-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathcopier.yml
206 lines (179 loc) · 6.4 KB
/
copier.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
---
_subdirectory: template
_templates_suffix: ''
_answers_file: .copier-answers.aiidalab-on-azure.yml
_tasks:
- cp '{{ _copier_conf.answers_file }}' '{{ hostname }}/.copier-answers.yml'
azurerm_resource_group_name:
type: str
default:
help: The name of the resource group to use.
azurerm_storage_account_name:
type: str
help: The name of the storage account to use.
azurerm_container_name:
type: str
default:
help: The name of the container in the storage account to use.
hostname:
type: str
default:
placeholder: aiidalab.contoso.com
# Hostname validator from: https://stackoverflow.com/a/1420225
validator: >
{% if not hostname|regex_search(
"^(?=.{1,255}$)[0-9A-Za-z](?:(?:[0-9A-Za-z]|-){0,61}[0-9A-Za-z])?(?:\.[0-9A-Za-z](?:(?:[0-9A-Za-z]|-){0,61}[0-9A-Za-z])?)*\.?$"
)%}Invalid hostname.{% endif %}
help: |
Fully qualified domain name of where the deployment is going to be reachable.
resource_group_location:
type: str
default: eastus
help: |
The geographic location where the resources for this deployment are
created. Typically you want this to be close to where the majority of
your users are located however there are also other aspects that can be
considered such as availability of specific resources and costs. If in
doubt, just go with the default.
dns_zone:
type: str
default: "{{ '.'.join(hostname.strip().rstrip('.').split('.')[1:]) }}"
help: |
The name of the DNS zone. Leave empty to skip the automated DNS zone
configuration.
dns_zone_rg_name:
type: str
default:
when: '{{ dns_zone }}'
help: The name of the resource group that contains the DNS zone.
create_dns_zone:
type: bool
default: false
when: '{{ dns_zone }}'
help: |
Set to true to create the DNS zone. This is only needed if the DNS zone
has not been created previously. If in doubt, do not create the zone,
but ask your unit administrator.
contact_email:
type: str
default:
help: |
The email address to use for the contact for the Let's Encrypt certificate.
This is used to contact you for any issues with the certificate.
https_enabled:
type: bool
default: false
help: |
Whether to enable HTTPS. Do not enable this until after an initial
successful deployment.
secret_token:
type: str
default: "{{ 99999999|ans_random|hash('sha512')|truncate(32, False, '', 0) }}"
secret: true
help: |
The secret token to use for the JupyterHub. This is used to authenticate
the JupyterHub. (The stars represent an automatically generated key that can
be safely used.)
image_name:
type: str
default: aiidalab/full-stack
help: |
The name of the image to use for the singleuser container.
image_tag:
type: str
default: latest
help: |
The tag of the image to use for the singleuser container.
aiidalab_default_apps:
type: str
default:
help: |
The default apps to install.
authenticator_class:
type: str
default: nativeauthenticator.NativeAuthenticator
choices:
Native Authenticator: nativeauthenticator.NativeAuthenticator
First-Use Authenticator: firstuseauthenticator.FirstUseAuthenticator
GitHub Authenticator: github
Azure Active Directory: azuread
help: |
Select which method to use for user authentication. We recommend to use
either the native or the GitHub authenticator for deployments that are
accessible to the internet. The first-use authenticator should only be
used in controlled environments (e.g. a workshop or a classroom), where
cluster-access is limited to a specific network.
native_auth_ask_for_email:
type: bool
default: false
help: |
Request users' email address during sign-up.
when: "{{ authenticator_class == 'nativeauthenticator.NativeAuthenticator' }}"
native_auth_minimum_password_length:
type: int
default: 8
help: |
Enforce a minimum password length for the chosen user password.
when: "{{ authenticator_class == 'nativeauthenticator.NativeAuthenticator' }}"
native_auth_check_common_password:
type: bool
default: true
help: |
Prevent the user from choosing a password that is found in a database
of common passwords (e.g. 'password' or '1234').
when: "{{ authenticator_class == 'nativeauthenticator.NativeAuthenticator' }}"
native_auth_signup_admin_approval:
type: bool
default: true
help: |
Require admin approval for new users. Disable with caution!
when: "{{ authenticator_class == 'nativeauthenticator.NativeAuthenticator' }}"
gh_oauth_client_id:
type: str
default:
help: |
The GitHub OAuth app client id.
See https://docs.github.com/en/developers/apps/building-oauth-apps/creating-an-oauth-app
for information on how to create a GitHub OAuth app.
when: "{{ authenticator_class == 'github' }}"
gh_oauth_client_secret:
type: str
default:
secret: true
help: The GitHub OAuth app client secret.
when: "{{ authenticator_class == 'github' }}"
gh_oauth_allowed_organizations:
type: str
placeholder: contoso myorg
help: |
Restrict the login to users who are members of any of the specified
GitHub organizations. Specify multiple organizations through white
space delimitation.
when: "{{ authenticator_class == 'github' }}"
azure_ad_client_id:
type: str
help: The Azure Enterprise Application Application ID.
when: "{{ authenticator_class == 'azuread' }}"
azure_ad_client_secret:
type: str
secret: true
help: The Azure Enterprise Application SSO Client Secret Value.
when: "{{ authenticator_class == 'azuread' }}"
azure_ad_tenant_id:
type: str
help: Azure Tenant ID associated with the Azure Enterprise Application.
when: "{{ authenticator_class == 'azuread' }}"
admin_users:
type: str
default:
placeholder: jdoe jsmith
help: |
Users listed here are granted admin access to the JupyterHub. Specify
multiple users by their username through white space delimitation.
allowed_users:
type: str
default:
placeholder: jdoe jsmith
help: |
Restrict the login to users who are listed here. Specify multiple users
by their username through white space delimitation.