From baa0c44a0af9faf18cb7202fe801e9d6c17d759f Mon Sep 17 00:00:00 2001 From: Ammar Bandukwala Date: Fri, 8 Sep 2023 13:32:09 -0500 Subject: [PATCH] chore(cli): lighten flags on help page --- cli/help.go | 2 +- cli/testdata/coder_--help.golden | 20 +- cli/testdata/coder_agent_--help.golden | 22 +- cli/testdata/coder_config-ssh_--help.golden | 18 +- cli/testdata/coder_create_--help.golden | 12 +- cli/testdata/coder_delete_--help.golden | 4 +- cli/testdata/coder_dotfiles_--help.golden | 6 +- cli/testdata/coder_list_--help.golden | 8 +- cli/testdata/coder_login_--help.golden | 10 +- cli/testdata/coder_logout_--help.golden | 2 +- cli/testdata/coder_ping_--help.golden | 6 +- cli/testdata/coder_port-forward_--help.golden | 4 +- cli/testdata/coder_publickey_--help.golden | 4 +- cli/testdata/coder_rename_--help.golden | 2 +- .../coder_reset-password_--help.golden | 2 +- cli/testdata/coder_restart_--help.golden | 6 +- cli/testdata/coder_server_--help.golden | 200 +++++++++--------- ...der_server_create-admin-user_--help.golden | 12 +- ...erver_postgres-builtin-serve_--help.golden | 2 +- ..._server_postgres-builtin-url_--help.golden | 2 +- cli/testdata/coder_speedtest_--help.golden | 6 +- cli/testdata/coder_ssh_--help.golden | 18 +- cli/testdata/coder_start_--help.golden | 6 +- cli/testdata/coder_stat_--help.golden | 4 +- cli/testdata/coder_stat_cpu_--help.golden | 4 +- cli/testdata/coder_stat_disk_--help.golden | 6 +- cli/testdata/coder_stat_mem_--help.golden | 6 +- cli/testdata/coder_state_pull_--help.golden | 2 +- cli/testdata/coder_state_push_--help.golden | 2 +- cli/testdata/coder_stop_--help.golden | 2 +- .../coder_templates_create_--help.golden | 26 +-- .../coder_templates_delete_--help.golden | 2 +- .../coder_templates_edit_--help.golden | 24 +-- .../coder_templates_init_--help.golden | 2 +- .../coder_templates_list_--help.golden | 4 +- .../coder_templates_pull_--help.golden | 4 +- .../coder_templates_push_--help.golden | 24 +-- ...oder_templates_versions_list_--help.golden | 4 +- .../coder_tokens_create_--help.golden | 4 +- cli/testdata/coder_tokens_list_--help.golden | 6 +- cli/testdata/coder_update_--help.golden | 10 +- .../coder_users_activate_--help.golden | 2 +- cli/testdata/coder_users_create_--help.golden | 8 +- cli/testdata/coder_users_list_--help.golden | 4 +- cli/testdata/coder_users_show_--help.golden | 2 +- .../coder_users_suspend_--help.golden | 2 +- cli/testdata/coder_version_--help.golden | 2 +- enterprise/cli/testdata/coder_--help.golden | 20 +- .../coder_features_list_--help.golden | 4 +- .../coder_groups_create_--help.golden | 4 +- .../testdata/coder_groups_edit_--help.golden | 10 +- .../testdata/coder_groups_list_--help.golden | 4 +- .../testdata/coder_licenses_add_--help.golden | 6 +- .../coder_licenses_list_--help.golden | 4 +- .../coder_provisionerd_start_--help.golden | 10 +- .../cli/testdata/coder_server_--help.golden | 200 +++++++++--------- ...der_server_create-admin-user_--help.golden | 12 +- ...coder_server_dbcrypt_decrypt_--help.golden | 6 +- .../coder_server_dbcrypt_delete_--help.golden | 4 +- .../coder_server_dbcrypt_rotate_--help.golden | 8 +- ...erver_postgres-builtin-serve_--help.golden | 2 +- ..._server_postgres-builtin-url_--help.golden | 2 +- 62 files changed, 413 insertions(+), 413 deletions(-) diff --git a/cli/help.go b/cli/help.go index 075eb14ed7be9..c49d16d7d100f 100644 --- a/cli/help.go +++ b/cli/help.go @@ -60,7 +60,7 @@ var usageTemplate = template.Must( }, "keyword": func(s string) string { return pretty.Sprint( - pretty.FgColor(cliui.Color("#0173ff")), + pretty.FgColor(cliui.Color("#87ceeb")), s, ) }, diff --git a/cli/testdata/coder_--help.golden b/cli/testdata/coder_--help.golden index 4719ad49e894c..4641025353f28 100644 --- a/cli/testdata/coder_--help.golden +++ b/cli/testdata/coder_--help.golden @@ -53,38 +53,38 @@ coder v0.0.0-devel Global options are applied to all commands. They can be set using environment variables or flags. - --debug-options bool + --debug-options bool Print all options, how they're set, then exit. - --disable-direct-connections bool, $CODER_DISABLE_DIRECT_CONNECTIONS + --disable-direct-connections bool, $CODER_DISABLE_DIRECT_CONNECTIONS Disable direct (P2P) connections to workspaces. - --global-config string, $CODER_CONFIG_DIR (default: ~/.config/coderv2) + --global-config string, $CODER_CONFIG_DIR (default: ~/.config/coderv2) Path to the global `coder` config directory. - --header string-array, $CODER_HEADER + --header string-array, $CODER_HEADER Additional HTTP headers added to all requests. Provide as key=value. Can be specified multiple times. - --header-command string, $CODER_HEADER_COMMAND + --header-command string, $CODER_HEADER_COMMAND An external command that outputs additional HTTP headers added to all requests. The command must output each header as `key=value` on its own line. - --no-feature-warning bool, $CODER_NO_FEATURE_WARNING + --no-feature-warning bool, $CODER_NO_FEATURE_WARNING Suppress warnings about unlicensed features. - --no-version-warning bool, $CODER_NO_VERSION_WARNING + --no-version-warning bool, $CODER_NO_VERSION_WARNING Suppress warning when client and server versions do not match. - --token string, $CODER_SESSION_TOKEN + --token string, $CODER_SESSION_TOKEN Specify an authentication token. For security reasons setting CODER_SESSION_TOKEN is preferred. - --url url, $CODER_URL + --url url, $CODER_URL URL to a deployment. - -v, --verbose bool, $CODER_VERBOSE + -v, --verbose bool, $CODER_VERBOSE Enable verbose output. ——— diff --git a/cli/testdata/coder_agent_--help.golden b/cli/testdata/coder_agent_--help.golden index 41e98fbe29eaa..cea50fb598579 100644 --- a/cli/testdata/coder_agent_--help.golden +++ b/cli/testdata/coder_agent_--help.golden @@ -6,38 +6,38 @@ coder v0.0.0-devel Starts the Coder workspace agent. OPTIONS: - --log-human string, $CODER_AGENT_LOGGING_HUMAN (default: /dev/stderr) + --log-human string, $CODER_AGENT_LOGGING_HUMAN (default: /dev/stderr) Output human-readable logs to a given file. - --log-json string, $CODER_AGENT_LOGGING_JSON + --log-json string, $CODER_AGENT_LOGGING_JSON Output JSON logs to a given file. - --log-stackdriver string, $CODER_AGENT_LOGGING_STACKDRIVER + --log-stackdriver string, $CODER_AGENT_LOGGING_STACKDRIVER Output Stackdriver compatible logs to a given file. - --auth string, $CODER_AGENT_AUTH (default: token) + --auth string, $CODER_AGENT_AUTH (default: token) Specify the authentication type to use for the agent. - --debug-address string, $CODER_AGENT_DEBUG_ADDRESS (default: 127.0.0.1:2113) + --debug-address string, $CODER_AGENT_DEBUG_ADDRESS (default: 127.0.0.1:2113) The bind address to serve a debug HTTP server. - --log-dir string, $CODER_AGENT_LOG_DIR (default: /tmp) + --log-dir string, $CODER_AGENT_LOG_DIR (default: /tmp) Specify the location for the agent log files. - --no-reap bool + --no-reap bool Do not start a process reaper. - --pprof-address string, $CODER_AGENT_PPROF_ADDRESS (default: 127.0.0.1:6060) + --pprof-address string, $CODER_AGENT_PPROF_ADDRESS (default: 127.0.0.1:6060) The address to serve pprof. - --prometheus-address string, $CODER_AGENT_PROMETHEUS_ADDRESS (default: 127.0.0.1:2112) + --prometheus-address string, $CODER_AGENT_PROMETHEUS_ADDRESS (default: 127.0.0.1:2112) The bind address to serve Prometheus metrics. - --ssh-max-timeout duration, $CODER_AGENT_SSH_MAX_TIMEOUT (default: 72h) + --ssh-max-timeout duration, $CODER_AGENT_SSH_MAX_TIMEOUT (default: 72h) Specify the max timeout for a SSH connection, it is advisable to set it to a minimum of 60s, but no more than 72h. - --tailnet-listen-port int, $CODER_AGENT_TAILNET_LISTEN_PORT (default: 0) + --tailnet-listen-port int, $CODER_AGENT_TAILNET_LISTEN_PORT (default: 0) Specify a static port for Tailscale to use for listening. ——— diff --git a/cli/testdata/coder_config-ssh_--help.golden b/cli/testdata/coder_config-ssh_--help.golden index b3c0a1f5d46cd..ce103d4edb30c 100644 --- a/cli/testdata/coder_config-ssh_--help.golden +++ b/cli/testdata/coder_config-ssh_--help.golden @@ -16,39 +16,39 @@ coder v0.0.0-devel $ coder config-ssh --dry-run OPTIONS: - --coder-binary-path string, $CODER_SSH_CONFIG_BINARY_PATH + --coder-binary-path string, $CODER_SSH_CONFIG_BINARY_PATH Optionally specify the absolute path to the coder binary used in ProxyCommand. By default, the binary invoking this command ('config ssh') is used. - -n, --dry-run bool, $CODER_SSH_DRY_RUN + -n, --dry-run bool, $CODER_SSH_DRY_RUN Perform a trial run with no changes made, showing a diff at the end. - --force-unix-filepaths bool, $CODER_CONFIGSSH_UNIX_FILEPATHS + --force-unix-filepaths bool, $CODER_CONFIGSSH_UNIX_FILEPATHS By default, 'config-ssh' uses the os path separator when writing the ssh config. This might be an issue in Windows machine that use a unix-like shell. This flag forces the use of unix file paths (the forward slash '/'). - --ssh-config-file string, $CODER_SSH_CONFIG_FILE (default: ~/.ssh/config) + --ssh-config-file string, $CODER_SSH_CONFIG_FILE (default: ~/.ssh/config) Specifies the path to an SSH config. - --ssh-host-prefix string, $CODER_CONFIGSSH_SSH_HOST_PREFIX + --ssh-host-prefix string, $CODER_CONFIGSSH_SSH_HOST_PREFIX Override the default host prefix. - -o, --ssh-option string-array, $CODER_SSH_CONFIG_OPTS + -o, --ssh-option string-array, $CODER_SSH_CONFIG_OPTS Specifies additional SSH options to embed in each host stanza. - --use-previous-options bool, $CODER_SSH_USE_PREVIOUS_OPTIONS + --use-previous-options bool, $CODER_SSH_USE_PREVIOUS_OPTIONS Specifies whether or not to keep options from previous run of config-ssh. - --wait yes|no|auto, $CODER_CONFIGSSH_WAIT (default: auto) + --wait yes|no|auto, $CODER_CONFIGSSH_WAIT (default: auto) Specifies whether or not to wait for the startup script to finish executing. Auto means that the agent startup script behavior configured in the workspace template is used. - -y, --yes bool + -y, --yes bool Bypass prompts. ——— diff --git a/cli/testdata/coder_create_--help.golden b/cli/testdata/coder_create_--help.golden index e24e1b4a1214e..2a8abc3a3b44b 100644 --- a/cli/testdata/coder_create_--help.golden +++ b/cli/testdata/coder_create_--help.golden @@ -10,25 +10,25 @@ coder v0.0.0-devel $ coder create / OPTIONS: - --parameter string-array, $CODER_RICH_PARAMETER + --parameter string-array, $CODER_RICH_PARAMETER Rich parameter value in the format "name=value". - --rich-parameter-file string, $CODER_RICH_PARAMETER_FILE + --rich-parameter-file string, $CODER_RICH_PARAMETER_FILE Specify a file path with values for rich parameters defined in the template. - --start-at string, $CODER_WORKSPACE_START_AT + --start-at string, $CODER_WORKSPACE_START_AT Specify the workspace autostart schedule. Check coder schedule start --help for the syntax. - --stop-after duration, $CODER_WORKSPACE_STOP_AFTER + --stop-after duration, $CODER_WORKSPACE_STOP_AFTER Specify a duration after which the workspace should shut down (e.g. 8h). - -t, --template string, $CODER_TEMPLATE_NAME + -t, --template string, $CODER_TEMPLATE_NAME Specify a template name. - -y, --yes bool + -y, --yes bool Bypass prompts. ——— diff --git a/cli/testdata/coder_delete_--help.golden b/cli/testdata/coder_delete_--help.golden index 14e27bc9057d7..80429f60c61c8 100644 --- a/cli/testdata/coder_delete_--help.golden +++ b/cli/testdata/coder_delete_--help.golden @@ -8,12 +8,12 @@ coder v0.0.0-devel Aliases: rm OPTIONS: - --orphan bool + --orphan bool Delete a workspace without deleting its resources. This can delete a workspace in a broken state, but may also lead to unaccounted cloud resources. - -y, --yes bool + -y, --yes bool Bypass prompts. ——— diff --git a/cli/testdata/coder_dotfiles_--help.golden b/cli/testdata/coder_dotfiles_--help.golden index 14183a28d4e1a..c57a809812aa0 100644 --- a/cli/testdata/coder_dotfiles_--help.golden +++ b/cli/testdata/coder_dotfiles_--help.golden @@ -10,16 +10,16 @@ coder v0.0.0-devel $ coder dotfiles --yes git@github.com:example/dotfiles.git OPTIONS: - -b, --branch string + -b, --branch string Specifies which branch to clone. If empty, will default to cloning the default branch or using the existing branch in the cloned repo on disk. - --symlink-dir string, $CODER_SYMLINK_DIR + --symlink-dir string, $CODER_SYMLINK_DIR Specifies the directory for the dotfiles symlink destinations. If empty, will use $HOME. - -y, --yes bool + -y, --yes bool Bypass prompts. ——— diff --git a/cli/testdata/coder_list_--help.golden b/cli/testdata/coder_list_--help.golden index 6a5d49b86268e..21fbed73b2c7b 100644 --- a/cli/testdata/coder_list_--help.golden +++ b/cli/testdata/coder_list_--help.golden @@ -8,18 +8,18 @@ coder v0.0.0-devel Aliases: ls OPTIONS: - -a, --all bool + -a, --all bool Specifies whether all workspaces will be listed or not. - -c, --column string-array (default: workspace,template,status,healthy,last built,outdated,starts at,stops after) + -c, --column string-array (default: workspace,template,status,healthy,last built,outdated,starts at,stops after) Columns to display in table output. Available columns: workspace, template, status, healthy, last built, outdated, starts at, stops after, daily cost. - -o, --output string (default: table) + -o, --output string (default: table) Output format. Available formats: table, json. - --search string (default: owner:me) + --search string (default: owner:me) Search for a workspace with a query. ——— diff --git a/cli/testdata/coder_login_--help.golden b/cli/testdata/coder_login_--help.golden index e2d556960e152..19d9d39a529bc 100644 --- a/cli/testdata/coder_login_--help.golden +++ b/cli/testdata/coder_login_--help.golden @@ -6,23 +6,23 @@ coder v0.0.0-devel Authenticate with Coder deployment OPTIONS: - --first-user-email string, $CODER_FIRST_USER_EMAIL + --first-user-email string, $CODER_FIRST_USER_EMAIL Specifies an email address to use if creating the first user for the deployment. - --first-user-password string, $CODER_FIRST_USER_PASSWORD + --first-user-password string, $CODER_FIRST_USER_PASSWORD Specifies a password to use if creating the first user for the deployment. - --first-user-trial bool, $CODER_FIRST_USER_TRIAL + --first-user-trial bool, $CODER_FIRST_USER_TRIAL Specifies whether a trial license should be provisioned for the Coder deployment or not. - --first-user-username string, $CODER_FIRST_USER_USERNAME + --first-user-username string, $CODER_FIRST_USER_USERNAME Specifies a username to use if creating the first user for the deployment. - --use-token-as-session bool + --use-token-as-session bool By default, the CLI will generate a new session token when logging in. This flag will instead use the provided token as the session token. diff --git a/cli/testdata/coder_logout_--help.golden b/cli/testdata/coder_logout_--help.golden index 9326f47410901..f0f2b8384ce3e 100644 --- a/cli/testdata/coder_logout_--help.golden +++ b/cli/testdata/coder_logout_--help.golden @@ -6,7 +6,7 @@ coder v0.0.0-devel Unauthenticate your local session OPTIONS: - -y, --yes bool + -y, --yes bool Bypass prompts. ——— diff --git a/cli/testdata/coder_ping_--help.golden b/cli/testdata/coder_ping_--help.golden index 563f4cce6d362..b6080637c6155 100644 --- a/cli/testdata/coder_ping_--help.golden +++ b/cli/testdata/coder_ping_--help.golden @@ -6,13 +6,13 @@ coder v0.0.0-devel Ping a workspace OPTIONS: - -n, --num int (default: 10) + -n, --num int (default: 10) Specifies the number of pings to perform. - -t, --timeout duration (default: 5s) + -t, --timeout duration (default: 5s) Specifies how long to wait for a ping to complete. - --wait duration (default: 1s) + --wait duration (default: 1s) Specifies how long to wait between pings. ——— diff --git a/cli/testdata/coder_port-forward_--help.golden b/cli/testdata/coder_port-forward_--help.golden index baee18ca5220e..2bf5e1de10ed1 100644 --- a/cli/testdata/coder_port-forward_--help.golden +++ b/cli/testdata/coder_port-forward_--help.golden @@ -34,10 +34,10 @@ coder v0.0.0-devel $ coder port-forward --tcp 1.2.3.4:8080:8080 OPTIONS: - -p, --tcp string-array, $CODER_PORT_FORWARD_TCP + -p, --tcp string-array, $CODER_PORT_FORWARD_TCP Forward TCP port(s) from the workspace to the local machine. - --udp string-array, $CODER_PORT_FORWARD_UDP + --udp string-array, $CODER_PORT_FORWARD_UDP Forward UDP port(s) from the workspace to the local machine. The UDP connection has TCP-like semantics to support stateful UDP protocols. diff --git a/cli/testdata/coder_publickey_--help.golden b/cli/testdata/coder_publickey_--help.golden index 886540ca7cf12..6c70b2a5642cc 100644 --- a/cli/testdata/coder_publickey_--help.golden +++ b/cli/testdata/coder_publickey_--help.golden @@ -8,11 +8,11 @@ coder v0.0.0-devel Aliases: pubkey OPTIONS: - --reset bool + --reset bool Regenerate your public key. This will require updating the key on any services it's registered with. - -y, --yes bool + -y, --yes bool Bypass prompts. ——— diff --git a/cli/testdata/coder_rename_--help.golden b/cli/testdata/coder_rename_--help.golden index 2177c07fea699..e15f69a114e10 100644 --- a/cli/testdata/coder_rename_--help.golden +++ b/cli/testdata/coder_rename_--help.golden @@ -6,7 +6,7 @@ coder v0.0.0-devel Rename a workspace OPTIONS: - -y, --yes bool + -y, --yes bool Bypass prompts. ——— diff --git a/cli/testdata/coder_reset-password_--help.golden b/cli/testdata/coder_reset-password_--help.golden index e5bb70bd71d82..c2795e271fba9 100644 --- a/cli/testdata/coder_reset-password_--help.golden +++ b/cli/testdata/coder_reset-password_--help.golden @@ -6,7 +6,7 @@ coder v0.0.0-devel Directly connect to the database to reset a user's password OPTIONS: - --postgres-url string, $CODER_PG_CONNECTION_URL + --postgres-url string, $CODER_PG_CONNECTION_URL URL of a PostgreSQL database to connect to. ——— diff --git a/cli/testdata/coder_restart_--help.golden b/cli/testdata/coder_restart_--help.golden index 24d077aad3f2e..23954ede40bba 100644 --- a/cli/testdata/coder_restart_--help.golden +++ b/cli/testdata/coder_restart_--help.golden @@ -6,13 +6,13 @@ coder v0.0.0-devel Restart a workspace OPTIONS: - --build-option string-array, $CODER_BUILD_OPTION + --build-option string-array, $CODER_BUILD_OPTION Build option value in the format "name=value". - --build-options bool + --build-options bool Prompt for one-time build options defined with ephemeral parameters. - -y, --yes bool + -y, --yes bool Bypass prompts. ——— diff --git a/cli/testdata/coder_server_--help.golden b/cli/testdata/coder_server_--help.golden index fe4a98a24de3b..f5912c2fed42d 100644 --- a/cli/testdata/coder_server_--help.golden +++ b/cli/testdata/coder_server_--help.golden @@ -14,42 +14,42 @@ coder v0.0.0-devel PostgreSQL deployment. OPTIONS: - --cache-dir string, $CODER_CACHE_DIRECTORY (default: [cache dir]) + --cache-dir string, $CODER_CACHE_DIRECTORY (default: [cache dir]) The directory to cache temporary files. If unspecified and $CACHE_DIRECTORY is set, it will be used for compatibility with systemd. - --disable-owner-workspace-access bool, $CODER_DISABLE_OWNER_WORKSPACE_ACCESS + --disable-owner-workspace-access bool, $CODER_DISABLE_OWNER_WORKSPACE_ACCESS Remove the permission for the 'owner' role to have workspace execution on all workspaces. This prevents the 'owner' from ssh, apps, and terminal access based on the 'owner' role. They still have their user permissions to access their own workspaces. - --disable-path-apps bool, $CODER_DISABLE_PATH_APPS + --disable-path-apps bool, $CODER_DISABLE_PATH_APPS Disable workspace apps that are not served from subdomains. Path-based apps can make requests to the Coder API and pose a security risk when the workspace serves malicious JavaScript. This is recommended for security purposes if a --wildcard-access-url is configured. - --swagger-enable bool, $CODER_SWAGGER_ENABLE + --swagger-enable bool, $CODER_SWAGGER_ENABLE Expose the swagger endpoint via /swagger. - --experiments string-array, $CODER_EXPERIMENTS + --experiments string-array, $CODER_EXPERIMENTS Enable one or more experiments. These are not ready for production. Separate multiple experiments with commas, or enter '*' to opt-in to all available experiments. - --postgres-url string, $CODER_PG_CONNECTION_URL + --postgres-url string, $CODER_PG_CONNECTION_URL URL of a PostgreSQL database. If empty, PostgreSQL binaries will be downloaded from Maven (https://repo1.maven.org/maven2) and store all data in the config root. Access the built-in database with "coder server postgres-builtin-url". - --ssh-keygen-algorithm string, $CODER_SSH_KEYGEN_ALGORITHM (default: ed25519) + --ssh-keygen-algorithm string, $CODER_SSH_KEYGEN_ALGORITHM (default: ed25519) The algorithm to use for generating ssh keys. Accepted values are "ed25519", "ecdsa", or "rsa4096". - --update-check bool, $CODER_UPDATE_CHECK (default: false) + --update-check bool, $CODER_UPDATE_CHECK (default: false) Periodically check for new releases of Coder and inform the owner. The check is performed once per day. @@ -57,99 +57,99 @@ coder v0.0.0-devel These options change the behavior of how clients interact with the Coder. Clients include the coder cli, vs code extension, and the web UI. - --ssh-config-options string-array, $CODER_SSH_CONFIG_OPTIONS + --ssh-config-options string-array, $CODER_SSH_CONFIG_OPTIONS These SSH config options will override the default SSH config options. Provide options in "key=value" or "key value" format separated by commas.Using this incorrectly can break SSH to your deployment, use cautiously. - --ssh-hostname-prefix string, $CODER_SSH_HOSTNAME_PREFIX (default: coder.) + --ssh-hostname-prefix string, $CODER_SSH_HOSTNAME_PREFIX (default: coder.) The SSH deployment prefix is used in the Host of the ssh config. CONFIG OPTIONS: Use a YAML configuration file when your server launch become unwieldy. - -c, --config yaml-config-path, $CODER_CONFIG_PATH + -c, --config yaml-config-path, $CODER_CONFIG_PATH Specify a YAML file to load configuration from. - --write-config bool + --write-config bool Write out the current server config as YAML to stdout. INTROSPECTION / LOGGING OPTIONS: - --enable-terraform-debug-mode bool, $CODER_ENABLE_TERRAFORM_DEBUG_MODE (default: false) + --enable-terraform-debug-mode bool, $CODER_ENABLE_TERRAFORM_DEBUG_MODE (default: false) Allow administrators to enable Terraform debug output. - --log-human string, $CODER_LOGGING_HUMAN (default: /dev/stderr) + --log-human string, $CODER_LOGGING_HUMAN (default: /dev/stderr) Output human-readable logs to a given file. - --log-json string, $CODER_LOGGING_JSON + --log-json string, $CODER_LOGGING_JSON Output JSON logs to a given file. - -l, --log-filter string-array, $CODER_LOG_FILTER + -l, --log-filter string-array, $CODER_LOG_FILTER Filter debug logs by matching against a given regex. Use .* to match all debug logs. - --log-stackdriver string, $CODER_LOGGING_STACKDRIVER + --log-stackdriver string, $CODER_LOGGING_STACKDRIVER Output Stackdriver compatible logs to a given file. INTROSPECTION / PROMETHEUS OPTIONS: - --prometheus-address host:port, $CODER_PROMETHEUS_ADDRESS (default: 127.0.0.1:2112) + --prometheus-address host:port, $CODER_PROMETHEUS_ADDRESS (default: 127.0.0.1:2112) The bind address to serve prometheus metrics. - --prometheus-collect-agent-stats bool, $CODER_PROMETHEUS_COLLECT_AGENT_STATS + --prometheus-collect-agent-stats bool, $CODER_PROMETHEUS_COLLECT_AGENT_STATS Collect agent stats (may increase charges for metrics storage). - --prometheus-collect-db-metrics bool, $CODER_PROMETHEUS_COLLECT_DB_METRICS (default: false) + --prometheus-collect-db-metrics bool, $CODER_PROMETHEUS_COLLECT_DB_METRICS (default: false) Collect database metrics (may increase charges for metrics storage). - --prometheus-enable bool, $CODER_PROMETHEUS_ENABLE + --prometheus-enable bool, $CODER_PROMETHEUS_ENABLE Serve prometheus metrics on the address defined by prometheus address. INTROSPECTION / TRACING OPTIONS: - --trace-logs bool, $CODER_TRACE_LOGS + --trace-logs bool, $CODER_TRACE_LOGS Enables capturing of logs as events in traces. This is useful for debugging, but may result in a very large amount of events being sent to the tracing backend which may incur significant costs. - --trace bool, $CODER_TRACE_ENABLE + --trace bool, $CODER_TRACE_ENABLE Whether application tracing data is collected. It exports to a backend configured by environment variables. See: https://github.com/open-telemetry/opentelemetry-specification/blob/main/specification/protocol/exporter.md. - --trace-honeycomb-api-key string, $CODER_TRACE_HONEYCOMB_API_KEY + --trace-honeycomb-api-key string, $CODER_TRACE_HONEYCOMB_API_KEY Enables trace exporting to Honeycomb.io using the provided API Key. INTROSPECTION / PPROF OPTIONS: - --pprof-address host:port, $CODER_PPROF_ADDRESS (default: 127.0.0.1:6060) + --pprof-address host:port, $CODER_PPROF_ADDRESS (default: 127.0.0.1:6060) The bind address to serve pprof. - --pprof-enable bool, $CODER_PPROF_ENABLE + --pprof-enable bool, $CODER_PPROF_ENABLE Serve pprof metrics on the address defined by pprof address. NETWORKING OPTIONS: - --access-url url, $CODER_ACCESS_URL + --access-url url, $CODER_ACCESS_URL The URL that users will use to access the Coder deployment. - --docs-url url, $CODER_DOCS_URL + --docs-url url, $CODER_DOCS_URL Specifies the custom docs URL. - --proxy-trusted-headers string-array, $CODER_PROXY_TRUSTED_HEADERS + --proxy-trusted-headers string-array, $CODER_PROXY_TRUSTED_HEADERS Headers to trust for forwarding IP addresses. e.g. Cf-Connecting-Ip, True-Client-Ip, X-Forwarded-For. - --proxy-trusted-origins string-array, $CODER_PROXY_TRUSTED_ORIGINS + --proxy-trusted-origins string-array, $CODER_PROXY_TRUSTED_ORIGINS Origin addresses to respect "proxy-trusted-headers". e.g. 192.168.1.0/24. - --redirect-to-access-url bool, $CODER_REDIRECT_TO_ACCESS_URL + --redirect-to-access-url bool, $CODER_REDIRECT_TO_ACCESS_URL Specifies whether to redirect requests that do not match the access URL host. - --secure-auth-cookie bool, $CODER_SECURE_AUTH_COOKIE + --secure-auth-cookie bool, $CODER_SECURE_AUTH_COOKIE Controls if the 'Secure' property is set on browser session cookies. - --wildcard-access-url url, $CODER_WILDCARD_ACCESS_URL + --wildcard-access-url url, $CODER_WILDCARD_ACCESS_URL Specifies the wildcard hostname to use for workspace applications in the form "*.example.com". @@ -159,7 +159,7 @@ between workspaces and users are peer-to-peer. However, when Coder cannot establish a peer to peer connection, Coder uses a distributed relay network backed by Tailscale and WireGuard. - --block-direct-connections bool, $CODER_BLOCK_DIRECT + --block-direct-connections bool, $CODER_BLOCK_DIRECT Block peer-to-peer (aka. direct) workspace connections. All workspace connections from the CLI will be proxied through Coder (or custom configured DERP servers) and will never be peer-to-peer when enabled. @@ -167,28 +167,28 @@ backed by Tailscale and WireGuard. until they are restarted after this change has been made, but new connections will still be proxied regardless. - --derp-config-path string, $CODER_DERP_CONFIG_PATH + --derp-config-path string, $CODER_DERP_CONFIG_PATH Path to read a DERP mapping from. See: https://tailscale.com/kb/1118/custom-derp-servers/. - --derp-config-url string, $CODER_DERP_CONFIG_URL + --derp-config-url string, $CODER_DERP_CONFIG_URL URL to fetch a DERP mapping on startup. See: https://tailscale.com/kb/1118/custom-derp-servers/. - --derp-force-websockets bool, $CODER_DERP_FORCE_WEBSOCKETS + --derp-force-websockets bool, $CODER_DERP_FORCE_WEBSOCKETS Force clients and agents to always use WebSocket to connect to DERP relay servers. By default, DERP uses `Upgrade: derp`, which may cause issues with some reverse proxies. Clients may automatically fallback to WebSocket if they detect an issue with `Upgrade: derp`, but this does not work in all situations. - --derp-server-enable bool, $CODER_DERP_SERVER_ENABLE (default: true) + --derp-server-enable bool, $CODER_DERP_SERVER_ENABLE (default: true) Whether to enable or disable the embedded DERP relay server. - --derp-server-region-name string, $CODER_DERP_SERVER_REGION_NAME (default: Coder Embedded Relay) + --derp-server-region-name string, $CODER_DERP_SERVER_REGION_NAME (default: Coder Embedded Relay) Region name that for the embedded DERP server. - --derp-server-stun-addresses string-array, $CODER_DERP_SERVER_STUN_ADDRESSES (default: stun.l.google.com:19302,stun1.l.google.com:19302,stun2.l.google.com:19302,stun3.l.google.com:19302,stun4.l.google.com:19302) + --derp-server-stun-addresses string-array, $CODER_DERP_SERVER_STUN_ADDRESSES (default: stun.l.google.com:19302,stun1.l.google.com:19302,stun2.l.google.com:19302,stun3.l.google.com:19302,stun4.l.google.com:19302) Addresses for STUN servers to establish P2P connections. It's recommended to have at least two STUN servers to give users the best chance of connecting P2P to workspaces. Each STUN server will get it's @@ -196,7 +196,7 @@ backed by Tailscale and WireGuard. + 1`. Use special value 'disable' to turn off STUN completely. NETWORKING / HTTP OPTIONS: - --disable-password-auth bool, $CODER_DISABLE_PASSWORD_AUTH + --disable-password-auth bool, $CODER_DISABLE_PASSWORD_AUTH Disable password authentication. This is recommended for security purposes in production deployments that rely on an identity provider. Any user with the owner role will be able to sign in with their @@ -205,23 +205,23 @@ backed by Tailscale and WireGuard. create-admin` command to create a new admin user directly in the database. - --disable-session-expiry-refresh bool, $CODER_DISABLE_SESSION_EXPIRY_REFRESH + --disable-session-expiry-refresh bool, $CODER_DISABLE_SESSION_EXPIRY_REFRESH Disable automatic session expiry bumping due to activity. This forces all sessions to become invalid after the session expiry duration has been reached. - --http-address string, $CODER_HTTP_ADDRESS (default: 127.0.0.1:3000) + --http-address string, $CODER_HTTP_ADDRESS (default: 127.0.0.1:3000) HTTP bind address of the server. Unset to disable the HTTP endpoint. - --max-token-lifetime duration, $CODER_MAX_TOKEN_LIFETIME (default: 876600h0m0s) + --max-token-lifetime duration, $CODER_MAX_TOKEN_LIFETIME (default: 876600h0m0s) The maximum lifetime duration users can specify when creating an API token. - --proxy-health-interval duration, $CODER_PROXY_HEALTH_INTERVAL (default: 1m0s) + --proxy-health-interval duration, $CODER_PROXY_HEALTH_INTERVAL (default: 1m0s) The interval in which coderd should be checking the status of workspace proxies. - --session-duration duration, $CODER_SESSION_DURATION (default: 24h0m0s) + --session-duration duration, $CODER_SESSION_DURATION (default: 24h0m0s) The token expiry duration for browser sessions. Sessions may last longer if they are actively making requests, but this functionality can be disabled via --disable-session-expiry-refresh. @@ -231,178 +231,178 @@ Configure TLS / HTTPS for your Coder deployment. If you're running Coder behind a TLS-terminating reverse proxy or are accessing Coder over a secure link, you can safely ignore these settings. - --strict-transport-security int, $CODER_STRICT_TRANSPORT_SECURITY (default: 0) + --strict-transport-security int, $CODER_STRICT_TRANSPORT_SECURITY (default: 0) Controls if the 'Strict-Transport-Security' header is set on all static file responses. This header should only be set if the server is accessed via HTTPS. This value is the MaxAge in seconds of the header. - --strict-transport-security-options string-array, $CODER_STRICT_TRANSPORT_SECURITY_OPTIONS + --strict-transport-security-options string-array, $CODER_STRICT_TRANSPORT_SECURITY_OPTIONS Two optional fields can be set in the Strict-Transport-Security header; 'includeSubDomains' and 'preload'. The 'strict-transport-security' flag must be set to a non-zero value for these options to be used. - --tls-address host:port, $CODER_TLS_ADDRESS (default: 127.0.0.1:3443) + --tls-address host:port, $CODER_TLS_ADDRESS (default: 127.0.0.1:3443) HTTPS bind address of the server. - --tls-cert-file string-array, $CODER_TLS_CERT_FILE + --tls-cert-file string-array, $CODER_TLS_CERT_FILE Path to each certificate for TLS. It requires a PEM-encoded file. To configure the listener to use a CA certificate, concatenate the primary certificate and the CA certificate together. The primary certificate should appear first in the combined file. - --tls-client-auth string, $CODER_TLS_CLIENT_AUTH (default: none) + --tls-client-auth string, $CODER_TLS_CLIENT_AUTH (default: none) Policy the server will follow for TLS Client Authentication. Accepted values are "none", "request", "require-any", "verify-if-given", or "require-and-verify". - --tls-client-ca-file string, $CODER_TLS_CLIENT_CA_FILE + --tls-client-ca-file string, $CODER_TLS_CLIENT_CA_FILE PEM-encoded Certificate Authority file used for checking the authenticity of client. - --tls-client-cert-file string, $CODER_TLS_CLIENT_CERT_FILE + --tls-client-cert-file string, $CODER_TLS_CLIENT_CERT_FILE Path to certificate for client TLS authentication. It requires a PEM-encoded file. - --tls-client-key-file string, $CODER_TLS_CLIENT_KEY_FILE + --tls-client-key-file string, $CODER_TLS_CLIENT_KEY_FILE Path to key for client TLS authentication. It requires a PEM-encoded file. - --tls-enable bool, $CODER_TLS_ENABLE + --tls-enable bool, $CODER_TLS_ENABLE Whether TLS will be enabled. - --tls-key-file string-array, $CODER_TLS_KEY_FILE + --tls-key-file string-array, $CODER_TLS_KEY_FILE Paths to the private keys for each of the certificates. It requires a PEM-encoded file. - --tls-min-version string, $CODER_TLS_MIN_VERSION (default: tls12) + --tls-min-version string, $CODER_TLS_MIN_VERSION (default: tls12) Minimum supported version of TLS. Accepted values are "tls10", "tls11", "tls12" or "tls13". OAUTH2 / GITHUB OPTIONS: - --oauth2-github-allow-everyone bool, $CODER_OAUTH2_GITHUB_ALLOW_EVERYONE + --oauth2-github-allow-everyone bool, $CODER_OAUTH2_GITHUB_ALLOW_EVERYONE Allow all logins, setting this option means allowed orgs and teams must be empty. - --oauth2-github-allow-signups bool, $CODER_OAUTH2_GITHUB_ALLOW_SIGNUPS + --oauth2-github-allow-signups bool, $CODER_OAUTH2_GITHUB_ALLOW_SIGNUPS Whether new users can sign up with GitHub. - --oauth2-github-allowed-orgs string-array, $CODER_OAUTH2_GITHUB_ALLOWED_ORGS + --oauth2-github-allowed-orgs string-array, $CODER_OAUTH2_GITHUB_ALLOWED_ORGS Organizations the user must be a member of to Login with GitHub. - --oauth2-github-allowed-teams string-array, $CODER_OAUTH2_GITHUB_ALLOWED_TEAMS + --oauth2-github-allowed-teams string-array, $CODER_OAUTH2_GITHUB_ALLOWED_TEAMS Teams inside organizations the user must be a member of to Login with GitHub. Structured as: /. - --oauth2-github-client-id string, $CODER_OAUTH2_GITHUB_CLIENT_ID + --oauth2-github-client-id string, $CODER_OAUTH2_GITHUB_CLIENT_ID Client ID for Login with GitHub. - --oauth2-github-client-secret string, $CODER_OAUTH2_GITHUB_CLIENT_SECRET + --oauth2-github-client-secret string, $CODER_OAUTH2_GITHUB_CLIENT_SECRET Client secret for Login with GitHub. - --oauth2-github-enterprise-base-url string, $CODER_OAUTH2_GITHUB_ENTERPRISE_BASE_URL + --oauth2-github-enterprise-base-url string, $CODER_OAUTH2_GITHUB_ENTERPRISE_BASE_URL Base URL of a GitHub Enterprise deployment to use for Login with GitHub. OIDC OPTIONS: - --oidc-group-auto-create bool, $CODER_OIDC_GROUP_AUTO_CREATE (default: false) + --oidc-group-auto-create bool, $CODER_OIDC_GROUP_AUTO_CREATE (default: false) Automatically creates missing groups from a user's groups claim. - --oidc-allow-signups bool, $CODER_OIDC_ALLOW_SIGNUPS (default: true) + --oidc-allow-signups bool, $CODER_OIDC_ALLOW_SIGNUPS (default: true) Whether new users can sign up with OIDC. - --oidc-auth-url-params struct[map[string]string], $CODER_OIDC_AUTH_URL_PARAMS (default: {"access_type": "offline"}) + --oidc-auth-url-params struct[map[string]string], $CODER_OIDC_AUTH_URL_PARAMS (default: {"access_type": "offline"}) OIDC auth URL parameters to pass to the upstream provider. - --oidc-client-cert-file string, $CODER_OIDC_CLIENT_CERT_FILE + --oidc-client-cert-file string, $CODER_OIDC_CLIENT_CERT_FILE Pem encoded certificate file to use for oauth2 PKI/JWT authorization. The public certificate that accompanies oidc-client-key-file. A standard x509 certificate is expected. - --oidc-client-id string, $CODER_OIDC_CLIENT_ID + --oidc-client-id string, $CODER_OIDC_CLIENT_ID Client ID to use for Login with OIDC. - --oidc-client-key-file string, $CODER_OIDC_CLIENT_KEY_FILE + --oidc-client-key-file string, $CODER_OIDC_CLIENT_KEY_FILE Pem encoded RSA private key to use for oauth2 PKI/JWT authorization. This can be used instead of oidc-client-secret if your IDP supports it. - --oidc-client-secret string, $CODER_OIDC_CLIENT_SECRET + --oidc-client-secret string, $CODER_OIDC_CLIENT_SECRET Client secret to use for Login with OIDC. - --oidc-email-domain string-array, $CODER_OIDC_EMAIL_DOMAIN + --oidc-email-domain string-array, $CODER_OIDC_EMAIL_DOMAIN Email domains that clients logging in with OIDC must match. - --oidc-email-field string, $CODER_OIDC_EMAIL_FIELD (default: email) + --oidc-email-field string, $CODER_OIDC_EMAIL_FIELD (default: email) OIDC claim field to use as the email. - --oidc-group-field string, $CODER_OIDC_GROUP_FIELD + --oidc-group-field string, $CODER_OIDC_GROUP_FIELD This field must be set if using the group sync feature and the scope name is not 'groups'. Set to the claim to be used for groups. - --oidc-group-mapping struct[map[string]string], $CODER_OIDC_GROUP_MAPPING (default: {}) + --oidc-group-mapping struct[map[string]string], $CODER_OIDC_GROUP_MAPPING (default: {}) A map of OIDC group IDs and the group in Coder it should map to. This is useful for when OIDC providers only return group IDs. - --oidc-ignore-email-verified bool, $CODER_OIDC_IGNORE_EMAIL_VERIFIED + --oidc-ignore-email-verified bool, $CODER_OIDC_IGNORE_EMAIL_VERIFIED Ignore the email_verified claim from the upstream provider. - --oidc-ignore-userinfo bool, $CODER_OIDC_IGNORE_USERINFO (default: false) + --oidc-ignore-userinfo bool, $CODER_OIDC_IGNORE_USERINFO (default: false) Ignore the userinfo endpoint and only use the ID token for user information. - --oidc-issuer-url string, $CODER_OIDC_ISSUER_URL + --oidc-issuer-url string, $CODER_OIDC_ISSUER_URL Issuer URL to use for Login with OIDC. - --oidc-group-regex-filter regexp, $CODER_OIDC_GROUP_REGEX_FILTER (default: .*) + --oidc-group-regex-filter regexp, $CODER_OIDC_GROUP_REGEX_FILTER (default: .*) If provided any group name not matching the regex is ignored. This allows for filtering out groups that are not needed. This filter is applied after the group mapping. - --oidc-scopes string-array, $CODER_OIDC_SCOPES (default: openid,profile,email) + --oidc-scopes string-array, $CODER_OIDC_SCOPES (default: openid,profile,email) Scopes to grant when authenticating with OIDC. - --oidc-user-role-default string-array, $CODER_OIDC_USER_ROLE_DEFAULT + --oidc-user-role-default string-array, $CODER_OIDC_USER_ROLE_DEFAULT If user role sync is enabled, these roles are always included for all authenticated users. The 'member' role is always assigned. - --oidc-user-role-field string, $CODER_OIDC_USER_ROLE_FIELD + --oidc-user-role-field string, $CODER_OIDC_USER_ROLE_FIELD This field must be set if using the user roles sync feature. Set this to the name of the claim used to store the user's role. The roles should be sent as an array of strings. - --oidc-user-role-mapping struct[map[string][]string], $CODER_OIDC_USER_ROLE_MAPPING (default: {}) + --oidc-user-role-mapping struct[map[string][]string], $CODER_OIDC_USER_ROLE_MAPPING (default: {}) A map of the OIDC passed in user roles and the groups in Coder it should map to. This is useful if the group names do not match. If mapped to the empty string, the role will ignored. - --oidc-username-field string, $CODER_OIDC_USERNAME_FIELD (default: preferred_username) + --oidc-username-field string, $CODER_OIDC_USERNAME_FIELD (default: preferred_username) OIDC claim field to use as the username. - --oidc-sign-in-text string, $CODER_OIDC_SIGN_IN_TEXT (default: OpenID Connect) + --oidc-sign-in-text string, $CODER_OIDC_SIGN_IN_TEXT (default: OpenID Connect) The text to show on the OpenID Connect sign in button. - --oidc-icon-url url, $CODER_OIDC_ICON_URL + --oidc-icon-url url, $CODER_OIDC_ICON_URL URL pointing to the icon to use on the OpenID Connect login button. PROVISIONING OPTIONS: Tune the behavior of the provisioner, which is responsible for creating, updating, and deleting workspace resources. - --provisioner-force-cancel-interval duration, $CODER_PROVISIONER_FORCE_CANCEL_INTERVAL (default: 10m0s) + --provisioner-force-cancel-interval duration, $CODER_PROVISIONER_FORCE_CANCEL_INTERVAL (default: 10m0s) Time to force cancel provisioning tasks that are stuck. - --provisioner-daemon-poll-interval duration, $CODER_PROVISIONER_DAEMON_POLL_INTERVAL (default: 1s) + --provisioner-daemon-poll-interval duration, $CODER_PROVISIONER_DAEMON_POLL_INTERVAL (default: 1s) Time to wait before polling for a new job. - --provisioner-daemon-poll-jitter duration, $CODER_PROVISIONER_DAEMON_POLL_JITTER (default: 100ms) + --provisioner-daemon-poll-jitter duration, $CODER_PROVISIONER_DAEMON_POLL_JITTER (default: 100ms) Random jitter added to the poll interval. - --provisioner-daemon-psk string, $CODER_PROVISIONER_DAEMON_PSK + --provisioner-daemon-psk string, $CODER_PROVISIONER_DAEMON_PSK Pre-shared key to authenticate external provisioner daemons to Coder server. - --provisioner-daemons int, $CODER_PROVISIONER_DAEMONS (default: 3) + --provisioner-daemons int, $CODER_PROVISIONER_DAEMONS (default: 3) Number of provisioner daemons to create on start. If builds are stuck in queued state for a long time, consider increasing this. @@ -411,11 +411,11 @@ Telemetry is critical to our ability to improve Coder. We strip all personalinformation before sending data to our servers. Please only disable telemetrywhen required by your organization's security policy. - --telemetry bool, $CODER_TELEMETRY_ENABLE (default: false) + --telemetry bool, $CODER_TELEMETRY_ENABLE (default: false) Whether telemetry is enabled or not. Coder collects anonymized usage data to help improve our product. - --telemetry-trace bool, $CODER_TELEMETRY_TRACE (default: false) + --telemetry-trace bool, $CODER_TELEMETRY_TRACE (default: false) Whether Opentelemetry traces are sent to Coder. Coder collects anonymized application tracing to help improve our product. Disabling telemetry also disables this option. @@ -424,7 +424,7 @@ telemetrywhen required by your organization's security policy. Allow users to set quiet hours schedules each day for workspaces to avoid workspaces stopping during the day due to template max TTL. - --default-quiet-hours-schedule string, $CODER_QUIET_HOURS_DEFAULT_SCHEDULE + --default-quiet-hours-schedule string, $CODER_QUIET_HOURS_DEFAULT_SCHEDULE The default daily cron schedule applied to users that haven't set a custom quiet hours schedule themselves. The quiet hours schedule determines when workspaces will be force stopped due to the template's @@ -435,7 +435,7 @@ workspaces stopping during the day due to template max TTL. are not supported). ⚠️ DANGEROUS OPTIONS: - --dangerous-allow-path-app-sharing bool, $CODER_DANGEROUS_ALLOW_PATH_APP_SHARING + --dangerous-allow-path-app-sharing bool, $CODER_DANGEROUS_ALLOW_PATH_APP_SHARING Allow workspace apps that are not served from subdomains to be shared. Path-based app sharing is DISABLED by default for security purposes. Path-based apps can make requests to the Coder API and pose a security @@ -443,7 +443,7 @@ workspaces stopping during the day due to template max TTL. can be disabled entirely with --disable-path-apps for further security. - --dangerous-allow-path-app-site-owner-access bool, $CODER_DANGEROUS_ALLOW_PATH_APP_SITE_OWNER_ACCESS + --dangerous-allow-path-app-site-owner-access bool, $CODER_DANGEROUS_ALLOW_PATH_APP_SITE_OWNER_ACCESS Allow site-owners to access workspace apps from workspaces they do not own. Owners cannot access path-based apps they do not own by default. Path-based apps can make requests to the Coder API and pose a security @@ -454,14 +454,14 @@ workspaces stopping during the day due to template max TTL. ENTERPRISE OPTIONS: These options are only available in the Enterprise Edition. - --browser-only bool, $CODER_BROWSER_ONLY + --browser-only bool, $CODER_BROWSER_ONLY Whether Coder only allows connections to workspaces via the browser. - --derp-server-relay-url url, $CODER_DERP_SERVER_RELAY_URL + --derp-server-relay-url url, $CODER_DERP_SERVER_RELAY_URL An HTTP URL that is accessible by other replicas to relay DERP traffic. Required for high availability. - --external-token-encryption-keys string-array, $CODER_EXTERNAL_TOKEN_ENCRYPTION_KEYS + --external-token-encryption-keys string-array, $CODER_EXTERNAL_TOKEN_ENCRYPTION_KEYS Encrypt OIDC and Git authentication tokens with AES-256-GCM in the database. The value must be a comma-separated list of base64-encoded keys. Each key, when base64-decoded, must be exactly 32 bytes in @@ -471,7 +471,7 @@ These options are only available in the Enterprise Edition. process of rotating keys with the `coder server dbcrypt rotate` command. - --scim-auth-header string, $CODER_SCIM_AUTH_HEADER + --scim-auth-header string, $CODER_SCIM_AUTH_HEADER Enables SCIM and sets the authentication header for the built-in SCIM server. New users are automatically created with OIDC authentication. diff --git a/cli/testdata/coder_server_create-admin-user_--help.golden b/cli/testdata/coder_server_create-admin-user_--help.golden index d59e78686a658..eacfd304bb266 100644 --- a/cli/testdata/coder_server_create-admin-user_--help.golden +++ b/cli/testdata/coder_server_create-admin-user_--help.golden @@ -7,27 +7,27 @@ coder v0.0.0-devel it to every organization. OPTIONS: - --email string, $CODER_EMAIL + --email string, $CODER_EMAIL The email of the new user. If not specified, you will be prompted via stdin. - --password string, $CODER_PASSWORD + --password string, $CODER_PASSWORD The password of the new user. If not specified, you will be prompted via stdin. - --postgres-url string, $CODER_PG_CONNECTION_URL + --postgres-url string, $CODER_PG_CONNECTION_URL URL of a PostgreSQL database. If empty, the built-in PostgreSQL deployment will be used (Coder must not be already running in this case). - --raw-url bool + --raw-url bool Output the raw connection URL instead of a psql command. - --ssh-keygen-algorithm string, $CODER_SSH_KEYGEN_ALGORITHM (default: ed25519) + --ssh-keygen-algorithm string, $CODER_SSH_KEYGEN_ALGORITHM (default: ed25519) The algorithm to use for generating ssh keys. Accepted values are "ed25519", "ecdsa", or "rsa4096". - --username string, $CODER_USERNAME + --username string, $CODER_USERNAME The username of the new user. If not specified, you will be prompted via stdin. diff --git a/cli/testdata/coder_server_postgres-builtin-serve_--help.golden b/cli/testdata/coder_server_postgres-builtin-serve_--help.golden index 5635a1be9c822..fe970ad4e4e1c 100644 --- a/cli/testdata/coder_server_postgres-builtin-serve_--help.golden +++ b/cli/testdata/coder_server_postgres-builtin-serve_--help.golden @@ -6,7 +6,7 @@ coder v0.0.0-devel Run the built-in PostgreSQL deployment. OPTIONS: - --raw-url bool + --raw-url bool Output the raw connection URL instead of a psql command. ——— diff --git a/cli/testdata/coder_server_postgres-builtin-url_--help.golden b/cli/testdata/coder_server_postgres-builtin-url_--help.golden index 047e265aea7f4..51c0eed0bad6e 100644 --- a/cli/testdata/coder_server_postgres-builtin-url_--help.golden +++ b/cli/testdata/coder_server_postgres-builtin-url_--help.golden @@ -6,7 +6,7 @@ coder v0.0.0-devel Output the connection URL for the built-in PostgreSQL deployment. OPTIONS: - --raw-url bool + --raw-url bool Output the raw connection URL instead of a psql command. ——— diff --git a/cli/testdata/coder_speedtest_--help.golden b/cli/testdata/coder_speedtest_--help.golden index 2e5a004f98c9a..1a70bebf65143 100644 --- a/cli/testdata/coder_speedtest_--help.golden +++ b/cli/testdata/coder_speedtest_--help.golden @@ -6,15 +6,15 @@ coder v0.0.0-devel Run upload and download tests from your machine to a workspace OPTIONS: - -d, --direct bool + -d, --direct bool Specifies whether to wait for a direct connection before testing speed. - --direction up|down (default: down) + --direction up|down (default: down) Specifies whether to run in reverse mode where the client receives and the server sends. - -t, --time duration (default: 5s) + -t, --time duration (default: 5s) Specifies the duration to monitor traffic. ——— diff --git a/cli/testdata/coder_ssh_--help.golden b/cli/testdata/coder_ssh_--help.golden index 3c1b53394ccd9..d0351d2e3f207 100644 --- a/cli/testdata/coder_ssh_--help.golden +++ b/cli/testdata/coder_ssh_--help.golden @@ -6,42 +6,42 @@ coder v0.0.0-devel Start a shell into a workspace OPTIONS: - -A, --forward-agent bool, $CODER_SSH_FORWARD_AGENT + -A, --forward-agent bool, $CODER_SSH_FORWARD_AGENT Specifies whether to forward the SSH agent specified in $SSH_AUTH_SOCK. - -G, --forward-gpg bool, $CODER_SSH_FORWARD_GPG + -G, --forward-gpg bool, $CODER_SSH_FORWARD_GPG Specifies whether to forward the GPG agent. Unsupported on Windows workspaces, but supports all clients. Requires gnupg (gpg, gpgconf) on both the client and workspace. The GPG agent must already be running locally and will not be started for you. If a GPG agent is already running in the workspace, it will be attempted to be killed. - --identity-agent string, $CODER_SSH_IDENTITY_AGENT + --identity-agent string, $CODER_SSH_IDENTITY_AGENT Specifies which identity agent to use (overrides $SSH_AUTH_SOCK), forward agent must also be enabled. - -l, --log-dir string, $CODER_SSH_LOG_DIR + -l, --log-dir string, $CODER_SSH_LOG_DIR Specify the directory containing SSH diagnostic log files. - --no-wait bool, $CODER_SSH_NO_WAIT + --no-wait bool, $CODER_SSH_NO_WAIT Enter workspace immediately after the agent has connected. This is the default if the template has configured the agent startup script behavior as non-blocking. DEPRECATED: Use --wait instead. - -R, --remote-forward string, $CODER_SSH_REMOTE_FORWARD + -R, --remote-forward string, $CODER_SSH_REMOTE_FORWARD Enable remote port forwarding (remote_port:local_address:local_port). - --stdio bool, $CODER_SSH_STDIO + --stdio bool, $CODER_SSH_STDIO Specifies whether to emit SSH output over stdin/stdout. - --wait yes|no|auto, $CODER_SSH_WAIT (default: auto) + --wait yes|no|auto, $CODER_SSH_WAIT (default: auto) Specifies whether or not to wait for the startup script to finish executing. Auto means that the agent startup script behavior configured in the workspace template is used. - --workspace-poll-interval duration, $CODER_WORKSPACE_POLL_INTERVAL (default: 1m) + --workspace-poll-interval duration, $CODER_WORKSPACE_POLL_INTERVAL (default: 1m) Specifies how often to poll for workspace automated shutdown. ——— diff --git a/cli/testdata/coder_start_--help.golden b/cli/testdata/coder_start_--help.golden index f53d389fd82a1..cc9a22f099268 100644 --- a/cli/testdata/coder_start_--help.golden +++ b/cli/testdata/coder_start_--help.golden @@ -6,13 +6,13 @@ coder v0.0.0-devel Start a workspace OPTIONS: - --build-option string-array, $CODER_BUILD_OPTION + --build-option string-array, $CODER_BUILD_OPTION Build option value in the format "name=value". - --build-options bool + --build-options bool Prompt for one-time build options defined with ephemeral parameters. - -y, --yes bool + -y, --yes bool Bypass prompts. ——— diff --git a/cli/testdata/coder_stat_--help.golden b/cli/testdata/coder_stat_--help.golden index 6169c5e543c1c..7a2c2a74360ac 100644 --- a/cli/testdata/coder_stat_--help.golden +++ b/cli/testdata/coder_stat_--help.golden @@ -11,11 +11,11 @@ coder v0.0.0-devel mem Show memory usage, in gigabytes. OPTIONS: - -c, --column string-array (default: host_cpu,host_memory,home_disk,container_cpu,container_memory) + -c, --column string-array (default: host_cpu,host_memory,home_disk,container_cpu,container_memory) Columns to display in table output. Available columns: host cpu, host memory, home disk, container cpu, container memory. - -o, --output string (default: table) + -o, --output string (default: table) Output format. Available formats: table, json. ——— diff --git a/cli/testdata/coder_stat_cpu_--help.golden b/cli/testdata/coder_stat_cpu_--help.golden index 231e735c63dfc..368c868344a9c 100644 --- a/cli/testdata/coder_stat_cpu_--help.golden +++ b/cli/testdata/coder_stat_cpu_--help.golden @@ -6,10 +6,10 @@ coder v0.0.0-devel Show CPU usage, in cores. OPTIONS: - --host bool + --host bool Force host CPU measurement. - -o, --output string (default: text) + -o, --output string (default: text) Output format. Available formats: text, json. ——— diff --git a/cli/testdata/coder_stat_disk_--help.golden b/cli/testdata/coder_stat_disk_--help.golden index f8c290bb6f47f..c748a5b55ea73 100644 --- a/cli/testdata/coder_stat_disk_--help.golden +++ b/cli/testdata/coder_stat_disk_--help.golden @@ -6,13 +6,13 @@ coder v0.0.0-devel Show disk usage, in gigabytes. OPTIONS: - -o, --output string (default: text) + -o, --output string (default: text) Output format. Available formats: text, json. - --path string (default: /) + --path string (default: /) Path for which to check disk usage. - --prefix Ki|Mi|Gi|Ti (default: Gi) + --prefix Ki|Mi|Gi|Ti (default: Gi) SI Prefix for disk measurement. ——— diff --git a/cli/testdata/coder_stat_mem_--help.golden b/cli/testdata/coder_stat_mem_--help.golden index d30c83cbab15b..7e07be34fa8fe 100644 --- a/cli/testdata/coder_stat_mem_--help.golden +++ b/cli/testdata/coder_stat_mem_--help.golden @@ -6,13 +6,13 @@ coder v0.0.0-devel Show memory usage, in gigabytes. OPTIONS: - --host bool + --host bool Force host memory measurement. - -o, --output string (default: text) + -o, --output string (default: text) Output format. Available formats: text, json. - --prefix Ki|Mi|Gi|Ti (default: Gi) + --prefix Ki|Mi|Gi|Ti (default: Gi) SI Prefix for memory measurement. ——— diff --git a/cli/testdata/coder_state_pull_--help.golden b/cli/testdata/coder_state_pull_--help.golden index e9137073a043e..402ca19346e2d 100644 --- a/cli/testdata/coder_state_pull_--help.golden +++ b/cli/testdata/coder_state_pull_--help.golden @@ -6,7 +6,7 @@ coder v0.0.0-devel Pull a Terraform state file from a workspace. OPTIONS: - -b, --build int + -b, --build int Specify a workspace build to target by name. Defaults to latest. ——— diff --git a/cli/testdata/coder_state_push_--help.golden b/cli/testdata/coder_state_push_--help.golden index 1271f8094728b..9e97ef4603d34 100644 --- a/cli/testdata/coder_state_push_--help.golden +++ b/cli/testdata/coder_state_push_--help.golden @@ -6,7 +6,7 @@ coder v0.0.0-devel Push a Terraform state file to a workspace. OPTIONS: - -b, --build int + -b, --build int Specify a workspace build to target by name. Defaults to latest. ——— diff --git a/cli/testdata/coder_stop_--help.golden b/cli/testdata/coder_stop_--help.golden index 9dbd992e37f5e..c38fcb2fb87b5 100644 --- a/cli/testdata/coder_stop_--help.golden +++ b/cli/testdata/coder_stop_--help.golden @@ -6,7 +6,7 @@ coder v0.0.0-devel Stop a workspace OPTIONS: - -y, --yes bool + -y, --yes bool Bypass prompts. ——— diff --git a/cli/testdata/coder_templates_create_--help.golden b/cli/testdata/coder_templates_create_--help.golden index e563e6324070b..04da3c19a074b 100644 --- a/cli/testdata/coder_templates_create_--help.golden +++ b/cli/testdata/coder_templates_create_--help.golden @@ -6,59 +6,59 @@ coder v0.0.0-devel Create a template from the current directory or as specified by flag OPTIONS: - --default-ttl duration (default: 24h) + --default-ttl duration (default: 24h) Specify a default TTL for workspaces created from this template. It is the default time before shutdown - workspaces created from this template default to this value. Maps to "Default autostop" in the UI. - -d, --directory string (default: .) + -d, --directory string (default: .) Specify the directory to create from, use '-' to read tar from stdin. - --failure-ttl duration (default: 0h) + --failure-ttl duration (default: 0h) Specify a failure TTL for workspaces created from this template. It is the amount of time after a failed "start" build before coder automatically schedules a "stop" build to cleanup.This licensed feature's default is 0h (off). Maps to "Failure cleanup"in the UI. - --ignore-lockfile bool (default: false) + --ignore-lockfile bool (default: false) Ignore warnings about not having a .terraform.lock.hcl file present in the template. - --inactivity-ttl duration (default: 0h) + --inactivity-ttl duration (default: 0h) Specify an inactivity TTL for workspaces created from this template. It is the amount of time the workspace is not used before it is be stopped and auto-locked. This includes across multiple builds (e.g. auto-starts and stops). This licensed feature's default is 0h (off). Maps to "Dormancy threshold" in the UI. - --max-ttl duration + --max-ttl duration Edit the template maximum time before shutdown - workspaces created from this template must shutdown within the given duration after starting. This is an enterprise-only feature. - -m, --message string + -m, --message string Specify a message describing the changes in this version of the template. Messages longer than 72 characters will be displayed as truncated. - --private bool + --private bool Disable the default behavior of granting template access to the 'everyone' group. The template permissions must be updated to allow non-admin users to use this template. - --provisioner-tag string-array + --provisioner-tag string-array Specify a set of tags to target provisioner daemons. - --var string-array + --var string-array Alias of --variable. - --variable string-array + --variable string-array Specify a set of values for Terraform-managed variables. - --variables-file string + --variables-file string Specify a file path with values for Terraform-managed variables. - -y, --yes bool + -y, --yes bool Bypass prompts. ——— diff --git a/cli/testdata/coder_templates_delete_--help.golden b/cli/testdata/coder_templates_delete_--help.golden index fe282c168363e..99242a5a384c5 100644 --- a/cli/testdata/coder_templates_delete_--help.golden +++ b/cli/testdata/coder_templates_delete_--help.golden @@ -8,7 +8,7 @@ coder v0.0.0-devel Aliases: rm OPTIONS: - -y, --yes bool + -y, --yes bool Bypass prompts. ——— diff --git a/cli/testdata/coder_templates_edit_--help.golden b/cli/testdata/coder_templates_edit_--help.golden index 951615ff96040..1296fd608fb61 100644 --- a/cli/testdata/coder_templates_edit_--help.golden +++ b/cli/testdata/coder_templates_edit_--help.golden @@ -6,54 +6,54 @@ coder v0.0.0-devel Edit the metadata of a template by name. OPTIONS: - --allow-user-autostart bool (default: true) + --allow-user-autostart bool (default: true) Allow users to configure autostart for workspaces on this template. This can only be disabled in enterprise. - --allow-user-autostop bool (default: true) + --allow-user-autostop bool (default: true) Allow users to customize the autostop TTL for workspaces on this template. This can only be disabled in enterprise. - --allow-user-cancel-workspace-jobs bool (default: true) + --allow-user-cancel-workspace-jobs bool (default: true) Allow users to cancel in-progress workspace jobs. - --default-ttl duration + --default-ttl duration Edit the template default time before shutdown - workspaces created from this template default to this value. Maps to "Default autostop" in the UI. - --description string + --description string Edit the template description. - --display-name string + --display-name string Edit the template display name. - --failure-ttl duration (default: 0h) + --failure-ttl duration (default: 0h) Specify a failure TTL for workspaces created from this template. It is the amount of time after a failed "start" build before coder automatically schedules a "stop" build to cleanup.This licensed feature's default is 0h (off). Maps to "Failure cleanup" in the UI. - --icon string + --icon string Edit the template icon path. - --inactivity-ttl duration (default: 0h) + --inactivity-ttl duration (default: 0h) Specify an inactivity TTL for workspaces created from this template. It is the amount of time the workspace is not used before it is be stopped and auto-locked. This includes across multiple builds (e.g. auto-starts and stops). This licensed feature's default is 0h (off). Maps to "Dormancy threshold" in the UI. - --max-ttl duration + --max-ttl duration Edit the template maximum time before shutdown - workspaces created from this template must shutdown within the given duration after starting, regardless of user activity. This is an enterprise-only feature. Maps to "Max lifetime" in the UI. - --name string + --name string Edit the template name. - -y, --yes bool + -y, --yes bool Bypass prompts. ——— diff --git a/cli/testdata/coder_templates_init_--help.golden b/cli/testdata/coder_templates_init_--help.golden index d98c8a129bb59..de6c26b215d03 100644 --- a/cli/testdata/coder_templates_init_--help.golden +++ b/cli/testdata/coder_templates_init_--help.golden @@ -6,7 +6,7 @@ coder v0.0.0-devel Get started with a templated template. OPTIONS: - --id aws-ecs-container|aws-linux|aws-windows|azure-linux|do-linux|docker|docker-with-dotfiles|fly-docker-image|gcp-linux|gcp-vm-container|gcp-windows|kubernetes + --id aws-ecs-container|aws-linux|aws-windows|azure-linux|do-linux|docker|docker-with-dotfiles|fly-docker-image|gcp-linux|gcp-vm-container|gcp-windows|kubernetes Specify a given example template by ID. ——— diff --git a/cli/testdata/coder_templates_list_--help.golden b/cli/testdata/coder_templates_list_--help.golden index 0e66f3249b741..8603353ebf805 100644 --- a/cli/testdata/coder_templates_list_--help.golden +++ b/cli/testdata/coder_templates_list_--help.golden @@ -8,12 +8,12 @@ coder v0.0.0-devel Aliases: ls OPTIONS: - -c, --column string-array (default: name,last updated,used by) + -c, --column string-array (default: name,last updated,used by) Columns to display in table output. Available columns: name, created at, last updated, organization id, provisioner, active version id, used by, default ttl. - -o, --output string (default: table) + -o, --output string (default: table) Output format. Available formats: table, json. ——— diff --git a/cli/testdata/coder_templates_pull_--help.golden b/cli/testdata/coder_templates_pull_--help.golden index 0080a4752434c..bb414201747a3 100644 --- a/cli/testdata/coder_templates_pull_--help.golden +++ b/cli/testdata/coder_templates_pull_--help.golden @@ -6,10 +6,10 @@ coder v0.0.0-devel Download the latest version of a template to a path. OPTIONS: - --tar bool + --tar bool Output the template as a tar archive to stdout. - -y, --yes bool + -y, --yes bool Bypass prompts. ——— diff --git a/cli/testdata/coder_templates_push_--help.golden b/cli/testdata/coder_templates_push_--help.golden index 0157e3dcd285a..da3feb7511ef1 100644 --- a/cli/testdata/coder_templates_push_--help.golden +++ b/cli/testdata/coder_templates_push_--help.golden @@ -6,45 +6,45 @@ coder v0.0.0-devel Push a new template version from the current directory or as specified by flag OPTIONS: - --activate bool (default: true) + --activate bool (default: true) Whether the new template will be marked active. - --always-prompt bool + --always-prompt bool Always prompt all parameters. Does not pull parameter values from active template version. - --create bool (default: false) + --create bool (default: false) Create the template if it does not exist. - -d, --directory string (default: .) + -d, --directory string (default: .) Specify the directory to create from, use '-' to read tar from stdin. - --ignore-lockfile bool (default: false) + --ignore-lockfile bool (default: false) Ignore warnings about not having a .terraform.lock.hcl file present in the template. - -m, --message string + -m, --message string Specify a message describing the changes in this version of the template. Messages longer than 72 characters will be displayed as truncated. - --name string + --name string Specify a name for the new template version. It will be automatically generated if not provided. - --provisioner-tag string-array + --provisioner-tag string-array Specify a set of tags to target provisioner daemons. - --var string-array + --var string-array Alias of --variable. - --variable string-array + --variable string-array Specify a set of values for Terraform-managed variables. - --variables-file string + --variables-file string Specify a file path with values for Terraform-managed variables. - -y, --yes bool + -y, --yes bool Bypass prompts. ——— diff --git a/cli/testdata/coder_templates_versions_list_--help.golden b/cli/testdata/coder_templates_versions_list_--help.golden index 7c78c39d81a22..c0de8d01e2849 100644 --- a/cli/testdata/coder_templates_versions_list_--help.golden +++ b/cli/testdata/coder_templates_versions_list_--help.golden @@ -6,11 +6,11 @@ coder v0.0.0-devel List all the versions of the specified template OPTIONS: - -c, --column string-array (default: name,created at,created by,status,active) + -c, --column string-array (default: name,created at,created by,status,active) Columns to display in table output. Available columns: name, created at, created by, status, active. - -o, --output string (default: table) + -o, --output string (default: table) Output format. Available formats: table, json. ——— diff --git a/cli/testdata/coder_tokens_create_--help.golden b/cli/testdata/coder_tokens_create_--help.golden index f4d3df7349a12..9ade6765f5499 100644 --- a/cli/testdata/coder_tokens_create_--help.golden +++ b/cli/testdata/coder_tokens_create_--help.golden @@ -6,10 +6,10 @@ coder v0.0.0-devel Create a token OPTIONS: - --lifetime duration, $CODER_TOKEN_LIFETIME (default: 720h0m0s) + --lifetime duration, $CODER_TOKEN_LIFETIME (default: 720h0m0s) Specify a duration for the lifetime of the token. - -n, --name string, $CODER_TOKEN_NAME + -n, --name string, $CODER_TOKEN_NAME Specify a human-readable name. ——— diff --git a/cli/testdata/coder_tokens_list_--help.golden b/cli/testdata/coder_tokens_list_--help.golden index d64df427fac05..929e435c16d61 100644 --- a/cli/testdata/coder_tokens_list_--help.golden +++ b/cli/testdata/coder_tokens_list_--help.golden @@ -8,15 +8,15 @@ coder v0.0.0-devel Aliases: ls OPTIONS: - -a, --all bool + -a, --all bool Specifies whether all users' tokens will be listed or not (must have Owner role to see all tokens). - -c, --column string-array (default: id,name,last used,expires at,created at) + -c, --column string-array (default: id,name,last used,expires at,created at) Columns to display in table output. Available columns: id, name, last used, expires at, created at, owner. - -o, --output string (default: table) + -o, --output string (default: table) Output format. Available formats: table, json. ——— diff --git a/cli/testdata/coder_update_--help.golden b/cli/testdata/coder_update_--help.golden index 9ca607f94edaf..3a5660faaecd4 100644 --- a/cli/testdata/coder_update_--help.golden +++ b/cli/testdata/coder_update_--help.golden @@ -8,20 +8,20 @@ coder v0.0.0-devel Use --always-prompt to change the parameter values of the workspace. OPTIONS: - --always-prompt bool + --always-prompt bool Always prompt all parameters. Does not pull parameter values from existing workspace. - --build-option string-array, $CODER_BUILD_OPTION + --build-option string-array, $CODER_BUILD_OPTION Build option value in the format "name=value". - --build-options bool + --build-options bool Prompt for one-time build options defined with ephemeral parameters. - --parameter string-array, $CODER_RICH_PARAMETER + --parameter string-array, $CODER_RICH_PARAMETER Rich parameter value in the format "name=value". - --rich-parameter-file string, $CODER_RICH_PARAMETER_FILE + --rich-parameter-file string, $CODER_RICH_PARAMETER_FILE Specify a file path with values for rich parameters defined in the template. diff --git a/cli/testdata/coder_users_activate_--help.golden b/cli/testdata/coder_users_activate_--help.golden index 18fbf5ee645f6..c44e009f0a8bb 100644 --- a/cli/testdata/coder_users_activate_--help.golden +++ b/cli/testdata/coder_users_activate_--help.golden @@ -11,7 +11,7 @@ coder v0.0.0-devel $ coder users activate example_user OPTIONS: - -c, --column string-array (default: username,email,created_at,status) + -c, --column string-array (default: username,email,created_at,status) Specify a column to filter in the table. ——— diff --git a/cli/testdata/coder_users_create_--help.golden b/cli/testdata/coder_users_create_--help.golden index e11f52cf551c0..8d6d4dba7c1c0 100644 --- a/cli/testdata/coder_users_create_--help.golden +++ b/cli/testdata/coder_users_create_--help.golden @@ -4,19 +4,19 @@ coder v0.0.0-devel coder users create [flags] OPTIONS: - -e, --email string + -e, --email string Specifies an email address for the new user. - --login-type string + --login-type string Optionally specify the login type for the user. Valid values are: password, none, github, oidc. Using 'none' prevents the user from authenticating and requires an API key/token to be generated by an admin. - -p, --password string + -p, --password string Specifies a password for the new user. - -u, --username string + -u, --username string Specifies a username for the new user. ——— diff --git a/cli/testdata/coder_users_list_--help.golden b/cli/testdata/coder_users_list_--help.golden index c03c63912b4a1..69a1956742180 100644 --- a/cli/testdata/coder_users_list_--help.golden +++ b/cli/testdata/coder_users_list_--help.golden @@ -6,11 +6,11 @@ coder v0.0.0-devel Aliases: ls OPTIONS: - -c, --column string-array (default: username,email,created_at,status) + -c, --column string-array (default: username,email,created_at,status) Columns to display in table output. Available columns: id, username, email, created at, status. - -o, --output string (default: table) + -o, --output string (default: table) Output format. Available formats: table, json. ——— diff --git a/cli/testdata/coder_users_show_--help.golden b/cli/testdata/coder_users_show_--help.golden index 9b37b2036fab6..cb511bc082ac9 100644 --- a/cli/testdata/coder_users_show_--help.golden +++ b/cli/testdata/coder_users_show_--help.golden @@ -8,7 +8,7 @@ coder v0.0.0-devel $ coder users show me OPTIONS: - -o, --output string (default: table) + -o, --output string (default: table) Output format. Available formats: table, json. ——— diff --git a/cli/testdata/coder_users_suspend_--help.golden b/cli/testdata/coder_users_suspend_--help.golden index 109a2643637ad..efd981e3cdc26 100644 --- a/cli/testdata/coder_users_suspend_--help.golden +++ b/cli/testdata/coder_users_suspend_--help.golden @@ -11,7 +11,7 @@ coder v0.0.0-devel $ coder users suspend example_user OPTIONS: - -c, --column string-array (default: username,email,created_at,status) + -c, --column string-array (default: username,email,created_at,status) Specify a column to filter in the table. ——— diff --git a/cli/testdata/coder_version_--help.golden b/cli/testdata/coder_version_--help.golden index 9f3f139e8e5ee..ee81811f410a0 100644 --- a/cli/testdata/coder_version_--help.golden +++ b/cli/testdata/coder_version_--help.golden @@ -6,7 +6,7 @@ coder v0.0.0-devel Show coder version OPTIONS: - -o, --output string (default: text) + -o, --output string (default: text) Output format. Available formats: text, json. ——— diff --git a/enterprise/cli/testdata/coder_--help.golden b/enterprise/cli/testdata/coder_--help.golden index 5e5ebad91616b..eba9a8bc9c5e8 100644 --- a/enterprise/cli/testdata/coder_--help.golden +++ b/enterprise/cli/testdata/coder_--help.golden @@ -24,38 +24,38 @@ coder v0.0.0-devel Global options are applied to all commands. They can be set using environment variables or flags. - --debug-options bool + --debug-options bool Print all options, how they're set, then exit. - --disable-direct-connections bool, $CODER_DISABLE_DIRECT_CONNECTIONS + --disable-direct-connections bool, $CODER_DISABLE_DIRECT_CONNECTIONS Disable direct (P2P) connections to workspaces. - --global-config string, $CODER_CONFIG_DIR (default: ~/.config/coderv2) + --global-config string, $CODER_CONFIG_DIR (default: ~/.config/coderv2) Path to the global `coder` config directory. - --header string-array, $CODER_HEADER + --header string-array, $CODER_HEADER Additional HTTP headers added to all requests. Provide as key=value. Can be specified multiple times. - --header-command string, $CODER_HEADER_COMMAND + --header-command string, $CODER_HEADER_COMMAND An external command that outputs additional HTTP headers added to all requests. The command must output each header as `key=value` on its own line. - --no-feature-warning bool, $CODER_NO_FEATURE_WARNING + --no-feature-warning bool, $CODER_NO_FEATURE_WARNING Suppress warnings about unlicensed features. - --no-version-warning bool, $CODER_NO_VERSION_WARNING + --no-version-warning bool, $CODER_NO_VERSION_WARNING Suppress warning when client and server versions do not match. - --token string, $CODER_SESSION_TOKEN + --token string, $CODER_SESSION_TOKEN Specify an authentication token. For security reasons setting CODER_SESSION_TOKEN is preferred. - --url url, $CODER_URL + --url url, $CODER_URL URL to a deployment. - -v, --verbose bool, $CODER_VERBOSE + -v, --verbose bool, $CODER_VERBOSE Enable verbose output. ——— diff --git a/enterprise/cli/testdata/coder_features_list_--help.golden b/enterprise/cli/testdata/coder_features_list_--help.golden index 8a98c1879d506..04092b0d4c6b6 100644 --- a/enterprise/cli/testdata/coder_features_list_--help.golden +++ b/enterprise/cli/testdata/coder_features_list_--help.golden @@ -6,11 +6,11 @@ coder v0.0.0-devel Aliases: ls OPTIONS: - -c, --column string-array (default: Name,Entitlement,Enabled,Limit,Actual) + -c, --column string-array (default: Name,Entitlement,Enabled,Limit,Actual) Specify a column to filter in the table. Available columns are: Name, Entitlement, Enabled, Limit, Actual. - -o, --output string (default: table) + -o, --output string (default: table) Output format. Available formats are: table, json. ——— diff --git a/enterprise/cli/testdata/coder_groups_create_--help.golden b/enterprise/cli/testdata/coder_groups_create_--help.golden index 65bd28e4bf402..0a469be844704 100644 --- a/enterprise/cli/testdata/coder_groups_create_--help.golden +++ b/enterprise/cli/testdata/coder_groups_create_--help.golden @@ -6,10 +6,10 @@ coder v0.0.0-devel Create a user group OPTIONS: - -u, --avatar-url string, $CODER_AVATAR_URL + -u, --avatar-url string, $CODER_AVATAR_URL Set an avatar for a group. - --display-name string, $CODER_DISPLAY_NAME + --display-name string, $CODER_DISPLAY_NAME Optional human friendly name for the group. ——— diff --git a/enterprise/cli/testdata/coder_groups_edit_--help.golden b/enterprise/cli/testdata/coder_groups_edit_--help.golden index bfccf525e76eb..bb7d453125c5f 100644 --- a/enterprise/cli/testdata/coder_groups_edit_--help.golden +++ b/enterprise/cli/testdata/coder_groups_edit_--help.golden @@ -6,19 +6,19 @@ coder v0.0.0-devel Edit a user group OPTIONS: - -a, --add-users string-array + -a, --add-users string-array Add users to the group. Accepts emails or IDs. - -u, --avatar-url string + -u, --avatar-url string Update the group avatar. - --display-name string, $CODER_DISPLAY_NAME + --display-name string, $CODER_DISPLAY_NAME Optional human friendly name for the group. - -n, --name string + -n, --name string Update the group name. - -r, --rm-users string-array + -r, --rm-users string-array Remove users to the group. Accepts emails or IDs. ——— diff --git a/enterprise/cli/testdata/coder_groups_list_--help.golden b/enterprise/cli/testdata/coder_groups_list_--help.golden index 0579323ed9084..58fef71fb02d2 100644 --- a/enterprise/cli/testdata/coder_groups_list_--help.golden +++ b/enterprise/cli/testdata/coder_groups_list_--help.golden @@ -6,11 +6,11 @@ coder v0.0.0-devel List user groups OPTIONS: - -c, --column string-array (default: name,display name,organization id,members,avatar url) + -c, --column string-array (default: name,display name,organization id,members,avatar url) Columns to display in table output. Available columns: name, display name, organization id, members, avatar url. - -o, --output string (default: table) + -o, --output string (default: table) Output format. Available formats: table, json. ——— diff --git a/enterprise/cli/testdata/coder_licenses_add_--help.golden b/enterprise/cli/testdata/coder_licenses_add_--help.golden index dc52e9c03f3da..0c6f0d531715f 100644 --- a/enterprise/cli/testdata/coder_licenses_add_--help.golden +++ b/enterprise/cli/testdata/coder_licenses_add_--help.golden @@ -6,13 +6,13 @@ coder v0.0.0-devel Add license to Coder deployment OPTIONS: - --debug bool + --debug bool Output license claims for debugging. - -f, --file string + -f, --file string Load license from file. - -l, --license string + -l, --license string License string. ——— diff --git a/enterprise/cli/testdata/coder_licenses_list_--help.golden b/enterprise/cli/testdata/coder_licenses_list_--help.golden index c950e6b3e3929..c03a2e3892d32 100644 --- a/enterprise/cli/testdata/coder_licenses_list_--help.golden +++ b/enterprise/cli/testdata/coder_licenses_list_--help.golden @@ -8,11 +8,11 @@ coder v0.0.0-devel Aliases: ls OPTIONS: - -c, --column string-array (default: UUID,Expires At,Uploaded At,Features) + -c, --column string-array (default: UUID,Expires At,Uploaded At,Features) Columns to display in table output. Available columns: id, uuid, uploaded at, features, expires at, trial. - -o, --output string (default: table) + -o, --output string (default: table) Output format. Available formats: table, json. ——— diff --git a/enterprise/cli/testdata/coder_provisionerd_start_--help.golden b/enterprise/cli/testdata/coder_provisionerd_start_--help.golden index 13132e67ff358..3552abe0a0455 100644 --- a/enterprise/cli/testdata/coder_provisionerd_start_--help.golden +++ b/enterprise/cli/testdata/coder_provisionerd_start_--help.golden @@ -6,19 +6,19 @@ coder v0.0.0-devel Run a provisioner daemon OPTIONS: - -c, --cache-dir string, $CODER_CACHE_DIRECTORY (default: [cache dir]) + -c, --cache-dir string, $CODER_CACHE_DIRECTORY (default: [cache dir]) Directory to store cached data. - --poll-interval duration, $CODER_PROVISIONERD_POLL_INTERVAL (default: 1s) + --poll-interval duration, $CODER_PROVISIONERD_POLL_INTERVAL (default: 1s) How often to poll for provisioner jobs. - --poll-jitter duration, $CODER_PROVISIONERD_POLL_JITTER (default: 100ms) + --poll-jitter duration, $CODER_PROVISIONERD_POLL_JITTER (default: 100ms) How much to jitter the poll interval by. - --psk string, $CODER_PROVISIONER_DAEMON_PSK + --psk string, $CODER_PROVISIONER_DAEMON_PSK Pre-shared key to authenticate with Coder server. - -t, --tag string-array, $CODER_PROVISIONERD_TAGS + -t, --tag string-array, $CODER_PROVISIONERD_TAGS Tags to filter provisioner jobs by. ——— diff --git a/enterprise/cli/testdata/coder_server_--help.golden b/enterprise/cli/testdata/coder_server_--help.golden index bedb01971b4d1..8ec2c0fd93207 100644 --- a/enterprise/cli/testdata/coder_server_--help.golden +++ b/enterprise/cli/testdata/coder_server_--help.golden @@ -15,42 +15,42 @@ coder v0.0.0-devel PostgreSQL deployment. OPTIONS: - --cache-dir string, $CODER_CACHE_DIRECTORY (default: [cache dir]) + --cache-dir string, $CODER_CACHE_DIRECTORY (default: [cache dir]) The directory to cache temporary files. If unspecified and $CACHE_DIRECTORY is set, it will be used for compatibility with systemd. - --disable-owner-workspace-access bool, $CODER_DISABLE_OWNER_WORKSPACE_ACCESS + --disable-owner-workspace-access bool, $CODER_DISABLE_OWNER_WORKSPACE_ACCESS Remove the permission for the 'owner' role to have workspace execution on all workspaces. This prevents the 'owner' from ssh, apps, and terminal access based on the 'owner' role. They still have their user permissions to access their own workspaces. - --disable-path-apps bool, $CODER_DISABLE_PATH_APPS + --disable-path-apps bool, $CODER_DISABLE_PATH_APPS Disable workspace apps that are not served from subdomains. Path-based apps can make requests to the Coder API and pose a security risk when the workspace serves malicious JavaScript. This is recommended for security purposes if a --wildcard-access-url is configured. - --swagger-enable bool, $CODER_SWAGGER_ENABLE + --swagger-enable bool, $CODER_SWAGGER_ENABLE Expose the swagger endpoint via /swagger. - --experiments string-array, $CODER_EXPERIMENTS + --experiments string-array, $CODER_EXPERIMENTS Enable one or more experiments. These are not ready for production. Separate multiple experiments with commas, or enter '*' to opt-in to all available experiments. - --postgres-url string, $CODER_PG_CONNECTION_URL + --postgres-url string, $CODER_PG_CONNECTION_URL URL of a PostgreSQL database. If empty, PostgreSQL binaries will be downloaded from Maven (https://repo1.maven.org/maven2) and store all data in the config root. Access the built-in database with "coder server postgres-builtin-url". - --ssh-keygen-algorithm string, $CODER_SSH_KEYGEN_ALGORITHM (default: ed25519) + --ssh-keygen-algorithm string, $CODER_SSH_KEYGEN_ALGORITHM (default: ed25519) The algorithm to use for generating ssh keys. Accepted values are "ed25519", "ecdsa", or "rsa4096". - --update-check bool, $CODER_UPDATE_CHECK (default: false) + --update-check bool, $CODER_UPDATE_CHECK (default: false) Periodically check for new releases of Coder and inform the owner. The check is performed once per day. @@ -58,99 +58,99 @@ coder v0.0.0-devel These options change the behavior of how clients interact with the Coder. Clients include the coder cli, vs code extension, and the web UI. - --ssh-config-options string-array, $CODER_SSH_CONFIG_OPTIONS + --ssh-config-options string-array, $CODER_SSH_CONFIG_OPTIONS These SSH config options will override the default SSH config options. Provide options in "key=value" or "key value" format separated by commas.Using this incorrectly can break SSH to your deployment, use cautiously. - --ssh-hostname-prefix string, $CODER_SSH_HOSTNAME_PREFIX (default: coder.) + --ssh-hostname-prefix string, $CODER_SSH_HOSTNAME_PREFIX (default: coder.) The SSH deployment prefix is used in the Host of the ssh config. CONFIG OPTIONS: Use a YAML configuration file when your server launch become unwieldy. - -c, --config yaml-config-path, $CODER_CONFIG_PATH + -c, --config yaml-config-path, $CODER_CONFIG_PATH Specify a YAML file to load configuration from. - --write-config bool + --write-config bool Write out the current server config as YAML to stdout. INTROSPECTION / LOGGING OPTIONS: - --enable-terraform-debug-mode bool, $CODER_ENABLE_TERRAFORM_DEBUG_MODE (default: false) + --enable-terraform-debug-mode bool, $CODER_ENABLE_TERRAFORM_DEBUG_MODE (default: false) Allow administrators to enable Terraform debug output. - --log-human string, $CODER_LOGGING_HUMAN (default: /dev/stderr) + --log-human string, $CODER_LOGGING_HUMAN (default: /dev/stderr) Output human-readable logs to a given file. - --log-json string, $CODER_LOGGING_JSON + --log-json string, $CODER_LOGGING_JSON Output JSON logs to a given file. - -l, --log-filter string-array, $CODER_LOG_FILTER + -l, --log-filter string-array, $CODER_LOG_FILTER Filter debug logs by matching against a given regex. Use .* to match all debug logs. - --log-stackdriver string, $CODER_LOGGING_STACKDRIVER + --log-stackdriver string, $CODER_LOGGING_STACKDRIVER Output Stackdriver compatible logs to a given file. INTROSPECTION / PROMETHEUS OPTIONS: - --prometheus-address host:port, $CODER_PROMETHEUS_ADDRESS (default: 127.0.0.1:2112) + --prometheus-address host:port, $CODER_PROMETHEUS_ADDRESS (default: 127.0.0.1:2112) The bind address to serve prometheus metrics. - --prometheus-collect-agent-stats bool, $CODER_PROMETHEUS_COLLECT_AGENT_STATS + --prometheus-collect-agent-stats bool, $CODER_PROMETHEUS_COLLECT_AGENT_STATS Collect agent stats (may increase charges for metrics storage). - --prometheus-collect-db-metrics bool, $CODER_PROMETHEUS_COLLECT_DB_METRICS (default: false) + --prometheus-collect-db-metrics bool, $CODER_PROMETHEUS_COLLECT_DB_METRICS (default: false) Collect database metrics (may increase charges for metrics storage). - --prometheus-enable bool, $CODER_PROMETHEUS_ENABLE + --prometheus-enable bool, $CODER_PROMETHEUS_ENABLE Serve prometheus metrics on the address defined by prometheus address. INTROSPECTION / TRACING OPTIONS: - --trace-logs bool, $CODER_TRACE_LOGS + --trace-logs bool, $CODER_TRACE_LOGS Enables capturing of logs as events in traces. This is useful for debugging, but may result in a very large amount of events being sent to the tracing backend which may incur significant costs. - --trace bool, $CODER_TRACE_ENABLE + --trace bool, $CODER_TRACE_ENABLE Whether application tracing data is collected. It exports to a backend configured by environment variables. See: https://github.com/open-telemetry/opentelemetry-specification/blob/main/specification/protocol/exporter.md. - --trace-honeycomb-api-key string, $CODER_TRACE_HONEYCOMB_API_KEY + --trace-honeycomb-api-key string, $CODER_TRACE_HONEYCOMB_API_KEY Enables trace exporting to Honeycomb.io using the provided API Key. INTROSPECTION / PPROF OPTIONS: - --pprof-address host:port, $CODER_PPROF_ADDRESS (default: 127.0.0.1:6060) + --pprof-address host:port, $CODER_PPROF_ADDRESS (default: 127.0.0.1:6060) The bind address to serve pprof. - --pprof-enable bool, $CODER_PPROF_ENABLE + --pprof-enable bool, $CODER_PPROF_ENABLE Serve pprof metrics on the address defined by pprof address. NETWORKING OPTIONS: - --access-url url, $CODER_ACCESS_URL + --access-url url, $CODER_ACCESS_URL The URL that users will use to access the Coder deployment. - --docs-url url, $CODER_DOCS_URL + --docs-url url, $CODER_DOCS_URL Specifies the custom docs URL. - --proxy-trusted-headers string-array, $CODER_PROXY_TRUSTED_HEADERS + --proxy-trusted-headers string-array, $CODER_PROXY_TRUSTED_HEADERS Headers to trust for forwarding IP addresses. e.g. Cf-Connecting-Ip, True-Client-Ip, X-Forwarded-For. - --proxy-trusted-origins string-array, $CODER_PROXY_TRUSTED_ORIGINS + --proxy-trusted-origins string-array, $CODER_PROXY_TRUSTED_ORIGINS Origin addresses to respect "proxy-trusted-headers". e.g. 192.168.1.0/24. - --redirect-to-access-url bool, $CODER_REDIRECT_TO_ACCESS_URL + --redirect-to-access-url bool, $CODER_REDIRECT_TO_ACCESS_URL Specifies whether to redirect requests that do not match the access URL host. - --secure-auth-cookie bool, $CODER_SECURE_AUTH_COOKIE + --secure-auth-cookie bool, $CODER_SECURE_AUTH_COOKIE Controls if the 'Secure' property is set on browser session cookies. - --wildcard-access-url url, $CODER_WILDCARD_ACCESS_URL + --wildcard-access-url url, $CODER_WILDCARD_ACCESS_URL Specifies the wildcard hostname to use for workspace applications in the form "*.example.com". @@ -160,7 +160,7 @@ between workspaces and users are peer-to-peer. However, when Coder cannot establish a peer to peer connection, Coder uses a distributed relay network backed by Tailscale and WireGuard. - --block-direct-connections bool, $CODER_BLOCK_DIRECT + --block-direct-connections bool, $CODER_BLOCK_DIRECT Block peer-to-peer (aka. direct) workspace connections. All workspace connections from the CLI will be proxied through Coder (or custom configured DERP servers) and will never be peer-to-peer when enabled. @@ -168,28 +168,28 @@ backed by Tailscale and WireGuard. until they are restarted after this change has been made, but new connections will still be proxied regardless. - --derp-config-path string, $CODER_DERP_CONFIG_PATH + --derp-config-path string, $CODER_DERP_CONFIG_PATH Path to read a DERP mapping from. See: https://tailscale.com/kb/1118/custom-derp-servers/. - --derp-config-url string, $CODER_DERP_CONFIG_URL + --derp-config-url string, $CODER_DERP_CONFIG_URL URL to fetch a DERP mapping on startup. See: https://tailscale.com/kb/1118/custom-derp-servers/. - --derp-force-websockets bool, $CODER_DERP_FORCE_WEBSOCKETS + --derp-force-websockets bool, $CODER_DERP_FORCE_WEBSOCKETS Force clients and agents to always use WebSocket to connect to DERP relay servers. By default, DERP uses `Upgrade: derp`, which may cause issues with some reverse proxies. Clients may automatically fallback to WebSocket if they detect an issue with `Upgrade: derp`, but this does not work in all situations. - --derp-server-enable bool, $CODER_DERP_SERVER_ENABLE (default: true) + --derp-server-enable bool, $CODER_DERP_SERVER_ENABLE (default: true) Whether to enable or disable the embedded DERP relay server. - --derp-server-region-name string, $CODER_DERP_SERVER_REGION_NAME (default: Coder Embedded Relay) + --derp-server-region-name string, $CODER_DERP_SERVER_REGION_NAME (default: Coder Embedded Relay) Region name that for the embedded DERP server. - --derp-server-stun-addresses string-array, $CODER_DERP_SERVER_STUN_ADDRESSES (default: stun.l.google.com:19302,stun1.l.google.com:19302,stun2.l.google.com:19302,stun3.l.google.com:19302,stun4.l.google.com:19302) + --derp-server-stun-addresses string-array, $CODER_DERP_SERVER_STUN_ADDRESSES (default: stun.l.google.com:19302,stun1.l.google.com:19302,stun2.l.google.com:19302,stun3.l.google.com:19302,stun4.l.google.com:19302) Addresses for STUN servers to establish P2P connections. It's recommended to have at least two STUN servers to give users the best chance of connecting P2P to workspaces. Each STUN server will get it's @@ -197,7 +197,7 @@ backed by Tailscale and WireGuard. + 1`. Use special value 'disable' to turn off STUN completely. NETWORKING / HTTP OPTIONS: - --disable-password-auth bool, $CODER_DISABLE_PASSWORD_AUTH + --disable-password-auth bool, $CODER_DISABLE_PASSWORD_AUTH Disable password authentication. This is recommended for security purposes in production deployments that rely on an identity provider. Any user with the owner role will be able to sign in with their @@ -206,23 +206,23 @@ backed by Tailscale and WireGuard. create-admin` command to create a new admin user directly in the database. - --disable-session-expiry-refresh bool, $CODER_DISABLE_SESSION_EXPIRY_REFRESH + --disable-session-expiry-refresh bool, $CODER_DISABLE_SESSION_EXPIRY_REFRESH Disable automatic session expiry bumping due to activity. This forces all sessions to become invalid after the session expiry duration has been reached. - --http-address string, $CODER_HTTP_ADDRESS (default: 127.0.0.1:3000) + --http-address string, $CODER_HTTP_ADDRESS (default: 127.0.0.1:3000) HTTP bind address of the server. Unset to disable the HTTP endpoint. - --max-token-lifetime duration, $CODER_MAX_TOKEN_LIFETIME (default: 876600h0m0s) + --max-token-lifetime duration, $CODER_MAX_TOKEN_LIFETIME (default: 876600h0m0s) The maximum lifetime duration users can specify when creating an API token. - --proxy-health-interval duration, $CODER_PROXY_HEALTH_INTERVAL (default: 1m0s) + --proxy-health-interval duration, $CODER_PROXY_HEALTH_INTERVAL (default: 1m0s) The interval in which coderd should be checking the status of workspace proxies. - --session-duration duration, $CODER_SESSION_DURATION (default: 24h0m0s) + --session-duration duration, $CODER_SESSION_DURATION (default: 24h0m0s) The token expiry duration for browser sessions. Sessions may last longer if they are actively making requests, but this functionality can be disabled via --disable-session-expiry-refresh. @@ -232,178 +232,178 @@ Configure TLS / HTTPS for your Coder deployment. If you're running Coder behind a TLS-terminating reverse proxy or are accessing Coder over a secure link, you can safely ignore these settings. - --strict-transport-security int, $CODER_STRICT_TRANSPORT_SECURITY (default: 0) + --strict-transport-security int, $CODER_STRICT_TRANSPORT_SECURITY (default: 0) Controls if the 'Strict-Transport-Security' header is set on all static file responses. This header should only be set if the server is accessed via HTTPS. This value is the MaxAge in seconds of the header. - --strict-transport-security-options string-array, $CODER_STRICT_TRANSPORT_SECURITY_OPTIONS + --strict-transport-security-options string-array, $CODER_STRICT_TRANSPORT_SECURITY_OPTIONS Two optional fields can be set in the Strict-Transport-Security header; 'includeSubDomains' and 'preload'. The 'strict-transport-security' flag must be set to a non-zero value for these options to be used. - --tls-address host:port, $CODER_TLS_ADDRESS (default: 127.0.0.1:3443) + --tls-address host:port, $CODER_TLS_ADDRESS (default: 127.0.0.1:3443) HTTPS bind address of the server. - --tls-cert-file string-array, $CODER_TLS_CERT_FILE + --tls-cert-file string-array, $CODER_TLS_CERT_FILE Path to each certificate for TLS. It requires a PEM-encoded file. To configure the listener to use a CA certificate, concatenate the primary certificate and the CA certificate together. The primary certificate should appear first in the combined file. - --tls-client-auth string, $CODER_TLS_CLIENT_AUTH (default: none) + --tls-client-auth string, $CODER_TLS_CLIENT_AUTH (default: none) Policy the server will follow for TLS Client Authentication. Accepted values are "none", "request", "require-any", "verify-if-given", or "require-and-verify". - --tls-client-ca-file string, $CODER_TLS_CLIENT_CA_FILE + --tls-client-ca-file string, $CODER_TLS_CLIENT_CA_FILE PEM-encoded Certificate Authority file used for checking the authenticity of client. - --tls-client-cert-file string, $CODER_TLS_CLIENT_CERT_FILE + --tls-client-cert-file string, $CODER_TLS_CLIENT_CERT_FILE Path to certificate for client TLS authentication. It requires a PEM-encoded file. - --tls-client-key-file string, $CODER_TLS_CLIENT_KEY_FILE + --tls-client-key-file string, $CODER_TLS_CLIENT_KEY_FILE Path to key for client TLS authentication. It requires a PEM-encoded file. - --tls-enable bool, $CODER_TLS_ENABLE + --tls-enable bool, $CODER_TLS_ENABLE Whether TLS will be enabled. - --tls-key-file string-array, $CODER_TLS_KEY_FILE + --tls-key-file string-array, $CODER_TLS_KEY_FILE Paths to the private keys for each of the certificates. It requires a PEM-encoded file. - --tls-min-version string, $CODER_TLS_MIN_VERSION (default: tls12) + --tls-min-version string, $CODER_TLS_MIN_VERSION (default: tls12) Minimum supported version of TLS. Accepted values are "tls10", "tls11", "tls12" or "tls13". OAUTH2 / GITHUB OPTIONS: - --oauth2-github-allow-everyone bool, $CODER_OAUTH2_GITHUB_ALLOW_EVERYONE + --oauth2-github-allow-everyone bool, $CODER_OAUTH2_GITHUB_ALLOW_EVERYONE Allow all logins, setting this option means allowed orgs and teams must be empty. - --oauth2-github-allow-signups bool, $CODER_OAUTH2_GITHUB_ALLOW_SIGNUPS + --oauth2-github-allow-signups bool, $CODER_OAUTH2_GITHUB_ALLOW_SIGNUPS Whether new users can sign up with GitHub. - --oauth2-github-allowed-orgs string-array, $CODER_OAUTH2_GITHUB_ALLOWED_ORGS + --oauth2-github-allowed-orgs string-array, $CODER_OAUTH2_GITHUB_ALLOWED_ORGS Organizations the user must be a member of to Login with GitHub. - --oauth2-github-allowed-teams string-array, $CODER_OAUTH2_GITHUB_ALLOWED_TEAMS + --oauth2-github-allowed-teams string-array, $CODER_OAUTH2_GITHUB_ALLOWED_TEAMS Teams inside organizations the user must be a member of to Login with GitHub. Structured as: /. - --oauth2-github-client-id string, $CODER_OAUTH2_GITHUB_CLIENT_ID + --oauth2-github-client-id string, $CODER_OAUTH2_GITHUB_CLIENT_ID Client ID for Login with GitHub. - --oauth2-github-client-secret string, $CODER_OAUTH2_GITHUB_CLIENT_SECRET + --oauth2-github-client-secret string, $CODER_OAUTH2_GITHUB_CLIENT_SECRET Client secret for Login with GitHub. - --oauth2-github-enterprise-base-url string, $CODER_OAUTH2_GITHUB_ENTERPRISE_BASE_URL + --oauth2-github-enterprise-base-url string, $CODER_OAUTH2_GITHUB_ENTERPRISE_BASE_URL Base URL of a GitHub Enterprise deployment to use for Login with GitHub. OIDC OPTIONS: - --oidc-group-auto-create bool, $CODER_OIDC_GROUP_AUTO_CREATE (default: false) + --oidc-group-auto-create bool, $CODER_OIDC_GROUP_AUTO_CREATE (default: false) Automatically creates missing groups from a user's groups claim. - --oidc-allow-signups bool, $CODER_OIDC_ALLOW_SIGNUPS (default: true) + --oidc-allow-signups bool, $CODER_OIDC_ALLOW_SIGNUPS (default: true) Whether new users can sign up with OIDC. - --oidc-auth-url-params struct[map[string]string], $CODER_OIDC_AUTH_URL_PARAMS (default: {"access_type": "offline"}) + --oidc-auth-url-params struct[map[string]string], $CODER_OIDC_AUTH_URL_PARAMS (default: {"access_type": "offline"}) OIDC auth URL parameters to pass to the upstream provider. - --oidc-client-cert-file string, $CODER_OIDC_CLIENT_CERT_FILE + --oidc-client-cert-file string, $CODER_OIDC_CLIENT_CERT_FILE Pem encoded certificate file to use for oauth2 PKI/JWT authorization. The public certificate that accompanies oidc-client-key-file. A standard x509 certificate is expected. - --oidc-client-id string, $CODER_OIDC_CLIENT_ID + --oidc-client-id string, $CODER_OIDC_CLIENT_ID Client ID to use for Login with OIDC. - --oidc-client-key-file string, $CODER_OIDC_CLIENT_KEY_FILE + --oidc-client-key-file string, $CODER_OIDC_CLIENT_KEY_FILE Pem encoded RSA private key to use for oauth2 PKI/JWT authorization. This can be used instead of oidc-client-secret if your IDP supports it. - --oidc-client-secret string, $CODER_OIDC_CLIENT_SECRET + --oidc-client-secret string, $CODER_OIDC_CLIENT_SECRET Client secret to use for Login with OIDC. - --oidc-email-domain string-array, $CODER_OIDC_EMAIL_DOMAIN + --oidc-email-domain string-array, $CODER_OIDC_EMAIL_DOMAIN Email domains that clients logging in with OIDC must match. - --oidc-email-field string, $CODER_OIDC_EMAIL_FIELD (default: email) + --oidc-email-field string, $CODER_OIDC_EMAIL_FIELD (default: email) OIDC claim field to use as the email. - --oidc-group-field string, $CODER_OIDC_GROUP_FIELD + --oidc-group-field string, $CODER_OIDC_GROUP_FIELD This field must be set if using the group sync feature and the scope name is not 'groups'. Set to the claim to be used for groups. - --oidc-group-mapping struct[map[string]string], $CODER_OIDC_GROUP_MAPPING (default: {}) + --oidc-group-mapping struct[map[string]string], $CODER_OIDC_GROUP_MAPPING (default: {}) A map of OIDC group IDs and the group in Coder it should map to. This is useful for when OIDC providers only return group IDs. - --oidc-ignore-email-verified bool, $CODER_OIDC_IGNORE_EMAIL_VERIFIED + --oidc-ignore-email-verified bool, $CODER_OIDC_IGNORE_EMAIL_VERIFIED Ignore the email_verified claim from the upstream provider. - --oidc-ignore-userinfo bool, $CODER_OIDC_IGNORE_USERINFO (default: false) + --oidc-ignore-userinfo bool, $CODER_OIDC_IGNORE_USERINFO (default: false) Ignore the userinfo endpoint and only use the ID token for user information. - --oidc-issuer-url string, $CODER_OIDC_ISSUER_URL + --oidc-issuer-url string, $CODER_OIDC_ISSUER_URL Issuer URL to use for Login with OIDC. - --oidc-group-regex-filter regexp, $CODER_OIDC_GROUP_REGEX_FILTER (default: .*) + --oidc-group-regex-filter regexp, $CODER_OIDC_GROUP_REGEX_FILTER (default: .*) If provided any group name not matching the regex is ignored. This allows for filtering out groups that are not needed. This filter is applied after the group mapping. - --oidc-scopes string-array, $CODER_OIDC_SCOPES (default: openid,profile,email) + --oidc-scopes string-array, $CODER_OIDC_SCOPES (default: openid,profile,email) Scopes to grant when authenticating with OIDC. - --oidc-user-role-default string-array, $CODER_OIDC_USER_ROLE_DEFAULT + --oidc-user-role-default string-array, $CODER_OIDC_USER_ROLE_DEFAULT If user role sync is enabled, these roles are always included for all authenticated users. The 'member' role is always assigned. - --oidc-user-role-field string, $CODER_OIDC_USER_ROLE_FIELD + --oidc-user-role-field string, $CODER_OIDC_USER_ROLE_FIELD This field must be set if using the user roles sync feature. Set this to the name of the claim used to store the user's role. The roles should be sent as an array of strings. - --oidc-user-role-mapping struct[map[string][]string], $CODER_OIDC_USER_ROLE_MAPPING (default: {}) + --oidc-user-role-mapping struct[map[string][]string], $CODER_OIDC_USER_ROLE_MAPPING (default: {}) A map of the OIDC passed in user roles and the groups in Coder it should map to. This is useful if the group names do not match. If mapped to the empty string, the role will ignored. - --oidc-username-field string, $CODER_OIDC_USERNAME_FIELD (default: preferred_username) + --oidc-username-field string, $CODER_OIDC_USERNAME_FIELD (default: preferred_username) OIDC claim field to use as the username. - --oidc-sign-in-text string, $CODER_OIDC_SIGN_IN_TEXT (default: OpenID Connect) + --oidc-sign-in-text string, $CODER_OIDC_SIGN_IN_TEXT (default: OpenID Connect) The text to show on the OpenID Connect sign in button. - --oidc-icon-url url, $CODER_OIDC_ICON_URL + --oidc-icon-url url, $CODER_OIDC_ICON_URL URL pointing to the icon to use on the OpenID Connect login button. PROVISIONING OPTIONS: Tune the behavior of the provisioner, which is responsible for creating, updating, and deleting workspace resources. - --provisioner-force-cancel-interval duration, $CODER_PROVISIONER_FORCE_CANCEL_INTERVAL (default: 10m0s) + --provisioner-force-cancel-interval duration, $CODER_PROVISIONER_FORCE_CANCEL_INTERVAL (default: 10m0s) Time to force cancel provisioning tasks that are stuck. - --provisioner-daemon-poll-interval duration, $CODER_PROVISIONER_DAEMON_POLL_INTERVAL (default: 1s) + --provisioner-daemon-poll-interval duration, $CODER_PROVISIONER_DAEMON_POLL_INTERVAL (default: 1s) Time to wait before polling for a new job. - --provisioner-daemon-poll-jitter duration, $CODER_PROVISIONER_DAEMON_POLL_JITTER (default: 100ms) + --provisioner-daemon-poll-jitter duration, $CODER_PROVISIONER_DAEMON_POLL_JITTER (default: 100ms) Random jitter added to the poll interval. - --provisioner-daemon-psk string, $CODER_PROVISIONER_DAEMON_PSK + --provisioner-daemon-psk string, $CODER_PROVISIONER_DAEMON_PSK Pre-shared key to authenticate external provisioner daemons to Coder server. - --provisioner-daemons int, $CODER_PROVISIONER_DAEMONS (default: 3) + --provisioner-daemons int, $CODER_PROVISIONER_DAEMONS (default: 3) Number of provisioner daemons to create on start. If builds are stuck in queued state for a long time, consider increasing this. @@ -412,11 +412,11 @@ Telemetry is critical to our ability to improve Coder. We strip all personalinformation before sending data to our servers. Please only disable telemetrywhen required by your organization's security policy. - --telemetry bool, $CODER_TELEMETRY_ENABLE (default: false) + --telemetry bool, $CODER_TELEMETRY_ENABLE (default: false) Whether telemetry is enabled or not. Coder collects anonymized usage data to help improve our product. - --telemetry-trace bool, $CODER_TELEMETRY_TRACE (default: false) + --telemetry-trace bool, $CODER_TELEMETRY_TRACE (default: false) Whether Opentelemetry traces are sent to Coder. Coder collects anonymized application tracing to help improve our product. Disabling telemetry also disables this option. @@ -425,7 +425,7 @@ telemetrywhen required by your organization's security policy. Allow users to set quiet hours schedules each day for workspaces to avoid workspaces stopping during the day due to template max TTL. - --default-quiet-hours-schedule string, $CODER_QUIET_HOURS_DEFAULT_SCHEDULE + --default-quiet-hours-schedule string, $CODER_QUIET_HOURS_DEFAULT_SCHEDULE The default daily cron schedule applied to users that haven't set a custom quiet hours schedule themselves. The quiet hours schedule determines when workspaces will be force stopped due to the template's @@ -436,7 +436,7 @@ workspaces stopping during the day due to template max TTL. are not supported). ⚠️ DANGEROUS OPTIONS: - --dangerous-allow-path-app-sharing bool, $CODER_DANGEROUS_ALLOW_PATH_APP_SHARING + --dangerous-allow-path-app-sharing bool, $CODER_DANGEROUS_ALLOW_PATH_APP_SHARING Allow workspace apps that are not served from subdomains to be shared. Path-based app sharing is DISABLED by default for security purposes. Path-based apps can make requests to the Coder API and pose a security @@ -444,7 +444,7 @@ workspaces stopping during the day due to template max TTL. can be disabled entirely with --disable-path-apps for further security. - --dangerous-allow-path-app-site-owner-access bool, $CODER_DANGEROUS_ALLOW_PATH_APP_SITE_OWNER_ACCESS + --dangerous-allow-path-app-site-owner-access bool, $CODER_DANGEROUS_ALLOW_PATH_APP_SITE_OWNER_ACCESS Allow site-owners to access workspace apps from workspaces they do not own. Owners cannot access path-based apps they do not own by default. Path-based apps can make requests to the Coder API and pose a security @@ -455,14 +455,14 @@ workspaces stopping during the day due to template max TTL. ENTERPRISE OPTIONS: These options are only available in the Enterprise Edition. - --browser-only bool, $CODER_BROWSER_ONLY + --browser-only bool, $CODER_BROWSER_ONLY Whether Coder only allows connections to workspaces via the browser. - --derp-server-relay-url url, $CODER_DERP_SERVER_RELAY_URL + --derp-server-relay-url url, $CODER_DERP_SERVER_RELAY_URL An HTTP URL that is accessible by other replicas to relay DERP traffic. Required for high availability. - --external-token-encryption-keys string-array, $CODER_EXTERNAL_TOKEN_ENCRYPTION_KEYS + --external-token-encryption-keys string-array, $CODER_EXTERNAL_TOKEN_ENCRYPTION_KEYS Encrypt OIDC and Git authentication tokens with AES-256-GCM in the database. The value must be a comma-separated list of base64-encoded keys. Each key, when base64-decoded, must be exactly 32 bytes in @@ -472,7 +472,7 @@ These options are only available in the Enterprise Edition. process of rotating keys with the `coder server dbcrypt rotate` command. - --scim-auth-header string, $CODER_SCIM_AUTH_HEADER + --scim-auth-header string, $CODER_SCIM_AUTH_HEADER Enables SCIM and sets the authentication header for the built-in SCIM server. New users are automatically created with OIDC authentication. diff --git a/enterprise/cli/testdata/coder_server_create-admin-user_--help.golden b/enterprise/cli/testdata/coder_server_create-admin-user_--help.golden index d59e78686a658..eacfd304bb266 100644 --- a/enterprise/cli/testdata/coder_server_create-admin-user_--help.golden +++ b/enterprise/cli/testdata/coder_server_create-admin-user_--help.golden @@ -7,27 +7,27 @@ coder v0.0.0-devel it to every organization. OPTIONS: - --email string, $CODER_EMAIL + --email string, $CODER_EMAIL The email of the new user. If not specified, you will be prompted via stdin. - --password string, $CODER_PASSWORD + --password string, $CODER_PASSWORD The password of the new user. If not specified, you will be prompted via stdin. - --postgres-url string, $CODER_PG_CONNECTION_URL + --postgres-url string, $CODER_PG_CONNECTION_URL URL of a PostgreSQL database. If empty, the built-in PostgreSQL deployment will be used (Coder must not be already running in this case). - --raw-url bool + --raw-url bool Output the raw connection URL instead of a psql command. - --ssh-keygen-algorithm string, $CODER_SSH_KEYGEN_ALGORITHM (default: ed25519) + --ssh-keygen-algorithm string, $CODER_SSH_KEYGEN_ALGORITHM (default: ed25519) The algorithm to use for generating ssh keys. Accepted values are "ed25519", "ecdsa", or "rsa4096". - --username string, $CODER_USERNAME + --username string, $CODER_USERNAME The username of the new user. If not specified, you will be prompted via stdin. diff --git a/enterprise/cli/testdata/coder_server_dbcrypt_decrypt_--help.golden b/enterprise/cli/testdata/coder_server_dbcrypt_decrypt_--help.golden index 8a19bc9fdf6a5..2058e6fde5351 100644 --- a/enterprise/cli/testdata/coder_server_dbcrypt_decrypt_--help.golden +++ b/enterprise/cli/testdata/coder_server_dbcrypt_decrypt_--help.golden @@ -6,14 +6,14 @@ coder v0.0.0-devel Decrypt a previously encrypted database. OPTIONS: - --keys string-array, $CODER_EXTERNAL_TOKEN_ENCRYPTION_DECRYPT_KEYS + --keys string-array, $CODER_EXTERNAL_TOKEN_ENCRYPTION_DECRYPT_KEYS Keys required to decrypt existing data. Must be a comma-separated list of base64-encoded keys. - --postgres-url string, $CODER_PG_CONNECTION_URL + --postgres-url string, $CODER_PG_CONNECTION_URL The connection URL for the Postgres database. - -y, --yes bool + -y, --yes bool Bypass prompts. ——— diff --git a/enterprise/cli/testdata/coder_server_dbcrypt_delete_--help.golden b/enterprise/cli/testdata/coder_server_dbcrypt_delete_--help.golden index 11a7171e052ff..2f12fda376972 100644 --- a/enterprise/cli/testdata/coder_server_dbcrypt_delete_--help.golden +++ b/enterprise/cli/testdata/coder_server_dbcrypt_delete_--help.golden @@ -8,10 +8,10 @@ coder v0.0.0-devel Aliases: rm OPTIONS: - --postgres-url string, $CODER_EXTERNAL_TOKEN_ENCRYPTION_POSTGRES_URL + --postgres-url string, $CODER_EXTERNAL_TOKEN_ENCRYPTION_POSTGRES_URL The connection URL for the Postgres database. - -y, --yes bool + -y, --yes bool Bypass prompts. ——— diff --git a/enterprise/cli/testdata/coder_server_dbcrypt_rotate_--help.golden b/enterprise/cli/testdata/coder_server_dbcrypt_rotate_--help.golden index 251212d534df7..22df081ee3857 100644 --- a/enterprise/cli/testdata/coder_server_dbcrypt_rotate_--help.golden +++ b/enterprise/cli/testdata/coder_server_dbcrypt_rotate_--help.golden @@ -6,17 +6,17 @@ coder v0.0.0-devel Rotate database encryption keys. OPTIONS: - --new-key string, $CODER_EXTERNAL_TOKEN_ENCRYPTION_ENCRYPT_NEW_KEY + --new-key string, $CODER_EXTERNAL_TOKEN_ENCRYPTION_ENCRYPT_NEW_KEY The new external token encryption key. Must be base64-encoded. - --old-keys string-array, $CODER_EXTERNAL_TOKEN_ENCRYPTION_ENCRYPT_OLD_KEYS + --old-keys string-array, $CODER_EXTERNAL_TOKEN_ENCRYPTION_ENCRYPT_OLD_KEYS The old external token encryption keys. Must be a comma-separated list of base64-encoded keys. - --postgres-url string, $CODER_PG_CONNECTION_URL + --postgres-url string, $CODER_PG_CONNECTION_URL The connection URL for the Postgres database. - -y, --yes bool + -y, --yes bool Bypass prompts. ——— diff --git a/enterprise/cli/testdata/coder_server_postgres-builtin-serve_--help.golden b/enterprise/cli/testdata/coder_server_postgres-builtin-serve_--help.golden index 5635a1be9c822..fe970ad4e4e1c 100644 --- a/enterprise/cli/testdata/coder_server_postgres-builtin-serve_--help.golden +++ b/enterprise/cli/testdata/coder_server_postgres-builtin-serve_--help.golden @@ -6,7 +6,7 @@ coder v0.0.0-devel Run the built-in PostgreSQL deployment. OPTIONS: - --raw-url bool + --raw-url bool Output the raw connection URL instead of a psql command. ——— diff --git a/enterprise/cli/testdata/coder_server_postgres-builtin-url_--help.golden b/enterprise/cli/testdata/coder_server_postgres-builtin-url_--help.golden index 047e265aea7f4..51c0eed0bad6e 100644 --- a/enterprise/cli/testdata/coder_server_postgres-builtin-url_--help.golden +++ b/enterprise/cli/testdata/coder_server_postgres-builtin-url_--help.golden @@ -6,7 +6,7 @@ coder v0.0.0-devel Output the connection URL for the built-in PostgreSQL deployment. OPTIONS: - --raw-url bool + --raw-url bool Output the raw connection URL instead of a psql command. ———