|
| 1 | +package deployment |
| 2 | + |
| 3 | +import ( |
| 4 | + "flag" |
| 5 | + "time" |
| 6 | + |
| 7 | + "github.com/coreos/go-oidc/v3/oidc" |
| 8 | + |
| 9 | + "github.com/coder/coder/codersdk" |
| 10 | +) |
| 11 | + |
| 12 | +func Config() codersdk.DeploymentConfig { |
| 13 | + return codersdk.DeploymentConfig{ |
| 14 | + // External URL to access your deployment. This must be accessible by all provisioned workspaces. |
| 15 | + AccessURL: "", |
| 16 | + // Specifies the wildcard hostname to use for workspace applications in the form "*.example.com". |
| 17 | + WildcardAccessURL: "", |
| 18 | + // Bind address of the server. |
| 19 | + Address: "127.0.0.1:3000", |
| 20 | + // Interval to poll for scheduled workspace builds. |
| 21 | + AutobuildPollInterval: time.Minute, |
| 22 | + DERP: codersdk.DERPConfig{ |
| 23 | + Server: codersdk.DERPServerConfig{ |
| 24 | + // Whether to enable or disable the embedded DERP relay server. |
| 25 | + Enable: true, |
| 26 | + // Region ID to use for the embedded DERP server. |
| 27 | + RegionID: 999, |
| 28 | + // Region code to use for the embedded DERP server. |
| 29 | + RegionCode: "coder", |
| 30 | + // Region name that for the embedded DERP server. |
| 31 | + RegionName: "Coder Embedded Relay", |
| 32 | + // Addresses for STUN servers to establish P2P connections. Set empty to disable P2P connections. |
| 33 | + STUNAddresses: []string{"stun.l.google.com:19302"}, |
| 34 | + }, |
| 35 | + Config: codersdk.DERPConfigConfig{ |
| 36 | + // URL to fetch a DERP mapping on startup. See: https://tailscale.com/kb/1118/custom-derp-servers/ |
| 37 | + URL: "", |
| 38 | + // Path to read a DERP mapping from. See: https://tailscale.com/kb/1118/custom-derp-servers/ |
| 39 | + Path: "", |
| 40 | + }, |
| 41 | + }, |
| 42 | + Prometheus: codersdk.PrometheusConfig{ |
| 43 | + // Serve prometheus metrics on the address defined by `prometheus.address`. |
| 44 | + Enable: false, |
| 45 | + // The bind address to serve prometheus metrics. |
| 46 | + Address: "127.0.0.1:2112", |
| 47 | + }, |
| 48 | + Pprof: codersdk.PprofConfig{ |
| 49 | + // Serve pprof metrics on the address defined by `pprof.address`. |
| 50 | + Enable: false, |
| 51 | + // The bind address to serve pprof. |
| 52 | + Address: "127.0.0.1:6060", |
| 53 | + }, |
| 54 | + // The directory to cache temporary files. If unspecified and $CACHE_DIRECTORY is set, it will be used for compatibility with systemd. |
| 55 | + CacheDir: defaultCacheDir(), |
| 56 | + // Controls whether data will be stored in an in-memory database. |
| 57 | + InMemoryDatabase: false, |
| 58 | + // Number of provisioner daemons to create on start. If builds are stuck in queued state for a long time, consider increasing this. |
| 59 | + ProvisionerDaemonCount: 3, |
| 60 | + // URL of a PostgreSQL database. If empty, PostgreSQL binaries will be downloaded from Maven (https://repo1.maven.org/maven2) and store all data in the config root. Access the built-in database with "coder server postgres-builtin-url". |
| 61 | + PostgresURL: "", |
| 62 | + Oauth2Github: codersdk.Oauth2GithubConfig{ |
| 63 | + // Client ID for Login with GitHub. |
| 64 | + ClientID: "", |
| 65 | + // Client secret for Login with GitHub. |
| 66 | + ClientSecret: "", |
| 67 | + // Organizations the user must be a member of to Login with GitHub. |
| 68 | + AllowedOrganizations: []string{}, |
| 69 | + // Teams inside organizations the user must be a member of to Login with GitHub. Structured as: <organization-name>/<team-slug>. |
| 70 | + AllowedTeams: []string{}, |
| 71 | + // Whether new users can sign up with GitHub. |
| 72 | + AllowSignups: true, |
| 73 | + // Base URL of a GitHub Enterprise deployment to use for Login with GitHub. |
| 74 | + EnterpriseBaseURL: "", |
| 75 | + }, |
| 76 | + |
| 77 | + OIDC: codersdk.OIDCConfig{ |
| 78 | + // Whether new users can sign up with OIDC. |
| 79 | + AllowSignups: true, |
| 80 | + // Client ID to use for Login with OIDC. |
| 81 | + ClientID: "", |
| 82 | + // Client secret to use for Login with OIDC. |
| 83 | + ClientSecret: "", |
| 84 | + // Email domain that clients logging in with OIDC must match. |
| 85 | + EmailDomain: "", |
| 86 | + // Issuer URL to use for Login with OIDC. |
| 87 | + IssuerURL: "", |
| 88 | + // Scopes to grant when authenticating with OIDC. |
| 89 | + Scopes: []string{oidc.ScopeOpenID, "profile", "email"}, |
| 90 | + }, |
| 91 | + Telemetry: codersdk.TelemetryConfig{ |
| 92 | + // Whether telemetry is enabled or not. Coder collects anonymized usage data to help improve our product. |
| 93 | + Enable: flag.Lookup("test.v") == nil, |
| 94 | + // Whether Opentelemetry traces are sent to Coder. Coder collects anonymized application tracing to help improve our product. Disabling telemetry also disables this option. |
| 95 | + TraceEnable: flag.Lookup("test.v") == nil, |
| 96 | + // URL to send telemetry. |
| 97 | + URL: "https://telemetry.coder.com", |
| 98 | + }, |
| 99 | + TLSConfig: codersdk.TLSConfig{ |
| 100 | + // Whether TLS will be enabled. |
| 101 | + Enable: false, |
| 102 | + // Path to each certificate for TLS. It requires a PEM-encoded file. To configure the listener to use a CA certificate, concatenate the primary certificate and the CA certificate together. The primary certificate should appear first in the combined file. |
| 103 | + CertFiles: []string{}, |
| 104 | + // PEM-encoded Certificate Authority file used for checking the authenticity of client |
| 105 | + ClientCAFile: "", |
| 106 | + // Policy the server will follow for TLS Client Authentication. Accepted values are "none", "request", "require-any", "verify-if-given", or "require-and-verify". |
| 107 | + ClientAuth: "request", |
| 108 | + // Paths to the private keys for each of the certificates. It requires a PEM-encoded file. |
| 109 | + KeyFiles: []string{}, |
| 110 | + // Minimum supported version of TLS. Accepted values are "tls10", "tls11", "tls12" or "tls13" |
| 111 | + MinVersion: "tls12", |
| 112 | + }, |
| 113 | + // Whether application tracing data is collected. |
| 114 | + TraceEnable: false, |
| 115 | + // Controls if the 'Secure' property is set on browser session cookies. |
| 116 | + SecureAuthCookie: false, |
| 117 | + // The algorithm to use for generating ssh keys. Accepted values are "ed25519", "ecdsa", or "rsa4096". |
| 118 | + SSHKeygenAlgorithm: "ed25519", |
| 119 | + // Templates to auto-import. Available auto-importable templates are: kubernetes |
| 120 | + AutoImportTemplates: []string{}, |
| 121 | + // How frequently metrics are refreshed |
| 122 | + MetricsCacheRefreshInterval: time.Hour, |
| 123 | + // How frequently agent stats are recorded |
| 124 | + AgentStatRefreshInterval: 10 * time.Minute, |
| 125 | + // Enables verbose logging. |
| 126 | + Verbose: false, |
| 127 | + // Specifies whether audit logging is enabled. |
| 128 | + AuditLogging: true, |
| 129 | + // Whether Coder only allows connections to workspaces via the browser. |
| 130 | + BrowserOnly: false, |
| 131 | + // Enables SCIM and sets the authentication header for the built-in SCIM server. New users are automatically created with OIDC authentication. |
| 132 | + SCIMAuthHeader: "", |
| 133 | + // Enables and sets a limit on how many workspaces each user can create. |
| 134 | + UserWorkspaceQuota: 0, |
| 135 | + } |
| 136 | +} |
0 commit comments