Documentation
¶
Index ¶
- type AccountConfig
- type AliasDomainConfig
- type Config
- func (c *Config) CensusAnalysisInterval() time.Duration
- func (c *Config) HeartbeatInterval() time.Duration
- func (c *Config) InactiveThreshold() time.Duration
- func (c *Config) InviteTTL() time.Duration
- func (c *Config) NonceTTL() time.Duration
- func (c *Config) PendingDomainExpiry() time.Duration
- func (c *Config) PendingEnrollmentTTL() time.Duration
- func (c *Config) PowerDNSTimeout() time.Duration
- func (c *Config) QuorumTimeout() time.Duration
- func (c *Config) TokenTTL() time.Duration
- func (c *Config) VerificationTimeout() time.Duration
- type DNSConfig
- type DatabaseConfig
- type DeviceRateLimitConfig
- type EnrollmentConfig
- type FleetTrustConfig
- type HostnameConfig
- type NexusConfig
- type NonceConfig
- type PowerDNSConfig
- type RecoveryConfig
- type SetupDiscoverConfig
- type TPMConfig
- type TokenConfig
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AccountConfig ¶ added in v0.1.4
type AliasDomainConfig ¶ added in v0.1.1
type Config ¶
type Config struct {
PublicHostname string `yaml:"publicHostname"`
AcmeDirectoryURL string `yaml:"acmeDirectoryURL"`
AcmeCACert string `yaml:"acmeCACert"`
ListenAddress string `yaml:"listenAddress"`
HTTPAddress string `yaml:"httpAddress"`
AdminAddress string `yaml:"adminAddress"`
Database DatabaseConfig `yaml:"database"`
DNS DNSConfig `yaml:"dns"`
PowerDNS PowerDNSConfig `yaml:"powerDNS"`
TPM TPMConfig `yaml:"tpm"`
Nexus NexusConfig `yaml:"nexus"`
Token TokenConfig `yaml:"token"`
Enrollment EnrollmentConfig `yaml:"enrollment"`
Nonce NonceConfig `yaml:"nonce"`
DeviceRateLimit DeviceRateLimitConfig `yaml:"deviceRateLimit"`
SetupDiscover SetupDiscoverConfig `yaml:"setupDiscover"`
Hostname HostnameConfig `yaml:"hostname"`
AliasDomain AliasDomainConfig `yaml:"aliasDomain"`
Recovery RecoveryConfig `yaml:"recovery"`
Account AccountConfig `yaml:"account"`
FleetTrust FleetTrustConfig `yaml:"fleetTrust"`
AuditRetentionDays int `yaml:"auditRetentionDays"`
}
func (*Config) CensusAnalysisInterval ¶ added in v0.1.5
func (*Config) HeartbeatInterval ¶
func (*Config) InactiveThreshold ¶
func (*Config) PendingDomainExpiry ¶ added in v0.1.1
func (*Config) PendingEnrollmentTTL ¶
func (*Config) PowerDNSTimeout ¶
func (*Config) QuorumTimeout ¶ added in v0.1.4
func (*Config) VerificationTimeout ¶ added in v0.1.1
type DatabaseConfig ¶
type DeviceRateLimitConfig ¶ added in v0.1.5
type EnrollmentConfig ¶
type EnrollmentConfig struct {
MaxPending int `yaml:"maxPending"`
PendingTTLSeconds int `yaml:"pendingTTLSeconds"`
RateLimitPerSecond int `yaml:"rateLimitPerSecond"`
BurstPerSecond int `yaml:"burstPerSecond"`
RateLimitPerIPPerSecond int `yaml:"rateLimitPerIPPerSecond"`
BurstPerIPPerSecond int `yaml:"burstPerIPPerSecond"`
}
type FleetTrustConfig ¶ added in v0.1.5
type FleetTrustConfig struct {
CensusAnalysisIntervalMinutes int `yaml:"censusAnalysisIntervalMinutes"`
CAPromotionMinDevices int `yaml:"caPromotionMinDevices"`
CAPromotionMinDays int `yaml:"caPromotionMinDays"`
CAPromotionMinSubnets int `yaml:"caPromotionMinSubnets"`
CAPromotionMinCompliance float64 `yaml:"caPromotionMinCompliance"`
CAEnrollmentRatePerHour int `yaml:"caEnrollmentRatePerHour"`
PCRMajorityMinPopulation int `yaml:"pcrMajorityMinPopulation"`
CensusActiveWindowDays int `yaml:"censusActiveWindowDays"`
}
type HostnameConfig ¶
type NexusConfig ¶
type NonceConfig ¶ added in v0.1.5
type NonceConfig struct {
MaxNonces int `yaml:"maxNonces"`
TTLSeconds int `yaml:"ttlSeconds"`
RateLimitPerSecond int `yaml:"rateLimitPerSecond"`
BurstPerSecond int `yaml:"burstPerSecond"`
RateLimitPerIPPerSecond int `yaml:"rateLimitPerIPPerSecond"`
BurstPerIPPerSecond int `yaml:"burstPerIPPerSecond"`
}
type PowerDNSConfig ¶
type PowerDNSConfig struct {
ApiURL string `yaml:"apiURL"`
ApiKey string `yaml:"apiKey"`
ServerID string `yaml:"serverID"`
TimeoutSeconds int `yaml:"timeoutSeconds"`
DNSAddress string `yaml:"dnsAddress"`
// DisableProxy skips the embedded ":53" DNS proxy even when PowerDNS is on
// a non-standard port. Useful for dev hosts where systemd-resolved already
// holds port 53 and the operator does not need the bridge (e.g. local test
// loops where Pebble runs with PEBBLE_VA_ALWAYS_VALID=1 and never actually
// resolves challenge records). Production deployments should leave this
// false so the proxy runs under root / CAP_NET_BIND_SERVICE.
DisableProxy bool `yaml:"disableProxy,omitempty"`
}
func (PowerDNSConfig) Timeout ¶
func (c PowerDNSConfig) Timeout() time.Duration
type RecoveryConfig ¶ added in v0.1.4
type RecoveryConfig struct {
Enabled *bool `yaml:"enabled"`
QuorumTimeoutDays int `yaml:"quorumTimeoutDays"`
}
func (RecoveryConfig) IsEnabled ¶ added in v0.1.4
func (r RecoveryConfig) IsEnabled() bool
IsEnabled returns whether recovery is enabled (defaults to true if not set).
type SetupDiscoverConfig ¶ added in v0.1.7
type SetupDiscoverConfig struct {
RateLimitPerSecond int `yaml:"rateLimitPerSecond"`
BurstPerSecond int `yaml:"burstPerSecond"`
RateLimitPerIPPerSecond int `yaml:"rateLimitPerIPPerSecond"`
BurstPerIPPerSecond int `yaml:"burstPerIPPerSecond"`
AllowedOrigins []string `yaml:"allowedOrigins"`
TTLSeconds int `yaml:"ttlSeconds"`
}
SetupDiscoverConfig tunes the unauthenticated /api/v1/setup/discover endpoint. Defaults are sized for polling (3s cadence) rather than one-shot enrollment — enrollment's 1 rps per-IP limit is too tight to support CGNAT-shared setup flows.
func (SetupDiscoverConfig) TTL ¶ added in v0.1.7
func (c SetupDiscoverConfig) TTL() time.Duration
TTL returns the setup-heartbeat TTL as a time.Duration. Devices older than this TTL drop out of discover results.
type TokenConfig ¶
type TokenConfig struct {
TTLSeconds int `yaml:"ttlSeconds"`
DefaultWeight int `yaml:"defaultWeight"`
HandshakeMaxAgeSeconds int `yaml:"handshakeMaxAgeSeconds"`
ReauthIntervalSeconds int `yaml:"reauthIntervalSeconds"`
ReauthGraceSeconds int `yaml:"reauthGraceSeconds"`
MaintenanceGraceCapSeconds int `yaml:"maintenanceGraceCapSeconds"`
}
Source Files
Click to show internal directories.
Click to hide internal directories.