1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
|
package app
import "time"
type Config struct {
Bind []string `flag:"bind" flag-scope:"web" flag-help:"Addresses and ports to bind http server"`
Debug bool `flag:"debug" flag-help:"Enable debug mode"`
MongoDbUri string `flag:"mongodb-uri" flag-scope:"web,register" flag-help:"URI for connection to mongodb"`
DisableBackgroundJobs bool `flag:"disable-bg-jobs" flag-scope:"web" flag-help:"Disable background jobs and only serve web pages"`
Hostnames []string `flag:"hostname" flag-scope:"web" flag-help:"Hostname this server serves (can be specified multiple times)"`
TrustedIPRanges []string `flag:"trusted-ip-ranges" flag-scope:"web" flag-help:"Comma separated list of IP ranges for trusted XFF proxies"`
DNSApiKeyVaultPath string `flag:"dns-api-vault-path" flag-scope:"web" flag-help:"Vault material for DNS API key"`
AutocertEmail string `flag:"autocert-email" flag-scope:"web" flag-help:"Autocert notification email"`
AutocertHost string `flag:"autocert-host" flag-scope:"web" flag-help:"Autocert service url"`
NetboxHost string `flag:"netbox-host" flag-scope:"web" flag-help:"Netbox service url"`
NetboxApiKeyVaultPath string `flag:"netbox-api-vault-path" flag-scope:"web" flag-help:"Vault material path for Netbox API key"`
CookieKeyPath string `flag:"cookie-key-path" flag-scope:"web" flag-help:"Vault material path for cookie encryption key"`
SSHCAKeyPath string `flag:"ssh-ca-key-path" flag-scope:"web" flag-help:"Vault material path for SSH CA key"`
SSHCertificateExpiration time.Duration `flag:"ssh-cert-expire" flag-scope:"web" flag-help:"Lifetime duration of signed SSH certificates"`
OauthRPName string `flag:"oauth-rp-name" flag-scope:"web" flag-help:"Name of Oauth2 relying party for auth"`
OauthDevicePollSecs int `flag:"oauth-device-poll-secs" flag-scope:"web" flag-help:"Number of seconds between polls for oauth device flow"`
OauthSessionTimeout time.Duration `flag:"oauth-session-timelut" flag-scope:"web" flag-help:"Timeout before oauth session expires"`
InviteTimeout time.Duration `flag:"invite-timeout" flag-scope:"register" flag-help:"Timeout before inivitation code expires"`
}
var DefaultConfig = &Config{
Bind: []string{":8069"},
Debug: false,
MongoDbUri: "ssh-proxy-prod@mongodb.sea4.crute.me/ssh-proxy-prod",
DisableBackgroundJobs: false,
Hostnames: []string{"ssh-proxy.crute.me"},
TrustedIPRanges: []string{"172.19.0.0/22", "2602:803:4072::/48"},
DNSApiKeyVaultPath: "service/ssh-proxy/dns-api-key",
AutocertEmail: "letsencrypt-certs@pomonaconsulting.com",
AutocertHost: "https://dns-manage.crute.me/acmev2",
NetboxHost: "https://netbox.crute.me",
NetboxApiKeyVaultPath: "infra/netbox-readonly",
CookieKeyPath: "service/ssh-proxy/cookie-key",
SSHCAKeyPath: "service/ssh-proxy/ssh-ca-key",
SSHCertificateExpiration: time.Minute,
OauthRPName: "Crute SSH Proxy",
OauthDevicePollSecs: 5,
OauthSessionTimeout: 5 * time.Minute,
InviteTimeout: 1 * time.Hour,
}
|