1 files changed, 45 insertions, 0 deletions

diff --git a/app/config.go b/app/config.go
new file mode 100644
index 0000000..2ffd0cb
--- /dev/null
+++ b/app/config.go
@@ -0,0 +1,45 @@
+package app
+
+import "time"
+
+type Config struct {
+        Bind                     []string      `flag:"bind" flag-scope:"web" flag-help:"Addresses and ports to bind http server"`
+        Debug                    bool          `flag:"debug" flag-help:"Enable debug mode"`
+        MongoDbUri               string        `flag:"mongodb-uri" flag-scope:"web,register" flag-help:"URI for connection to mongodb"`
+        DisableBackgroundJobs    bool          `flag:"disable-bg-jobs" flag-scope:"web" flag-help:"Disable background jobs and only serve web pages"`
+        Hostnames                []string      `flag:"hostname" flag-scope:"web" flag-help:"Hostname this server serves (can be specified multiple times)"`
+        TrustedIPRanges          []string      `flag:"trusted-ip-ranges" flag-scope:"web" flag-help:"Comma separated list of IP ranges for trusted XFF proxies"`
+        DNSApiKeyVaultPath       string        `flag:"dns-api-vault-path" flag-scope:"web" flag-help:"Vault material for DNS API key"`
+        AutocertEmail            string        `flag:"autocert-email" flag-scope:"web" flag-help:"Autocert notification email"`
+        AutocertHost             string        `flag:"autocert-host" flag-scope:"web" flag-help:"Autocert service url"`
+        NetboxHost               string        `flag:"netbox-host" flag-scope:"web" flag-help:"Netbox service url"`
+        NetboxApiKeyVaultPath    string        `flag:"netbox-api-vault-path" flag-scope:"web" flag-help:"Vault material path for Netbox API key"`
+        CookieKeyPath            string        `flag:"cookie-key-path" flag-scope:"web" flag-help:"Vault material path for cookie encryption key"`
+        SSHCAKeyPath             string        `flag:"ssh-ca-key-path" flag-scope:"web" flag-help:"Vault material path for SSH CA key"`
+        SSHCertificateExpiration time.Duration `flag:"ssh-cert-expire" flag-scope:"web" flag-help:"Lifetime duration of signed SSH certificates"`
+        OauthRPName              string        `flag:"oauth-rp-name" flag-scope:"web" flag-help:"Name of Oauth2 relying party for auth"`
+        OauthDevicePollSecs      int           `flag:"oauth-device-poll-secs" flag-scope:"web" flag-help:"Number of seconds between polls for oauth device flow"`
+        OauthSessionTimeout      time.Duration `flag:"oauth-session-timelut" flag-scope:"web" flag-help:"Timeout before oauth session expires"`
+        InviteTimeout            time.Duration `flag:"invite-timeout" flag-scope:"register" flag-help:"Timeout before inivitation code expires"`
+}
+
+var DefaultConfig = &Config{
+        Bind:                     []string{":8069"},
+        Debug:                    false,
+        MongoDbUri:               "ssh-proxy-prod@mongodb.sea4.crute.me/ssh-proxy-prod",
+        DisableBackgroundJobs:    false,
+        Hostnames:                []string{"ssh-proxy.crute.me"},
+        TrustedIPRanges:          []string{"172.19.0.0/22", "2602:803:4072::/48"},
+        DNSApiKeyVaultPath:       "service/ssh-proxy/dns-api-key",
+        AutocertEmail:            "letsencrypt-certs@pomonaconsulting.com",
+        AutocertHost:             "https://dns-manage.crute.me/acmev2",
+        NetboxHost:               "https://netbox.crute.me",
+        NetboxApiKeyVaultPath:    "infra/netbox-readonly",
+        CookieKeyPath:            "service/ssh-proxy/cookie-key",
+        SSHCAKeyPath:             "service/ssh-proxy/ssh-ca-key",
+        SSHCertificateExpiration: time.Minute,
+        OauthRPName:              "Crute SSH Proxy",
+        OauthDevicePollSecs:      5,
+        OauthSessionTimeout:      5 * time.Minute,
+        InviteTimeout:            1 * time.Hour,
+}