-
Notifications
You must be signed in to change notification settings - Fork 5
Expand file tree
/
Copy pathconfig.example.darwin.yaml
More file actions
166 lines (152 loc) · 6.44 KB
/
config.example.darwin.yaml
File metadata and controls
166 lines (152 loc) · 6.44 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
# =============================================================================
# macOS (Darwin) Configuration for Hypeman
# =============================================================================
# Copy this file to ~/.config/hypeman/config.yaml and customize for your
# environment.
#
# Configuration precedence (highest to lowest):
# 1. Environment variables (e.g., JWT_SECRET, PORT)
# 2. This YAML config file
# 3. Built-in defaults
#
# Key differences from Linux (see config.example.yaml):
# - hypervisor.default: Use "vz" (Virtualization.framework) instead of cloud-hypervisor/qemu
# - data_dir: Uses macOS conventions (~/Library/Application Support)
# - Network settings: network.bridge_name, subnet_cidr, etc. are IGNORED (vz uses NAT)
# - Rate limiting: Not supported on macOS (no tc/HTB equivalent)
# - GPU passthrough: Not supported on macOS
# =============================================================================
# Required - used to sign and verify API tokens
jwt_secret: dev-secret-change-me
# Data directory - use macOS conventions
# Note: ~ is NOT expanded; use full path or let the install script fill this in
data_dir: ~/Library/Application Support/hypeman
# Server configuration
port: "8080"
# =============================================================================
# Hypervisor Configuration (IMPORTANT FOR MACOS)
# =============================================================================
# On macOS, use "vz" (Virtualization.framework)
# - "cloud-hypervisor" and "qemu" are NOT supported on macOS
hypervisor:
default: vz
memory:
enabled: false
kernel_page_init_mode: hardened
reclaim_enabled: true
vz_balloon_required: true
active_ballooning:
enabled: false
poll_interval: 2s
pressure_high_watermark_available_percent: 10
pressure_low_watermark_available_percent: 15
protected_floor_percent: 50
protected_floor_min_bytes: 536870912
min_adjustment_bytes: 67108864
per_vm_max_step_bytes: 268435456
per_vm_cooldown: 5s
# =============================================================================
# Network Configuration (DIFFERENT ON MACOS)
# =============================================================================
# On macOS with vz, network is handled automatically via NAT:
# - VMs get IP addresses from 192.168.64.0/24 via DHCP
# - No TAP devices, bridges, or iptables needed
# - The following settings are IGNORED on macOS:
# network.bridge_name, subnet_cidr, subnet_gateway, uplink_interface
network:
dns_server: 8.8.8.8
# =============================================================================
# Logging
# =============================================================================
logging:
level: debug
# =============================================================================
# Images
# =============================================================================
# images:
# auto_delete:
# enabled: false # server-wide automatic deletion of cached converted images
# unused_for: 720h # delete only after no instances or snapshots reference the image for this long
# allowed: # safety gate: only delete repositories matching one of these patterns
# - docker.io/library/* # match normalized repository names
# - ghcr.io/kernel/* # use ["*"] to allow deletion for every repository
# # only affects data_dir/images, not the shared OCI cache
# =============================================================================
# Caddy / Ingress Configuration
# =============================================================================
caddy:
listen_address: 0.0.0.0
admin_address: 127.0.0.1
admin_port: 2019
# Note: 5353 is used by mDNSResponder (Bonjour) on macOS, using 5354 instead
internal_dns_port: 5354
stop_on_shutdown: false
# =============================================================================
# Build System Configuration
# =============================================================================
# For builds on macOS with vz, the registry URL needs to be accessible from
# NAT VMs. Since vz uses 192.168.64.0/24 for NAT, the host is at 192.168.64.1.
#
# IMPORTANT: "host.docker.internal" does NOT work in vz VMs - that's a Docker
# Desktop-specific hostname. Use the NAT gateway IP instead.
registry:
url: 192.168.64.1:8080
insecure: true
build:
# builder_image: "" # empty (default) = built from Dockerfile on first run
docker_socket: /var/run/docker.sock
max_concurrent_source_builds: 2
timeout: 600
# =============================================================================
# Resource Limits (same as Linux)
# =============================================================================
limits:
max_vcpus_per_instance: 4
max_memory_per_instance: 8GB
# max_total_volume_storage: "" # 0 or empty = unlimited
# =============================================================================
# OpenTelemetry (optional, same as Linux)
# =============================================================================
# metrics:
# listen_address: 127.0.0.1
# port: 9464
# vm_label_budget: 200
# resource_refresh_interval: 120s
#
# otel:
# enabled: false
# endpoint: 127.0.0.1:4317
# service_name: hypeman
# insecure: true
# metric_export_interval: 60s
# env: dev
# =============================================================================
# TLS / ACME Configuration (same as Linux)
# =============================================================================
# acme:
# email: admin@example.com
# dns_provider: cloudflare
# allowed_domains: "*.example.com"
# cloudflare_api_token: ""
# =============================================================================
# macOS Limitations
# =============================================================================
# The following features are NOT AVAILABLE on macOS:
#
# 1. GPU Passthrough (VFIO, mdev)
# - gpu.profile_cache_ttl is ignored
# - Device registration/binding will fail
#
# 2. Network Rate Limiting
# - network.upload_burst_multiplier, download_burst_multiplier are ignored
# - No tc/HTB equivalent on macOS
#
# 3. CPU/Memory Hotplug
# - Resize operations not supported
#
# 4. Disk I/O Limiting
# - capacity.disk_io, oversubscription.disk_io are ignored
#
# 5. Snapshots (requires macOS 14+ on Apple Silicon)
# - SaveMachineStateToPath/RestoreMachineStateFromURL require macOS 14+
# - Only supported on ARM64 (Apple Silicon) Macs