FabInfra-Mirror/demos.dockercompose
1
0
Fork 0
mirror of https://gitlab.com/fabinfra/fabaccess/demos-environments/dockercompose.git synced 2025-03-12 14:51:42 +01:00
Code Issues Packages Projects Releases Wiki Activity

update example for current version

Browse Source
This commit is contained in:
Kai Jan Kriegel 2022-05-17 16:04:05 +02:00
parent 555380d112
commit 7651a2e9b4
5 changed files with 508 additions and 189 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

398
config/bffh/bffh.dhall
View File

@ -25,8 +25,8 @@
], ],
-- Configure TLS. BFFH requires a PEM-encoded certificate and the associated key as two separate files -- Configure TLS. BFFH requires a PEM-encoded certificate and the associated key as two separate files
certfile = "/etc/bffh/cert.pem", certfile = "/etc/letsencrypt/cert.pem",
keyfile = "/etc/bffh/key.pem", keyfile = "/etc/letsencrypt/key.pem",
-- BFFH right now requires a running MQTT broker. -- BFFH right now requires a running MQTT broker.
mqtt_url = "tcp://mqtt:1883", mqtt_url = "tcp://mqtt:1883",
@ -43,190 +43,252 @@
-- In dhall you can also easily import definitions from other files, e.g. you could write -- In dhall you can also easily import definitions from other files, e.g. you could write
-- roles = ./roles.dhall -- roles = ./roles.dhall
roles = { roles = {
-- Role definitions Admin = {
-- A role definition is of the form
-- rolename = {
-- parents = [<list of role names to inherit from>],
-- permissions = [<list of perm rules>],
-- }
--
-- Role names are case sensitive, so RoleName != rolename.
--
-- If you want either parents or permissions to be empty its best to completely skip it:
testrole = {
permissions = [ "lab.some.admin" ]
},
somerole = {
parents = ["testparent"],
-- "Permissions" are formatted as Perm Rules, so you can use the wildcards '*' and '+'
permissions = [ "lab.test.*" ]
},
-- Roles can inherit from each other. In that case a member of e.g. 'somerole' that inherits from
-- 'testparent' will have all the permissions of 'somerole' AND 'testparent' assigned to them.
-- Right now permissions are stricly additive so you can't take a permission away in a child role that a parent
-- role grants.
testparent = {
permissions = [ permissions = [
"lab.some.write", "TestEnv.Admin",
"lab.some.read", "TestEnv.Manage.A",
"lab.some.disclose" "TestEnv.Manage.B",
"TestEnv.Manage.C",
"TestEnv.Write.A",
"TestEnv.Write.B",
"TestEnv.Write.C",
"TestEnv.Read.A",
"TestEnv.Read.B",
"TestEnv.Read.C",
"TestEnv.Disclose.A",
"TestEnv.Disclose.B",
"TestEnv.Disclose.C"
] ]
},
ManageA = {
permissions = [ "TestEnv.Manage.A" ]
},
ManageB = {
permissions = [ "TestEnv.Manage.B" ]
},
ManageC = {
permissions = [ "TestEnv.Manage.C" ]
},
UseA = {
permissions = [ "TestEnv.Write.A" ]
},
UseB = {
permissions = [ "TestEnv.Write.B" ]
},
UseC = {
permissions = [ "TestEnv.Write.C" ]
},
ReadA = {
permissions = [ "TestEnv.Read.A" ]
},
ReadB = {
permissions = [ "TestEnv.Read.B" ]
},
ReadC = {
permissions = [ "TestEnv.Read.C" ]
},
DiscloseA = {
permissions = [ "TestEnv.Disclose.A" ]
},
DiscloseB = {
permissions = [ "TestEnv.Disclose.B" ]
},
DiscloseC = {
permissions = [ "TestEnv.Disclose.C" ]
} }
}, },
-- Configure machines
-- "Machines" (which in future will be more appropiately named "resources") are the main thing bffh is concerned
-- with.
-- You can define an almost limitless amount of machines (well 2^64 - 1, so 18_446_744_073_709_551_615 to be precise)
-- Each of these machines can then have several "actors" and "initiators" assigned
machines = { machines = {
Testmachine = { MachineA1 = {
-- A machine comes with two "names". The id above ("Testmachine") and the "name" ("MachineA"). name = "MachineA1",
-- The id is what you'll use in the config format and is strictly limited to alphanumeric characters and '_' description = "Description of MachineA1",
-- and must begin with a letter. Most importantly you CAN NOT use '-' or spaces in an identifier wiki = "https://fab-access.readthedocs.io",
-- (dhall makes this technically possible but you can break things in subtle ways) category = "CategoryA",
-- REQUIRED. The "name" of a machine is what will be presented to humans. It can contain all unicode disclose = "TestEnv.Disclose.A",
-- including spaces and nonprintable characters. read = "TestEnv.Read.A",
-- A name SHOULD be short but unique. write = "TestEnv.Write.A",
name = "MachineA", manage = "TestEnv.Manage.A"
-- OPTIONAL. A description can be assigned to machines. It will also only be shown to humans. Thus it is
-- once again limited only to unicode. If you want to provide your users with important additional
-- information other than the name this is the place to do it.
description = "A test machine",
-- OPTIONAL. If you have a wiki going into more detail how to use a certain machine or what to keep in
-- mind when using it you can provide a URL here that will be presented to users.
wiki = "https://wiki.example.org/machineA",
-- OPTIONAL. You can assign categories to machines to allow clients to group/filter machines by them.
category = "Testcategory",
-- REQUIRED.
-- Each machine MUST have *all* Permission levels assigned to it.
-- Permissions aren't PermRules as used in the 'roles' definitions but must be precise without wildcards.
-- Permission levels aren't additive, so a user having 'manage' permission does not automatically get
-- 'read' or 'write' permission.
-- (Note, disclose is not fully implemented at the moment)
-- Users lacking 'disclose' will not be informed about this machine in any way and it will be hidden from
-- them in the client. Usually the best idea is to assign 'read' and 'disclose' to the same permission.
disclose = "lab.test.read",
-- Users lacking 'read' will be shown a machine including name, description, category and wiki but not
-- it's current state. The current user is not disclosed.
read = "lab.test.read",
-- The 'write' permission allows to 'use' the machine.
write = "lab.test.write",
-- Manage represents the 'superuser' permission. Users with this permission can force set any state and
-- read out the current user
manage = "lab.test.admin"
}, },
Another = { MachineA2 = {
wiki = "test_another", name = "MachineA2",
category = "test", description = "Description of MachineA2",
disclose = "lab.test.read", wiki = "https://fab-access.readthedocs.io",
manage = "lab.test.admin", category = "CategoryA",
name = "Another",
read = "lab.test.read", disclose = "TestEnv.Disclose.A",
write = "lab.test.write" read = "TestEnv.Read.A",
write = "TestEnv.Write.A",
manage = "TestEnv.Manage.A"
}, },
Yetmore = { MachineA3 = {
description = "Yet more test machines", name = "MachineA3",
disclose = "lab.test.read", description = "Description of MachineA3",
manage = "lab.test.admin", wiki = "https://fab-access.readthedocs.io",
name = "Yetmore", category = "CategoryA",
read = "lab.test.read",
write = "lab.test.write" disclose = "TestEnv.Disclose.A",
} read = "TestEnv.Read.A",
write = "TestEnv.Write.A",
manage = "TestEnv.Manage.A"
},
MachineA4 = {
name = "MachineA4",
description = "Description of MachineA4",
wiki = "https://fab-access.readthedocs.io",
category = "CategoryA",
disclose = "TestEnv.Disclose.A",
read = "TestEnv.Read.A",
write = "TestEnv.Write.A",
manage = "TestEnv.Manage.A"
},
MachineA5 = {
name = "MachineA5",
description = "Description of MachineA5",
wiki = "https://fab-access.readthedocs.io",
category = "CategoryA",
disclose = "TestEnv.Disclose.A",
read = "TestEnv.Read.A",
write = "TestEnv.Write.A",
manage = "TestEnv.Manage.A"
}, },
-- Actor configuration. Actors are how bffh affects change in the real world by e.g. switching a power socket MachineB1 = {
-- using a shelly name = "MachineB1",
actors = { description = "Description of MachineB1",
-- Actors similarly to machines have an 'id'. This id (here "Shelly1234") is limited to Alphanumeric ASCII wiki = "https://fab-access.readthedocs.io",
-- and must begin with a letter. category = "CategoryB",
Shelly1234 = {
-- Actors are modular pieces of code that are loaded as required. The "Shelly" module will send disclose = "TestEnv.Disclose.B",
-- activation signals to a shelly switched power socket over MQTT read = "TestEnv.Read.B",
module = "Shelly", write = "TestEnv.Write.B",
-- Actors can have arbitrary parameters passed to them, varying by actor module. manage = "TestEnv.Manage.B"
params = { },
-- For Shelly you can configure the MQTT topic segment it uses. Shellies listen to a specific topic MachineB2 = {
-- containing their name (which is usually of the form "shelly_<id>" but can be changed). name = "MachineB2",
-- If you do not configure a topic here the actor will use it's 'id' (in this case "Shelly1234"). description = "Description of MachineB2",
topic = "Topic1234" wiki = "https://fab-access.readthedocs.io",
} category = "CategoryB",
disclose = "TestEnv.Disclose.B",
read = "TestEnv.Read.B",
write = "TestEnv.Write.B",
manage = "TestEnv.Manage.B"
},
MachineB3 = {
name = "MachineB3",
description = "Description of MachineB3",
wiki = "https://fab-access.readthedocs.io",
category = "CategoryB",
disclose = "TestEnv.Disclose.B",
read = "TestEnv.Read.B",
write = "TestEnv.Write.B",
manage = "TestEnv.Manage.B"
},
MachineB4 = {
name = "MachineB4",
description = "Description of MachineB4",
wiki = "https://fab-access.readthedocs.io",
category = "CategoryB",
disclose = "TestEnv.Disclose.B",
read = "TestEnv.Read.B",
write = "TestEnv.Write.B",
manage = "TestEnv.Manage.B"
},
MachineB5 = {
name = "MachineB5",
description = "Description of MachineB5",
wiki = "https://fab-access.readthedocs.io",
category = "CategoryB",
disclose = "TestEnv.Disclose.B",
read = "TestEnv.Read.B",
write = "TestEnv.Write.B",
manage = "TestEnv.Manage.B"
}, },
Bash = { MachineC1 = {
-- The "Process" module runs a given script or command on state change. name = "MachineC1",
-- bffh invoces the given cmd as `$ ${cmd} ${args} ${id} ${state}` so e.g. as description = "Description of MachineC1",
-- `$ ./examples/actor.sh your ad could be here Bash inuse` wiki = "https://fab-access.readthedocs.io",
module = "Process", category = "CategoryC",
params = {
-- which is configured by the (required) 'cmd' parameter. Paths are relative to PWD of bffh. Systemd disclose = "TestEnv.Disclose.C",
-- and similar process managers may change this PWD so it's usually the most future-proof to use read = "TestEnv.Read.C",
-- absolute paths. write = "TestEnv.Write.C",
cmd = "./examples/actor.sh", manage = "TestEnv.Manage.C"
-- You can pass static args in here, these will be passed to every invocation of the command by this actor. },
-- args passed here are split by whitespace, so these here will be passed as 5 separate arguments MachineC2 = {
args = "your ad could be here" name = "MachineC2",
} description = "Description of MachineC2",
wiki = "https://fab-access.readthedocs.io",
category = "CategoryC",
disclose = "TestEnv.Disclose.C",
read = "TestEnv.Read.C",
write = "TestEnv.Write.C",
manage = "TestEnv.Manage.C"
},
MachineC3 = {
name = "MachineC3",
description = "Description of MachineC3",
wiki = "https://fab-access.readthedocs.io",
category = "CategoryC",
disclose = "TestEnv.Disclose.C",
read = "TestEnv.Read.C",
write = "TestEnv.Write.C",
manage = "TestEnv.Manage.C"
},
MachineC4 = {
name = "MachineC4",
description = "Description of MachineC4",
wiki = "https://fab-access.readthedocs.io",
category = "CategoryC",
disclose = "TestEnv.Disclose.C",
read = "TestEnv.Read.C",
write = "TestEnv.Write.C",
manage = "TestEnv.Manage.C"
},
MachineC5 = {
name = "MachineC5",
description = "Description of MachineC5",
wiki = "https://fab-access.readthedocs.io",
category = "CategoryC",
disclose = "TestEnv.Disclose.C",
read = "TestEnv.Read.C",
write = "TestEnv.Write.C",
manage = "TestEnv.Manage.C"
},
}, },
DoorControl1 = { actors = {=},
-- This actor calls the actor.py script in examples/
-- It gets passed it's own name, so you can have several actors
-- from the same script.
-- If you need to pass more arguments to the command you can use the `args` key in
-- `params` as is done with the actor `Bash`
module = "Process",
-- the `args` are passed in front of all other parameters so they are best suited to
-- optional parameters like e.g. the verboseness
params = { cmd = "/usr/local/lib/bffh/adapters/actor.py", args = "-vvv" }
},
DoorControl2 = {
module = "Process",
params = { cmd = "/usr/local/lib/bffh/adapters/actor.py", }
},
DoorControl3 = {
-- This is an example for how it looks like if an actor is misconfigured.
-- the actor.py doesn't know anything about DoorControl3 and, if this actor is enabled,
-- will return with an error showing up in the server logs.
module = "Process",
params = { cmd = "/usr/local/lib/bffh/adapters/actor.py", }
},
Bash2 = { module = "Process", params = { cmd = "/usr/local/lib/bffh/adapters/actor.sh" , args = "this is a different one" }}, actor_connections = [] : List { machine : Text, actor : Text },
FailBash = { module = "Process", params = { cmd = "/usr/local/lib/bffh/adapters/fail-actor.sh" }}
},
-- Linkng up machines to actors
-- Actors need to be connected to machines to be useful. A machine can be connected to multiple actors, but one
-- actor can only be connected to one machine.
actor_connections = [
{ machine = "Testmachine", actor = "Shelly1234" },
{ machine = "Another", actor = "Bash" },
{ machine = "Yetmore", actor = "Bash2" },
{ machine = "Yetmore", actor = "FailBash"}
],
-- Initiators are configured almost the same way as Actors, refer to actor documentation for more details
-- The below '{=}' is what you need if you want to define *no* initiators at all and only use the API with apps
-- to let people use machines.
initiators = {=}, initiators = {=},
-- The "Dummy" initiator will try to use and return a machine as the given user every few seconds. It's good to
-- test your system but will spam your log so is disabled by default.
--initiators = { Initiator = { module = "Dummy", params = { uid = "Testuser" } } },
-- Linking up machines to initiators. Similar to actors a machine can have several initiators assigned but an init_connections = [] : List { machine : Text, initiator : Text },
-- initiator can only be assigned to one machine.
-- The below is once again how you have to define *no* initiators.
init_connections = [] : List { machine : Text, initiator : Text }
--init_connections = [{ machine = "Testmachine", initiator = "Initiator" }]
} }

183
config/bffh/users.toml
View File

@ -1,14 +1,173 @@
[Testuser] [Admin1]
# These roles have to be defined in 'bffh.dhall'. roles = ["Admin"]
# Non-existant roles will not crash the server but print a `WARN` level message in the
# server log in the form "Did not find role somerole/internal while trying to tally".
roles = ["somerole/internal", "testrole/internal"]
# The password will be hashed using argon2id on load time and is not available in plaintext afterwards.
passwd = "secret" passwd = "secret"
# You can add whatever random data you want.
# It will get stored in the `kv` field in UserData.
# This is not used for anything at the moment
noot = "noot!" noot = "noot!"
cardkey = "7ab8704a61b5317e1fe4cae9e3e1fd8d" cardkey = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
[Admin2]
roles = ["Admin"]
passwd = "secret"
noot = "noot!"
cardkey = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
[ManagerA1]
roles = ["ManageA", "UseA", "ReadA", "DiscloseA"]
passwd = "secret"
noot = "noot!"
cardkey = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
[ManagerA2]
roles = ["ManageA", "UseA", "ReadA", "DiscloseA"]
passwd = "secret"
noot = "noot!"
cardkey = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
[ManagerB1]
roles = ["ManageB", "UseB", "ReadB", "DiscloseB"]
passwd = "secret"
noot = "noot!"
cardkey = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
[ManagerB2]
roles = ["ManageB", "UseB", "ReadB", "DiscloseB"]
passwd = "secret"
noot = "noot!"
cardkey = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
[ManagerC1]
roles = ["ManageC", "UseC", "ReadC", "DiscloseC"]
passwd = "secret"
noot = "noot!"
cardkey = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
[ManagerC2]
roles = ["ManageC", "UseC", "ReadC", "DiscloseC"]
passwd = "secret"
noot = "noot!"
cardkey = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
[ManagerABC1]
roles = ["ManageA", "UseA", "ReadA", "DiscloseA", "ManageB", "UseB", "ReadB", "DiscloseB", "ManageC", "UseC", "ReadC", "DiscloseC"]
passwd = "secret"
noot = "noot!"
cardkey = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
[ManagerABC2]
roles = ["ManageA", "UseA", "ReadA", "DiscloseA", "ManageB", "UseB", "ReadB", "DiscloseB", "ManageC", "UseC", "ReadC", "DiscloseC"]
passwd = "secret"
noot = "noot!"
cardkey = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
[MakerA1]
roles = ["UseA", "ReadA", "DiscloseA"]
passwd = "secret"
noot = "noot!"
cardkey = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
[MakerA2]
roles = ["UseA", "ReadA", "DiscloseA"]
passwd = "secret"
noot = "noot!"
cardkey = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
[MakerB1]
roles = ["UseB", "ReadB", "DiscloseB"]
passwd = "secret"
noot = "noot!"
cardkey = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
[MakerB2]
roles = ["UseB", "ReadB", "DiscloseB"]
passwd = "secret"
noot = "noot!"
cardkey = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
[MakerC1]
roles = ["UseC", "ReadC", "DiscloseC"]
passwd = "secret"
noot = "noot!"
cardkey = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
[MakerC2]
roles = ["UseC", "ReadC", "DiscloseC"]
passwd = "secret"
noot = "noot!"
cardkey = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
[MakerABC1]
roles = ["UseA", "ReadA", "DiscloseA", "UseB", "ReadB", "DiscloseB", "UseC", "ReadC", "DiscloseC"]
passwd = "secret"
noot = "noot!"
cardkey = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
[MakerABC2]
roles = ["UseA", "ReadA", "DiscloseA", "UseB", "ReadB", "DiscloseB", "UseC", "ReadC", "DiscloseC"]
passwd = "secret"
noot = "noot!"
cardkey = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
[GuestA1]
roles = ["ReadA", "DiscloseA"]
passwd = "secret"
noot = "noot!"
cardkey = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
[GuestA2]
roles = ["ReadA", "DiscloseA"]
passwd = "secret"
noot = "noot!"
cardkey = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
[GuestB1]
roles = ["ReadB", "DiscloseB"]
passwd = "secret"
noot = "noot!"
cardkey = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
[GuestB2]
roles = ["ReadB", "DiscloseB"]
passwd = "secret"
noot = "noot!"
cardkey = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
[GuestC1]
roles = ["ReadC", "DiscloseC"]
passwd = "secret"
noot = "noot!"
cardkey = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
[GuestC2]
roles = ["ReadC", "DiscloseC"]
passwd = "secret"
noot = "noot!"
cardkey = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
[GuestABC1]
roles = ["ReadA", "DiscloseA", "ReadB", "DiscloseB", "ReadC", "DiscloseC"]
passwd = "secret"
noot = "noot!"
cardkey = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
[GuestABC2]
roles = ["ReadA", "DiscloseA", "ReadB", "DiscloseB", "ReadC", "DiscloseC"]
passwd = "secret"
noot = "noot!"
cardkey = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
[MakerQRA]
roles = ["UseA", "ReadA"]
passwd = "secret"
noot = "noot!"
cardkey = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
[MakerQRB]
roles = ["UseB", "ReadB"]
passwd = "secret"
noot = "noot!"
cardkey = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
[MakerQRC]
roles = ["UseC", "ReadC"]
passwd = "secret"
noot = "noot!"
cardkey = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"

31
config/cert/cert.pem Normal file
View File

@ -0,0 +1,31 @@
-----BEGIN CERTIFICATE-----
MIIFYzCCA0ugAwIBAgIUD/WP9/ClkcITVEE1ApyenpySXkswDQYJKoZIhvcNAQEL
BQAwQTELMAkGA1UEBhMCREUxDzANBgNVBAgMBkJlcmxpbjEPMA0GA1UEBwwGQmVy
bGluMRAwDgYDVQQKDAdSTEtNIFVHMB4XDTIyMDQyMDEzNTk1MFoXDTIzMDQyMDEz
NTk1MFowQTELMAkGA1UEBhMCREUxDzANBgNVBAgMBkJlcmxpbjEPMA0GA1UEBwwG
QmVybGluMRAwDgYDVQQKDAdSTEtNIFVHMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A
MIICCgKCAgEAtlDacP0s0CjC5mP7pe2/uAo7nrP2WHztnG9ougbAcmSnmOCNWxYo
3ItGZQ4morGqTndx1yrr7/ZXVmqvvxtbcwQc99u4KFw9DrzCr/5la5SJv/KsBOW4
mjNNPJY79DKsULuOo6nqZGUFNhk+nbFSjMy684zsIvj6YNeYE4lvPGVtQ+buBlep
FjYwyFgezpbdYnVPNKCCEag3Pgxi2Sxys9vaaUIP/BpMrLXXARk5sFHV5kiQRRZ6
mw7hQz9Sb7BbQHeH1ejTLUNSTpHZ5fdptVTQRwt2Er5FgLcBPwckGymOCSsg8Bop
N6zFutybVl0vYK0KkslADLo+S8/W81ckKpUYFnk0zw9ET8LlrMnzc9jfV5BMtijz
sKArOC/ALLXz5FiPfpq+vVpqy354YkIy+n4xBKYpp9s3xeBpMLgupL/Tx7yB9Dxs
9Dp0vzDnx6UDHHo+U9OZYTmjy2oFxhM3lN73Hs2L2zgmWYUgksCQYJOUcXtGUW6C
nYLiSDJPqBoFSVGlUVSf9Aq4h23OWyRPD8GKcMQXVdFUEckgf5BRpGkxDigsDaAu
uN0QHCPw3fTg69xmIt0PxWGy+bEFSPZd83CtnklOAXTv7EnHb0HtZ1fDSqvbcGIi
A5LaCitC4Z5IaU7Ub23AY8BcjLnRopPIOVLrLvmznCoy0ntLBht/Z/0CAwEAAaNT
MFEwHQYDVR0OBBYEFOJ3+fyj1u6eou6MOktC5vUG2JPVMB8GA1UdIwQYMBaAFOJ3
+fyj1u6eou6MOktC5vUG2JPVMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEL
BQADggIBAE0eleTJs87FJ9Kuex/8NNZXs+4OjqetPbIJV32+IvIht1c51Bbo0MrS
7RdE4MIj5XyC6vpk+vpb/rnFr8Q655J7Ao/iVhwIW9k8Y4uJL5YvIrJyM9w/JWNa
Jp2f5Jc0xJmKaU7rkegokosg7y7vJGz+l2oeWcBFf6BQ/zcifUFGTah0u0qe2vGR
9dFZ07CAqawFvLsg/xDwmXkhEVWjB9CmwbbH5fgd9fpBL8wGiraaVCiVSwun9jzn
ylBCWF24BoI5UAjHgbPDAqwkbTLJaDPZF52AOT9M6UY9naJ8PflykwIqvAejZvbi
CrfUjqXS2F387VGJ9/xxzM2ZeMjWXT+FjOKJAZBf4r5CjsUvpBQZw/LiHfKzzTos
VauB6qJhIcqUUUpFdKeeyGkExfxsCuHfTk8n2g3kCYZUpgKt55gmFGUMqP8qXSko
6BfGIEtIEHdBdb5++IBIXINMj7mLYimk/iQkGWwQTN3RXCck6yN5lzUNNQ81Ea97
dj4/UAzf9mztNVmZJMZ/sqVxUciGy+kr6JJi/4pUGIZh5IezHY5bS4dRAN0mQFzz
aYkyZlGrVrvex7zBeyO88erMnFMxFS1el9ms0Izu85NmkryWkg+U7yzJAFqJXDHT
an1Se25jGeyqyA0Y2soZ9GjxkTkOkXuPIYr+LdZPpd8ce0KI5ncg
-----END CERTIFICATE-----

52
config/cert/key.pem Normal file
View File

@ -0,0 +1,52 @@
-----BEGIN PRIVATE KEY-----
MIIJQQIBADANBgkqhkiG9w0BAQEFAASCCSswggknAgEAAoICAQC2UNpw/SzQKMLm
Y/ul7b+4Cjues/ZYfO2cb2i6BsByZKeY4I1bFijci0ZlDiaisapOd3HXKuvv9ldW
aq+/G1tzBBz327goXD0OvMKv/mVrlIm/8qwE5biaM008ljv0MqxQu46jqepkZQU2
GT6dsVKMzLrzjOwi+Ppg15gTiW88ZW1D5u4GV6kWNjDIWB7Olt1idU80oIIRqDc+
DGLZLHKz29ppQg/8GkystdcBGTmwUdXmSJBFFnqbDuFDP1JvsFtAd4fV6NMtQ1JO
kdnl92m1VNBHC3YSvkWAtwE/ByQbKY4JKyDwGik3rMW63JtWXS9grQqSyUAMuj5L
z9bzVyQqlRgWeTTPD0RPwuWsyfNz2N9XkEy2KPOwoCs4L8AstfPkWI9+mr69WmrL
fnhiQjL6fjEEpimn2zfF4GkwuC6kv9PHvIH0PGz0OnS/MOfHpQMcej5T05lhOaPL
agXGEzeU3vcezYvbOCZZhSCSwJBgk5Rxe0ZRboKdguJIMk+oGgVJUaVRVJ/0CriH
bc5bJE8PwYpwxBdV0VQRySB/kFGkaTEOKCwNoC643RAcI/Dd9ODr3GYi3Q/FYbL5
sQVI9l3zcK2eSU4BdO/sScdvQe1nV8NKq9twYiIDktoKK0LhnkhpTtRvbcBjwFyM
udGik8g5Uusu+bOcKjLSe0sGG39n/QIDAQABAoICAAPNs4T0bzUniItkbhlT2LJW
+k/xCrRlZNKk618oKWcpjOqOUryh/Xe+axlMHoe546bv7H7T7SisL73Ei4aV5EZF
wXH1UkX7SKXQT9J6oPSJ3IbV4ftXLI8A/31CWB1b2kbz5sGo15RBHEb451rEWofH
9KWEnN+M6LJRBSHxNdIhfpJSVMhql0M4nbNsTTY7pQI7FswvBg+mvgJMIVrNB9aT
QV79SxaUGOHoiEQEWfUA/BCqFmJumd+2w4HS5h4g5IJ3i+ytRwyUcTjk55IZ44lu
K8szpMK21/3bs4m0VS9A4m70CKOhtBbugpCHrjDy0Dx417Xgv3aUgxyzSRV6Da3R
sskwsGII7lPVNXGNMbtLGZCMc63igNa9UzZrR34Te7g/9gdubg5frKUEn4lkIP7P
FqYZxBXswVeSnzYS0XQ5j88L1BeoJrYoYdoj28HPwL36RP5ouzldgLMYc42/yRpd
sv27OMbzk3jcpjyNkmpPMHze5oyu6chzUXw4WvOl8iQZlO4uWzOXrkRf1upwNoVw
jqnCbU9Hvh+8Rg8QbnW8y0nY6RXTiINogQvRl+Vi8TyU0RSDaUHwou6QIGbFDXAw
3zvGATuNqMYe9zysZnJVYJ/CDE5eH/b5XTCIUoKvFEYm02C0ymSlqYPO59McOPek
lSgAqbRAj9qNXUHFJ+/5AoIBAQDGPxSPNTTfLNjj8wBF+ZJRK5FxZ9qx6GhNlxRI
ziKFH/ozP1mNxZKqLu+ta/IeHsJCuJ3oYzQBCnUcAMmuY8cMW9ocr8iU8dlmjN/u
G5SXZ50JdXhIyfvPAGjnGeRGqkzjmZFHEE7go+AS5o1wMTpFDCffyEvYJKNWFRnu
f+eRdvPYueyGBkKx7QimOzFZPufgYaJNiL2YJY4KlHD7Bmc8pX8ep6bXN6HEfDCF
6PiWfxDPi8ey0VWnEkfAOWRwOfVxyOFd+8sTMQ3W2/CTbzIyP1NJioeR3sZFMiXL
EStG14ihDHedA/zHMwci3aWUW3RVE21gEivp0akAEMaG8hLFAoIBAQDrbbHT/AC8
K7rswHISXR515P1OROTK7mcLq+ujjoDnVCDg91IivfFlwb52vkOMKEQDNqVLYp6S
dkbNt21CJUsjYhhJ5mUXJUrWJpembVT87uplyi5+MYmCx5jIK9UwzFoKXwRVkLhq
tz118/THgduIYTzBeDOnmWdcsw3PIW8CxIfMJAfWQJPVDZRisX2Ox8KRzGR4UqPS
gAOBi9pwf05aLennT+5GlaTsxdotmf3VWTEHZJGnFJHrbU7Vm17wW9Y+SZWx+ocZ
7PhuFA1snB8t2wGaYa7UacqzD5gTC1/SOsUK7RTyL5yPP88AY7gV7PViDWI8lPTP
+Hmf9jWUU3PZAoIBAARyWcW0jdELsnm6c6EeLfgAIC0JBVDEQ8KpxtyzMvcFdpk7
rIiPi/ChSOL87ttaGUVh2rjhsMLtNx8/rUZqGobecJAAKWGd4yB3vHYczEJxIoaZ
ye7oCOvluHSmkgY7v6nDQgz0ArDrPBVwcm+3yvTNhv9wALOCbt95bbF50PnkTyfn
U7TV4x0WkgEYhszXql/QENHoZUhKX1tBZR9cT2h+1dEcNZPSPaCooHYAecL2aqwd
GIecRm2O7WkUYHpb8nNw7A0tnqp5iTPujwDfl6Kk5PtbThspggz/SPW7Fttp7jie
jPhKpJrbPCe+DP685mkaHHPxNGb0OvQzbCCOwXkCggEAPlZQVMoQQ8Lsfs3CJpyj
eSIF9FiHoDgZ7tw5y5frB9Wd0xOJmwtiRMhVL0nXxt/Oim9IuzpEtJE+1C+ybWZE
i/zoY4Du2X8VXrjfRMEEVOjKBePQBbgGKivBh5cbnw0s9jwMgL+OJSuZyYasFLuM
roLYvH2gZ8tVtBTxHhxDMZ9qOaJ8tL1qp2ouFSfcEBdSrJpLLBTtrcoZo46ta0Y6
L+SiX44pkGUFQ3BsAdEZhglU0xlM+8mVjZnm2uaF7+zRQLLpQTQN286ERVln6I86
LkEkHoWo7jOI6XrCkKBdYeQP0oHOHwZ+VOvXWsoMrzmMC8dxcIsce4jWY4Wk0D58
mQKCAQAhQJm5Rji/lzVY3eu6TvuWMdoyt4DnZjSWCbhWjhZ3Fsv1xpGwNmfxoExb
TbqnwcEZKCyF12vgh8/zXYRwwCF0PKe0rR3GsfgM+bPpcFVuIp1vGRLYO49eYRmm
s372NCQkZMcNpzX+jB1MtLt/Jx/P8lb3eaExoknpZpDzYlhxU8UNEtogMfyvUt/i
9hZtjCRMCkEV4o/C/8/VuchwLWR5fRrJDydTLxavIAhOjfCGKoU4EiIqAZjJnJKk
jHHvxLwbXjSNZe41n872lOmNUweTch3ikRBMqDsXoELyCVXmoupnwIajO1eV2sWq
+cqdvrc3lDTZ3QIesrwgLuCGSQpj
-----END PRIVATE KEY-----

19
docker-compose.yaml
View File

@ -1,18 +1,31 @@
version: "3.8" version: "3.8"
services: services:
#dnsrobocert:
# image: adferrand/dnsrobocert
# pull_policy: always
# restart: always
# volumes:
# - "./config/cert:/etc/letsencrypt"
# - "./config/dnsrobocert:/etc/dnsrobocert"
bffh: bffh:
image: registry.gitlab.com/fabinfra/fabaccess/bffh:latest image: registry.gitlab.com/fabinfra/fabaccess/bffh:v0.3-pre
pull_policy: always pull_policy: always
restart: always restart: always
ports: ports:
- "59661:59661" - "59666:59661"
entrypoint: ["sh", "-c", "bffhd -c /etc/bffh/bffh.dhall --load=/etc/bffh/users.toml; bffhd -c /etc/bffh/bffh.dhall"]
environment:
- "RUST_LOG=debug"
volumes: volumes:
# generate a sample config.toml by running "docker run registry.gitlab.com/fabinfra/fabaccess/bffh:dev-latest --print-default > examples/config.toml" from the project root. You may have to delete the ipv6 listen section. # generate a sample config.toml by running "docker run registry.gitlab.com/fabinfra/fabaccess/bffh:dev-latest --print-default > examples/config.toml" from the project root. You may have to delete the ipv6 listen section.
- "./config/bffh:/etc/bffh" - "./config/bffh:/etc/bffh"
- "./adapters:/usr/local/lib/bffh/adapters" - "./adapters:/usr/local/lib/bffh/adapters"
- "./config/cert:/etc/letsencrypt"
- data:/var/lib/bffh - data:/var/lib/bffh
links: links:
- mqtt - mqtt
mqtt: mqtt:
image: eclipse-mosquitto:1.6.15 image: eclipse-mosquitto:1.6.15
restart: always restart: always
@ -20,5 +33,7 @@ services:
- "1883:1883" - "1883:1883"
volumes: volumes:
- "./config/mosquitto/mosquitto.conf:/mosquitto/config/mosquitto.conf" - "./config/mosquitto/mosquitto.conf:/mosquitto/config/mosquitto.conf"
volumes: volumes:
data: data: