [] { error make {msg: "chmod command disabled in read-only mode"} }
def chown [] { error make {msg: "chown command disabled in read-only mode"} }
{% endif %}
# Load observability modules if enabled
{% if taskserv.nushell_metrics | default(true) %}
source $"($env.NUSHELL_HOME)/observability/collect.nu"
{% endif %}
# Session timeout warning
def session-check [] {
let start_time = (date now)
let timeout = ($env.NUSHELL_SESSION_TIMEOUT? | default 900 | into int)
if ((date now) - $start_time) > ($timeout * 1sec) {
print "⚠️ Session timeout approaching. Please complete your tasks."
}
}
# Initialize secure environment
print $"🛡️ Nushell secure mode active - execution mode: ($env.NUSHELL_EXECUTION_MODE? | default 'restricted')"
if ($env.NUSHELL_READONLY_MODE? | default true) {
print "📖 Read-only mode enabled"
}
print $"⏱️ Session timeout: ($env.NUSHELL_SESSION_TIMEOUT? | default 900) seconds"
Reference in New Issue View Git Blame Copy Permalink