diff --git a/config/config.go b/config/config.go index 50b70b1..3addf44 100644 --- a/config/config.go +++ b/config/config.go @@ -31,12 +31,12 @@ type ConfigGeneral struct { PublicPort *int `toml:"public_port"` // File to write structured logs to (structured being formatted as json) // If not set, Linstrom won't write structured logs - StructuredLogFile *string + StructuredLogFile *string `toml:"structured_log_file"` } type ConfigWebAuthn struct { - DisplayName string `toml:"display_name"` - HashingSecret string `toml:"hashing_secret"` + DisplayName string `toml:"display_name"` + // HashingSecret string `toml:"hashing_secret"` } type ConfigAdmin struct { @@ -60,9 +60,9 @@ type ConfigStorage struct { // The maximum size of the in-memory cache in bytes MaxInMemoryCacheSize int64 `toml:"max_in_memory_cache_size"` // The time to live for in app in memory cache items, in seconds - MaxInMemoryCacheTTL int + MaxInMemoryCacheTTL int `toml:"max_in_memory_cache_ttl"` // The time to live for items in redis, in seconds - MaxRedisCacheTTL *int + MaxRedisCacheTTL *int `toml:"max_redis_cache_ttl"` } type ConfigMail struct { @@ -90,11 +90,12 @@ var GlobalConfig Config var defaultConfig Config = Config{ General: ConfigGeneral{ - Protocol: "http", - Subdomain: nil, - Domain: "localhost", - PrivatePort: 8080, - PublicPort: nil, + Protocol: "http", + Subdomain: nil, + Domain: "localhost", + PrivatePort: 8080, + PublicPort: nil, + StructuredLogFile: nil, }, SSL: ConfigSSL{ HandleSSL: false, @@ -107,8 +108,8 @@ var defaultConfig Config = Config{ FirstTimeSetupOTP: "Example otp password", }, Webauthn: ConfigWebAuthn{ - DisplayName: "Linstrom", - HashingSecret: "some super secure secret that should never be changed or else password storage breaks", + DisplayName: "Linstrom", + // HashingSecret: "some super secure secret that should never be changed or else password storage breaks", }, Storage: ConfigStorage{ Host: "localhost", @@ -123,6 +124,17 @@ var defaultConfig Config = Config{ MaxInMemoryCacheTTL: 5, MaxRedisCacheTTL: nil, }, + Mail: ConfigMail{ + Host: "localhost", + Port: 587, + Username: "linstrom", + Password: "linstrom", + KeepAliveOverwrite: nil, + EncryptionOverwrite: nil, + ConnectTimeoutSecondsOverwrite: nil, + SendTimeoutSecondsOverwrite: nil, + TemplateOverwriteDirectory: nil, + }, } func (gc *ConfigGeneral) GetFullDomain() string { diff --git a/example_config.toml b/example_config.toml index 388f00d..4cc3d7b 100644 --- a/example_config.toml +++ b/example_config.toml @@ -1,76 +1,78 @@ -# General information for the server, primarely domain and port [general] -# The domain the server operates under -domain = "localhost" + # The protocol the server is reachable at from public + protocol = "http" + # The domain the server is reachable at from public + domain = "localhost" + # The subdomain where the server can be found. Can be not set + # subdomain = "example" + # The port under which the server itself runs. May not be the public port + private_port = 8080 + # The port under which the server is accessible from public, usually 443 or 80 + # public_port = 443 + # Log file to write a machine readable version (json) of logs into. Can be not set + # structured_log_file = "log.txt" -# The full domain to connect to the server, excluding port -full_domain = "http://localhost" - -# The port the server is accessed from by the public, usually 80 or 443 -public_port = 8080 - -# The port the server actually operates under -# This is where for example nginx or Traeffik should connect to -private_port = 8080 - -# How the server should handle SSL (for https) [ssl] -# Whether the server should handle SSL itself -# Recommended to be false if behind a reverse proxy like nginx or Traeffik -handle_ssl = false + # Whether the server should handle ssl itself + handle_ssl = false + # Whether to use letsEncrypt for obtaining ssl certificates + # use_lets_encrypt=true + # Location of the certificate file if not using lets encrypt + # certificate_file = "/path/to/certificate" + # Admin email adress to use for lets encrypt + # admin_mail = "admin@example.com" -# Required if handle_ssl is true -# Whether the server should use Lets Encrypt for getting the certificate -# use_lets_encrypt = true - -# Required if use_lets_encrypt is false -# The certificate file to use for SSL -# certificate_file = some-certificate.pim - -# Required if use_lets_encrypt is true -# The admin mail for Lets Encrypt to send certificate infos to -# admin_mail = "admin@example.com" - -# Login details for the root admin account [admin] -username = "admin" -# Empty password hash means no password set -# TODO: Include used hashing algorithm -password_hash = "" + # The username of the root admin account + username = "server-admin" + # First time password for initial setup. + # Only used once after first run to verify that the person accessing the admin is supposed to do so + first_time_setup_otp = "Example otp password" + +[webauthn] + # Display name of the server while registering with a passkey + display_name = "Linstrom" -# Where to find the db and what type it is [storage] -# If the uri points to a postgres db or not (sqlite otherwise) -is_postgres = false -# The uri for the db. A filepath for sqlite, postgres url otherwise -uri = "db.sqlite" + # Host domain or ip where the postgres db is located + host = "localhost" + # Username to log into the postgres db + username = "linstrom" + # Password for the given username + password = "linstrom" + # The name of the database inside postgres + db_name = "linstrom" + # The port where the postgres db is located + port = 5432 + # The ssl mode to use while connecting to postgres. May be empty + ssl_mode = "disable" + # What timezone to use for times. May be empty + time_zone = "Europe/Berlin" + # The maximum size of the in memory cache, in bytes. 1_000_000 is one megabyte + max_in_memory_cache_size = 1_000_000 + # The maximum time entries in the in-memory cache stay in there, in seconds + MaxInMemoryCacheTTL = 5 + # The url to a redis server to use as secondary cache (after the internal in-memory one) + # redis_url = "some-redis-url" + # The maximum amount of seconds entries may stay in the redis cache + # max_redis_cache_ttl = 10 -# Details for the mail server to use for sending stuff -# TODO: Extend if server uses multiple accoutns later [mail] -host = "smtp.example.com" -port = 587 -username = "noreply@example.com" -password = "example" - -# Overwrite the used encryption method -# Defaults to StartTLS -# TODO: Include all options here -# encryption_overwrite = "StartTLS" - -# Overwrite whether the server should keep the connection alive constantly -# Default is false -# keep_alive_overwrite = false - -# Overwrite the amount of seconds before the connection times out -# Default is 10 -# connection_timeout_seconds_overwrite = 10 - -# Overwrite the amount of seconds before a mail send times out -# Default is 10 -# send_timeout_seconds_overwrite = 10 - -# Overwrite the templates used for creating mails -# Defaults to built-in one if no matching name for an action is found -# TODO: Include all names for the various actions -# template_directory_overwrite = "templates" + # The ip or domain of the smtp server for sending mail + host = "localhost" + # The port under which the smtp server is reachable + port = 587 + # The username to use for authentication with the smtp server + username = "linstrom" + # The password associated with the username + password = "linstrom" + # Overwrite the encryption to use while sending mails + # encryption_overwrite = "STARTTLS" + # Overwrite whether to keep connections to the smtp server alive for future use + # keep_alive_overwrite = true + # Overwrite the timeout duration for connecting to the smtp server + # connect_timeout_seconds_overwrite = 30 + # Overwrite the timeout duration for sending a mail + # send_timeout_seconds_overwrite = 30 + # Overwrite the location of email template files to use custom ones + # template_overwrite_directory = "/path/to/some/directory"