Add TLS config, some other DB options and other misc stuff
This commit is contained in:
parent
e2749b36e5
commit
0d9fb474d7
3 changed files with 76 additions and 6 deletions
|
|
@ -10,6 +10,18 @@ type Config struct {
|
|||
// Default: 9911
|
||||
Port int `yaml:"port"`
|
||||
|
||||
// TLS configuration
|
||||
TLS struct {
|
||||
// Whether to enable TLS
|
||||
Enabled bool `yaml:"enabled"`
|
||||
|
||||
// Path to the certificate file
|
||||
Certificate string `yaml:"certificate"`
|
||||
|
||||
// Path to the key file
|
||||
Key string `yaml:"key"`
|
||||
} `yaml:"tls"`
|
||||
|
||||
// Database configuration
|
||||
Database struct {
|
||||
// Database name
|
||||
|
|
@ -23,6 +35,12 @@ type Config struct {
|
|||
|
||||
// Database host
|
||||
Host string `yaml:"host"`
|
||||
|
||||
// Database port
|
||||
Port int `yaml:"port"`
|
||||
|
||||
// SSL mode
|
||||
SSLMode string `yaml:"sslMode"`
|
||||
} `yaml:"database"`
|
||||
|
||||
// Content configuration
|
||||
|
|
@ -36,6 +54,10 @@ type Config struct {
|
|||
// Whether to allow anonymous read access
|
||||
AllowAnonymousRead bool `yaml:"allowAnonymousRead"`
|
||||
|
||||
// Whether logging in with an external account creates a new account
|
||||
// Default: true
|
||||
LoginCreatesUser bool `yaml:"loginCreatesUser"`
|
||||
|
||||
// Whether to disable username/password authentication
|
||||
DisableUsernamePassword bool `yaml:"disableUsernamePassword"`
|
||||
|
||||
|
|
|
|||
|
|
@ -28,6 +28,24 @@ func ParseConfig(path string) (*Config, error) {
|
|||
}
|
||||
c.Server.Port = int(port)
|
||||
|
||||
// Parse TLS info
|
||||
tlsEnabled, _ := p.GetBool("server", "TLSEnabled")
|
||||
c.Server.TLS.Enabled = tlsEnabled
|
||||
|
||||
if tlsEnabled {
|
||||
tlsCertFile, err := p.Get("server", "TLSCertificate")
|
||||
if err != nil {
|
||||
return nil, errors.Wrap(err, "TLSCertificate must be set if TLSEnabled is true")
|
||||
}
|
||||
c.Server.TLS.Certificate = tlsCertFile
|
||||
|
||||
tlsKeyFile, err := p.Get("server", "TLSKey")
|
||||
if err != nil {
|
||||
return nil, errors.Wrap(err, "TLSKey must be set if TLSEnabled is true")
|
||||
}
|
||||
c.Server.TLS.Key = tlsKeyFile
|
||||
}
|
||||
|
||||
// Parse db info
|
||||
dbName, err := p.Get("server", "DBName")
|
||||
if err != nil {
|
||||
|
|
@ -53,6 +71,18 @@ func ParseConfig(path string) (*Config, error) {
|
|||
}
|
||||
c.Server.Database.Host = dbHost
|
||||
|
||||
dbPort, err := p.GetInt64("server", "DBPort")
|
||||
if err != nil {
|
||||
dbPort = 5432
|
||||
}
|
||||
c.Server.Database.Port = int(dbPort)
|
||||
|
||||
dbSSLMode, err := p.Get("server", "DBSSLMode")
|
||||
if err != nil {
|
||||
dbSSLMode = "require"
|
||||
}
|
||||
c.Server.Database.SSLMode = dbSSLMode
|
||||
|
||||
// Parse content info
|
||||
contentDir, err := p.Get("server", "ContentDir")
|
||||
if err != nil {
|
||||
|
|
@ -64,6 +94,12 @@ func ParseConfig(path string) (*Config, error) {
|
|||
allowAnonRead, _ := p.GetBool("server", "AllowAnonymousRead")
|
||||
c.Server.Authentication.AllowAnonymousRead = allowAnonRead
|
||||
|
||||
loginCreatesUser, err := p.GetBool("server", "LoginCreatesUser")
|
||||
if err != nil {
|
||||
loginCreatesUser = true
|
||||
}
|
||||
c.Server.Authentication.LoginCreatesUser = loginCreatesUser
|
||||
|
||||
disableUsernamePassword, _ := p.GetBool("server", "DisableUsernamePasswordAuth")
|
||||
c.Server.Authentication.DisableUsernamePassword = disableUsernamePassword
|
||||
|
||||
|
|
@ -156,7 +192,7 @@ func ParseConfig(path string) (*Config, error) {
|
|||
}
|
||||
|
||||
// Parse Koji compatibility info
|
||||
kojiCompatEnabled, err := p.GetBool("server", "KojiEnabled")
|
||||
kojiCompatEnabled, _ := p.GetBool("server", "KojiEnabled")
|
||||
c.Server.KojiCompat.Enabled = kojiCompatEnabled
|
||||
|
||||
if kojiCompatEnabled {
|
||||
|
|
|
|||
|
|
@ -1,25 +1,34 @@
|
|||
[server]
|
||||
SelfUrl = http://peridotdev.local:9911
|
||||
Port = 9911
|
||||
TLSEnabled = true
|
||||
TLSCertificate = .local/cert.pem
|
||||
TLSKey = .local/cert.key
|
||||
|
||||
# Database
|
||||
DBName = peridot2dev
|
||||
DBUser = postgres
|
||||
DBPass = postgres
|
||||
DBHost = localhost
|
||||
DBSSLMode = disable
|
||||
|
||||
# Content
|
||||
ContentDir = /usr/local/peridot/content
|
||||
|
||||
# Auth
|
||||
AllowAnonymousRead = true
|
||||
AllowAnonymousRead = false
|
||||
LoginCreatesUser = true
|
||||
|
||||
# DisableUsernamePasswordAuth = true
|
||||
|
||||
KerberosAuthEnabled = true
|
||||
KerberosKeytab = .local/pdot2.keytab
|
||||
KerberosPrincipal = service/peridot2@PERIDOTDEV.LOCAL
|
||||
KerberosAllowedRealms = PERIDOTDEV.LOCAL # Comma separated list of allowed realms
|
||||
# KerberosPrincipal MUST correspond to the SelfUrl
|
||||
# If SelfUrl is http://peridotdev.local:9911, then the principal should be
|
||||
# HTTP/peridotdev.local@REALM
|
||||
KerberosPrincipal = HTTP/peridotdev.local@PERIDOTDEV.LOCAL
|
||||
# Comma separated list of allowed realms
|
||||
KerberosAllowedRealms = PERIDOTDEV.LOCAL
|
||||
KerberosHostPrincipalFormat = compile/%s@PERIDOTDEV.LOCAL
|
||||
|
||||
# SSLAuthEnabled = true
|
||||
|
|
@ -31,7 +40,10 @@ KerberosHostPrincipalFormat = compile/%s@PERIDOTDEV.LOCAL
|
|||
# OIDCIssuer = http://localhost:8080/auth/realms/peridot
|
||||
# OIDCClientID = peridot2
|
||||
# OIDCClientSecret = secret
|
||||
# OIDCScopes = openid,profile,email # Comma separated list of scopes, default is openid,profile,email
|
||||
# Comma separated list of scopes, default is openid,profile,email
|
||||
# OIDCScopes = openid,profile,email
|
||||
|
||||
# Koji compatibility
|
||||
KojiEnabled = true # If this is set to true, then either Kerberos or SSL must be one of the auth methods enabled
|
||||
# If this is set to true, then either Kerberos or SSL must be one of the auth methods enabled
|
||||
KojiEnabled = true
|
||||
KojiPath = /kojihub
|
||||
|
|
|
|||
Loading…
Reference in a new issue