config

package
v0.14.3 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 16, 2023 License: Apache-2.0 Imports: 76 Imported by: 1

Documentation

Overview

Package config contains configuration options and parsing for the webmesh node CLI and daemon server.

Index

Constants

This section is empty.

Variables

View Source
var DefaultNodeID = func() string {
	hostname, err := os.Hostname()
	if err != nil {
		return uuid.NewString()
	}
	return hostname
}()

DefaultNodeID is the default node ID used if no other is configured

View Source
var ErrNoMesh = fmt.Errorf("no mesh configured")

ErrNoMesh is returned when no mesh is configured to be bootstrapped or joined.

Functions

func InterceptorLogger

func InterceptorLogger() logging.Logger

InterceptorLogger returns a logging.Logger that logs to the given slog.Logger.

Types

type APIOptions

type APIOptions struct {
	// Disabled is true if the gRPC API should be disabled.
	// The node will still be able to join a mesh, but will not be able to
	// serve any APIs or provide proxying services.
	Disabled bool `koanf:"disabled,omitempty"`
	// ListenAddress is the gRPC address to listen on.
	ListenAddress string `koanf:"listen-address,omitempty"`
	// WebEnabled enables serving gRPC over HTTP/1.1.
	WebEnabled bool `koanf:"web-enabled,omitempty"`
	// TLSCertFile is the path to the TLS certificate file.
	TLSCertFile string `koanf:"tls-cert-file,omitempty"`
	// TLSCertData is the TLS certificate data.
	TLSCertData string `koanf:"tls-cert-data,omitempty"`
	// TLSKeyFile is the path to the TLS key file.
	TLSKeyFile string `koanf:"tls-key-file,omitempty"`
	// TLSKeyData is the TLS key data.
	TLSKeyData string `koanf:"tls-key-data,omitempty"`
	// MTLS is true if mutual TLS should be enabled.
	MTLS bool `koanf:"mtls,omitempty"`
	// MTLSClientCAFile is the path to the client CA file. This is not usually
	// required and handled by the mtls auth plugin.
	MTLSClientCAFile string `koanf:"mtls-client-ca-file,omitempty"`
	// Insecure is true if the transport is insecure.
	Insecure bool `koanf:"insecure,omitempty"`
	// DisableLeaderProxy is true if the leader proxy should be disabled.
	DisableLeaderProxy bool `koanf:"disable-leader-proxy,omitempty"`
	// MeshEnabled is true if the mesh API should be registered.
	MeshEnabled bool `koanf:"mesh-enabled,omitempty"`
	// AdminEnabled is true if the admin API should be registered.
	AdminEnabled bool `koanf:"admin-enabled,omitempty"`
}

APIOptions are the options for which APIs to register and expose.

func NewAPIOptions

func NewAPIOptions(disabled bool) APIOptions

NewAPIOptions returns a new APIOptions with the default values.

func NewInsecureAPIOptions added in v0.12.0

func NewInsecureAPIOptions(disabled bool) APIOptions

NewInsecureAPIOptions returns a new APIOptions with the default values and insecure set to true.

func (*APIOptions) BindFlags

func (a *APIOptions) BindFlags(prefix string, fl *pflag.FlagSet)

BindFlags binds the flags.

func (APIOptions) ListenPort added in v0.12.1

func (a APIOptions) ListenPort() int

ListenPort returns the listen port configured by these API options.

func (APIOptions) Validate

func (a APIOptions) Validate() error

Validate validates the options.

type APIRegistrationOptions added in v0.13.0

type APIRegistrationOptions struct {
	// Node is the node to register the APIs against.
	Node meshnode.Node
	// Server is the server to register the APIs to.
	Server *services.Server
	// Features are the features to broadcast to other nodes.
	Features []*v1.FeaturePort
	// BuildInfo is the build info to display in the node API.
	BuildInfo version.BuildInfo
	// Description is an optional description to display in the node API.
	Description string
}

APIRegistrationOptions are options for registering the APIs to a given server.

type AuthOptions

type AuthOptions struct {
	// IDAuth indicates to use ID authentication. An ID is derived
	// from the public wireguard key and presented with a signature
	// that can be verified by the private wireguard key.
	IDAuth IDAuthOptions `koanf:"id-auth,omitempty"`
	// MTLS are options for mutual TLS. This is the recommended
	// authentication method.
	MTLS MTLSOptions `koanf:"mtls,omitempty"`
	// Basic are options for basic authentication.
	Basic BasicAuthOptions `koanf:"basic,omitempty"`
	// LDAP are options for LDAP authentication.
	LDAP LDAPAuthOptions `koanf:"ldap,omitempty"`
}

AuthOptions are options for authentication into the mesh.

func NewAuthOptions added in v0.12.0

func NewAuthOptions() AuthOptions

NewAuthOptions returns a new empty AuthOptions.

func (*AuthOptions) BindFlags

func (o *AuthOptions) BindFlags(prefix string, fl *pflag.FlagSet)

BindFlags binds the flags to the options.

func (*AuthOptions) IsEmpty added in v0.12.0

func (o *AuthOptions) IsEmpty() bool

IsEmpty returns true if the options are empty.

func (*AuthOptions) MTLSEnabled added in v0.12.1

func (o *AuthOptions) MTLSEnabled() bool

MTLSEnabled is true if any mtls fields are set.

func (*AuthOptions) Validate

func (o *AuthOptions) Validate() error

type BasicAuthOptions

type BasicAuthOptions struct {
	// Username is the username.
	Username string `koanf:"username,omitempty"`
	// Password is the password.
	Password string `koanf:"password,omitempty"`
}

BasicAuthOptions are options for basic authentication.

func (*BasicAuthOptions) IsEmpty added in v0.12.0

func (o *BasicAuthOptions) IsEmpty() bool

IsEmpty returns true if the options are empty.

type BootstrapOptions

type BootstrapOptions struct {
	// Enabled is the flag to attempt bootstrapping. If true, the node will only bootstrap a new cluster
	// if no data is found. To force a bootstrap, set Force to true.
	Enabled bool `koanf:"enabled,omitempty"`
	// ElectionTimeout is the election timeout to use when bootstrapping a new cluster.
	ElectionTimeout time.Duration `koanf:"election-timeout,omitempty"`
	// Transport are the bootstrap transport options
	Transport BootstrapTransportOptions `koanf:"transport,omitempty"`
	// IPv4Network is the IPv4 network of the mesh to write to the database when bootstraping a new cluster.
	IPv4Network string `koanf:"ipv4-network,omitempty"`
	// IPv6Network is the IPv6 network of the mesh to write to the database when bootstraping a new cluster.
	// If left unset, one will be generated. This must be a /32 prefix.
	IPv6Network string `koanf:"ipv6-network,omitempty"`
	// MeshDomain is the domain of the mesh to write to the database when bootstraping a new cluster.
	MeshDomain string `koanf:"mesh-domain,omitempty"`
	// Admin is the user and/or node name to assign administrator privileges to when bootstraping a new cluster.
	Admin string `koanf:"admin,omitempty"`
	// Voters is a comma separated list of node IDs to assign voting privileges to when bootstraping a new cluster.
	// BootstrapServers are automatically added to this list.
	Voters []string `koanf:"voters,omitempty"`
	// DefaultNetworkPolicy is the default network policy to apply to the mesh when bootstraping a new cluster.
	DefaultNetworkPolicy string `koanf:"default-network-policy,omitempty"`
	// DisableRBAC is the flag to disable RBAC when bootstrapping a new cluster.
	DisableRBAC bool `koanf:"disable-rbac,omitempty"`
	// Force is the force new bootstrap flag.
	Force bool `koanf:"force,omitempty"`
}

BootstrapOptions are options for bootstrapping a new mesh.

func NewBootstrapOptions

func NewBootstrapOptions() BootstrapOptions

NewBootstrapOptions returns a new BootstrapOptions with the default values.

func (*BootstrapOptions) BindFlags

func (o *BootstrapOptions) BindFlags(prefix string, fs *pflag.FlagSet)

BindFlags binds the bootstrap options to a flag set.

func (*BootstrapOptions) Validate

func (o *BootstrapOptions) Validate() error

Validate validates the bootstrap options.

type BootstrapTransportOptions

type BootstrapTransportOptions struct {
	// TCPAdvertiseAddress is the initial address to advertise for raft consensus.
	TCPAdvertiseAddress string `koanf:"tcp-advertise-address,omitempty"`
	// TCPListenAddress is the initial address to use when using TCP raft consensus to bootstrap.
	TCPListenAddress string `koanf:"tcp-listen-address,omitempty"`
	// TCPServers is a map of node IDs to addresses to bootstrap with. If empty, the node will use the advertise
	// address as the bootstrap server. If not empty, all nodes in the map should be started with the same
	// list configurations. If any are different then the first node to become leader will pick them. This
	// can cause bootstrap to fail when using ACLs. Servers should be in the form of <node-id>=<address>.
	TCPServers map[string]string `koanf:"tcp-servers,omitempty"`
	// TCPConnectionPool is the maximum number of TCP connections to maintain to other nodes.
	TCPConnectionPool int `koanf:"tcp-connection-pool,omitempty"`
	// TCPConnectTimeout is the maximum amount of time to wait for a TCP connection to be established.
	TCPConnectTimeout time.Duration `koanf:"tcp-connect-timeout,omitempty"`
	// ServerGRPCPorts is a map of node IDs to gRPC ports to bootstrap with. If empty, the node will use the
	// advertise address and locally configured gRPC port for every node in bootstrap-servers. Ports should
	// be in the form of <node-id>=<port>.
	ServerGRPCPorts map[string]int `koanf:"server-grpc-ports,omitempty"`
	// Rendezvous is the rendezvous string to use when using libp2p to bootstrap.
	Rendezvous string `koanf:"rendezvous,omitempty"`
	// RendezvousNodes is the list of node IDs to use when using libp2p to bootstrap.
	RendezvousNodes []string `koanf:"rendezvous-nodes,omitempty"`
	// RendezvousLinger is the amount of time to wait for other nodes to join when using libp2p to bootstrap.
	RendezvousLinger time.Duration `koanf:"rendezvous-linger,omitempty"`
	// PSK is the pre-shared key to use when using libp2p to bootstrap.
	PSK string `koanf:"psk,omitempty"`
}

BootstrapTransportOptions are options for the bootstrap transport.

func NewBootstrapTransportOptions

func NewBootstrapTransportOptions() BootstrapTransportOptions

NewBootstrapTransportOptions returns a new BootstrapTransportOptions with the default values.

func (*BootstrapTransportOptions) BindFlags

func (o *BootstrapTransportOptions) BindFlags(prefix string, fs *pflag.FlagSet)

BindFlags binds the bootstrap transport options to a flag set.

func (BootstrapTransportOptions) Validate

func (o BootstrapTransportOptions) Validate() error

Validate validates the bootstrap transport options.

type BridgeMeshDNSOptions

type BridgeMeshDNSOptions struct {
	// Enabled enables mesh DNS.
	Enabled bool `koanf:"enabled,omitempty"`
	// ListenUDP is the UDP address to listen on.
	ListenUDP string `koanf:"listen-udp,omitempty"`
	// ListenTCP is the address to listen on for TCP DNS requests.
	ListenTCP string `koanf:"listen-tcp,omitempty"`
	// ReusePort sets the number of listeners to start on each port.
	// This is only supported on Linux.
	ReusePort int `koanf:"reuse-port,omitempty"`
	// EnableCompression is true if DNS compression should be enabled.
	EnableCompression bool `koanf:"compression,omitempty"`
	// RequestTimeout is the timeout for DNS requests.
	RequestTimeout time.Duration `koanf:"request-timeout,omitempty"`
	// Forwarders are the DNS forwarders to use. If empty, the system DNS servers will be used.
	Forwarders []string `koanf:"forwarders,omitempty"`
	// SubscribeForwarders will subscribe to new nodes that are able to forward requests for other meshes.
	// These forwarders will be placed at the bottom of the forwarders list.
	SubscribeForwarders bool `koanf:"subscribe-forwarders,omitempty"`
	// DisableForwarding disables forwarding requests entirely.
	DisableForwarding bool `koanf:"disable-forwarding,omitempty"`
	// CacheSize is the size of the remote DNS cache.
	CacheSize int `koanf:"cache-size,omitempty"`
}

func NewBridgeMeshDNSOptions added in v0.12.0

func NewBridgeMeshDNSOptions() BridgeMeshDNSOptions

NewBridgeMeshDNSOptions returns a new BridgeMeshDNSOptions with sensible defaults.

func (*BridgeMeshDNSOptions) BindFlags

func (m *BridgeMeshDNSOptions) BindFlags(fl *pflag.FlagSet)

BindFlags binds the flags.

func (*BridgeMeshDNSOptions) Validate

func (m *BridgeMeshDNSOptions) Validate() error

Validate validates the bridge dns options.

type BridgeOptions

type BridgeOptions struct {
	// Meshes are the meshes to bridge.
	Meshes map[string]*Config `koanf:"meshes,omitempty"`
	// MeshDNS are options for running a meshdns server bridging all meshes.
	MeshDNS BridgeMeshDNSOptions `koanf:"meshdns,omitempty"`
	// UseMeshDNS is true if the bridge should use the meshdns server for local name resolution.
	UseMeshDNS bool `koanf:"use-meshdns,omitempty"`
}

BridgeOptions are options for the bridge.

func NewBridgeOptions added in v0.12.0

func NewBridgeOptions() BridgeOptions

NewBridgeOptions returns a new empty BridgeOptions.

func (*BridgeOptions) BindFlags

func (b *BridgeOptions) BindFlags(prefix string, fs *pflag.FlagSet)

BindFlags binds the flags.

func (*BridgeOptions) Validate

func (b *BridgeOptions) Validate() error

Validate recursively validates the config.

type Config

type Config struct {
	// Global are global options that are overlaid on all other options.
	Global GlobalOptions `koanf:"global,omitempty"`
	// Bootstrap are the bootstrap options.
	Bootstrap BootstrapOptions `koanf:"bootstrap,omitempty"`
	// Auth are the authentication options.
	Auth AuthOptions `koanf:"auth,omitempty"`
	// Mesh are the mesh options.
	Mesh MeshOptions `koanf:"mesh,omitempty"`
	// Storage are the storage options.
	Storage StorageOptions `koanf:"storage,omitempty"`
	// Services are the service options.
	Services ServiceOptions `koanf:"services,omitempty"`
	// TLS are the TLS options.
	TLS TLSOptions `koanf:"tls,omitempty"`
	// WireGuard are the WireGuard options.
	WireGuard WireGuardOptions `koanf:"wireguard,omitempty"`
	// Discovery are the discovery options.
	Discovery DiscoveryOptions `koanf:"discovery,omitempty"`
	// Plugins are the plugin options.
	Plugins PluginOptions `koanf:"plugins,omitempty"`
	// Bridge are the bridge options.
	Bridge BridgeOptions `koanf:"bridge,omitempty"`
}

Config are the configuration options for running a webmesh node.

func NewDefaultConfig

func NewDefaultConfig(nodeID string) *Config

NewDefaultConfig returns a new config with the default options. If nodeID is empty, the hostname or a randomly generated one will be used.

func NewInsecureConfig

func NewInsecureConfig(nodeID string) *Config

NewInsecureConfig returns a new config with the default options, but with insecure defaults, such as no transport security and in-memory storage. If nodeID is empty, the hostname or a randomly generated one will be used.

func (*Config) BindFlags

func (o *Config) BindFlags(prefix string, fs *pflag.FlagSet) *Config

BindFlags binds the flags. The options are returned for convenience.

func (*Config) IsStorageMember added in v0.7.0

func (o *Config) IsStorageMember() bool

IsStorageMember returns true if the node is a storage provider.

func (*Config) LoadFrom

func (c *Config) LoadFrom(fs *pflag.FlagSet, confFiles []string) error

LoadFrom attempts to load this configuration from the given flag set, configuration files, and environment variables. If fs is not nil, it is assumed the configuration has already been bound to the flag set and that the flagset has already been parsed. The order of precedence for parsing is: 1. Files 2. Environment variables 3. Flags

func (*Config) MTLSEnabled added in v0.12.1

func (o *Config) MTLSEnabled() bool

MTLSEnabled reports whether mtls is enabled.

func (Config) MarshalJSON

func (c Config) MarshalJSON() ([]byte, error)

MarshalJSON implements json.Marshaler.

func (Config) MarshalTOML

func (c Config) MarshalTOML() ([]byte, error)

MarshalTOML implements toml.Marshaler.

func (Config) MarshalYAML

func (c Config) MarshalYAML() ([]byte, error)

MarshalYAML implements yaml.Marshaler.

func (*Config) NewBootstrapTransport

func (o *Config) NewBootstrapTransport(ctx context.Context, nodeID string, conn meshnode.Node, host host.Host) (transport.BootstrapTransport, error)

NewBootstrapTransport returns the bootstrap transport for the configuration.

func (*Config) NewClientCredentials added in v0.12.2

func (o *Config) NewClientCredentials(ctx context.Context, key crypto.PrivateKey) ([]grpc.DialOption, error)

NewClientCredentials build new client credentials from the given configuration.

func (*Config) NewConnectOptions

func (o *Config) NewConnectOptions(ctx context.Context, conn meshnode.Node, provider storage.Provider, host host.Host) (opts meshnode.ConnectOptions, err error)

NewConnectOptions returns new connection options for the configuration. The given raft node must be started before it can be used. Host can be nil and if one is needed it will be created.

func (*Config) NewJoinTransport

func (o *Config) NewJoinTransport(ctx context.Context, nodeID string, conn meshnode.Node, host host.Host) (transport.JoinRoundTripper, error)

func (*Config) NewLeaveTransport added in v0.11.2

func (o *Config) NewLeaveTransport(ctx context.Context, conn meshnode.Node) transport.LeaveRoundTripper

func (*Config) NewMeshConfig

func (o *Config) NewMeshConfig(ctx context.Context, key crypto.PrivateKey) (conf meshnode.Config, err error)

NewMeshConfig return a new Mesh configuration based on the node configuration. The key is optional and will be taken from the configuration if not provided.

func (*Config) NewStorageProvider added in v0.7.0

func (o *Config) NewStorageProvider(ctx context.Context, node meshnode.Node, force bool) (storage.Provider, error)

NewStorageProvider creates a new storage provider from the given options. If not a storage providing member, a node dialer is required for the passthrough storage provider.

func (*Config) NodeID

func (o *Config) NodeID(ctx context.Context) (string, error)

NodeID returns the node ID for this configuration, or any error attempting to determine it.

func (*Config) ShallowCopy

func (o *Config) ShallowCopy() *Config

ShallowCopy returns a shallow copy of the config.

func (Config) ToMapStructure

func (c Config) ToMapStructure() map[string]interface{}

ToMapStructure converts the configuration to a map[string]interface{} structure.

func (*Config) UnmarshalJSON

func (c *Config) UnmarshalJSON(b []byte) error

UnmarshalJSON implements json.Unmarshaler.

func (*Config) UnmarshalTOML

func (c *Config) UnmarshalTOML(b []byte) error

UnmarshalTOML implements toml.Unmarshaler.

func (*Config) UnmarshalYAML

func (c *Config) UnmarshalYAML(b []byte) error

UnmarshalYAML implements yaml.Unmarshaler.

func (*Config) Validate

func (o *Config) Validate() error

Validate validates the configuration.

type DiscoveryOptions

type DiscoveryOptions struct {
	// Announce is a flag to announce this peer to the discovery service.
	// Otherwise this peer will only discover other peers.
	Announce bool `koanf:"announce,omitempty"`
	// Discover is a flag to use the libp2p kademlia DHT for discovery.
	Discover bool `koanf:"discover,omitempty"`
	// Rendezvous is the pre-shared key string to use as a rendezvous point for peer discovery.
	Rendezvous string `koanf:"rendezvous,omitempty"`
	// BootstrapServers is a list of bootstrap servers to use for the DHT.
	// If empty or nil, the default bootstrap servers will be used.
	BootstrapServers []string `koanf:"bootstrap-servers,omitempty"`
	// AnnounceTTL is the TTL for the announcement.
	AnnounceTTL time.Duration `koanf:"announce-ttl,omitempty"`
	// LocalAddrs is a list of local addresses to announce to the discovery service.
	// If empty, the default local addresses will be used.
	LocalAddrs []string `koanf:"local-addrs,omitempty"`
	// ConnectTimeout is the timeout for connecting to a peer.
	ConnectTimeout time.Duration `koanf:"connect-timeout,omitempty"`
}

DiscoveryOptions are options for discovering peers.

func NewDiscoveryOptions

func NewDiscoveryOptions(psk string, announce bool) DiscoveryOptions

NewDiscoveryOptions returns a new DiscoveryOptions for the given PSK. Or one ready with sensible defaults if the PSK is empty.

func (*DiscoveryOptions) BindFlags

func (o *DiscoveryOptions) BindFlags(prefix string, fs *pflag.FlagSet)

BindFlags binds the flags for the discovery options.

func (*DiscoveryOptions) HostOptions

NewHostConfig returns a new HostOptions for the discovery config.

func (*DiscoveryOptions) Validate

func (o *DiscoveryOptions) Validate() error

Validate validates the discovery options.

type ExecutablePluginConfig

type ExecutablePluginConfig struct {
	// Path is the path to an executable for the plugin.
	Path string `kaonf:"path,omitempty"`
}

ExecutablePluginConfig is the configuration for an executable plugin.

func (*ExecutablePluginConfig) BindFlags

func (o *ExecutablePluginConfig) BindFlags(prefix string, fs *pflag.FlagSet)

BindFlags binds the flags for the executable plugin configuration.

type ExternalStorageOptions added in v0.7.0

type ExternalStorageOptions struct {
	// Server is the address of a server for the plugin.
	Server string `koanf:"server,omitempty"`
	// Config is the configuration to pass to the plugin.
	Config PluginMapConfig `koanf:"config,omitempty"`
	// Insecure is whether to use an insecure connection to the plugin server.
	Insecure bool `koanf:"insecure,omitempty"`
	// TLSCAData is the base64 PEM-encoded CA data for verifying certificates.
	TLSCAData string `koanf:"tls-ca-data,omitempty"`
	// TLSCAFile is the path to a CA for verifying certificates.
	TLSCAFile string `koanf:"tls-ca-file,omitempty"`
	// TLSCertData is the base64 PEM-encoded certificate data for authenticating to the plugin server.
	TLSCertData string `koanf:"tls-cert-data,omitempty"`
	// TLSCertFile is the path to a certificate for authenticating to the plugin server.
	TLSCertFile string `koanf:"tls-cert-file,omitempty"`
	// TLSKeyData is the base64 PEM-encoded key data for authenticating to the plugin server.
	TLSKeyData string `koanf:"tls-key-data,omitempty"`
	// TLSKeyFile is the path to a key for authenticating to the plugin server.
	TLSKeyFile string `koanf:"tls-key-file,omitempty"`
	// TLSSkipVerify is whether to skip verifying the plugin server's certificate.
	TLSSkipVerify bool `koanf:"tls-skip-verify,omitempty"`
}

ExternalStorageOptions are the external storage options.

func NewExternalStorageOptions added in v0.7.0

func NewExternalStorageOptions() ExternalStorageOptions

NewExternalStorageOptions creates a new external storage options.

func (*ExternalStorageOptions) BindFlags added in v0.7.0

func (o *ExternalStorageOptions) BindFlags(prefix string, fs *pflag.FlagSet)

BindFlags binds the external storage options to the flag set.

func (ExternalStorageOptions) NewTLSConfig added in v0.7.0

func (o ExternalStorageOptions) NewTLSConfig(ctx context.Context) (*tls.Config, error)

NewTLSConfig creates a new TLS config from the options.

func (ExternalStorageOptions) Validate added in v0.7.0

func (o ExternalStorageOptions) Validate() error

Validate validates the external storage options.

type GlobalOptions

type GlobalOptions struct {
	// LogLevel is the log level.
	LogLevel string `koanf:"log-level,omitempty"`
	// LogFormat is the log format. One of "text" or "json".
	LogFormat string `koanf:"log-format,omitempty"`
	// TLSCertFile is the TLS certificate file.
	TLSCertFile string `koanf:"tls-cert-file,omitempty"`
	// TLSKeyFile is the TLS key file.
	TLSKeyFile string `koanf:"tls-key-file,omitempty"`
	// TLACAFile is the TLS CA file.
	TLSCAFile string `koanf:"tls-ca-file,omitempty"`
	// TLSClientCAFile is the path to the TLS client CA file.
	// If empty, either TLSCAFile or the system CA pool is used.
	TLSClientCAFile string `koanf:"tls-client-ca-file,omitempty"`
	// MTLS is true if mutual TLS is enabled.
	MTLS bool `koanf:"mtls,omitempty"`
	// VerifyChainOnly is true if only the chain should be verified.
	VerifyChainOnly bool `koanf:"verify-chain-only,omitempty"`
	// InsecureSkipVerify is true if the server TLS cert should not be verified.
	InsecureSkipVerify bool `koanf:"insecure-skip-verify,omitempty"`
	// Insecure is true if TLS should be disabled.
	Insecure bool `koanf:"insecure,omitempty"`
	// PrimaryEndpoint is the preferred publicly routable address of this node.
	// Setting this value will override the mesh advertise address with its
	// configured listen port.
	PrimaryEndpoint string `koanf:"primary-endpoint,omitempty"`
	// Endpoints are the additional publicly routable addresses of this node.
	// If PrimaryEndpoint is not set, it will be set to the first endpoint.
	// Setting this value will override the mesh advertise with its configured
	// listen port.
	Endpoints []string `koanf:"endpoints,omitempty"`
	// DetectEndpoints is true if the endpoints should be detected.
	DetectEndpoints bool `koanf:"detect-endpoints,omitempty"`
	// DetectPrivateEndpoints is true if private IP addresses should be included in detection.
	// This automatically enables DetectEndpoints.
	DetectPrivateEndpoints bool `koanf:"detect-private-endpoints,omitempty"`
	// AllowRemoteDetection is true if remote detection is allowed.
	AllowRemoteDetection bool `koanf:"allow-remote-detection,omitempty"`
	// DetectIPv6 is true if IPv6 addresses should be included in detection.
	DetectIPv6 bool `koanf:"detect-ipv6,omitempty"`
	// DisableIPv4 is true if IPv4 should be disabled.
	DisableIPv4 bool `koanf:"disable-ipv4,omitempty"`
	// DisableIPv6 is true if IPv6 should be disabled.
	DisableIPv6 bool `koanf:"disable-ipv6,omitempty"`
}

GlobalOptions are options that will be re-applied to all relevant configurations after parsing.

func NewGlobalOptions added in v0.12.0

func NewGlobalOptions() GlobalOptions

NewGlobalOptions creates a new GlobalOptions.

func (*GlobalOptions) ApplyGlobals

func (global *GlobalOptions) ApplyGlobals(ctx context.Context, o *Config) (*Config, error)

ApplyGlobals applies the global options to the given options. It returns the options for convenience.

func (*GlobalOptions) BindFlags

func (o *GlobalOptions) BindFlags(prefix string, fs *pflag.FlagSet)

func (*GlobalOptions) Validate

func (o *GlobalOptions) Validate() error

Validate validates the global options.

type IDAuthOptions added in v0.13.0

type IDAuthOptions struct {
	// Enabled is true if ID authentication is enabled.
	Enabled bool `koanf:"enabled,omitempty"`
	// Alias is an optional alias to attempt to register with our ID.
	// If empty, no registration will be attempted. If alias registration
	// fails it will be logged and the node will continue to run.
	Alias string `koanf:"alias,omitempty"`
	// Registrar is the registrar to attempt to use to register with our ID.
	// If left unset and an alias is provided, the node will attempt to discover
	// one via the mesh.
	// TODO: Credentials for non-mesh registrars.
	Registrar string `koanf:"registrar,omitempty"`
}

IDAuthOptions are options for ID authentication.

func (*IDAuthOptions) IsEmpty added in v0.13.0

func (o *IDAuthOptions) IsEmpty() bool

IsEmpty returns true if the options are empty.

type LDAPAuthOptions

type LDAPAuthOptions struct {
	// Username is the username.
	Username string `koanf:"username,omitempty"`
	// Password is the password.
	Password string `koanf:"password,omitempty"`
}

LDAPAuthOptions are options for LDAP authentication.

func (*LDAPAuthOptions) IsEmpty added in v0.12.0

func (o *LDAPAuthOptions) IsEmpty() bool

IsEmpty returns true if the options are empty.

type MTLSOptions

type MTLSOptions struct {
	// CertFile is the path to a TLS certificate file to present when joining. Either this
	// or CertData must be set.
	CertFile string `koanf:"cert-file,omitempty"`
	// CertData is the base64 encoded TLS certificate data to present when joining. Either this
	// or CertFile must be set.
	CertData string `koanf:"cert-data,omitempty"`
	// KeyFile is the path to a TLS key file for the certificate. Either this or KeyData must be set.
	KeyFile string `koanf:"key-file,omitempty"`
	// KeyData is the base64 encoded TLS key data for the certificate. Either this or KeyFile must be set.
	KeyData string `koanf:"key-data,omitempty"`
}

MTLSOptions are options for mutual TLS.

func (*MTLSOptions) Enabled added in v0.12.1

func (o *MTLSOptions) Enabled() bool

Enabled is true if any fields are set.

func (*MTLSOptions) IsEmpty added in v0.12.0

func (o *MTLSOptions) IsEmpty() bool

IsEmpty returns true if the options are empty.

type MeshDNSOptions

type MeshDNSOptions struct {
	// Enabled enables mesh DNS.
	Enabled bool `koanf:"enabled,omitempty"`
	// ListenUDP is the UDP address to listen on.
	ListenUDP string `koanf:"listen-udp,omitempty"`
	// ListenTCP is the address to listen on for TCP DNS requests.
	ListenTCP string `koanf:"listen-tcp,omitempty"`
	// ReusePort sets the number of listeners to start on each port.
	// This is only supported on Linux.
	ReusePort int `koanf:"reuse-port,omitempty"`
	// EnableCompression is true if DNS compression should be enabled.
	EnableCompression bool `koanf:"compression,omitempty"`
	// RequestTimeout is the timeout for DNS requests.
	RequestTimeout time.Duration `koanf:"request-timeout,omitempty"`
	// Forwarders are the DNS forwarders to use. If empty, the system DNS servers will be used.
	Forwarders []string `koanf:"forwarders,omitempty"`
	// IncludeSystemResolvers includes the system DNS servers in the forwarders list if it is non-empty.
	IncludeSystemResolvers bool `koanf:"include-system-resolvers,omitempty"`
	// SubscribeForwarders will subscribe to new nodes that are able to forward requests for other meshes.
	// These forwarders will be placed at the bottom of the forwarders list.
	SubscribeForwarders bool `koanf:"subscribe-forwarders,omitempty"`
	// DisableForwarding disables forwarding requests entirely.
	DisableForwarding bool `koanf:"disable-forwarding,omitempty"`
	// CacheSize is the size of the remote DNS cache.
	CacheSize int `koanf:"cache-size,omitempty"`
	// IPv6Only will only respond to IPv6 requests.
	IPv6Only bool `koanf:"ipv6-only,omitempty"`
}

BindFlags binds the flags.

func NewMeshDNSOptions

func NewMeshDNSOptions() MeshDNSOptions

NewMeshDNSOptions returns a new MeshDNSOptions with the default values.

func (*MeshDNSOptions) BindFlags

func (m *MeshDNSOptions) BindFlags(prefix string, fl *pflag.FlagSet)

BindFlags binds the flags.

func (MeshDNSOptions) ListenPort

func (m MeshDNSOptions) ListenPort() uint16

ListenPort returns the listen port for the MeshDNS server is enabled.

func (MeshDNSOptions) Validate added in v0.12.0

func (m MeshDNSOptions) Validate() error

Validate validates the options.

type MeshOptions

type MeshOptions struct {
	// NodeID is the node ID.
	NodeID string `koanf:"node-id,omitempty"`
	// PrimaryEndpoint is the primary endpoint to advertise when joining.
	// This can be empty to signal the node is not publicly reachable.
	PrimaryEndpoint string `koanf:"primary-endpoint,omitempty"`
	// ZoneAwarenessID is the zone awareness ID.
	ZoneAwarenessID string `koanf:"zone-awareness-id,omitempty"`
	// JoinAddress is the address of a node to join.
	JoinAddress string `koanf:"join-address,omitempty"`
	// MaxJoinRetries is the maximum number of join retries.
	MaxJoinRetries int `koanf:"max-join-retries,omitempty"`
	// Routes are additional routes to advertise to the mesh. These routes are advertised to all peers.
	// If the node is not allowed to put routes in the mesh, the node will be unable to join.
	Routes []string `koanf:"routes,omitempty"`
	// ICEPeers are peers to request direct edges to over ICE. If the node is not allowed to create edges
	// and data channels, the node will be unable to join.
	ICEPeers []string `koanf:"ice-peers,omitempty"`
	// LibP2PPeers are peers to request direct edges to over libp2p. If the node is not allowed to create edges
	// and data channels, the node will be unable to join.
	LibP2PPeers []string `koanf:"libp2p-peers,omitempty"`
	// GRPCAdvertisePort is the port to advertise for gRPC.
	GRPCAdvertisePort int `koanf:"grpc-advertise-port,omitempty"`
	// MeshDNSAdvertisePort is the port to advertise for DNS.
	MeshDNSAdvertisePort int `koanf:"meshdns-advertise-port,omitempty"`
	// UseMeshDNS indicates whether to set mesh DNS servers to the system configuration.
	UseMeshDNS bool `koanf:"use-meshdns,omitempty"`
	// RequestVote is true if the node should can provide storage and consensus.
	RequestVote bool `koanf:"request-vote,omitempty"`
	// RequestObserver is true if the node should be a storage observer.
	RequestObserver bool `koanf:"request-observer,omitempty"`
	// StoragePreferIPv6 is the prefer IPv6 flag for storage provider connections.
	StoragePreferIPv6 bool `koanf:"prefer-ipv6,omitempty"`
	// DisableIPv4 disables IPv4 usage.
	DisableIPv4 bool `koanf:"disable-ipv4,omitempty"`
	// DisableIPv6 disables IPv6 usage.
	DisableIPv6 bool `koanf:"disable-ipv6,omitempty"`
	// DisableFeatureAdvertisement is true if feature advertisement should be disabled.
	DisableFeatureAdvertisement bool `koanf:"disable-feature-advertisement,omitempty"`
	// DisableDefaultIPAM is true if the default IPAM should be disabled.
	DisableDefaultIPAM bool `koanf:"disable-default-ipam,omitempty"`
	// DefaultIPAMStaticIPv4 are static IPv4 assignments to use for the default IPAM.
	DefaultIPAMStaticIPv4 map[string]string `koanf:"default-ipam-static-ipv4,omitempty"`
}

MeshOptions are the options for participating in a mesh.

func NewMeshOptions

func NewMeshOptions(nodeID string) MeshOptions

NewMeshOptions returns a new MeshOptions with the default values. If node id is empty it will be assumed from the system or generated.

func (*MeshOptions) BindFlags

func (o *MeshOptions) BindFlags(prefix string, fs *pflag.FlagSet)

BindFlags binds the flags to the options.

func (*MeshOptions) Validate

func (o *MeshOptions) Validate() error

Validate validates the options.

type MetricsOptions

type MetricsOptions struct {
	// Enabled is true if metrics should be enabled.
	Enabled bool `koanf:"enabled,omitempty"`
	// MetricsListenAddress is the address to listen on for metrics.
	ListenAddress string `koanf:"listen-address,omitempty"`
	// MetricsPath is the path to serve metrics on.
	Path string `koanf:"path,omitempty"`
}

Metrics are options for exposing metrics.

func NewMetricsOptions

func NewMetricsOptions() MetricsOptions

NewMetricsOptions returns a new MetricsOptions with the default values.

func (*MetricsOptions) BindFlags

func (m *MetricsOptions) BindFlags(prefix string, fl *pflag.FlagSet)

BindFlags binds the flags.

func (MetricsOptions) ListenPort

func (m MetricsOptions) ListenPort() uint16

ListenPort returns the listen port for the Metrics server is enabled.

func (MetricsOptions) Validate

func (m MetricsOptions) Validate() error

Validate validates the options.

type PluginConfig

type PluginConfig struct {
	// Exec is the configuration for an executable plugin.
	Exec ExecutablePluginConfig `koanf:"exec,omitempty"`
	// Remote is the configuration for a plugin that connects to an external server.
	Remote RemotePluginConfig `koanf:"remote,omitempty"`
	// Config is the configuration that will be passed to the plugin's Configure method.
	Config PluginMapConfig `koanf:"config,omitempty"`
	// contains filtered or unexported fields
}

PluginConfig is the configuration for a plugin.

func (*PluginConfig) BindFlags

func (o *PluginConfig) BindFlags(prefix string, fs *pflag.FlagSet)

BindFlags binds the flags for the plugin configuration.

type PluginMapConfig

type PluginMapConfig map[string]any

PluginMapConfig implements a pflag.Value and wraps a map[string]any.

func (PluginMapConfig) Set

func (p PluginMapConfig) Set(s string) error

func (PluginMapConfig) String

func (p PluginMapConfig) String() string

func (PluginMapConfig) Type

func (p PluginMapConfig) Type() string

type PluginOptions

type PluginOptions struct {
	// Configs is a map of plugin names to plugin configurations.
	Configs map[string]PluginConfig `koanf:"configs"`
}

PluginOptions are options for configuring plugins

func NewPluginOptions added in v0.12.0

func NewPluginOptions() PluginOptions

NewPluginOptions returns a new empty PluginOptions.

func (*PluginOptions) BindFlags

func (o *PluginOptions) BindFlags(prefix string, fs *pflag.FlagSet)

BindFlags binds the flags for the plugin options.

func (*PluginOptions) MTLSEnabled added in v0.12.1

func (o *PluginOptions) MTLSEnabled() bool

MTLSEnabled reports whether the mtls plugin is configured.

func (*PluginOptions) NewPluginSet added in v0.12.2

func (o *PluginOptions) NewPluginSet(ctx context.Context) (map[string]plugins.Plugin, error)

NewPluginSet returns a new plugin set for the node configuration. This will only work if the PluginOptions have been bound to a parsed flagset.

type RaftOptions

type RaftOptions struct {
	// ListenAddress is the address to listen on.
	ListenAddress string `koanf:"listen-address,omitempty"`
	// ConnectionPoolCount is the number of connections to pool. If 0, no connection pooling is used.
	ConnectionPoolCount int `koanf:"connection-pool-count,omitempty"`
	// ConnectionTimeout is the timeout for connections.
	ConnectionTimeout time.Duration `koanf:"connection-timeout,omitempty"`
	// HeartbeatTimeout is the timeout for heartbeats.
	HeartbeatTimeout time.Duration `koanf:"heartbeat-timeout,omitempty"`
	// ElectionTimeout is the timeout for elections.
	ElectionTimeout time.Duration `koanf:"election-timeout,omitempty"`
	// ApplyTimeout is the timeout for applying.
	ApplyTimeout time.Duration `koanf:"apply-timeout,omitempty"`
	// CommitTimeout is the timeout for committing.
	CommitTimeout time.Duration `koanf:"commit-timeout,omitempty"`
	// MaxAppendEntries is the maximum number of append entries.
	MaxAppendEntries int `koanf:"max-append-entries,omitempty"`
	// LeaderLeaseTimeout is the timeout for leader leases.
	LeaderLeaseTimeout time.Duration `koanf:"leader-lease-timeout,omitempty"`
	// SnapshotInterval is the interval to take snapshots.
	SnapshotInterval time.Duration `koanf:"snapshot-interval,omitempty"`
	// SnapshotThreshold is the threshold to take snapshots.
	SnapshotThreshold uint64 `koanf:"snapshot-threshold,omitempty"`
	// SnapshotRetention is the number of snapshots to retain.
	SnapshotRetention uint64 `koanf:"snapshot-retention,omitempty"`
	// ObserverChanBuffer is the buffer size for the observer channel.
	ObserverChanBuffer int `koanf:"observer-chan-buffer,omitempty"`
	// HeartbeatPurgeThreshold is the threshold of failed heartbeats before purging a peer.
	HeartbeatPurgeThreshold int `koanf:"heartbeat-purge-threshold,omitempty"`
}

RaftOptions are options for the raft backend.

func NewRaftOptions

func NewRaftOptions() RaftOptions

NewRaftOptions returns a new RaftOptions with the default values.

func (*RaftOptions) BindFlags

func (o *RaftOptions) BindFlags(prefix string, fs *pflag.FlagSet)

BindFlags binds the flags.

func (RaftOptions) ListenPort added in v0.7.0

func (o RaftOptions) ListenPort() int

ListenPort returns the listen port.

func (RaftOptions) NewTransport added in v0.7.0

func (o RaftOptions) NewTransport(conn meshnode.Node) (transport.RaftTransport, error)

NewTransport creates a new raft transport for the current configuration.

func (RaftOptions) Validate

func (o RaftOptions) Validate(dataDir string, inMemory bool) error

Validate validates the options.

type RegistrarOptions added in v0.13.0

type RegistrarOptions struct {
	// Enabled is true if the registrar should be enabled.
	Enabled bool `koanf:"enabled,omitempty"`
	// Private means the registrar should only respond to lookup
	// requests from authenticated nodes.
	Private bool `koanf:"private,omitempty"`
	// IDAuth are configurations for id-auth. These are only
	// applicable of the id-auth plugin is not already configured.
	IDAuth idauth.Config `koanf:"id-auth,omitempty"`
}

RegistrarOptions are options for running a registrar service.

func NewRegistrarOptions added in v0.13.0

func NewRegistrarOptions() RegistrarOptions

NewRegistrarOptions returns a new RegistrarOptions with the default values.

func (*RegistrarOptions) BindFlags added in v0.13.0

func (r *RegistrarOptions) BindFlags(prefix string, fl *pflag.FlagSet)

BindFlags binds the flags.

type RemotePluginConfig

type RemotePluginConfig struct {
	// Server is the address of a server for the plugin.
	Server string `koanf:"server,omitempty"`
	// Insecure is whether to use an insecure connection to the plugin server.
	Insecure bool `koanf:"insecure,omitempty"`
	// TLSCAFile is the path to a CA for verifying certificates.
	TLSCAFile string `koanf:"tls-ca-file,omitempty"`
	// TLSCertFile is the path to a certificate for authenticating to the plugin server.
	TLSCertFile string `koanf:"tls-cert-file,omitempty"`
	// TLSKeyFile is the path to a key for authenticating to the plugin server.
	TLSKeyFile string `koanf:"tls-key-file,omitempty"`
	// TLSSkipVerify is whether to skip verifying the plugin server's certificate.
	TLSSkipVerify bool `koanf:"tls-skip-verify,omitempty"`
}

RemotePluginConfig is the configuration for a plugin that connects to an external server.

func (*RemotePluginConfig) BindFlags

func (o *RemotePluginConfig) BindFlags(prefix string, fs *pflag.FlagSet)

BindFlags binds the flags for the remote plugin configuration.

type ServiceOptions

type ServiceOptions struct {
	// API options
	API APIOptions `koanf:"api,omitempty"`
	// WebRTC options
	WebRTC WebRTCOptions `koanf:"webrtc,omitempty"`
	// MeshDNS options
	MeshDNS MeshDNSOptions `koanf:"meshdns,omitempty"`
	// TURN options
	TURN TURNOptions `koanf:"turn,omitempty"`
	// Registrar options
	Registrar RegistrarOptions `koanf:"registrar,omitempty"`
	// Metrics options
	Metrics MetricsOptions `koanf:"metrics,omitempty"`
}

ServiceOptions contains the configuration for the mesh services.

func NewInsecureServiceOptions added in v0.12.0

func NewInsecureServiceOptions(disabled bool) ServiceOptions

NewInsecureServiceOptions returns a new ServiceOptions with the default values and insecure set to true. Disabled sets the initial state of whether the gRPC API is enabled.

func NewServiceOptions

func NewServiceOptions(disabled bool) ServiceOptions

NewServiceOptions returns a new ServiceOptions with the default values. Disabled sets the initial state of whether the gRPC API is enabled.

func (*ServiceOptions) BindFlags

func (s *ServiceOptions) BindFlags(prefix string, fl *pflag.FlagSet)

BindFlags binds the flags.

func (*ServiceOptions) NewFeatureSet added in v0.12.1

func (o *ServiceOptions) NewFeatureSet(storage meshstorage.Provider, grpcPort int) []*v1.FeaturePort

NewFeatureSet returns a new FeatureSet for the given node options.

func (*ServiceOptions) NewServerTLSOptions added in v0.12.1

func (o *ServiceOptions) NewServerTLSOptions(ctx context.Context) (grpc.ServerOption, error)

NewServerTLSOptions returns new TLS options for the gRPC server.

func (*ServiceOptions) NewServiceOptions added in v0.12.1

func (o *ServiceOptions) NewServiceOptions(ctx context.Context, conn meshnode.Node) (conf services.Options, err error)

NewServiceOptions returns new options for the webmesh services.

func (*ServiceOptions) RegisterAPIs added in v0.12.1

func (o *ServiceOptions) RegisterAPIs(ctx context.Context, opts APIRegistrationOptions) error

RegisterAPIs registers the configured APIs to the given server.

func (*ServiceOptions) Validate

func (s *ServiceOptions) Validate() error

Validate validates the options.

type StorageOptions added in v0.7.0

type StorageOptions struct {
	// InMemory is a flag to use in-memory storage.
	InMemory bool `koanf:"in-memory,omitempty"`
	// Path is the path to the storage directory.
	Path string `koanf:"path,omitempty"`
	// Provider is the storage provider. If empty, the default is used.
	Provider string `koanf:"provider,omitempty"`
	// Raft are the raft storage options.
	Raft RaftOptions `koanf:"raft,omitempty"`
	// External are the external storage options.
	External ExternalStorageOptions `koanf:"external,omitempty"`
	// LogLevel is the log level for the storage provider.
	LogLevel string `koanf:"log-level,omitempty"`
	// LogFormat is the log format for the storage provider.
	LogFormat string `koanf:"log-format,omitempty"`
}

StorageOptions are the storage options.

func NewStorageOptions added in v0.7.0

func NewStorageOptions() StorageOptions

NewStorageOptions creates a new storage options.

func (*StorageOptions) BindFlags added in v0.7.0

func (o *StorageOptions) BindFlags(prefix string, fs *pflag.FlagSet)

BindFlags binds the storage options to the flag set.

func (StorageOptions) ListenPort added in v0.7.0

func (o StorageOptions) ListenPort() int

ListenPort returns the port to listen on for the storage provider.

func (StorageOptions) NewExternalStorageOptions added in v0.7.0

func (o StorageOptions) NewExternalStorageOptions(ctx context.Context, nodeID types.NodeID) (extstorage.Options, error)

NewExternalStorageOptions creates a new external storage options.

func (StorageOptions) NewExternalStorageProvider added in v0.7.0

func (o StorageOptions) NewExternalStorageProvider(ctx context.Context, nodeID types.NodeID) (storage.Provider, error)

NewExternalStorageProvider returns a new external storage provider for the current configuration.

func (StorageOptions) NewPassthroughOptions added in v0.7.0

func (o StorageOptions) NewPassthroughOptions(ctx context.Context, node meshnode.Node) passthroughstorage.Options

NewPassthroughOptions returns a new passthrough options for the current configuration.

func (StorageOptions) NewRaftOptions added in v0.7.0

func (o StorageOptions) NewRaftOptions(ctx context.Context, node meshnode.Node, force bool) (raftstorage.Options, error)

NewRaftOptions returns a new raft options for the current configuration.

func (StorageOptions) NewRaftStorageProvider added in v0.7.0

func (o StorageOptions) NewRaftStorageProvider(ctx context.Context, node meshnode.Node, force bool) (storage.Provider, error)

NewRaftStorageProvider returns a new raftstorage provider for the current configuration.

func (StorageOptions) Validate added in v0.7.0

func (o StorageOptions) Validate(isMember bool) error

Validate validates the storage options.

type StorageProvider added in v0.7.0

type StorageProvider string

StorageProvider is a type of storage provider.

const (
	// StorageProviderRaft is the builtin raft storage provider.
	StorageProviderRaft StorageProvider = "raft"
	// StorageProviderPassThrough is the passthrough storage provider.
	StorageProviderPassThrough StorageProvider = "passthrough"
	// StorageProviderExternal is an external storage provider.
	StorageProviderExternal StorageProvider = "external"
)

func (StorageProvider) IsValid added in v0.7.0

func (s StorageProvider) IsValid() bool

IsValid checks if the storage provider is valid.

type TLSOptions

type TLSOptions struct {
	// CAFile is the path to a TLS CA file for verification. If this and CAData are empty, the system CA pool is used.
	CAFile string `koanf:"tls-ca-file,omitempty"`
	// CAData is the base64 encoded TLS CA data for verification. If this and CAFile are empty, the system CA pool is used.
	CAData string `koanf:"tls-ca-data,omitempty"`
	// VerifyChainOnly is true if only the certificate chain should be verified.
	VerifyChainOnly bool `koanf:"verify-chain-only,omitempty"`
	// InsecureSkipVerify is true if the server TLS cert should not be verified.
	InsecureSkipVerify bool `koanf:"insecure-skip-verify,omitempty"`
	// Insecure is true if the gRPC connection should be insecure.
	Insecure bool `koanf:"insecure,omitempty"`
}

TLSOptions are options for TLS communication when joining a mesh.

func NewTLSOptions added in v0.12.0

func NewTLSOptions() TLSOptions

NewTLSOptions returns a new empty TLSOptions.

func (*TLSOptions) BindFlags

func (o *TLSOptions) BindFlags(prefix string, fl *pflag.FlagSet)

BindFlags binds the TLS options to the flag set.

type TURNOptions

type TURNOptions struct {
	// Enabled enables the TURN server.
	Enabled bool `koanf:"enabled,omitempty"`
	// Endpoint is the endpoint to advertise for the TURN server. If empty, the public IP and listen port is used.
	Endpoint string `koanf:"endpoint,omitempty"`
	// PublicIP is the address advertised for STUN/TURN requests.
	PublicIP string `koanf:"public-ip,omitempty"`
	// ListenAddress is the address to listen on for STUN/TURN connections.
	ListenAddress string `koanf:"listen-address,omitempty"`
	// Realm is the realm used for TURN server authentication.
	Realm string `koanf:"realm,omitempty"`
	// TURNPortRange is the port range to use for allocating TURN relays.
	TURNPortRange string `koanf:"port-range,omitempty"`
}

TURNOptions are the options for the TURN server.

func NewTURNOptions

func NewTURNOptions() TURNOptions

NewTURNOptions returns a new TURNOptions with the default values.

func (*TURNOptions) BindFlags

func (t *TURNOptions) BindFlags(prefix string, fl *pflag.FlagSet)

BindFlags binds the flags.

func (TURNOptions) ListenPort

func (t TURNOptions) ListenPort() uint16

ListenPort returns the listen port for this TURN configuration. or 0 if not enabled or invalid.

func (TURNOptions) Validate

func (t TURNOptions) Validate() error

Validate values the TURN options.

type WebRTCOptions

type WebRTCOptions struct {
	// Enabled enables the WebRTC API.
	Enabled bool `koanf:"enabled,omitempty"`
	// STUNServers is a list of STUN servers to use for the WebRTC API.
	STUNServers []string `koanf:"stun-servers,omitempty"`
}

WebRTCOptions are the options for the WebRTC API.

func NewWebRTCOptions

func NewWebRTCOptions() WebRTCOptions

NewWebRTCOptions returns a new WebRTCOptions with the default values.

func (*WebRTCOptions) BindFlags

func (w *WebRTCOptions) BindFlags(prefix string, fl *pflag.FlagSet)

BindFlags binds the flags.

func (WebRTCOptions) Validate

func (w WebRTCOptions) Validate() error

Validate validates the options.

type WireGuardOptions

type WireGuardOptions struct {
	// ListenPort is the port to listen on.
	ListenPort int `koanf:"listen-port,omitempty"`
	// Modprobe attempts to load the wireguard kernel module on linux systems.
	Modprobe bool `koanf:"modprobe,omitempty"`
	// InterfaceName is the name of the interface.
	InterfaceName string `koanf:"interface-name,omitempty"`
	// ForceInterfaceName forces the use of the given name by deleting
	// any pre-existing interface with the same name.
	ForceInterfaceName bool `koanf:"force-interface-name,omitempty"`
	// ForceTUN forces the use of a TUN interface.
	ForceTUN bool `koanf:"force-tun,omitempty"`
	// Masquerade enables masquerading of traffic from the wireguard interface.
	Masquerade bool `koanf:"masquerade,omitempty"`
	// PersistentKeepAlive is the interval at which to send keepalive packets
	// to peers. If unset, keepalive packets will automatically be sent to publicly
	// accessible peers when this instance is behind a NAT. Otherwise, no keep-alive
	// packets are sent.
	PersistentKeepAlive time.Duration `koanf:"persistent-keepalive,omitempty"`
	// MTU is the MTU to use for the interface.
	MTU int `koanf:"mtu,omitempty"`
	// Endpoints are additional WireGuard endpoints to broadcast when joining.
	Endpoints []string `koanf:"endpoints,omitempty"`
	// KeyFile is the path to the WireGuard private key. If it does not exist it will be created.
	KeyFile string `koanf:"key-file,omitempty"`
	// KeyRotationInterval is the interval to rotate wireguard keys.
	// Set this to 0 to disable key rotation.
	KeyRotationInterval time.Duration `koanf:"key-rotation-interval,omitempty"`
	// RecordMetrics enables recording of WireGuard metrics. These are only exposed if the
	// metrics server is enabled.
	RecordMetrics bool `koanf:"record-metrics,omitempty"`
	// RecordMetricsInterval is the interval at which to update WireGuard metrics.
	RecordMetricsInterval time.Duration `koanf:"record-metrics-interval,omitempty"`
	// DisableFullTunnel will ignore routes for a default gateway.
	DisableFullTunnel bool `koanf:"disable-full-tunnel,omitempty"`
	// contains filtered or unexported fields
}

WireGuardOptions are options for configuring the WireGuard interface.

func NewWireGuardOptions

func NewWireGuardOptions() WireGuardOptions

NewWireGuardOptions returns a new WireGuardOptions with sensible defaults.

func (*WireGuardOptions) BindFlags

func (o *WireGuardOptions) BindFlags(prefix string, fs *pflag.FlagSet)

BindFlags binds the flags.

func (*WireGuardOptions) LoadKey added in v0.12.1

LoadKey loads the key from the given configuration.

func (*WireGuardOptions) SetKey added in v0.13.6

func (o *WireGuardOptions) SetKey(key crypto.PrivateKey)

SetKey is a convenience method for setting a preloaded key to these wireguard options so that calls to LoadKey will return the preloaded key.

func (*WireGuardOptions) Validate

func (o *WireGuardOptions) Validate() error

Validate validates the options.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL