First Commit

2025-08-21 20:56:38 -04:00
commit 9502d1b1be
29 changed files with 1667 additions and 0 deletions
--- a/configs/shard.sample.yaml
+++ b/configs/shard.sample.yaml
@@ -0,0 +1,66 @@
+shard_id: "gc-001"
+
+listen:
+  http: "0.0.0.0:8080"
+  https: ""                    # e.g., "0.0.0.0:8443" when tls.enable=true
+  ws:   "0.0.0.0:8081"         # reserved (not used)
+
+tls:
+  enable: false
+  cert_file: "/etc/greencoast/tls/cert.pem"
+  key_file: "/etc/greencoast/tls/key.pem"
+
+federation:
+  mtls_enable: false
+  listen: "0.0.0.0:9443"
+  cert_file: "/etc/greencoast/fed/cert.pem"
+  key_file: "/etc/greencoast/fed/key.pem"
+  client_ca_file: "/etc/greencoast/fed/clients_ca.pem"
+
+ui:
+  enable: true
+  path: "./client"
+  base_url: "/"
+
+storage:
+  backend: "fs"
+  path: "/var/lib/greencoast/objects"
+  max_object_kb: 128
+
+security:
+  zero_trust: true
+  require_mtls_for_federation: true
+  accept_client_signed_tokens: true
+  log_level: "warn"
+
+privacy:
+  retain_ip: "no"
+  retain_user_agent: "no"
+  retain_timestamps: "coarse"
+
+auth:
+  signing_secret: "50A936BBA70A6F469260ABF2D86A425C07FA3228D1B24D2A9079708CE787F6B09C75C64AA26170B6B2580EC06F4C7C9F4268B2859F864D5925550FC1768E69F9E1A65B32A7A075DF5FF4992E05369362A1753ED5929B4FD48B1291CD2A281C7C54881BD377410EE8D1D210C47613B4CBA7A0E6055F66D4B9402BB871C224D4FE"   # hex key for HMAC shard tokens
+  sso:
+    discord:
+      enabled: false
+      client_id: ""
+      client_secret: ""
+      redirect_uri: "http://localhost:8080/auth-callback.html"
+    google:
+      enabled: false
+      client_id: ""
+      client_secret: ""
+      redirect_uri: ""
+    facebook:
+      enabled: false
+      client_id: ""
+      client_secret: ""
+      redirect_uri: ""
+  two_factor:
+    webauthn_enabled: false
+    totp_enabled: false
+
+limits:
+  rate:
+    burst: 20
+    per_minute: 120