diff options
Diffstat (limited to 'app/config.go')
-rw-r--r-- | app/config.go | 45 |
1 files changed, 45 insertions, 0 deletions
diff --git a/app/config.go b/app/config.go new file mode 100644 index 0000000..2ffd0cb --- /dev/null +++ b/app/config.go | |||
@@ -0,0 +1,45 @@ | |||
1 | package app | ||
2 | |||
3 | import "time" | ||
4 | |||
5 | type Config struct { | ||
6 | Bind []string `flag:"bind" flag-scope:"web" flag-help:"Addresses and ports to bind http server"` | ||
7 | Debug bool `flag:"debug" flag-help:"Enable debug mode"` | ||
8 | MongoDbUri string `flag:"mongodb-uri" flag-scope:"web,register" flag-help:"URI for connection to mongodb"` | ||
9 | DisableBackgroundJobs bool `flag:"disable-bg-jobs" flag-scope:"web" flag-help:"Disable background jobs and only serve web pages"` | ||
10 | Hostnames []string `flag:"hostname" flag-scope:"web" flag-help:"Hostname this server serves (can be specified multiple times)"` | ||
11 | TrustedIPRanges []string `flag:"trusted-ip-ranges" flag-scope:"web" flag-help:"Comma separated list of IP ranges for trusted XFF proxies"` | ||
12 | DNSApiKeyVaultPath string `flag:"dns-api-vault-path" flag-scope:"web" flag-help:"Vault material for DNS API key"` | ||
13 | AutocertEmail string `flag:"autocert-email" flag-scope:"web" flag-help:"Autocert notification email"` | ||
14 | AutocertHost string `flag:"autocert-host" flag-scope:"web" flag-help:"Autocert service url"` | ||
15 | NetboxHost string `flag:"netbox-host" flag-scope:"web" flag-help:"Netbox service url"` | ||
16 | NetboxApiKeyVaultPath string `flag:"netbox-api-vault-path" flag-scope:"web" flag-help:"Vault material path for Netbox API key"` | ||
17 | CookieKeyPath string `flag:"cookie-key-path" flag-scope:"web" flag-help:"Vault material path for cookie encryption key"` | ||
18 | SSHCAKeyPath string `flag:"ssh-ca-key-path" flag-scope:"web" flag-help:"Vault material path for SSH CA key"` | ||
19 | SSHCertificateExpiration time.Duration `flag:"ssh-cert-expire" flag-scope:"web" flag-help:"Lifetime duration of signed SSH certificates"` | ||
20 | OauthRPName string `flag:"oauth-rp-name" flag-scope:"web" flag-help:"Name of Oauth2 relying party for auth"` | ||
21 | OauthDevicePollSecs int `flag:"oauth-device-poll-secs" flag-scope:"web" flag-help:"Number of seconds between polls for oauth device flow"` | ||
22 | OauthSessionTimeout time.Duration `flag:"oauth-session-timelut" flag-scope:"web" flag-help:"Timeout before oauth session expires"` | ||
23 | InviteTimeout time.Duration `flag:"invite-timeout" flag-scope:"register" flag-help:"Timeout before inivitation code expires"` | ||
24 | } | ||
25 | |||
26 | var DefaultConfig = &Config{ | ||
27 | Bind: []string{":8069"}, | ||
28 | Debug: false, | ||
29 | MongoDbUri: "ssh-proxy-prod@mongodb.sea4.crute.me/ssh-proxy-prod", | ||
30 | DisableBackgroundJobs: false, | ||
31 | Hostnames: []string{"ssh-proxy.crute.me"}, | ||
32 | TrustedIPRanges: []string{"172.19.0.0/22", "2602:803:4072::/48"}, | ||
33 | DNSApiKeyVaultPath: "service/ssh-proxy/dns-api-key", | ||
34 | AutocertEmail: "letsencrypt-certs@pomonaconsulting.com", | ||
35 | AutocertHost: "https://dns-manage.crute.me/acmev2", | ||
36 | NetboxHost: "https://netbox.crute.me", | ||
37 | NetboxApiKeyVaultPath: "infra/netbox-readonly", | ||
38 | CookieKeyPath: "service/ssh-proxy/cookie-key", | ||
39 | SSHCAKeyPath: "service/ssh-proxy/ssh-ca-key", | ||
40 | SSHCertificateExpiration: time.Minute, | ||
41 | OauthRPName: "Crute SSH Proxy", | ||
42 | OauthDevicePollSecs: 5, | ||
43 | OauthSessionTimeout: 5 * time.Minute, | ||
44 | InviteTimeout: 1 * time.Hour, | ||
45 | } | ||