app/config.go


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45

package app

import "time"

type Config struct {
	Bind                     []string      `flag:"bind" flag-scope:"web" flag-help:"Addresses and ports to bind http server"`
	Debug                    bool          `flag:"debug" flag-help:"Enable debug mode"`
	MongoDbUri               string        `flag:"mongodb-uri" flag-scope:"web,register" flag-help:"URI for connection to mongodb"`
	DisableBackgroundJobs    bool          `flag:"disable-bg-jobs" flag-scope:"web" flag-help:"Disable background jobs and only serve web pages"`
	Hostnames                []string      `flag:"hostname" flag-scope:"web" flag-help:"Hostname this server serves (can be specified multiple times)"`
	TrustedIPRanges          []string      `flag:"trusted-ip-ranges" flag-scope:"web" flag-help:"Comma separated list of IP ranges for trusted XFF proxies"`
	DNSApiKeyVaultPath       string        `flag:"dns-api-vault-path" flag-scope:"web" flag-help:"Vault material for DNS API key"`
	AutocertEmail            string        `flag:"autocert-email" flag-scope:"web" flag-help:"Autocert notification email"`
	AutocertHost             string        `flag:"autocert-host" flag-scope:"web" flag-help:"Autocert service url"`
	NetboxHost               string        `flag:"netbox-host" flag-scope:"web" flag-help:"Netbox service url"`
	NetboxApiKeyVaultPath    string        `flag:"netbox-api-vault-path" flag-scope:"web" flag-help:"Vault material path for Netbox API key"`
	CookieKeyPath            string        `flag:"cookie-key-path" flag-scope:"web" flag-help:"Vault material path for cookie encryption key"`
	SSHCAKeyPath             string        `flag:"ssh-ca-key-path" flag-scope:"web" flag-help:"Vault material path for SSH CA key"`
	SSHCertificateExpiration time.Duration `flag:"ssh-cert-expire" flag-scope:"web" flag-help:"Lifetime duration of signed SSH certificates"`
	OauthRPName              string        `flag:"oauth-rp-name" flag-scope:"web" flag-help:"Name of Oauth2 relying party for auth"`
	OauthDevicePollSecs      int           `flag:"oauth-device-poll-secs" flag-scope:"web" flag-help:"Number of seconds between polls for oauth device flow"`
	OauthSessionTimeout      time.Duration `flag:"oauth-session-timelut" flag-scope:"web" flag-help:"Timeout before oauth session expires"`
	InviteTimeout            time.Duration `flag:"invite-timeout" flag-scope:"register" flag-help:"Timeout before inivitation code expires"`
}

var DefaultConfig = &Config{
	Bind:                     []string{":8069"},
	Debug:                    false,
	MongoDbUri:               "ssh-proxy-prod@mongodb.sea4.crute.me/ssh-proxy-prod",
	DisableBackgroundJobs:    false,
	Hostnames:                []string{"ssh-proxy.crute.me"},
	TrustedIPRanges:          []string{"172.19.0.0/22", "2602:803:4072::/48"},
	DNSApiKeyVaultPath:       "service/ssh-proxy/dns-api-key",
	AutocertEmail:            "letsencrypt-certs@pomonaconsulting.com",
	AutocertHost:             "https://dns-manage.crute.me/acmev2",
	NetboxHost:               "https://netbox.crute.me",
	NetboxApiKeyVaultPath:    "infra/netbox-readonly",
	CookieKeyPath:            "service/ssh-proxy/cookie-key",
	SSHCAKeyPath:             "service/ssh-proxy/ssh-ca-key",
	SSHCertificateExpiration: time.Minute,
	OauthRPName:              "Crute SSH Proxy",
	OauthDevicePollSecs:      5,
	OauthSessionTimeout:      5 * time.Minute,
	InviteTimeout:            1 * time.Hour,
}