Documentation
¶
Index ¶
- func ApplyEmbeddedIdPConfig(ctx context.Context, cfg *nbconfig.Config, mgmtPort int, ...) error
- func EnsureEncryptionKey(ctx context.Context, cfg *nbconfig.Config) error
- func Execute() error
- func LogConfigInfo(cfg *nbconfig.Config)
- type AuthConfig
- type AuthOwnerConfig
- type AuthStorageConfig
- type CombinedConfig
- type HostConfig
- type LetsEncryptConfig
- type ManagementConfig
- type RelayConfig
- type RelaysConfig
- type ReverseProxyConfig
- type ServerConfig
- type SignalConfig
- type StoreConfig
- type StunConfig
- type TLSConfig
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func ApplyEmbeddedIdPConfig ¶
func ApplyEmbeddedIdPConfig(ctx context.Context, cfg *nbconfig.Config, mgmtPort int, disableSingleAccMode bool) error
ApplyEmbeddedIdPConfig applies embedded IdP configuration to the management config. This mirrors the logic in management/cmd/management.go ApplyEmbeddedIdPConfig.
func EnsureEncryptionKey ¶
EnsureEncryptionKey generates an encryption key if not set. Unlike management server, we don't write back to the config file.
func LogConfigInfo ¶
LogConfigInfo logs informational messages about the loaded configuration
Types ¶
type AuthConfig ¶
type AuthConfig struct {
Issuer string `yaml:"issuer"`
LocalAuthDisabled bool `yaml:"localAuthDisabled"`
SignKeyRefreshEnabled bool `yaml:"signKeyRefreshEnabled"`
Storage AuthStorageConfig `yaml:"storage"`
DashboardRedirectURIs []string `yaml:"dashboardRedirectURIs"`
CLIRedirectURIs []string `yaml:"cliRedirectURIs"`
Owner *AuthOwnerConfig `yaml:"owner,omitempty"`
}
AuthConfig contains authentication/identity provider settings
type AuthOwnerConfig ¶
AuthOwnerConfig contains initial admin user settings
type AuthStorageConfig ¶
AuthStorageConfig contains auth storage settings
type CombinedConfig ¶
type CombinedConfig struct {
Server ServerConfig `yaml:"server"`
// Internal configs - populated from Server settings, not user-configurable
Relay RelayConfig `yaml:"-"`
Signal SignalConfig `yaml:"-"`
Management ManagementConfig `yaml:"-"`
}
CombinedConfig is the root configuration for the combined server. The combined server is primarily a Management server with optional embedded Signal, Relay, and STUN services.
Architecture:
- Management: Always runs locally (this IS the management server)
- Signal: Runs locally by default; disabled if server.signalUri is set
- Relay: Runs locally by default; disabled if server.relays is set
- STUN: Runs locally on port 3478 by default; disabled if server.stuns is set
All user-facing settings are under "server". The relay/signal/management fields are internal and populated automatically from server settings.
func DefaultConfig ¶
func DefaultConfig() *CombinedConfig
DefaultConfig returns a CombinedConfig with default values
func LoadConfig ¶
func LoadConfig(configPath string) (*CombinedConfig, error)
LoadConfig loads configuration from a YAML file
func (*CombinedConfig) ApplySimplifiedDefaults ¶
func (c *CombinedConfig) ApplySimplifiedDefaults()
ApplySimplifiedDefaults populates internal relay/signal/management configs from server settings. Management is always enabled. Signal, Relay, and STUN are enabled unless external overrides are configured (server.signalUri, server.relays, server.stuns).
func (*CombinedConfig) HasLetsEncrypt ¶
func (c *CombinedConfig) HasLetsEncrypt() bool
HasLetsEncrypt returns true if Let's Encrypt is configured
func (*CombinedConfig) HasTLSCert ¶
func (c *CombinedConfig) HasTLSCert() bool
HasTLSCert returns true if TLS certificate files are configured
func (*CombinedConfig) ToManagementConfig ¶
func (c *CombinedConfig) ToManagementConfig() (*nbconfig.Config, error)
ToManagementConfig converts CombinedConfig to management server config
func (*CombinedConfig) Validate ¶
func (c *CombinedConfig) Validate() error
Validate validates the configuration
type HostConfig ¶
type HostConfig struct {
URI string `yaml:"uri"`
Proto string `yaml:"proto,omitempty"` // udp, dtls, tcp, http, https - defaults based on URI scheme
Username string `yaml:"username,omitempty"`
Password string `yaml:"password,omitempty"`
}
HostConfig represents a STUN/TURN/Signal host
type LetsEncryptConfig ¶
type LetsEncryptConfig struct {
Enabled bool `yaml:"enabled"`
DataDir string `yaml:"dataDir"`
Domains []string `yaml:"domains"`
Email string `yaml:"email"`
AWSRoute53 bool `yaml:"awsRoute53"`
}
LetsEncryptConfig contains Let's Encrypt settings
type ManagementConfig ¶
type ManagementConfig struct {
Enabled bool `yaml:"enabled"`
LogLevel string `yaml:"logLevel"`
DataDir string `yaml:"dataDir"`
DnsDomain string `yaml:"dnsDomain"`
DisableAnonymousMetrics bool `yaml:"disableAnonymousMetrics"`
DisableGeoliteUpdate bool `yaml:"disableGeoliteUpdate"`
DisableDefaultPolicy bool `yaml:"disableDefaultPolicy"`
Auth AuthConfig `yaml:"auth"`
Stuns []HostConfig `yaml:"stuns"`
Relays RelaysConfig `yaml:"relays"`
SignalURI string `yaml:"signalUri"`
Store StoreConfig `yaml:"store"`
ReverseProxy ReverseProxyConfig `yaml:"reverseProxy"`
}
ManagementConfig contains management service settings
type RelayConfig ¶
type RelayConfig struct {
Enabled bool `yaml:"enabled"`
ExposedAddress string `yaml:"exposedAddress"`
AuthSecret string `yaml:"authSecret"`
LogLevel string `yaml:"logLevel"`
Stun StunConfig `yaml:"stun"`
}
RelayConfig contains relay service settings
type RelaysConfig ¶
type RelaysConfig struct {
Addresses []string `yaml:"addresses"`
CredentialsTTL string `yaml:"credentialsTTL"`
Secret string `yaml:"secret"`
}
RelaysConfig contains external relay server settings for clients
type ReverseProxyConfig ¶
type ReverseProxyConfig struct {
TrustedHTTPProxies []string `yaml:"trustedHTTPProxies"`
TrustedHTTPProxiesCount uint `yaml:"trustedHTTPProxiesCount"`
TrustedPeers []string `yaml:"trustedPeers"`
}
ReverseProxyConfig contains reverse proxy settings
type ServerConfig ¶
type ServerConfig struct {
ListenAddress string `yaml:"listenAddress"`
MetricsPort int `yaml:"metricsPort"`
HealthcheckAddress string `yaml:"healthcheckAddress"`
LogLevel string `yaml:"logLevel"`
LogFile string `yaml:"logFile"`
TLS TLSConfig `yaml:"tls"`
// Simplified config fields (used when relay/signal/management sections are omitted)
ExposedAddress string `yaml:"exposedAddress"` // Public address with protocol (e.g., "https://example.com:443")
StunPorts []int `yaml:"stunPorts"` // STUN ports (empty to disable local STUN)
AuthSecret string `yaml:"authSecret"` // Shared secret for relay authentication
DataDir string `yaml:"dataDir"` // Data directory for all services
// External service overrides (simplified mode)
// When these are set, the corresponding local service is NOT started
// and these values are used for client configuration instead
Stuns []HostConfig `yaml:"stuns"` // External STUN servers (disables local STUN)
Relays RelaysConfig `yaml:"relays"` // External relay servers (disables local relay)
SignalURI string `yaml:"signalUri"` // External signal server (disables local signal)
// Management settings (simplified mode)
DisableAnonymousMetrics bool `yaml:"disableAnonymousMetrics"`
DisableGeoliteUpdate bool `yaml:"disableGeoliteUpdate"`
Auth AuthConfig `yaml:"auth"`
Store StoreConfig `yaml:"store"`
ActivityStore StoreConfig `yaml:"activityStore"`
ReverseProxy ReverseProxyConfig `yaml:"reverseProxy"`
}
ServerConfig contains server-wide settings In simplified mode, this contains all configuration
type SignalConfig ¶
SignalConfig contains signal service settings
type StoreConfig ¶
type StoreConfig struct {
Engine string `yaml:"engine"`
EncryptionKey string `yaml:"encryptionKey"`
DSN string `yaml:"dsn"` // Connection string for postgres or mysql engines
}
StoreConfig contains database settings
type StunConfig ¶
type StunConfig struct {
Enabled bool `yaml:"enabled"`
Ports []int `yaml:"ports"`
LogLevel string `yaml:"logLevel"`
}
StunConfig contains embedded STUN service settings
type TLSConfig ¶
type TLSConfig struct {
CertFile string `yaml:"certFile"`
KeyFile string `yaml:"keyFile"`
LetsEncrypt LetsEncryptConfig `yaml:"letsencrypt"`
}
TLSConfig contains TLS/HTTPS settings
Source Files