Documentation ¶
Overview ¶
Package config contains configuration options and parsing for the webmesh node CLI and daemon server.
Index ¶
- Variables
- func InterceptorLogger() logging.Logger
- type APIOptions
- type APIRegistrationOptions
- type AuthOptions
- type BasicAuthOptions
- type BootstrapOptions
- type BootstrapTransportOptions
- type BridgeMeshDNSOptions
- type BridgeOptions
- type Config
- func (o *Config) BindFlags(prefix string, fs *pflag.FlagSet) *Config
- func (o *Config) IsStorageMember() bool
- func (c *Config) LoadFrom(fs *pflag.FlagSet, confFiles []string) error
- func (o *Config) MTLSEnabled() bool
- func (c Config) MarshalJSON() ([]byte, error)
- func (c Config) MarshalTOML() ([]byte, error)
- func (c Config) MarshalYAML() ([]byte, error)
- func (o *Config) NewBootstrapTransport(ctx context.Context, nodeID string, conn meshnode.Node, host host.Host) (transport.BootstrapTransport, error)
- func (o *Config) NewClientCredentials(ctx context.Context, key crypto.PrivateKey) ([]grpc.DialOption, error)
- func (o *Config) NewConnectOptions(ctx context.Context, conn meshnode.Node, provider storage.Provider, ...) (opts meshnode.ConnectOptions, err error)
- func (o *Config) NewJoinTransport(ctx context.Context, nodeID string, conn meshnode.Node, host host.Host) (transport.JoinRoundTripper, error)
- func (o *Config) NewLeaveTransport(ctx context.Context, conn meshnode.Node) transport.LeaveRoundTripper
- func (o *Config) NewMeshConfig(ctx context.Context, key crypto.PrivateKey) (conf meshnode.Config, err error)
- func (o *Config) NewStorageProvider(ctx context.Context, node meshnode.Node, force bool) (storage.Provider, error)
- func (o *Config) NodeID(ctx context.Context) (string, error)
- func (o *Config) ShallowCopy() *Config
- func (c Config) ToMapStructure() map[string]interface{}
- func (c *Config) UnmarshalJSON(b []byte) error
- func (c *Config) UnmarshalTOML(b []byte) error
- func (c *Config) UnmarshalYAML(b []byte) error
- func (o *Config) Validate() error
- type DiscoveryOptions
- type ExecutablePluginConfig
- type ExternalStorageOptions
- type GlobalOptions
- type IDAuthOptions
- type LDAPAuthOptions
- type MTLSOptions
- type MeshDNSOptions
- type MeshOptions
- type MetricsOptions
- type PluginConfig
- type PluginMapConfig
- type PluginOptions
- type RaftOptions
- type RegistrarOptions
- type RemotePluginConfig
- type ServiceOptions
- func (s *ServiceOptions) BindFlags(prefix string, fl *pflag.FlagSet)
- func (o *ServiceOptions) NewFeatureSet(storage meshstorage.Provider, grpcPort int) []*v1.FeaturePort
- func (o *ServiceOptions) NewServerTLSOptions(ctx context.Context) (grpc.ServerOption, error)
- func (o *ServiceOptions) NewServiceOptions(ctx context.Context, conn meshnode.Node) (conf services.Options, err error)
- func (o *ServiceOptions) RegisterAPIs(ctx context.Context, opts APIRegistrationOptions) error
- func (s *ServiceOptions) Validate() error
- type StorageOptions
- func (o *StorageOptions) BindFlags(prefix string, fs *pflag.FlagSet)
- func (o StorageOptions) ListenPort() int
- func (o StorageOptions) NewExternalStorageOptions(ctx context.Context, nodeID types.NodeID) (extstorage.Options, error)
- func (o StorageOptions) NewExternalStorageProvider(ctx context.Context, nodeID types.NodeID) (storage.Provider, error)
- func (o StorageOptions) NewPassthroughOptions(ctx context.Context, node meshnode.Node) passthroughstorage.Options
- func (o StorageOptions) NewRaftOptions(ctx context.Context, node meshnode.Node, force bool) (raftstorage.Options, error)
- func (o StorageOptions) NewRaftStorageProvider(ctx context.Context, node meshnode.Node, force bool) (storage.Provider, error)
- func (o StorageOptions) Validate(isMember bool) error
- type StorageProvider
- type TLSOptions
- type TURNOptions
- type WebRTCOptions
- type WireGuardOptions
Constants ¶
This section is empty.
Variables ¶
var DefaultNodeID = func() string { hostname, err := os.Hostname() if err != nil { return uuid.NewString() } return hostname }()
DefaultNodeID is the default node ID used if no other is configured
var ErrNoMesh = fmt.Errorf("no mesh configured")
ErrNoMesh is returned when no mesh is configured to be bootstrapped or joined.
Functions ¶
func InterceptorLogger ¶
InterceptorLogger returns a logging.Logger that logs to the given slog.Logger.
Types ¶
type APIOptions ¶
type APIOptions struct { // Disabled is true if the gRPC API should be disabled. // The node will still be able to join a mesh, but will not be able to // serve any APIs or provide proxying services. Disabled bool `koanf:"disabled,omitempty"` // ListenAddress is the gRPC address to listen on. ListenAddress string `koanf:"listen-address,omitempty"` // WebEnabled enables serving gRPC over HTTP/1.1. WebEnabled bool `koanf:"web-enabled,omitempty"` // TLSCertFile is the path to the TLS certificate file. TLSCertFile string `koanf:"tls-cert-file,omitempty"` // TLSCertData is the TLS certificate data. TLSCertData string `koanf:"tls-cert-data,omitempty"` // TLSKeyFile is the path to the TLS key file. TLSKeyFile string `koanf:"tls-key-file,omitempty"` // TLSKeyData is the TLS key data. TLSKeyData string `koanf:"tls-key-data,omitempty"` // MTLS is true if mutual TLS should be enabled. MTLS bool `koanf:"mtls,omitempty"` // MTLSClientCAFile is the path to the client CA file. This is not usually // required and handled by the mtls auth plugin. MTLSClientCAFile string `koanf:"mtls-client-ca-file,omitempty"` // Insecure is true if the transport is insecure. Insecure bool `koanf:"insecure,omitempty"` // DisableLeaderProxy is true if the leader proxy should be disabled. DisableLeaderProxy bool `koanf:"disable-leader-proxy,omitempty"` // MeshEnabled is true if the mesh API should be registered. MeshEnabled bool `koanf:"mesh-enabled,omitempty"` // AdminEnabled is true if the admin API should be registered. AdminEnabled bool `koanf:"admin-enabled,omitempty"` }
APIOptions are the options for which APIs to register and expose.
func NewAPIOptions ¶
func NewAPIOptions(disabled bool) APIOptions
NewAPIOptions returns a new APIOptions with the default values.
func NewInsecureAPIOptions ¶ added in v0.12.0
func NewInsecureAPIOptions(disabled bool) APIOptions
NewInsecureAPIOptions returns a new APIOptions with the default values and insecure set to true.
func (*APIOptions) BindFlags ¶
func (a *APIOptions) BindFlags(prefix string, fl *pflag.FlagSet)
BindFlags binds the flags.
func (APIOptions) ListenPort ¶ added in v0.12.1
func (a APIOptions) ListenPort() int
ListenPort returns the listen port configured by these API options.
type APIRegistrationOptions ¶ added in v0.13.0
type APIRegistrationOptions struct { // Node is the node to register the APIs against. Node meshnode.Node // Server is the server to register the APIs to. Server *services.Server // Features are the features to broadcast to other nodes. Features []*v1.FeaturePort // BuildInfo is the build info to display in the node API. BuildInfo version.BuildInfo // Description is an optional description to display in the node API. Description string }
APIRegistrationOptions are options for registering the APIs to a given server.
type AuthOptions ¶
type AuthOptions struct { // IDAuth indicates to use ID authentication. An ID is derived // from the public wireguard key and presented with a signature // that can be verified by the private wireguard key. IDAuth IDAuthOptions `koanf:"id-auth,omitempty"` // MTLS are options for mutual TLS. This is the recommended // authentication method. MTLS MTLSOptions `koanf:"mtls,omitempty"` // Basic are options for basic authentication. Basic BasicAuthOptions `koanf:"basic,omitempty"` // LDAP are options for LDAP authentication. LDAP LDAPAuthOptions `koanf:"ldap,omitempty"` }
AuthOptions are options for authentication into the mesh.
func NewAuthOptions ¶ added in v0.12.0
func NewAuthOptions() AuthOptions
NewAuthOptions returns a new empty AuthOptions.
func (*AuthOptions) BindFlags ¶
func (o *AuthOptions) BindFlags(prefix string, fl *pflag.FlagSet)
BindFlags binds the flags to the options.
func (*AuthOptions) IsEmpty ¶ added in v0.12.0
func (o *AuthOptions) IsEmpty() bool
IsEmpty returns true if the options are empty.
func (*AuthOptions) MTLSEnabled ¶ added in v0.12.1
func (o *AuthOptions) MTLSEnabled() bool
MTLSEnabled is true if any mtls fields are set.
func (*AuthOptions) Validate ¶
func (o *AuthOptions) Validate() error
type BasicAuthOptions ¶
type BasicAuthOptions struct { // Username is the username. Username string `koanf:"username,omitempty"` // Password is the password. Password string `koanf:"password,omitempty"` }
BasicAuthOptions are options for basic authentication.
func (*BasicAuthOptions) IsEmpty ¶ added in v0.12.0
func (o *BasicAuthOptions) IsEmpty() bool
IsEmpty returns true if the options are empty.
type BootstrapOptions ¶
type BootstrapOptions struct { // Enabled is the flag to attempt bootstrapping. If true, the node will only bootstrap a new cluster // if no data is found. To force a bootstrap, set Force to true. Enabled bool `koanf:"enabled,omitempty"` // ElectionTimeout is the election timeout to use when bootstrapping a new cluster. ElectionTimeout time.Duration `koanf:"election-timeout,omitempty"` // Transport are the bootstrap transport options Transport BootstrapTransportOptions `koanf:"transport,omitempty"` // IPv4Network is the IPv4 network of the mesh to write to the database when bootstraping a new cluster. IPv4Network string `koanf:"ipv4-network,omitempty"` // IPv6Network is the IPv6 network of the mesh to write to the database when bootstraping a new cluster. // If left unset, one will be generated. This must be a /32 prefix. IPv6Network string `koanf:"ipv6-network,omitempty"` // MeshDomain is the domain of the mesh to write to the database when bootstraping a new cluster. MeshDomain string `koanf:"mesh-domain,omitempty"` // Admin is the user and/or node name to assign administrator privileges to when bootstraping a new cluster. Admin string `koanf:"admin,omitempty"` // Voters is a comma separated list of node IDs to assign voting privileges to when bootstraping a new cluster. // BootstrapServers are automatically added to this list. Voters []string `koanf:"voters,omitempty"` // DefaultNetworkPolicy is the default network policy to apply to the mesh when bootstraping a new cluster. DefaultNetworkPolicy string `koanf:"default-network-policy,omitempty"` // DisableRBAC is the flag to disable RBAC when bootstrapping a new cluster. DisableRBAC bool `koanf:"disable-rbac,omitempty"` // Force is the force new bootstrap flag. Force bool `koanf:"force,omitempty"` }
BootstrapOptions are options for bootstrapping a new mesh.
func NewBootstrapOptions ¶
func NewBootstrapOptions() BootstrapOptions
NewBootstrapOptions returns a new BootstrapOptions with the default values.
func (*BootstrapOptions) BindFlags ¶
func (o *BootstrapOptions) BindFlags(prefix string, fs *pflag.FlagSet)
BindFlags binds the bootstrap options to a flag set.
func (*BootstrapOptions) Validate ¶
func (o *BootstrapOptions) Validate() error
Validate validates the bootstrap options.
type BootstrapTransportOptions ¶
type BootstrapTransportOptions struct { // TCPAdvertiseAddress is the initial address to advertise for raft consensus. TCPAdvertiseAddress string `koanf:"tcp-advertise-address,omitempty"` // TCPListenAddress is the initial address to use when using TCP raft consensus to bootstrap. TCPListenAddress string `koanf:"tcp-listen-address,omitempty"` // TCPServers is a map of node IDs to addresses to bootstrap with. If empty, the node will use the advertise // address as the bootstrap server. If not empty, all nodes in the map should be started with the same // list configurations. If any are different then the first node to become leader will pick them. This // can cause bootstrap to fail when using ACLs. Servers should be in the form of <node-id>=<address>. TCPServers map[string]string `koanf:"tcp-servers,omitempty"` // TCPConnectionPool is the maximum number of TCP connections to maintain to other nodes. TCPConnectionPool int `koanf:"tcp-connection-pool,omitempty"` // TCPConnectTimeout is the maximum amount of time to wait for a TCP connection to be established. TCPConnectTimeout time.Duration `koanf:"tcp-connect-timeout,omitempty"` // ServerGRPCPorts is a map of node IDs to gRPC ports to bootstrap with. If empty, the node will use the // advertise address and locally configured gRPC port for every node in bootstrap-servers. Ports should // be in the form of <node-id>=<port>. ServerGRPCPorts map[string]int `koanf:"server-grpc-ports,omitempty"` // Rendezvous is the rendezvous string to use when using libp2p to bootstrap. Rendezvous string `koanf:"rendezvous,omitempty"` // RendezvousNodes is the list of node IDs to use when using libp2p to bootstrap. RendezvousNodes []string `koanf:"rendezvous-nodes,omitempty"` // RendezvousLinger is the amount of time to wait for other nodes to join when using libp2p to bootstrap. RendezvousLinger time.Duration `koanf:"rendezvous-linger,omitempty"` // PSK is the pre-shared key to use when using libp2p to bootstrap. PSK string `koanf:"psk,omitempty"` }
BootstrapTransportOptions are options for the bootstrap transport.
func NewBootstrapTransportOptions ¶
func NewBootstrapTransportOptions() BootstrapTransportOptions
NewBootstrapTransportOptions returns a new BootstrapTransportOptions with the default values.
func (*BootstrapTransportOptions) BindFlags ¶
func (o *BootstrapTransportOptions) BindFlags(prefix string, fs *pflag.FlagSet)
BindFlags binds the bootstrap transport options to a flag set.
func (BootstrapTransportOptions) Validate ¶
func (o BootstrapTransportOptions) Validate() error
Validate validates the bootstrap transport options.
type BridgeMeshDNSOptions ¶
type BridgeMeshDNSOptions struct { // Enabled enables mesh DNS. Enabled bool `koanf:"enabled,omitempty"` // ListenUDP is the UDP address to listen on. ListenUDP string `koanf:"listen-udp,omitempty"` // ListenTCP is the address to listen on for TCP DNS requests. ListenTCP string `koanf:"listen-tcp,omitempty"` // ReusePort sets the number of listeners to start on each port. // This is only supported on Linux. ReusePort int `koanf:"reuse-port,omitempty"` // EnableCompression is true if DNS compression should be enabled. EnableCompression bool `koanf:"compression,omitempty"` // RequestTimeout is the timeout for DNS requests. RequestTimeout time.Duration `koanf:"request-timeout,omitempty"` // Forwarders are the DNS forwarders to use. If empty, the system DNS servers will be used. Forwarders []string `koanf:"forwarders,omitempty"` // SubscribeForwarders will subscribe to new nodes that are able to forward requests for other meshes. // These forwarders will be placed at the bottom of the forwarders list. SubscribeForwarders bool `koanf:"subscribe-forwarders,omitempty"` // DisableForwarding disables forwarding requests entirely. DisableForwarding bool `koanf:"disable-forwarding,omitempty"` // CacheSize is the size of the remote DNS cache. CacheSize int `koanf:"cache-size,omitempty"` }
func NewBridgeMeshDNSOptions ¶ added in v0.12.0
func NewBridgeMeshDNSOptions() BridgeMeshDNSOptions
NewBridgeMeshDNSOptions returns a new BridgeMeshDNSOptions with sensible defaults.
func (*BridgeMeshDNSOptions) BindFlags ¶
func (m *BridgeMeshDNSOptions) BindFlags(fl *pflag.FlagSet)
BindFlags binds the flags.
func (*BridgeMeshDNSOptions) Validate ¶
func (m *BridgeMeshDNSOptions) Validate() error
Validate validates the bridge dns options.
type BridgeOptions ¶
type BridgeOptions struct { // Meshes are the meshes to bridge. Meshes map[string]*Config `koanf:"meshes,omitempty"` // MeshDNS are options for running a meshdns server bridging all meshes. MeshDNS BridgeMeshDNSOptions `koanf:"meshdns,omitempty"` // UseMeshDNS is true if the bridge should use the meshdns server for local name resolution. UseMeshDNS bool `koanf:"use-meshdns,omitempty"` }
BridgeOptions are options for the bridge.
func NewBridgeOptions ¶ added in v0.12.0
func NewBridgeOptions() BridgeOptions
NewBridgeOptions returns a new empty BridgeOptions.
func (*BridgeOptions) BindFlags ¶
func (b *BridgeOptions) BindFlags(prefix string, fs *pflag.FlagSet)
BindFlags binds the flags.
func (*BridgeOptions) Validate ¶
func (b *BridgeOptions) Validate() error
Validate recursively validates the config.
type Config ¶
type Config struct { // Global are global options that are overlaid on all other options. Global GlobalOptions `koanf:"global,omitempty"` // Bootstrap are the bootstrap options. Bootstrap BootstrapOptions `koanf:"bootstrap,omitempty"` // Auth are the authentication options. Auth AuthOptions `koanf:"auth,omitempty"` // Mesh are the mesh options. Mesh MeshOptions `koanf:"mesh,omitempty"` // Storage are the storage options. Storage StorageOptions `koanf:"storage,omitempty"` // Services are the service options. Services ServiceOptions `koanf:"services,omitempty"` // TLS are the TLS options. TLS TLSOptions `koanf:"tls,omitempty"` // WireGuard are the WireGuard options. WireGuard WireGuardOptions `koanf:"wireguard,omitempty"` // Discovery are the discovery options. Discovery DiscoveryOptions `koanf:"discovery,omitempty"` // Plugins are the plugin options. Plugins PluginOptions `koanf:"plugins,omitempty"` // Bridge are the bridge options. Bridge BridgeOptions `koanf:"bridge,omitempty"` }
Config are the configuration options for running a webmesh node.
func NewDefaultConfig ¶
NewDefaultConfig returns a new config with the default options. If nodeID is empty, the hostname or a randomly generated one will be used.
func NewInsecureConfig ¶
NewInsecureConfig returns a new config with the default options, but with insecure defaults, such as no transport security and in-memory storage. If nodeID is empty, the hostname or a randomly generated one will be used.
func (*Config) IsStorageMember ¶ added in v0.7.0
IsStorageMember returns true if the node is a storage provider.
func (*Config) LoadFrom ¶
LoadFrom attempts to load this configuration from the given flag set, configuration files, and environment variables. If fs is not nil, it is assumed the configuration has already been bound to the flag set and that the flagset has already been parsed. The order of precedence for parsing is: 1. Files 2. Environment variables 3. Flags
func (*Config) MTLSEnabled ¶ added in v0.12.1
MTLSEnabled reports whether mtls is enabled.
func (Config) MarshalJSON ¶
MarshalJSON implements json.Marshaler.
func (Config) MarshalTOML ¶
MarshalTOML implements toml.Marshaler.
func (Config) MarshalYAML ¶
MarshalYAML implements yaml.Marshaler.
func (*Config) NewBootstrapTransport ¶
func (o *Config) NewBootstrapTransport(ctx context.Context, nodeID string, conn meshnode.Node, host host.Host) (transport.BootstrapTransport, error)
NewBootstrapTransport returns the bootstrap transport for the configuration.
func (*Config) NewClientCredentials ¶ added in v0.12.2
func (o *Config) NewClientCredentials(ctx context.Context, key crypto.PrivateKey) ([]grpc.DialOption, error)
NewClientCredentials build new client credentials from the given configuration.
func (*Config) NewConnectOptions ¶
func (o *Config) NewConnectOptions(ctx context.Context, conn meshnode.Node, provider storage.Provider, host host.Host) (opts meshnode.ConnectOptions, err error)
NewConnectOptions returns new connection options for the configuration. The given raft node must be started before it can be used. Host can be nil and if one is needed it will be created.
func (*Config) NewJoinTransport ¶
func (*Config) NewLeaveTransport ¶ added in v0.11.2
func (*Config) NewMeshConfig ¶
func (o *Config) NewMeshConfig(ctx context.Context, key crypto.PrivateKey) (conf meshnode.Config, err error)
NewMeshConfig return a new Mesh configuration based on the node configuration. The key is optional and will be taken from the configuration if not provided.
func (*Config) NewStorageProvider ¶ added in v0.7.0
func (o *Config) NewStorageProvider(ctx context.Context, node meshnode.Node, force bool) (storage.Provider, error)
NewStorageProvider creates a new storage provider from the given options. If not a storage providing member, a node dialer is required for the passthrough storage provider.
func (*Config) NodeID ¶
NodeID returns the node ID for this configuration, or any error attempting to determine it.
func (*Config) ShallowCopy ¶
ShallowCopy returns a shallow copy of the config.
func (Config) ToMapStructure ¶
ToMapStructure converts the configuration to a map[string]interface{} structure.
func (*Config) UnmarshalJSON ¶
UnmarshalJSON implements json.Unmarshaler.
func (*Config) UnmarshalTOML ¶
UnmarshalTOML implements toml.Unmarshaler.
func (*Config) UnmarshalYAML ¶
UnmarshalYAML implements yaml.Unmarshaler.
type DiscoveryOptions ¶
type DiscoveryOptions struct { // Announce is a flag to announce this peer to the discovery service. // Otherwise this peer will only discover other peers. Announce bool `koanf:"announce,omitempty"` // Discover is a flag to use the libp2p kademlia DHT for discovery. Discover bool `koanf:"discover,omitempty"` // Rendezvous is the pre-shared key string to use as a rendezvous point for peer discovery. Rendezvous string `koanf:"rendezvous,omitempty"` // BootstrapServers is a list of bootstrap servers to use for the DHT. // If empty or nil, the default bootstrap servers will be used. BootstrapServers []string `koanf:"bootstrap-servers,omitempty"` // AnnounceTTL is the TTL for the announcement. AnnounceTTL time.Duration `koanf:"announce-ttl,omitempty"` // LocalAddrs is a list of local addresses to announce to the discovery service. // If empty, the default local addresses will be used. LocalAddrs []string `koanf:"local-addrs,omitempty"` // ConnectTimeout is the timeout for connecting to a peer. ConnectTimeout time.Duration `koanf:"connect-timeout,omitempty"` }
DiscoveryOptions are options for discovering peers.
func NewDiscoveryOptions ¶
func NewDiscoveryOptions(psk string, announce bool) DiscoveryOptions
NewDiscoveryOptions returns a new DiscoveryOptions for the given PSK. Or one ready with sensible defaults if the PSK is empty.
func (*DiscoveryOptions) BindFlags ¶
func (o *DiscoveryOptions) BindFlags(prefix string, fs *pflag.FlagSet)
BindFlags binds the flags for the discovery options.
func (*DiscoveryOptions) HostOptions ¶
func (o *DiscoveryOptions) HostOptions(ctx context.Context, key crypto.PrivateKey) libp2p.HostOptions
NewHostConfig returns a new HostOptions for the discovery config.
func (*DiscoveryOptions) Validate ¶
func (o *DiscoveryOptions) Validate() error
Validate validates the discovery options.
type ExecutablePluginConfig ¶
type ExecutablePluginConfig struct { // Path is the path to an executable for the plugin. Path string `kaonf:"path,omitempty"` }
ExecutablePluginConfig is the configuration for an executable plugin.
type ExternalStorageOptions ¶ added in v0.7.0
type ExternalStorageOptions struct { // Server is the address of a server for the plugin. Server string `koanf:"server,omitempty"` // Config is the configuration to pass to the plugin. Config PluginMapConfig `koanf:"config,omitempty"` // Insecure is whether to use an insecure connection to the plugin server. Insecure bool `koanf:"insecure,omitempty"` // TLSCAData is the base64 PEM-encoded CA data for verifying certificates. TLSCAData string `koanf:"tls-ca-data,omitempty"` // TLSCAFile is the path to a CA for verifying certificates. TLSCAFile string `koanf:"tls-ca-file,omitempty"` // TLSCertData is the base64 PEM-encoded certificate data for authenticating to the plugin server. TLSCertData string `koanf:"tls-cert-data,omitempty"` // TLSCertFile is the path to a certificate for authenticating to the plugin server. TLSCertFile string `koanf:"tls-cert-file,omitempty"` // TLSKeyData is the base64 PEM-encoded key data for authenticating to the plugin server. TLSKeyData string `koanf:"tls-key-data,omitempty"` // TLSKeyFile is the path to a key for authenticating to the plugin server. TLSKeyFile string `koanf:"tls-key-file,omitempty"` // TLSSkipVerify is whether to skip verifying the plugin server's certificate. TLSSkipVerify bool `koanf:"tls-skip-verify,omitempty"` }
ExternalStorageOptions are the external storage options.
func NewExternalStorageOptions ¶ added in v0.7.0
func NewExternalStorageOptions() ExternalStorageOptions
NewExternalStorageOptions creates a new external storage options.
func (*ExternalStorageOptions) BindFlags ¶ added in v0.7.0
func (o *ExternalStorageOptions) BindFlags(prefix string, fs *pflag.FlagSet)
BindFlags binds the external storage options to the flag set.
func (ExternalStorageOptions) NewTLSConfig ¶ added in v0.7.0
NewTLSConfig creates a new TLS config from the options.
func (ExternalStorageOptions) Validate ¶ added in v0.7.0
func (o ExternalStorageOptions) Validate() error
Validate validates the external storage options.
type GlobalOptions ¶
type GlobalOptions struct { // LogLevel is the log level. LogLevel string `koanf:"log-level,omitempty"` // LogFormat is the log format. One of "text" or "json". LogFormat string `koanf:"log-format,omitempty"` // TLSCertFile is the TLS certificate file. TLSCertFile string `koanf:"tls-cert-file,omitempty"` // TLSKeyFile is the TLS key file. TLSKeyFile string `koanf:"tls-key-file,omitempty"` // TLACAFile is the TLS CA file. TLSCAFile string `koanf:"tls-ca-file,omitempty"` // TLSClientCAFile is the path to the TLS client CA file. // If empty, either TLSCAFile or the system CA pool is used. TLSClientCAFile string `koanf:"tls-client-ca-file,omitempty"` // MTLS is true if mutual TLS is enabled. MTLS bool `koanf:"mtls,omitempty"` // VerifyChainOnly is true if only the chain should be verified. VerifyChainOnly bool `koanf:"verify-chain-only,omitempty"` // InsecureSkipVerify is true if the server TLS cert should not be verified. InsecureSkipVerify bool `koanf:"insecure-skip-verify,omitempty"` // Insecure is true if TLS should be disabled. Insecure bool `koanf:"insecure,omitempty"` // PrimaryEndpoint is the preferred publicly routable address of this node. // Setting this value will override the mesh advertise address with its // configured listen port. PrimaryEndpoint string `koanf:"primary-endpoint,omitempty"` // Endpoints are the additional publicly routable addresses of this node. // If PrimaryEndpoint is not set, it will be set to the first endpoint. // Setting this value will override the mesh advertise with its configured // listen port. Endpoints []string `koanf:"endpoints,omitempty"` // DetectEndpoints is true if the endpoints should be detected. DetectEndpoints bool `koanf:"detect-endpoints,omitempty"` // DetectPrivateEndpoints is true if private IP addresses should be included in detection. // This automatically enables DetectEndpoints. DetectPrivateEndpoints bool `koanf:"detect-private-endpoints,omitempty"` // AllowRemoteDetection is true if remote detection is allowed. AllowRemoteDetection bool `koanf:"allow-remote-detection,omitempty"` // DetectIPv6 is true if IPv6 addresses should be included in detection. DetectIPv6 bool `koanf:"detect-ipv6,omitempty"` // DisableIPv4 is true if IPv4 should be disabled. DisableIPv4 bool `koanf:"disable-ipv4,omitempty"` // DisableIPv6 is true if IPv6 should be disabled. DisableIPv6 bool `koanf:"disable-ipv6,omitempty"` }
GlobalOptions are options that will be re-applied to all relevant configurations after parsing.
func NewGlobalOptions ¶ added in v0.12.0
func NewGlobalOptions() GlobalOptions
NewGlobalOptions creates a new GlobalOptions.
func (*GlobalOptions) ApplyGlobals ¶
ApplyGlobals applies the global options to the given options. It returns the options for convenience.
func (*GlobalOptions) BindFlags ¶
func (o *GlobalOptions) BindFlags(prefix string, fs *pflag.FlagSet)
func (*GlobalOptions) Validate ¶
func (o *GlobalOptions) Validate() error
Validate validates the global options.
type IDAuthOptions ¶ added in v0.13.0
type IDAuthOptions struct { // Enabled is true if ID authentication is enabled. Enabled bool `koanf:"enabled,omitempty"` // Alias is an optional alias to attempt to register with our ID. // If empty, no registration will be attempted. If alias registration // fails it will be logged and the node will continue to run. Alias string `koanf:"alias,omitempty"` // Registrar is the registrar to attempt to use to register with our ID. // If left unset and an alias is provided, the node will attempt to discover // one via the mesh. // TODO: Credentials for non-mesh registrars. Registrar string `koanf:"registrar,omitempty"` }
IDAuthOptions are options for ID authentication.
func (*IDAuthOptions) IsEmpty ¶ added in v0.13.0
func (o *IDAuthOptions) IsEmpty() bool
IsEmpty returns true if the options are empty.
type LDAPAuthOptions ¶
type LDAPAuthOptions struct { // Username is the username. Username string `koanf:"username,omitempty"` // Password is the password. Password string `koanf:"password,omitempty"` }
LDAPAuthOptions are options for LDAP authentication.
func (*LDAPAuthOptions) IsEmpty ¶ added in v0.12.0
func (o *LDAPAuthOptions) IsEmpty() bool
IsEmpty returns true if the options are empty.
type MTLSOptions ¶
type MTLSOptions struct { // CertFile is the path to a TLS certificate file to present when joining. Either this // or CertData must be set. CertFile string `koanf:"cert-file,omitempty"` // CertData is the base64 encoded TLS certificate data to present when joining. Either this // or CertFile must be set. CertData string `koanf:"cert-data,omitempty"` // KeyFile is the path to a TLS key file for the certificate. Either this or KeyData must be set. KeyFile string `koanf:"key-file,omitempty"` // KeyData is the base64 encoded TLS key data for the certificate. Either this or KeyFile must be set. KeyData string `koanf:"key-data,omitempty"` }
MTLSOptions are options for mutual TLS.
func (*MTLSOptions) Enabled ¶ added in v0.12.1
func (o *MTLSOptions) Enabled() bool
Enabled is true if any fields are set.
func (*MTLSOptions) IsEmpty ¶ added in v0.12.0
func (o *MTLSOptions) IsEmpty() bool
IsEmpty returns true if the options are empty.
type MeshDNSOptions ¶
type MeshDNSOptions struct { // Enabled enables mesh DNS. Enabled bool `koanf:"enabled,omitempty"` // ListenUDP is the UDP address to listen on. ListenUDP string `koanf:"listen-udp,omitempty"` // ListenTCP is the address to listen on for TCP DNS requests. ListenTCP string `koanf:"listen-tcp,omitempty"` // ReusePort sets the number of listeners to start on each port. // This is only supported on Linux. ReusePort int `koanf:"reuse-port,omitempty"` // EnableCompression is true if DNS compression should be enabled. EnableCompression bool `koanf:"compression,omitempty"` // RequestTimeout is the timeout for DNS requests. RequestTimeout time.Duration `koanf:"request-timeout,omitempty"` // Forwarders are the DNS forwarders to use. If empty, the system DNS servers will be used. Forwarders []string `koanf:"forwarders,omitempty"` // IncludeSystemResolvers includes the system DNS servers in the forwarders list if it is non-empty. IncludeSystemResolvers bool `koanf:"include-system-resolvers,omitempty"` // SubscribeForwarders will subscribe to new nodes that are able to forward requests for other meshes. // These forwarders will be placed at the bottom of the forwarders list. SubscribeForwarders bool `koanf:"subscribe-forwarders,omitempty"` // DisableForwarding disables forwarding requests entirely. DisableForwarding bool `koanf:"disable-forwarding,omitempty"` // CacheSize is the size of the remote DNS cache. CacheSize int `koanf:"cache-size,omitempty"` // IPv6Only will only respond to IPv6 requests. IPv6Only bool `koanf:"ipv6-only,omitempty"` }
BindFlags binds the flags.
func NewMeshDNSOptions ¶
func NewMeshDNSOptions() MeshDNSOptions
NewMeshDNSOptions returns a new MeshDNSOptions with the default values.
func (*MeshDNSOptions) BindFlags ¶
func (m *MeshDNSOptions) BindFlags(prefix string, fl *pflag.FlagSet)
BindFlags binds the flags.
func (MeshDNSOptions) ListenPort ¶
func (m MeshDNSOptions) ListenPort() uint16
ListenPort returns the listen port for the MeshDNS server is enabled.
func (MeshDNSOptions) Validate ¶ added in v0.12.0
func (m MeshDNSOptions) Validate() error
Validate validates the options.
type MeshOptions ¶
type MeshOptions struct { // NodeID is the node ID. NodeID string `koanf:"node-id,omitempty"` // PrimaryEndpoint is the primary endpoint to advertise when joining. // This can be empty to signal the node is not publicly reachable. PrimaryEndpoint string `koanf:"primary-endpoint,omitempty"` // ZoneAwarenessID is the zone awareness ID. ZoneAwarenessID string `koanf:"zone-awareness-id,omitempty"` // JoinAddress is the address of a node to join. JoinAddress string `koanf:"join-address,omitempty"` // MaxJoinRetries is the maximum number of join retries. MaxJoinRetries int `koanf:"max-join-retries,omitempty"` // Routes are additional routes to advertise to the mesh. These routes are advertised to all peers. // If the node is not allowed to put routes in the mesh, the node will be unable to join. Routes []string `koanf:"routes,omitempty"` // ICEPeers are peers to request direct edges to over ICE. If the node is not allowed to create edges // and data channels, the node will be unable to join. ICEPeers []string `koanf:"ice-peers,omitempty"` // LibP2PPeers are peers to request direct edges to over libp2p. If the node is not allowed to create edges // and data channels, the node will be unable to join. LibP2PPeers []string `koanf:"libp2p-peers,omitempty"` // GRPCAdvertisePort is the port to advertise for gRPC. GRPCAdvertisePort int `koanf:"grpc-advertise-port,omitempty"` // MeshDNSAdvertisePort is the port to advertise for DNS. MeshDNSAdvertisePort int `koanf:"meshdns-advertise-port,omitempty"` // UseMeshDNS indicates whether to set mesh DNS servers to the system configuration. UseMeshDNS bool `koanf:"use-meshdns,omitempty"` // RequestVote is true if the node should can provide storage and consensus. RequestVote bool `koanf:"request-vote,omitempty"` // RequestObserver is true if the node should be a storage observer. RequestObserver bool `koanf:"request-observer,omitempty"` // StoragePreferIPv6 is the prefer IPv6 flag for storage provider connections. StoragePreferIPv6 bool `koanf:"prefer-ipv6,omitempty"` // DisableIPv4 disables IPv4 usage. DisableIPv4 bool `koanf:"disable-ipv4,omitempty"` // DisableIPv6 disables IPv6 usage. DisableIPv6 bool `koanf:"disable-ipv6,omitempty"` // DisableFeatureAdvertisement is true if feature advertisement should be disabled. DisableFeatureAdvertisement bool `koanf:"disable-feature-advertisement,omitempty"` // DisableDefaultIPAM is true if the default IPAM should be disabled. DisableDefaultIPAM bool `koanf:"disable-default-ipam,omitempty"` // DefaultIPAMStaticIPv4 are static IPv4 assignments to use for the default IPAM. DefaultIPAMStaticIPv4 map[string]string `koanf:"default-ipam-static-ipv4,omitempty"` }
MeshOptions are the options for participating in a mesh.
func NewMeshOptions ¶
func NewMeshOptions(nodeID string) MeshOptions
NewMeshOptions returns a new MeshOptions with the default values. If node id is empty it will be assumed from the system or generated.
func (*MeshOptions) BindFlags ¶
func (o *MeshOptions) BindFlags(prefix string, fs *pflag.FlagSet)
BindFlags binds the flags to the options.
func (*MeshOptions) Validate ¶
func (o *MeshOptions) Validate() error
Validate validates the options.
type MetricsOptions ¶
type MetricsOptions struct { // Enabled is true if metrics should be enabled. Enabled bool `koanf:"enabled,omitempty"` // MetricsListenAddress is the address to listen on for metrics. ListenAddress string `koanf:"listen-address,omitempty"` // MetricsPath is the path to serve metrics on. Path string `koanf:"path,omitempty"` }
Metrics are options for exposing metrics.
func NewMetricsOptions ¶
func NewMetricsOptions() MetricsOptions
NewMetricsOptions returns a new MetricsOptions with the default values.
func (*MetricsOptions) BindFlags ¶
func (m *MetricsOptions) BindFlags(prefix string, fl *pflag.FlagSet)
BindFlags binds the flags.
func (MetricsOptions) ListenPort ¶
func (m MetricsOptions) ListenPort() uint16
ListenPort returns the listen port for the Metrics server is enabled.
func (MetricsOptions) Validate ¶
func (m MetricsOptions) Validate() error
Validate validates the options.
type PluginConfig ¶
type PluginConfig struct { // Exec is the configuration for an executable plugin. Exec ExecutablePluginConfig `koanf:"exec,omitempty"` // Remote is the configuration for a plugin that connects to an external server. Remote RemotePluginConfig `koanf:"remote,omitempty"` // Config is the configuration that will be passed to the plugin's Configure method. Config PluginMapConfig `koanf:"config,omitempty"` // contains filtered or unexported fields }
PluginConfig is the configuration for a plugin.
type PluginMapConfig ¶
PluginMapConfig implements a pflag.Value and wraps a map[string]any.
func (PluginMapConfig) Set ¶
func (p PluginMapConfig) Set(s string) error
func (PluginMapConfig) String ¶
func (p PluginMapConfig) String() string
func (PluginMapConfig) Type ¶
func (p PluginMapConfig) Type() string
type PluginOptions ¶
type PluginOptions struct { // Configs is a map of plugin names to plugin configurations. Configs map[string]PluginConfig `koanf:"configs"` }
PluginOptions are options for configuring plugins
func NewPluginOptions ¶ added in v0.12.0
func NewPluginOptions() PluginOptions
NewPluginOptions returns a new empty PluginOptions.
func (*PluginOptions) BindFlags ¶
func (o *PluginOptions) BindFlags(prefix string, fs *pflag.FlagSet)
BindFlags binds the flags for the plugin options.
func (*PluginOptions) MTLSEnabled ¶ added in v0.12.1
func (o *PluginOptions) MTLSEnabled() bool
MTLSEnabled reports whether the mtls plugin is configured.
func (*PluginOptions) NewPluginSet ¶ added in v0.12.2
NewPluginSet returns a new plugin set for the node configuration. This will only work if the PluginOptions have been bound to a parsed flagset.
type RaftOptions ¶
type RaftOptions struct { // ListenAddress is the address to listen on. ListenAddress string `koanf:"listen-address,omitempty"` // ConnectionPoolCount is the number of connections to pool. If 0, no connection pooling is used. ConnectionPoolCount int `koanf:"connection-pool-count,omitempty"` // ConnectionTimeout is the timeout for connections. ConnectionTimeout time.Duration `koanf:"connection-timeout,omitempty"` // HeartbeatTimeout is the timeout for heartbeats. HeartbeatTimeout time.Duration `koanf:"heartbeat-timeout,omitempty"` // ElectionTimeout is the timeout for elections. ElectionTimeout time.Duration `koanf:"election-timeout,omitempty"` // ApplyTimeout is the timeout for applying. ApplyTimeout time.Duration `koanf:"apply-timeout,omitempty"` // CommitTimeout is the timeout for committing. CommitTimeout time.Duration `koanf:"commit-timeout,omitempty"` // MaxAppendEntries is the maximum number of append entries. MaxAppendEntries int `koanf:"max-append-entries,omitempty"` // LeaderLeaseTimeout is the timeout for leader leases. LeaderLeaseTimeout time.Duration `koanf:"leader-lease-timeout,omitempty"` // SnapshotInterval is the interval to take snapshots. SnapshotInterval time.Duration `koanf:"snapshot-interval,omitempty"` // SnapshotThreshold is the threshold to take snapshots. SnapshotThreshold uint64 `koanf:"snapshot-threshold,omitempty"` // SnapshotRetention is the number of snapshots to retain. SnapshotRetention uint64 `koanf:"snapshot-retention,omitempty"` // ObserverChanBuffer is the buffer size for the observer channel. ObserverChanBuffer int `koanf:"observer-chan-buffer,omitempty"` // HeartbeatPurgeThreshold is the threshold of failed heartbeats before purging a peer. HeartbeatPurgeThreshold int `koanf:"heartbeat-purge-threshold,omitempty"` }
RaftOptions are options for the raft backend.
func NewRaftOptions ¶
func NewRaftOptions() RaftOptions
NewRaftOptions returns a new RaftOptions with the default values.
func (*RaftOptions) BindFlags ¶
func (o *RaftOptions) BindFlags(prefix string, fs *pflag.FlagSet)
BindFlags binds the flags.
func (RaftOptions) ListenPort ¶ added in v0.7.0
func (o RaftOptions) ListenPort() int
ListenPort returns the listen port.
func (RaftOptions) NewTransport ¶ added in v0.7.0
func (o RaftOptions) NewTransport(conn meshnode.Node) (transport.RaftTransport, error)
NewTransport creates a new raft transport for the current configuration.
type RegistrarOptions ¶ added in v0.13.0
type RegistrarOptions struct { // Enabled is true if the registrar should be enabled. Enabled bool `koanf:"enabled,omitempty"` // Private means the registrar should only respond to lookup // requests from authenticated nodes. Private bool `koanf:"private,omitempty"` // IDAuth are configurations for id-auth. These are only // applicable of the id-auth plugin is not already configured. IDAuth idauth.Config `koanf:"id-auth,omitempty"` }
RegistrarOptions are options for running a registrar service.
func NewRegistrarOptions ¶ added in v0.13.0
func NewRegistrarOptions() RegistrarOptions
NewRegistrarOptions returns a new RegistrarOptions with the default values.
type RemotePluginConfig ¶
type RemotePluginConfig struct { // Server is the address of a server for the plugin. Server string `koanf:"server,omitempty"` // Insecure is whether to use an insecure connection to the plugin server. Insecure bool `koanf:"insecure,omitempty"` // TLSCAFile is the path to a CA for verifying certificates. TLSCAFile string `koanf:"tls-ca-file,omitempty"` // TLSCertFile is the path to a certificate for authenticating to the plugin server. TLSCertFile string `koanf:"tls-cert-file,omitempty"` // TLSKeyFile is the path to a key for authenticating to the plugin server. TLSKeyFile string `koanf:"tls-key-file,omitempty"` // TLSSkipVerify is whether to skip verifying the plugin server's certificate. TLSSkipVerify bool `koanf:"tls-skip-verify,omitempty"` }
RemotePluginConfig is the configuration for a plugin that connects to an external server.
type ServiceOptions ¶
type ServiceOptions struct { // API options API APIOptions `koanf:"api,omitempty"` // WebRTC options WebRTC WebRTCOptions `koanf:"webrtc,omitempty"` // MeshDNS options MeshDNS MeshDNSOptions `koanf:"meshdns,omitempty"` // TURN options TURN TURNOptions `koanf:"turn,omitempty"` // Registrar options Registrar RegistrarOptions `koanf:"registrar,omitempty"` // Metrics options Metrics MetricsOptions `koanf:"metrics,omitempty"` }
ServiceOptions contains the configuration for the mesh services.
func NewInsecureServiceOptions ¶ added in v0.12.0
func NewInsecureServiceOptions(disabled bool) ServiceOptions
NewInsecureServiceOptions returns a new ServiceOptions with the default values and insecure set to true. Disabled sets the initial state of whether the gRPC API is enabled.
func NewServiceOptions ¶
func NewServiceOptions(disabled bool) ServiceOptions
NewServiceOptions returns a new ServiceOptions with the default values. Disabled sets the initial state of whether the gRPC API is enabled.
func (*ServiceOptions) BindFlags ¶
func (s *ServiceOptions) BindFlags(prefix string, fl *pflag.FlagSet)
BindFlags binds the flags.
func (*ServiceOptions) NewFeatureSet ¶ added in v0.12.1
func (o *ServiceOptions) NewFeatureSet(storage meshstorage.Provider, grpcPort int) []*v1.FeaturePort
NewFeatureSet returns a new FeatureSet for the given node options.
func (*ServiceOptions) NewServerTLSOptions ¶ added in v0.12.1
func (o *ServiceOptions) NewServerTLSOptions(ctx context.Context) (grpc.ServerOption, error)
NewServerTLSOptions returns new TLS options for the gRPC server.
func (*ServiceOptions) NewServiceOptions ¶ added in v0.12.1
func (o *ServiceOptions) NewServiceOptions(ctx context.Context, conn meshnode.Node) (conf services.Options, err error)
NewServiceOptions returns new options for the webmesh services.
func (*ServiceOptions) RegisterAPIs ¶ added in v0.12.1
func (o *ServiceOptions) RegisterAPIs(ctx context.Context, opts APIRegistrationOptions) error
RegisterAPIs registers the configured APIs to the given server.
func (*ServiceOptions) Validate ¶
func (s *ServiceOptions) Validate() error
Validate validates the options.
type StorageOptions ¶ added in v0.7.0
type StorageOptions struct { // InMemory is a flag to use in-memory storage. InMemory bool `koanf:"in-memory,omitempty"` // Path is the path to the storage directory. Path string `koanf:"path,omitempty"` // Provider is the storage provider. If empty, the default is used. Provider string `koanf:"provider,omitempty"` // Raft are the raft storage options. Raft RaftOptions `koanf:"raft,omitempty"` // External are the external storage options. External ExternalStorageOptions `koanf:"external,omitempty"` // LogLevel is the log level for the storage provider. LogLevel string `koanf:"log-level,omitempty"` // LogFormat is the log format for the storage provider. LogFormat string `koanf:"log-format,omitempty"` }
StorageOptions are the storage options.
func NewStorageOptions ¶ added in v0.7.0
func NewStorageOptions() StorageOptions
NewStorageOptions creates a new storage options.
func (*StorageOptions) BindFlags ¶ added in v0.7.0
func (o *StorageOptions) BindFlags(prefix string, fs *pflag.FlagSet)
BindFlags binds the storage options to the flag set.
func (StorageOptions) ListenPort ¶ added in v0.7.0
func (o StorageOptions) ListenPort() int
ListenPort returns the port to listen on for the storage provider.
func (StorageOptions) NewExternalStorageOptions ¶ added in v0.7.0
func (o StorageOptions) NewExternalStorageOptions(ctx context.Context, nodeID types.NodeID) (extstorage.Options, error)
NewExternalStorageOptions creates a new external storage options.
func (StorageOptions) NewExternalStorageProvider ¶ added in v0.7.0
func (o StorageOptions) NewExternalStorageProvider(ctx context.Context, nodeID types.NodeID) (storage.Provider, error)
NewExternalStorageProvider returns a new external storage provider for the current configuration.
func (StorageOptions) NewPassthroughOptions ¶ added in v0.7.0
func (o StorageOptions) NewPassthroughOptions(ctx context.Context, node meshnode.Node) passthroughstorage.Options
NewPassthroughOptions returns a new passthrough options for the current configuration.
func (StorageOptions) NewRaftOptions ¶ added in v0.7.0
func (o StorageOptions) NewRaftOptions(ctx context.Context, node meshnode.Node, force bool) (raftstorage.Options, error)
NewRaftOptions returns a new raft options for the current configuration.
func (StorageOptions) NewRaftStorageProvider ¶ added in v0.7.0
func (o StorageOptions) NewRaftStorageProvider(ctx context.Context, node meshnode.Node, force bool) (storage.Provider, error)
NewRaftStorageProvider returns a new raftstorage provider for the current configuration.
func (StorageOptions) Validate ¶ added in v0.7.0
func (o StorageOptions) Validate(isMember bool) error
Validate validates the storage options.
type StorageProvider ¶ added in v0.7.0
type StorageProvider string
StorageProvider is a type of storage provider.
const ( // StorageProviderRaft is the builtin raft storage provider. StorageProviderRaft StorageProvider = "raft" // StorageProviderPassThrough is the passthrough storage provider. StorageProviderPassThrough StorageProvider = "passthrough" // StorageProviderExternal is an external storage provider. StorageProviderExternal StorageProvider = "external" )
func (StorageProvider) IsValid ¶ added in v0.7.0
func (s StorageProvider) IsValid() bool
IsValid checks if the storage provider is valid.
type TLSOptions ¶
type TLSOptions struct { // CAFile is the path to a TLS CA file for verification. If this and CAData are empty, the system CA pool is used. CAFile string `koanf:"tls-ca-file,omitempty"` // CAData is the base64 encoded TLS CA data for verification. If this and CAFile are empty, the system CA pool is used. CAData string `koanf:"tls-ca-data,omitempty"` // VerifyChainOnly is true if only the certificate chain should be verified. VerifyChainOnly bool `koanf:"verify-chain-only,omitempty"` // InsecureSkipVerify is true if the server TLS cert should not be verified. InsecureSkipVerify bool `koanf:"insecure-skip-verify,omitempty"` // Insecure is true if the gRPC connection should be insecure. Insecure bool `koanf:"insecure,omitempty"` }
TLSOptions are options for TLS communication when joining a mesh.
func NewTLSOptions ¶ added in v0.12.0
func NewTLSOptions() TLSOptions
NewTLSOptions returns a new empty TLSOptions.
type TURNOptions ¶
type TURNOptions struct { // Enabled enables the TURN server. Enabled bool `koanf:"enabled,omitempty"` // Endpoint is the endpoint to advertise for the TURN server. If empty, the public IP and listen port is used. Endpoint string `koanf:"endpoint,omitempty"` // PublicIP is the address advertised for STUN/TURN requests. PublicIP string `koanf:"public-ip,omitempty"` // ListenAddress is the address to listen on for STUN/TURN connections. ListenAddress string `koanf:"listen-address,omitempty"` // Realm is the realm used for TURN server authentication. Realm string `koanf:"realm,omitempty"` // TURNPortRange is the port range to use for allocating TURN relays. TURNPortRange string `koanf:"port-range,omitempty"` }
TURNOptions are the options for the TURN server.
func NewTURNOptions ¶
func NewTURNOptions() TURNOptions
NewTURNOptions returns a new TURNOptions with the default values.
func (*TURNOptions) BindFlags ¶
func (t *TURNOptions) BindFlags(prefix string, fl *pflag.FlagSet)
BindFlags binds the flags.
func (TURNOptions) ListenPort ¶
func (t TURNOptions) ListenPort() uint16
ListenPort returns the listen port for this TURN configuration. or 0 if not enabled or invalid.
func (TURNOptions) Validate ¶
func (t TURNOptions) Validate() error
Validate values the TURN options.
type WebRTCOptions ¶
type WebRTCOptions struct { // Enabled enables the WebRTC API. Enabled bool `koanf:"enabled,omitempty"` // STUNServers is a list of STUN servers to use for the WebRTC API. STUNServers []string `koanf:"stun-servers,omitempty"` }
WebRTCOptions are the options for the WebRTC API.
func NewWebRTCOptions ¶
func NewWebRTCOptions() WebRTCOptions
NewWebRTCOptions returns a new WebRTCOptions with the default values.
func (*WebRTCOptions) BindFlags ¶
func (w *WebRTCOptions) BindFlags(prefix string, fl *pflag.FlagSet)
BindFlags binds the flags.
func (WebRTCOptions) Validate ¶
func (w WebRTCOptions) Validate() error
Validate validates the options.
type WireGuardOptions ¶
type WireGuardOptions struct { // ListenPort is the port to listen on. ListenPort int `koanf:"listen-port,omitempty"` // Modprobe attempts to load the wireguard kernel module on linux systems. Modprobe bool `koanf:"modprobe,omitempty"` // InterfaceName is the name of the interface. InterfaceName string `koanf:"interface-name,omitempty"` // ForceInterfaceName forces the use of the given name by deleting // any pre-existing interface with the same name. ForceInterfaceName bool `koanf:"force-interface-name,omitempty"` // ForceTUN forces the use of a TUN interface. ForceTUN bool `koanf:"force-tun,omitempty"` // Masquerade enables masquerading of traffic from the wireguard interface. Masquerade bool `koanf:"masquerade,omitempty"` // PersistentKeepAlive is the interval at which to send keepalive packets // to peers. If unset, keepalive packets will automatically be sent to publicly // accessible peers when this instance is behind a NAT. Otherwise, no keep-alive // packets are sent. PersistentKeepAlive time.Duration `koanf:"persistent-keepalive,omitempty"` // MTU is the MTU to use for the interface. MTU int `koanf:"mtu,omitempty"` // Endpoints are additional WireGuard endpoints to broadcast when joining. Endpoints []string `koanf:"endpoints,omitempty"` // KeyFile is the path to the WireGuard private key. If it does not exist it will be created. KeyFile string `koanf:"key-file,omitempty"` // KeyRotationInterval is the interval to rotate wireguard keys. // Set this to 0 to disable key rotation. KeyRotationInterval time.Duration `koanf:"key-rotation-interval,omitempty"` // RecordMetrics enables recording of WireGuard metrics. These are only exposed if the // metrics server is enabled. RecordMetrics bool `koanf:"record-metrics,omitempty"` // RecordMetricsInterval is the interval at which to update WireGuard metrics. RecordMetricsInterval time.Duration `koanf:"record-metrics-interval,omitempty"` // DisableFullTunnel will ignore routes for a default gateway. DisableFullTunnel bool `koanf:"disable-full-tunnel,omitempty"` // contains filtered or unexported fields }
WireGuardOptions are options for configuring the WireGuard interface.
func NewWireGuardOptions ¶
func NewWireGuardOptions() WireGuardOptions
NewWireGuardOptions returns a new WireGuardOptions with sensible defaults.
func (*WireGuardOptions) BindFlags ¶
func (o *WireGuardOptions) BindFlags(prefix string, fs *pflag.FlagSet)
BindFlags binds the flags.
func (*WireGuardOptions) LoadKey ¶ added in v0.12.1
func (o *WireGuardOptions) LoadKey(ctx context.Context) (crypto.PrivateKey, error)
LoadKey loads the key from the given configuration.
func (*WireGuardOptions) SetKey ¶ added in v0.13.6
func (o *WireGuardOptions) SetKey(key crypto.PrivateKey)
SetKey is a convenience method for setting a preloaded key to these wireguard options so that calls to LoadKey will return the preloaded key.
func (*WireGuardOptions) Validate ¶
func (o *WireGuardOptions) Validate() error
Validate validates the options.