diff --git a/.env.example b/.env.example index cd29653c..ce4d5adc 100644 --- a/.env.example +++ b/.env.example @@ -7,7 +7,9 @@ TINYAUTH_APPURL= # database config -# The path to the database, including file name. +# The database driver to use. Valid values: sqlite, memory. +TINYAUTH_DATABASE_DRIVER="sqlite" +# The path to the SQLite database, including file name. Only used when driver is sqlite. TINYAUTH_DATABASE_PATH="./tinyauth.db" # analytics config @@ -30,6 +32,8 @@ TINYAUTH_SERVER_PORT=3000 TINYAUTH_SERVER_ADDRESS="0.0.0.0" # The path to the Unix socket. TINYAUTH_SERVER_SOCKETPATH= +# Enable listening on both TCP and Unix socket at the same time. +TINYAUTH_SERVER_CONCURRENTLISTENERSENABLED=false # auth config @@ -37,8 +41,52 @@ TINYAUTH_SERVER_SOCKETPATH= TINYAUTH_AUTH_IP_ALLOW= # List of blocked IPs or CIDR ranges. TINYAUTH_AUTH_IP_BLOCK= +# List of IPs or CIDR ranges that bypass authentication entirely. +TINYAUTH_AUTH_IP_BYPASS= # Comma-separated list of users (username:hashed_password). TINYAUTH_AUTH_USERS= +# Enable subdomains support. +TINYAUTH_AUTH_SUBDOMAINSENABLED=true +# Full name of the user. +TINYAUTH_AUTH_USERATTRIBUTES_name_NAME= +# Given (first) name of the user. +TINYAUTH_AUTH_USERATTRIBUTES_name_GIVENNAME= +# Family (last) name of the user. +TINYAUTH_AUTH_USERATTRIBUTES_name_FAMILYNAME= +# Middle name of the user. +TINYAUTH_AUTH_USERATTRIBUTES_name_MIDDLENAME= +# Nickname of the user. +TINYAUTH_AUTH_USERATTRIBUTES_name_NICKNAME= +# URL of the user's profile page. +TINYAUTH_AUTH_USERATTRIBUTES_name_PROFILE= +# URL of the user's profile picture. +TINYAUTH_AUTH_USERATTRIBUTES_name_PICTURE= +# URL of the user's website. +TINYAUTH_AUTH_USERATTRIBUTES_name_WEBSITE= +# Email address of the user. +TINYAUTH_AUTH_USERATTRIBUTES_name_EMAIL= +# Gender of the user. +TINYAUTH_AUTH_USERATTRIBUTES_name_GENDER= +# Birthdate of the user (YYYY-MM-DD). +TINYAUTH_AUTH_USERATTRIBUTES_name_BIRTHDATE= +# Time zone of the user (e.g. Europe/Athens). +TINYAUTH_AUTH_USERATTRIBUTES_name_ZONEINFO= +# Locale of the user (e.g. en-US). +TINYAUTH_AUTH_USERATTRIBUTES_name_LOCALE= +# Phone number of the user. +TINYAUTH_AUTH_USERATTRIBUTES_name_PHONENUMBER= +# Full mailing address, formatted for display. +TINYAUTH_AUTH_USERATTRIBUTES_name_ADDRESS_FORMATTED= +# Street address. +TINYAUTH_AUTH_USERATTRIBUTES_name_ADDRESS_STREETADDRESS= +# City or locality. +TINYAUTH_AUTH_USERATTRIBUTES_name_ADDRESS_LOCALITY= +# State, province, or region. +TINYAUTH_AUTH_USERATTRIBUTES_name_ADDRESS_REGION= +# Zip or postal code. +TINYAUTH_AUTH_USERATTRIBUTES_name_ADDRESS_POSTALCODE= +# Country. +TINYAUTH_AUTH_USERATTRIBUTES_name_ADDRESS_COUNTRY= # Path to the users file. TINYAUTH_AUTH_USERSFILE= # Enable secure cookies. @@ -53,6 +101,8 @@ TINYAUTH_AUTH_LOGINTIMEOUT=300 TINYAUTH_AUTH_LOGINMAXRETRIES=3 # Comma-separated list of trusted proxy addresses. TINYAUTH_AUTH_TRUSTEDPROXIES= +# ACL policy for allow-by-default or deny-by-default, available options are allow and deny, default is allow. +TINYAUTH_AUTH_ACLS_POLICY="allow" # apps config @@ -164,6 +214,8 @@ TINYAUTH_LDAP_AUTHCERT= TINYAUTH_LDAP_AUTHKEY= # Cache duration for LDAP group membership in seconds. TINYAUTH_LDAP_GROUPCACHETTL=900 +# Label provider to use for ACLs (auto, docker, kubernetes or none to disable). auto detects the environment. +TINYAUTH_LABELPROVIDER="auto" # log config @@ -183,3 +235,16 @@ TINYAUTH_LOG_STREAMS_APP_LEVEL= TINYAUTH_LOG_STREAMS_AUDIT_ENABLED=false # Log level for this stream. Use global if empty. TINYAUTH_LOG_STREAMS_AUDIT_LEVEL= + +# tailscale config + +# Enable Tailscale integration. +TINYAUTH_TAILSCALE_ENABLED=false +# Tailscale state directory. +TINYAUTH_TAILSCALE_DIR="./tailscale_state" +# Tailscale hostname. +TINYAUTH_TAILSCALE_HOSTNAME= +# Tailscale auth key. +TINYAUTH_TAILSCALE_AUTHKEY= +# Use ephemeral Tailscale node. +TINYAUTH_TAILSCALE_EPHEMERAL=false diff --git a/internal/model/config.go b/internal/model/config.go index 5963e431..4dffc3c8 100644 --- a/internal/model/config.go +++ b/internal/model/config.go @@ -62,9 +62,6 @@ func NewDefaultConfiguration() *Config { PrivateKeyPath: "./tinyauth_oidc_key", PublicKeyPath: "./tinyauth_oidc_key.pub", }, - Experimental: ExperimentalConfig{ - ConfigFile: "", - }, Tailscale: TailscaleConfig{ Dir: "./tailscale_state", }, @@ -88,6 +85,7 @@ type Config struct { LabelProvider string `description:"Label provider to use for ACLs (auto, docker, kubernetes or none to disable). auto detects the environment." yaml:"labelProvider"` Log LogConfig `description:"Logging configuration." yaml:"log"` Tailscale TailscaleConfig `description:"Tailscale configuration." yaml:"tailscale"` + ConfigFile string `description:"Path to config file." yaml:"-"` } type DatabaseConfig struct { @@ -208,9 +206,8 @@ type LogStreamConfig struct { Level string `description:"Log level for this stream. Use global if empty." yaml:"level"` } -type ExperimentalConfig struct { - ConfigFile string `description:"Path to config file." yaml:"-"` -} +// no experimental features +type ExperimentalConfig struct{} type TailscaleConfig struct { Enabled bool `description:"Enable Tailscale integration." yaml:"enabled"` diff --git a/internal/utils/loaders/loader_file.go b/internal/utils/loaders/loader_file.go index 43aa40d8..be38b479 100644 --- a/internal/utils/loaders/loader_file.go +++ b/internal/utils/loaders/loader_file.go @@ -3,7 +3,6 @@ package loaders import ( "os" - "github.com/rs/zerolog/log" "github.com/tinyauthapp/paerser/cli" "github.com/tinyauthapp/paerser/file" "github.com/tinyauthapp/paerser/flag" @@ -19,8 +18,8 @@ func (f *FileLoader) Load(args []string, cmd *cli.Command) (bool, error) { } // I guess we are using traefik as the root name (we can't change it) - configFileFlag := "traefik.experimental.configfile" - envVar := "TINYAUTH_EXPERIMENTAL_CONFIGFILE" + configFileFlag := "traefik.configfile" + envVar := "TINYAUTH_CONFIGFILE" if _, ok := flags[configFileFlag]; !ok { if value := os.Getenv(envVar); value != "" { @@ -30,8 +29,6 @@ func (f *FileLoader) Load(args []string, cmd *cli.Command) (bool, error) { } } - log.Warn().Msg("Using experimental file config loader, this feature is experimental and may change or be removed in future releases") - err = file.Decode(flags[configFileFlag], cmd.Configuration) if err != nil {