feat: make config file a stable feature

2026-05-25 13:40:14 +00:00 · 2026-05-24 20:27:55 +03:00
parent 3f584ca741
commit 748768d071
3 changed files with 71 additions and 12 deletions
@@ -7,7 +7,9 @@ TINYAUTH_APPURL=

 # database config

-# The path to the database, including file name.
+# The database driver to use. Valid values: sqlite, memory.
+TINYAUTH_DATABASE_DRIVER="sqlite"
+# The path to the SQLite database, including file name. Only used when driver is sqlite.
 TINYAUTH_DATABASE_PATH="./tinyauth.db"

 # analytics config
@@ -30,6 +32,8 @@ TINYAUTH_SERVER_PORT=3000
 TINYAUTH_SERVER_ADDRESS="0.0.0.0"
 # The path to the Unix socket.
 TINYAUTH_SERVER_SOCKETPATH=
+# Enable listening on both TCP and Unix socket at the same time.
+TINYAUTH_SERVER_CONCURRENTLISTENERSENABLED=false

 # auth config

@@ -37,8 +41,52 @@ TINYAUTH_SERVER_SOCKETPATH=
 TINYAUTH_AUTH_IP_ALLOW=
 # List of blocked IPs or CIDR ranges.
 TINYAUTH_AUTH_IP_BLOCK=
+# List of IPs or CIDR ranges that bypass authentication entirely.
+TINYAUTH_AUTH_IP_BYPASS=
 # Comma-separated list of users (username:hashed_password).
 TINYAUTH_AUTH_USERS=
+# Enable subdomains support.
+TINYAUTH_AUTH_SUBDOMAINSENABLED=true
+# Full name of the user.
+TINYAUTH_AUTH_USERATTRIBUTES_name_NAME=
+# Given (first) name of the user.
+TINYAUTH_AUTH_USERATTRIBUTES_name_GIVENNAME=
+# Family (last) name of the user.
+TINYAUTH_AUTH_USERATTRIBUTES_name_FAMILYNAME=
+# Middle name of the user.
+TINYAUTH_AUTH_USERATTRIBUTES_name_MIDDLENAME=
+# Nickname of the user.
+TINYAUTH_AUTH_USERATTRIBUTES_name_NICKNAME=
+# URL of the user's profile page.
+TINYAUTH_AUTH_USERATTRIBUTES_name_PROFILE=
+# URL of the user's profile picture.
+TINYAUTH_AUTH_USERATTRIBUTES_name_PICTURE=
+# URL of the user's website.
+TINYAUTH_AUTH_USERATTRIBUTES_name_WEBSITE=
+# Email address of the user.
+TINYAUTH_AUTH_USERATTRIBUTES_name_EMAIL=
+# Gender of the user.
+TINYAUTH_AUTH_USERATTRIBUTES_name_GENDER=
+# Birthdate of the user (YYYY-MM-DD).
+TINYAUTH_AUTH_USERATTRIBUTES_name_BIRTHDATE=
+# Time zone of the user (e.g. Europe/Athens).
+TINYAUTH_AUTH_USERATTRIBUTES_name_ZONEINFO=
+# Locale of the user (e.g. en-US).
+TINYAUTH_AUTH_USERATTRIBUTES_name_LOCALE=
+# Phone number of the user.
+TINYAUTH_AUTH_USERATTRIBUTES_name_PHONENUMBER=
+# Full mailing address, formatted for display.
+TINYAUTH_AUTH_USERATTRIBUTES_name_ADDRESS_FORMATTED=
+# Street address.
+TINYAUTH_AUTH_USERATTRIBUTES_name_ADDRESS_STREETADDRESS=
+# City or locality.
+TINYAUTH_AUTH_USERATTRIBUTES_name_ADDRESS_LOCALITY=
+# State, province, or region.
+TINYAUTH_AUTH_USERATTRIBUTES_name_ADDRESS_REGION=
+# Zip or postal code.
+TINYAUTH_AUTH_USERATTRIBUTES_name_ADDRESS_POSTALCODE=
+# Country.
+TINYAUTH_AUTH_USERATTRIBUTES_name_ADDRESS_COUNTRY=
 # Path to the users file.
 TINYAUTH_AUTH_USERSFILE=
 # Enable secure cookies.
@@ -53,6 +101,8 @@ TINYAUTH_AUTH_LOGINTIMEOUT=300
 TINYAUTH_AUTH_LOGINMAXRETRIES=3
 # Comma-separated list of trusted proxy addresses.
 TINYAUTH_AUTH_TRUSTEDPROXIES=
+# ACL policy for allow-by-default or deny-by-default, available options are allow and deny, default is allow.
+TINYAUTH_AUTH_ACLS_POLICY="allow"

 # apps config

@@ -164,6 +214,8 @@ TINYAUTH_LDAP_AUTHCERT=
 TINYAUTH_LDAP_AUTHKEY=
 # Cache duration for LDAP group membership in seconds.
 TINYAUTH_LDAP_GROUPCACHETTL=900
+# Label provider to use for ACLs (auto, docker, kubernetes or none to disable). auto detects the environment.
+TINYAUTH_LABELPROVIDER="auto"

 # log config

@@ -183,3 +235,16 @@ TINYAUTH_LOG_STREAMS_APP_LEVEL=
 TINYAUTH_LOG_STREAMS_AUDIT_ENABLED=false
 # Log level for this stream. Use global if empty.
 TINYAUTH_LOG_STREAMS_AUDIT_LEVEL=
+
+# tailscale config
+
+# Enable Tailscale integration.
+TINYAUTH_TAILSCALE_ENABLED=false
+# Tailscale state directory.
+TINYAUTH_TAILSCALE_DIR="./tailscale_state"
+# Tailscale hostname.
+TINYAUTH_TAILSCALE_HOSTNAME=
+# Tailscale auth key.
+TINYAUTH_TAILSCALE_AUTHKEY=
+# Use ephemeral Tailscale node.
+TINYAUTH_TAILSCALE_EPHEMERAL=false
@@ -62,9 +62,6 @@ func NewDefaultConfiguration() *Config {
 			PrivateKeyPath: "./tinyauth_oidc_key",
 			PublicKeyPath:  "./tinyauth_oidc_key.pub",
 		},
-		Experimental: ExperimentalConfig{
-			ConfigFile: "",
-		},
 		Tailscale: TailscaleConfig{
 			Dir: "./tailscale_state",
 		},
@@ -88,6 +85,7 @@ type Config struct {
 	LabelProvider string             `description:"Label provider to use for ACLs (auto, docker, kubernetes or none to disable). auto detects the environment." yaml:"labelProvider"`
 	Log           LogConfig          `description:"Logging configuration." yaml:"log"`
 	Tailscale     TailscaleConfig    `description:"Tailscale configuration." yaml:"tailscale"`
+	ConfigFile    string             `description:"Path to config file." yaml:"-"`
 }

 type DatabaseConfig struct {
@@ -208,9 +206,8 @@ type LogStreamConfig struct {
 	Level   string `description:"Log level for this stream. Use global if empty." yaml:"level"`
 }

-type ExperimentalConfig struct {
-	ConfigFile string `description:"Path to config file." yaml:"-"`
-}
+// no experimental features
+type ExperimentalConfig struct{}

 type TailscaleConfig struct {
 	Enabled   bool   `description:"Enable Tailscale integration." yaml:"enabled"`
@@ -3,7 +3,6 @@ package loaders
 import (
 	"os"

-	"github.com/rs/zerolog/log"
 	"github.com/tinyauthapp/paerser/cli"
 	"github.com/tinyauthapp/paerser/file"
 	"github.com/tinyauthapp/paerser/flag"
@@ -19,8 +18,8 @@ func (f *FileLoader) Load(args []string, cmd *cli.Command) (bool, error) {
 	}

 	// I guess we are using traefik as the root name (we can't change it)
-	configFileFlag := "traefik.experimental.configfile"
-	envVar := "TINYAUTH_EXPERIMENTAL_CONFIGFILE"
+	configFileFlag := "traefik.configfile"
+	envVar := "TINYAUTH_CONFIGFILE"

 	if _, ok := flags[configFileFlag]; !ok {
 		if value := os.Getenv(envVar); value != "" {
@@ -30,8 +29,6 @@ func (f *FileLoader) Load(args []string, cmd *cli.Command) (bool, error) {
 		}
 	}

-	log.Warn().Msg("Using experimental file config loader, this feature is experimental and may change or be removed in future releases")
-
 	err = file.Decode(flags[configFileFlag], cmd.Configuration)

 	if err != nil {