tking/bascule-oss
SHA256
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
bascule-oss/config/bascule.example.toml
Tyler King 2fa92f8635 docs: comprehensive documentation + developer experience polish 
New files:
  CONTRIBUTING.md — dev setup, code style, PR process
  CLAUDE.md — workspace context for Claude Code
  Makefile — build, test, lint, fmt, docker, helm-lint, dev, ci
  .editorconfig — consistent formatting
  rustfmt.toml — Rust formatting config
  docs/kubernetes.md — Helm install, values, architecture
  docs/bascule-shell.md — client shell install, config, TPM
  charts/bascule/README.md — Helm quick start

Updated:
  README.md — accurate feature matrix, clear shipped vs planned
  config/bascule.example.toml — full reference (72 lines, all fields)

All 15 README links verified valid.
Helm lint clean. Build passes. 0 substrate deps.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-05 10:53:08 -04:00

90 lines
3.5 KiB
TOML
Raw Blame History

# ╔══════════════════════════════════════════════════════╗
# ║ Bascule SSH Proxy — Configuration Reference ║
# ╚══════════════════════════════════════════════════════╝
# ─── Server ──────────────────────────────────────────────
# Listen address (default: 0.0.0.0:2222)
listen_addr = "0.0.0.0:2222"
# Path to host key. Auto-generated Ed25519 if not present.
# host_key_path = "/var/lib/bascule/host_key"
# Maximum concurrent sessions (default: 0 → 10000 internal cap)
# max_sessions = 100
# Banner shown after authentication
# banner = "Welcome to Bascule."
# ─── Shell (Local PTY mode — default backend) ────────────
# Shell command to spawn (default: /bin/bash)
# shell_command = "/bin/bash"
# shell_args = ["--login"]
# ─── Authentication ──────────────────────────────────────
[auth]
# Auth mode: "accept-all" (DEV ONLY), "authorized-keys"
mode = "accept-all"
# For authorized-keys mode:
# authorized_keys_path = "/etc/bascule/keys"
# ─── Entra Agent ID (optional, --features agent-id) ─────
# [auth.agent_id]
# tenant_id = "your-entra-tenant-id"
# audiences = ["api://bascule-proxy"]
# multi_tenant = false
# ─── SPIFFE/SPIRE (config ready, runtime planned) ───────
# [auth.spiffe]
# trust_domain = "example.com"
# trust_bundle_path = "/run/spire/bundle/bundle.pem"
# workload_api_socket = "/run/spire/agent/sockets/agent.sock"
# ─── Remote Proxy Mode ──────────────────────────────────
# Uncomment to forward sessions to a remote SSH host.
# [proxy]
# target_host = "192.168.1.100"
# target_port = 22
# target_user = "deploy"
# target_key_path = "/path/to/key"
# accept_target_host_key = false
# ─── Container Mode ─────────────────────────────────────
# Uncomment to spawn ephemeral containers per session.
# [container]
# runtime = "auto" # auto | docker | podman | nerdctl
# image = "bascule-shell:k8s-ops"
# pull_policy = "if-not-present" # always | if-not-present | never
# ephemeral = true # destroy container on disconnect
# hardened = true # cap-drop ALL, no-new-privileges
# read_only_rootfs = false
# memory_limit = "512m"
# cpu_limit = "1.0"
# shell = "/bin/bash"
# user = "operator"
# network = "bridge" # bridge | none | host
#
# [[container.mounts]]
# source = "/home/user/.kube"
# target = "/home/operator/.kube"
# readonly = true
# ─── Kubernetes Mode (config ready, runtime planned) ────
# Auto-detected in-cluster via downward API.
# [k8s]
# enabled = true
# shell_container = "shell"
# shell = "/bin/bash"
# ─── Telemetry ──────────────────────────────────────────
# [telemetry]
# otlp_endpoint = "http://localhost:4317"
# service_name = "bascule"
# ─── Metrics (planned) ──────────────────────────────────
# [metrics]
# enabled = true
# port = 9090
Reference in a new issue View git blame Copy permalink