{- Main configuration file for bffh - ================================ - - In this configuration file you configure almost all parts of how bffh operates, but most importantly: - * Machines - * Initiators and Actors - * Which Initiators and Actors relate to which machine(s) - * Roles and the permissions granted by them -} -- The config is in the configuration format/language dhall. You can find more information about dhall over at -- https://dhall-lang.org -- (Our) Dhall is somewhat similar to JSON and YAML in that it expects a top-level object containing the -- configuration values { -- Configure the addresses and ports bffh listens on listens = [ -- BFFH binds a port for every listen object in this array. -- Each listen object is of the format { address = , port = } -- If you don't specify a port bffh will use the default of `59661` -- 'address' can be a IP address or a hostname -- If bffh can not bind a port for the specified combination if will log an error but *continue with the remaining ports* { address = "::", port = Some 59661 } ], -- Configure TLS. BFFH requires a PEM-encoded certificate and the associated key as two separate files certfile = "/etc/letsencrypt/cert.pem", keyfile = "/etc/letsencrypt/key.pem", -- BFFH right now requires a running MQTT broker. mqtt_url = "tcp://mqtt:1883", -- Path to the database file for bffh. bffh will in fact create two files; ${db_path} and ${db_path}.lock. -- BFFH will *not* create any directories so ensure that the directory exists and the user running bffh has write -- access into them. db_path = "/var/lib/bffh/db", -- Audit log path. Bffh will log state changes into this file, one per line. -- Audit log entries are for now JSON: -- {"timestamp":1641497361,"machine":"Testmachine","state":{"state":{"InUse":{"uid":"Testuser","subuid":null,"realm":null}}}} auditlog_path = "/tmp/bffh.audit", -- In dhall you can also easily import definitions from other files, e.g. you could write -- roles = ./roles.dhall roles = { Admin = { permissions = [ "TestEnv.Admin", "TestEnv.Manage", "TestEnv.Write", "TestEnv.Read", "TestEnv.Disclose", ] }, ManageUsers = { permissions = [ "bffh.users.info", "bffh.users.manage", "bffh.users.admin" ] }, Manage = { permissions = [ "TestEnv.Manage" ] }, Use = { permissions = [ "TestEnv.Write" ] }, Read = { permissions = [ "TestEnv.Read" ] }, Disclose = { permissions = [ "TestEnv.Disclose" ] }, }, machines = { MachineA1 = { name = "MachineA1", description = "Description of MachineA1", wiki = "https://fab-access.readthedocs.io", category = "CategoryA", disclose = "TestEnv.Disclose.A", read = "TestEnv.Read.A", write = "TestEnv.Write.A", manage = "TestEnv.Manage.A" }, MachineA2 = { name = "MachineA2", description = "Description of MachineA2", wiki = "https://fab-access.readthedocs.io", category = "CategoryA", disclose = "TestEnv.Disclose.A", read = "TestEnv.Read.A", write = "TestEnv.Write.A", manage = "TestEnv.Manage.A" }, MachineA3 = { name = "MachineA3", description = "Description of MachineA3", wiki = "https://fab-access.readthedocs.io", category = "CategoryA", disclose = "TestEnv.Disclose.A", read = "TestEnv.Read.A", write = "TestEnv.Write.A", manage = "TestEnv.Manage.A" }, }, actors = { -- Actors similarly to machines have an 'id'. This id (here "Shelly1234") is limited to Alphanumeric ASCII -- and must begin with a letter. shellyplug-s-AAAAAA = { module = "Shelly", params = {=} }, shellyplug-s-AAAAAA = { module = "Shelly", params = {=} }, shellyplug-s-AAAAAA = { module = "Shelly", params = {=} }, shelly1-AAAAAAAAAAAA = { module = "Shelly", params = {=} }, shelly1-AAAAAAAAAAAA = { module = "Shelly", params = {=} }, }, actor_connections = [ { machine = "MachineA1", actor = "shellyplug-s-AAAAAA" }, { machine = "MachineA2", actor = "shellyplug-s-AAAAAA" }, { machine = "MachineA3", actor = "shellyplug-s-AAAAAA" }, ], initiators = {=}, init_connections = [] : List { machine : Text, initiator : Text }, }