2022-03-15 21:31:10 +01:00
|
|
|
{- Main configuration file for bffh
|
|
|
|
|
- ================================
|
|
|
|
|
-
|
|
|
|
|
- In this configuration file you configure almost all parts of how bffh operates, but most importantly:
|
|
|
|
|
- * Machines
|
|
|
|
|
- * Initiators and Actors
|
|
|
|
|
- * Which Initiators and Actors relate to which machine(s)
|
|
|
|
|
- * Roles and the permissions granted by them
|
|
|
|
|
-}
|
|
|
|
|
|
|
|
|
|
-- The config is in the configuration format/language dhall. You can find more information about dhall over at
|
|
|
|
|
-- https://dhall-lang.org
|
|
|
|
|
|
|
|
|
|
-- (Our) Dhall is somewhat similar to JSON and YAML in that it expects a top-level object containing the
|
|
|
|
|
-- configuration values
|
2021-12-24 01:05:15 +01:00
|
|
|
{
|
2022-03-15 21:31:10 +01:00
|
|
|
-- Configure the addresses and ports bffh listens on
|
|
|
|
|
listens = [
|
|
|
|
|
-- BFFH binds a port for every listen object in this array.
|
|
|
|
|
-- Each listen object is of the format { address = <STRING>, port = <INTEGER> }
|
|
|
|
|
-- If you don't specify a port bffh will use the default of `59661`
|
|
|
|
|
-- 'address' can be a IP address or a hostname
|
|
|
|
|
-- If bffh can not bind a port for the specified combination if will log an error but *continue with the remaining ports*
|
|
|
|
|
{ address = "::", port = Some 59661 }
|
|
|
|
|
],
|
|
|
|
|
|
|
|
|
|
-- Configure TLS. BFFH requires a PEM-encoded certificate and the associated key as two separate files
|
2022-05-17 16:04:05 +02:00
|
|
|
certfile = "/etc/letsencrypt/cert.pem",
|
|
|
|
|
keyfile = "/etc/letsencrypt/key.pem",
|
2022-03-15 21:31:10 +01:00
|
|
|
|
|
|
|
|
-- BFFH right now requires a running MQTT broker.
|
|
|
|
|
mqtt_url = "tcp://mqtt:1883",
|
|
|
|
|
|
|
|
|
|
-- Path to the database file for bffh. bffh will in fact create two files; ${db_path} and ${db_path}.lock.
|
|
|
|
|
-- BFFH will *not* create any directories so ensure that the directory exists and the user running bffh has write
|
|
|
|
|
-- access into them.
|
|
|
|
|
db_path = "/var/lib/bffh/db",
|
|
|
|
|
|
|
|
|
|
-- Audit log path. Bffh will log state changes into this file, one per line.
|
|
|
|
|
-- Audit log entries are for now JSON:
|
|
|
|
|
-- {"timestamp":1641497361,"machine":"Testmachine","state":{"state":{"InUse":{"uid":"Testuser","subuid":null,"realm":null}}}}
|
|
|
|
|
auditlog_path = "/tmp/bffh.audit",
|
|
|
|
|
|
|
|
|
|
-- In dhall you can also easily import definitions from other files, e.g. you could write
|
|
|
|
|
-- roles = ./roles.dhall
|
2022-05-17 16:04:05 +02:00
|
|
|
|
|
|
|
|
|
2023-11-24 17:21:44 +01:00
|
|
|
-- Name of Space
|
2024-07-10 01:28:03 +02:00
|
|
|
spacename = "FabAccess 35ervices",
|
2022-05-17 16:04:05 +02:00
|
|
|
|
2023-11-24 17:21:44 +01:00
|
|
|
-- URL of BFFH Instance
|
|
|
|
|
instanceurl = "localtest.fab-access.org",
|
2022-05-17 16:04:05 +02:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2022-03-15 21:31:10 +01:00
|
|
|
roles = {
|
2022-05-17 16:04:05 +02:00
|
|
|
Admin = {
|
|
|
|
|
permissions = [
|
|
|
|
|
"TestEnv.Admin",
|
|
|
|
|
"TestEnv.Manage.A",
|
|
|
|
|
"TestEnv.Manage.B",
|
|
|
|
|
"TestEnv.Manage.C",
|
|
|
|
|
"TestEnv.Write.A",
|
|
|
|
|
"TestEnv.Write.B",
|
|
|
|
|
"TestEnv.Write.C",
|
|
|
|
|
"TestEnv.Read.A",
|
|
|
|
|
"TestEnv.Read.B",
|
|
|
|
|
"TestEnv.Read.C",
|
|
|
|
|
"TestEnv.Disclose.A",
|
|
|
|
|
"TestEnv.Disclose.B",
|
|
|
|
|
"TestEnv.Disclose.C"
|
2022-03-15 21:31:10 +01:00
|
|
|
]
|
2022-05-17 16:04:05 +02:00
|
|
|
},
|
|
|
|
|
|
|
|
|
|
ManageA = {
|
|
|
|
|
permissions = [ "TestEnv.Manage.A" ]
|
|
|
|
|
},
|
|
|
|
|
ManageB = {
|
|
|
|
|
permissions = [ "TestEnv.Manage.B" ]
|
|
|
|
|
},
|
|
|
|
|
ManageC = {
|
|
|
|
|
permissions = [ "TestEnv.Manage.C" ]
|
|
|
|
|
},
|
|
|
|
|
|
|
|
|
|
UseA = {
|
|
|
|
|
permissions = [ "TestEnv.Write.A" ]
|
|
|
|
|
},
|
|
|
|
|
UseB = {
|
|
|
|
|
permissions = [ "TestEnv.Write.B" ]
|
|
|
|
|
},
|
|
|
|
|
UseC = {
|
|
|
|
|
permissions = [ "TestEnv.Write.C" ]
|
|
|
|
|
},
|
|
|
|
|
|
|
|
|
|
ReadA = {
|
|
|
|
|
permissions = [ "TestEnv.Read.A" ]
|
|
|
|
|
},
|
|
|
|
|
ReadB = {
|
|
|
|
|
permissions = [ "TestEnv.Read.B" ]
|
|
|
|
|
},
|
|
|
|
|
ReadC = {
|
|
|
|
|
permissions = [ "TestEnv.Read.C" ]
|
|
|
|
|
},
|
|
|
|
|
|
|
|
|
|
DiscloseA = {
|
|
|
|
|
permissions = [ "TestEnv.Disclose.A" ]
|
|
|
|
|
},
|
|
|
|
|
DiscloseB = {
|
|
|
|
|
permissions = [ "TestEnv.Disclose.B" ]
|
|
|
|
|
},
|
|
|
|
|
DiscloseC = {
|
|
|
|
|
permissions = [ "TestEnv.Disclose.C" ]
|
2022-03-15 21:31:10 +01:00
|
|
|
}
|
2021-09-21 16:35:21 +02:00
|
|
|
},
|
2022-03-15 21:31:10 +01:00
|
|
|
|
|
|
|
|
machines = {
|
2022-05-17 16:04:05 +02:00
|
|
|
MachineA1 = {
|
|
|
|
|
name = "MachineA1",
|
|
|
|
|
description = "Description of MachineA1",
|
|
|
|
|
wiki = "https://fab-access.readthedocs.io",
|
|
|
|
|
category = "CategoryA",
|
|
|
|
|
|
|
|
|
|
disclose = "TestEnv.Disclose.A",
|
|
|
|
|
read = "TestEnv.Read.A",
|
|
|
|
|
write = "TestEnv.Write.A",
|
|
|
|
|
manage = "TestEnv.Manage.A"
|
|
|
|
|
},
|
|
|
|
|
MachineA2 = {
|
|
|
|
|
name = "MachineA2",
|
|
|
|
|
description = "Description of MachineA2",
|
|
|
|
|
wiki = "https://fab-access.readthedocs.io",
|
|
|
|
|
category = "CategoryA",
|
|
|
|
|
|
|
|
|
|
disclose = "TestEnv.Disclose.A",
|
|
|
|
|
read = "TestEnv.Read.A",
|
|
|
|
|
write = "TestEnv.Write.A",
|
|
|
|
|
manage = "TestEnv.Manage.A"
|
|
|
|
|
},
|
|
|
|
|
MachineA3 = {
|
|
|
|
|
name = "MachineA3",
|
|
|
|
|
description = "Description of MachineA3",
|
|
|
|
|
wiki = "https://fab-access.readthedocs.io",
|
|
|
|
|
category = "CategoryA",
|
|
|
|
|
|
|
|
|
|
disclose = "TestEnv.Disclose.A",
|
|
|
|
|
read = "TestEnv.Read.A",
|
|
|
|
|
write = "TestEnv.Write.A",
|
|
|
|
|
manage = "TestEnv.Manage.A"
|
|
|
|
|
},
|
|
|
|
|
MachineA4 = {
|
|
|
|
|
name = "MachineA4",
|
|
|
|
|
description = "Description of MachineA4",
|
|
|
|
|
wiki = "https://fab-access.readthedocs.io",
|
|
|
|
|
category = "CategoryA",
|
|
|
|
|
|
|
|
|
|
disclose = "TestEnv.Disclose.A",
|
|
|
|
|
read = "TestEnv.Read.A",
|
|
|
|
|
write = "TestEnv.Write.A",
|
|
|
|
|
manage = "TestEnv.Manage.A"
|
|
|
|
|
},
|
|
|
|
|
MachineA5 = {
|
|
|
|
|
name = "MachineA5",
|
|
|
|
|
description = "Description of MachineA5",
|
|
|
|
|
wiki = "https://fab-access.readthedocs.io",
|
|
|
|
|
category = "CategoryA",
|
|
|
|
|
|
|
|
|
|
disclose = "TestEnv.Disclose.A",
|
|
|
|
|
read = "TestEnv.Read.A",
|
|
|
|
|
write = "TestEnv.Write.A",
|
|
|
|
|
manage = "TestEnv.Manage.A"
|
|
|
|
|
},
|
2022-03-15 21:31:10 +01:00
|
|
|
|
2022-05-17 16:04:05 +02:00
|
|
|
MachineB1 = {
|
|
|
|
|
name = "MachineB1",
|
|
|
|
|
description = "Description of MachineB1",
|
|
|
|
|
wiki = "https://fab-access.readthedocs.io",
|
|
|
|
|
category = "CategoryB",
|
|
|
|
|
|
|
|
|
|
disclose = "TestEnv.Disclose.B",
|
|
|
|
|
read = "TestEnv.Read.B",
|
|
|
|
|
write = "TestEnv.Write.B",
|
|
|
|
|
manage = "TestEnv.Manage.B"
|
|
|
|
|
},
|
|
|
|
|
MachineB2 = {
|
|
|
|
|
name = "MachineB2",
|
|
|
|
|
description = "Description of MachineB2",
|
|
|
|
|
wiki = "https://fab-access.readthedocs.io",
|
|
|
|
|
category = "CategoryB",
|
|
|
|
|
|
|
|
|
|
disclose = "TestEnv.Disclose.B",
|
|
|
|
|
read = "TestEnv.Read.B",
|
|
|
|
|
write = "TestEnv.Write.B",
|
|
|
|
|
manage = "TestEnv.Manage.B"
|
|
|
|
|
},
|
|
|
|
|
MachineB3 = {
|
|
|
|
|
name = "MachineB3",
|
|
|
|
|
description = "Description of MachineB3",
|
|
|
|
|
wiki = "https://fab-access.readthedocs.io",
|
|
|
|
|
category = "CategoryB",
|
|
|
|
|
|
|
|
|
|
disclose = "TestEnv.Disclose.B",
|
|
|
|
|
read = "TestEnv.Read.B",
|
|
|
|
|
write = "TestEnv.Write.B",
|
|
|
|
|
manage = "TestEnv.Manage.B"
|
|
|
|
|
},
|
|
|
|
|
MachineB4 = {
|
|
|
|
|
name = "MachineB4",
|
|
|
|
|
description = "Description of MachineB4",
|
|
|
|
|
wiki = "https://fab-access.readthedocs.io",
|
|
|
|
|
category = "CategoryB",
|
|
|
|
|
|
|
|
|
|
disclose = "TestEnv.Disclose.B",
|
|
|
|
|
read = "TestEnv.Read.B",
|
|
|
|
|
write = "TestEnv.Write.B",
|
|
|
|
|
manage = "TestEnv.Manage.B"
|
|
|
|
|
},
|
|
|
|
|
MachineB5 = {
|
|
|
|
|
name = "MachineB5",
|
|
|
|
|
description = "Description of MachineB5",
|
|
|
|
|
wiki = "https://fab-access.readthedocs.io",
|
|
|
|
|
category = "CategoryB",
|
|
|
|
|
|
|
|
|
|
disclose = "TestEnv.Disclose.B",
|
|
|
|
|
read = "TestEnv.Read.B",
|
|
|
|
|
write = "TestEnv.Write.B",
|
|
|
|
|
manage = "TestEnv.Manage.B"
|
|
|
|
|
},
|
|
|
|
|
|
|
|
|
|
MachineC1 = {
|
|
|
|
|
name = "MachineC1",
|
|
|
|
|
description = "Description of MachineC1",
|
|
|
|
|
wiki = "https://fab-access.readthedocs.io",
|
|
|
|
|
category = "CategoryC",
|
|
|
|
|
|
|
|
|
|
disclose = "TestEnv.Disclose.C",
|
|
|
|
|
read = "TestEnv.Read.C",
|
|
|
|
|
write = "TestEnv.Write.C",
|
|
|
|
|
manage = "TestEnv.Manage.C"
|
|
|
|
|
},
|
|
|
|
|
MachineC2 = {
|
|
|
|
|
name = "MachineC2",
|
|
|
|
|
description = "Description of MachineC2",
|
|
|
|
|
wiki = "https://fab-access.readthedocs.io",
|
|
|
|
|
category = "CategoryC",
|
|
|
|
|
|
|
|
|
|
disclose = "TestEnv.Disclose.C",
|
|
|
|
|
read = "TestEnv.Read.C",
|
|
|
|
|
write = "TestEnv.Write.C",
|
|
|
|
|
manage = "TestEnv.Manage.C"
|
|
|
|
|
},
|
|
|
|
|
MachineC3 = {
|
|
|
|
|
name = "MachineC3",
|
|
|
|
|
description = "Description of MachineC3",
|
|
|
|
|
wiki = "https://fab-access.readthedocs.io",
|
|
|
|
|
category = "CategoryC",
|
|
|
|
|
|
|
|
|
|
disclose = "TestEnv.Disclose.C",
|
|
|
|
|
read = "TestEnv.Read.C",
|
|
|
|
|
write = "TestEnv.Write.C",
|
|
|
|
|
manage = "TestEnv.Manage.C"
|
|
|
|
|
},
|
|
|
|
|
MachineC4 = {
|
|
|
|
|
name = "MachineC4",
|
|
|
|
|
description = "Description of MachineC4",
|
|
|
|
|
wiki = "https://fab-access.readthedocs.io",
|
|
|
|
|
category = "CategoryC",
|
|
|
|
|
|
|
|
|
|
disclose = "TestEnv.Disclose.C",
|
|
|
|
|
read = "TestEnv.Read.C",
|
|
|
|
|
write = "TestEnv.Write.C",
|
|
|
|
|
manage = "TestEnv.Manage.C"
|
|
|
|
|
},
|
|
|
|
|
MachineC5 = {
|
|
|
|
|
name = "MachineC5",
|
|
|
|
|
description = "Description of MachineC5",
|
|
|
|
|
wiki = "https://fab-access.readthedocs.io",
|
|
|
|
|
category = "CategoryC",
|
|
|
|
|
|
|
|
|
|
disclose = "TestEnv.Disclose.C",
|
|
|
|
|
read = "TestEnv.Read.C",
|
|
|
|
|
write = "TestEnv.Write.C",
|
|
|
|
|
manage = "TestEnv.Manage.C"
|
|
|
|
|
},
|
2021-12-24 01:05:15 +01:00
|
|
|
},
|
2022-05-17 16:04:05 +02:00
|
|
|
|
2024-07-10 02:19:02 +02:00
|
|
|
actors =
|
|
|
|
|
{
|
|
|
|
|
tasmota_1 =
|
|
|
|
|
{
|
2024-07-10 02:38:18 +02:00
|
|
|
module = "Shelly",
|
2024-07-10 02:19:02 +02:00
|
|
|
params =
|
|
|
|
|
{
|
2024-07-10 02:38:18 +02:00
|
|
|
topic = "tasmota_8365AF"
|
2024-07-10 02:19:02 +02:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
},
|
2022-03-15 21:31:10 +01:00
|
|
|
|
2024-07-10 02:19:02 +02:00
|
|
|
actor_connections = [
|
2024-07-10 02:21:21 +02:00
|
|
|
{ machine = "MachineA1", actor = "tasmota_1" },
|
2024-07-10 02:19:02 +02:00
|
|
|
] : List { machine : Text, actor : Text },
|
2022-03-15 21:31:10 +01:00
|
|
|
|
|
|
|
|
initiators = {=},
|
2022-05-17 16:04:05 +02:00
|
|
|
|
|
|
|
|
init_connections = [] : List { machine : Text, initiator : Text },
|
2021-09-21 16:35:21 +02:00
|
|
|
}
|
