2024-05-04 13:20:05 +02:00
|
|
|
{- Main configuration file for bffh
|
|
|
|
|
- ================================
|
|
|
|
|
-
|
|
|
|
|
- In this configuration file you configure almost all parts of how bffh operates, but most importantly:
|
|
|
|
|
- * Machines
|
|
|
|
|
- * Initiators and Actors
|
|
|
|
|
- * Which Initiators and Actors relate to which machine(s)
|
|
|
|
|
- * Roles and the permissions granted by them
|
|
|
|
|
-}
|
|
|
|
|
|
|
|
|
|
-- The config is in the configuration format/language dhall. You can find more information about dhall over at
|
|
|
|
|
-- https://dhall-lang.org
|
|
|
|
|
|
|
|
|
|
-- (Our) Dhall is somewhat similar to JSON and YAML in that it expects a top-level object containing the
|
|
|
|
|
-- configuration values
|
|
|
|
|
{
|
|
|
|
|
-- Configure the addresses and ports bffh listens on
|
|
|
|
|
listens = [
|
|
|
|
|
-- BFFH binds a port for every listen object in this array.
|
|
|
|
|
-- Each listen object is of the format { address = <STRING>, port = <INTEGER> }
|
|
|
|
|
-- If you don't specify a port bffh will use the default of `59661`
|
|
|
|
|
-- 'address' can be a IP address or a hostname
|
|
|
|
|
-- If bffh can not bind a port for the specified combination if will log an error but *continue with the remaining ports*
|
|
|
|
|
{ address = "127.0.0.1", port = 59661 },
|
|
|
|
|
{ address = "::1", port = 59661 },
|
|
|
|
|
{ address = "steak.fritz.box", port = 59661 }
|
|
|
|
|
],
|
|
|
|
|
|
|
|
|
|
-- Configure TLS. BFFH requires a PEM-encoded certificate and the associated key as two separate files
|
|
|
|
|
certfile = "examples/self-signed-cert.pem",
|
|
|
|
|
keyfile = "examples/self-signed-key.pem",
|
|
|
|
|
|
|
|
|
|
-- BFFH right now requires a running MQTT broker.
|
|
|
|
|
mqtt_url = "tcp://localhost:1883",
|
|
|
|
|
|
|
|
|
|
-- Path to the database file for bffh. bffh will in fact create two files; ${db_path} and ${db_path}.lock.
|
|
|
|
|
-- BFFH will *not* create any directories so ensure that the directory exists and the user running bffh has write
|
|
|
|
|
-- access into them.
|
|
|
|
|
db_path = "/tmp/bffh",
|
|
|
|
|
|
|
|
|
|
-- Audit log path. Bffh will log state changes into this file, one per line.
|
|
|
|
|
-- Audit log entries are for now JSON:
|
|
|
|
|
-- {"timestamp":1641497361,"machine":"Testmachine","state":{"state":{"InUse":{"uid":"Testuser","subuid":null,"realm":null}}}}
|
|
|
|
|
auditlog_path = "/tmp/bffh.audit",
|
|
|
|
|
|
|
|
|
|
|
2025-02-08 14:01:17 +01:00
|
|
|
roles = ./roles.dhall,
|
|
|
|
|
machines = ./machines.dhall,
|
|
|
|
|
actors = ./actors.dhall,
|
|
|
|
|
actor_connections = ./actorconnections.dhall,
|
2024-05-04 13:20:05 +02:00
|
|
|
|
|
|
|
|
|
|
|
|
|
-- Initiators are configured almost the same way as Actors, refer to actor documentation for more details
|
|
|
|
|
-- The below '{=}' is what you need if you want to define *no* initiators at all and only use the API with apps
|
|
|
|
|
-- to let people use machines.
|
|
|
|
|
initiators = {=},
|
|
|
|
|
-- The "Dummy" initiator will try to use and return a machine as the given user every few seconds. It's good to
|
|
|
|
|
-- test your system but will spam your log so is disabled by default.
|
|
|
|
|
--initiators = { Initiator = { module = "Dummy", params = { uid = "Testuser" } } },
|
|
|
|
|
|
|
|
|
|
-- Linking up machines to initiators. Similar to actors a machine can have several initiators assigned but an
|
|
|
|
|
-- initiator can only be assigned to one machine.
|
|
|
|
|
-- The below is once again how you have to define *no* initiators.
|
|
|
|
|
init_connections = [] : List { machine : Text, initiator : Text },
|
|
|
|
|
--init_connections = [{ machine = "Testmachine", initiator = "Initiator" }]
|
|
|
|
|
|
|
|
|
|
instanceurl = "https://example.com",
|
|
|
|
|
spacename = "examplespace"
|
|
|
|
|
}
|
