steve/restic-manager
1
0
Fork 0
Code Issues Pull Requests Actions Projects Releases 1 Wiki Activity
Files
83d97a27cc17ec5af5aeb52d70043cdaa5cedaaa
restic-manager/internal/server/config/config.go
T
steve 7cc17813a9 p5-03: docker-only release path (drop goreleaser) 
Single public deliverable per tag: a multi-arch server image, with
cross-compiled agent binaries + install scripts + the systemd unit
baked under /opt/restic-manager/dist/. The /agent/binary and
/install/* handlers fall back from <DataDir>/... to that read-only
path so a fresh container Just Works without first-run staging;
operators can still drop a custom build into <DataDir>/ to override
per-host.

Architecture rationale: agent distribution already routes through
the running server, so the release surface mirrors that — there's
no second source of truth to keep in sync.

Workflow .gitea/workflows/release.yml triggers on v*.*.* tag-push
(fan-out :vX.Y.Z / :X.Y / :X, plus :latest once MAJOR>=1) and
workflow_dispatch (snapshot tag only). Pushes to the Gitea
container registry on this instance.

Both binaries grow main.commit + main.date ldflag targets. Makefile
and Dockerfile fill them; release workflow forwards from gitea.sha
plus a UTC timestamp.

Spec : docs/superpowers/specs/2026-05-05-p5-03-docker-only-release.md
Plan : docs/superpowers/plans/2026-05-05-p5-03-docker-only-release.md
2026-05-05 15:18:48 +01:00

142 lines
4.0 KiB
Go
Raw Blame History

// Package config loads server configuration from env vars (the
// canonical source) with optional YAML overlay. Documented vars are
// listed in spec.md §4.1.
package config
import (
"fmt"
"net"
"net/netip"
"os"
"strings"
"gopkg.in/yaml.v3"
)
// Config holds runtime parameters resolved from env + (optionally) a
// YAML file. Env wins over YAML so operators can tweak a single var
// without rewriting the file.
//
// The server is HTTP-only by design: the expected deployment fronts it
// with a TLS-terminating reverse proxy (Caddy/Traefik/nginx). See
// spec.md §11 for the rationale.
type Config struct {
Listen string `yaml:"listen"`
DataDir string `yaml:"data_dir"`
BaseURL string `yaml:"base_url"`
SecretKeyFile string `yaml:"secret_key_file"`
TrustedProxies []string `yaml:"trusted_proxies"`
// CookieSecure controls the Secure attribute on session cookies.
// Defaults to true. Set RM_COOKIE_SECURE=false only for local HTTP
// testing — production deployments are always behind a TLS proxy
// and the cookie must be Secure.
CookieSecure bool `yaml:"cookie_secure"`
OIDCRaw *OIDCConfig `yaml:"oidc"`
OIDC *OIDCConfig `yaml:"-"`
// BundledAssetsDir is the read-only path inside the image that
// holds agent binaries (under agent-binaries/) and install
// scripts (under install/). The /agent/binary and /install/*
// handlers fall back here when the file is not present in
// DataDir. Source-build deployments can override via
// RM_BUNDLED_ASSETS_DIR.
BundledAssetsDir string `yaml:"bundled_assets_dir"`
}
// Load resolves config in this order:
// 1. defaults
// 2. YAML at the given path (if non-empty and exists)
// 3. environment variables (RM_LISTEN, RM_DATA_DIR, …)
//
// The result is validated; a zero-error return means the server is
// safe to start.
func Load(yamlPath string) (Config, error) {
c := Config{
Listen: ":8080",
DataDir: "/data",
CookieSecure: true,
BundledAssetsDir: "/opt/restic-manager/dist",
}
if yamlPath != "" {
body, err := os.ReadFile(yamlPath)
if err != nil && !os.IsNotExist(err) {
return c, fmt.Errorf("config: read %q: %w", yamlPath, err)
}
if err == nil {
if err := yaml.Unmarshal(body, &c); err != nil {
return c, fmt.Errorf("config: parse %q: %w", yamlPath, err)
}
}
}
if v, ok := os.LookupEnv("RM_LISTEN"); ok {
c.Listen = v
}
if v, ok := os.LookupEnv("RM_DATA_DIR"); ok {
c.DataDir = v
}
if v, ok := os.LookupEnv("RM_BASE_URL"); ok {
c.BaseURL = v
}
if v, ok := os.LookupEnv("RM_SECRET_KEY_FILE"); ok {
c.SecretKeyFile = v
}
if v, ok := os.LookupEnv("RM_COOKIE_SECURE"); ok {
// Anything other than "false"/"0" leaves the safe default.
if v == "false" || v == "0" {
c.CookieSecure = false
} else {
c.CookieSecure = true
}
}
if v, ok := os.LookupEnv("RM_BUNDLED_ASSETS_DIR"); ok {
c.BundledAssetsDir = v
}
if v, ok := os.LookupEnv("RM_TRUSTED_PROXY"); ok {
// Comma-separated CIDRs; allow whitespace for readability.
parts := strings.Split(v, ",")
c.TrustedProxies = c.TrustedProxies[:0]
for _, p := range parts {
p = strings.TrimSpace(p)
if p != "" {
c.TrustedProxies = append(c.TrustedProxies, p)
}
}
}
var rawOIDC OIDCConfig
if c.OIDCRaw != nil {
rawOIDC = *c.OIDCRaw
}
oidc, err := loadOIDC(envSnapshot(), rawOIDC)
if err != nil {
return c, err
}
c.OIDC = oidc
return c, c.validate()
}
func (c *Config) validate() error {
if c.Listen == "" {
return fmt.Errorf("config: RM_LISTEN must be set")
}
if _, _, err := net.SplitHostPort(c.Listen); err != nil {
return fmt.Errorf("config: RM_LISTEN %q invalid: %w", c.Listen, err)
}
if c.DataDir == "" {
return fmt.Errorf("config: RM_DATA_DIR must be set")
}
if c.SecretKeyFile == "" {
// Default to data dir.
c.SecretKeyFile = c.DataDir + "/secret.key"
}
for _, cidr := range c.TrustedProxies {
if _, err := netip.ParsePrefix(cidr); err != nil {
return fmt.Errorf("config: RM_TRUSTED_PROXY entry %q is not a valid CIDR: %w", cidr, err)
}
}
return nil
}
Reference in New Issue View Git Blame Copy Permalink