diff --git a/build.sh b/build.sh index 124b5086..bd0fb8e6 100755 --- a/build.sh +++ b/build.sh @@ -55,16 +55,15 @@ make -C .. certs DOMAIN=$BASE_DOMAIN TO=$CERTS_DIR # kms cat < kms.toml -[default] log_level = "info" address = "0.0.0.0" port = $KMS_RPC_LISTEN_PORT -[default.tls] +[tls] key = "$CERTS_DIR/kms-rpc.key" certs = "$CERTS_DIR/kms-rpc.cert" -[default.tls.mutual] +[tls.mutual] ca_certs = "$CERTS_DIR/tmp-ca.cert" mandatory = false @@ -83,16 +82,15 @@ EOF # tproxy cat < tproxy.toml -[default] log_level = "info" address = "0.0.0.0" port = $TPROXY_RPC_LISTEN_PORT -[default.tls] +[tls] key = "$CERTS_DIR/tproxy-rpc.key" certs = "$CERTS_DIR/tproxy-rpc.cert" -[default.tls.mutual] +[tls.mutual] ca_certs = "$CERTS_DIR/root-ca.cert" mandatory = false @@ -119,13 +117,12 @@ EOF # teepod cat < teepod.toml -[default] log_level = "info" port = $TEEPOD_RPC_LISTEN_PORT image_path = "$IMAGES_DIR" run_path = "$RUN_DIR/vm" -[default.cvm] +[cvm] ca_cert = "$CERTS_DIR/root-ca.cert" tmp_ca_cert = "$CERTS_DIR/tmp-ca.cert" tmp_ca_key = "$CERTS_DIR/tmp-ca.key" diff --git a/kms/kms.toml b/kms/kms.toml index dae44bfb..c014392f 100644 --- a/kms/kms.toml +++ b/kms/kms.toml @@ -1,4 +1,3 @@ -[default] workers = 8 max_blocking = 64 ident = "Phala KMS" @@ -8,23 +7,14 @@ log_level = "info" address = "0.0.0.0" port = 8043 -[default.tls] +[tls] key = "/etc/kms/certs/key.pem" certs = "/etc/kms/certs/cert.pem" -[default.tls.mutual] +[tls.mutual] ca_certs = "/etc/kms/certs/ca.cert" mandatory = false -[default.limits] -bytes = "8KiB" -data-form = "2MiB" -file = "1MiB" -form = "32KiB" -json = "1MiB" -msgpack = "1MiB" -string = "8KiB" - [core] root_ca_cert = "/etc/kms/certs/ca.cert" root_ca_key = "/etc/kms/certs/ca.key" diff --git a/kms/src/config.rs b/kms/src/config.rs index 4b601523..ae4c2188 100644 --- a/kms/src/config.rs +++ b/kms/src/config.rs @@ -11,12 +11,12 @@ pub const DEFAULT_CONFIG: &str = include_str!("../kms.toml"); pub fn load_config_figment(config_file: Option<&str>) -> Figment { let leaf_config = match config_file { - Some(path) => Toml::file(path).nested(), - None => Toml::file(CONFIG_FILENAME).nested(), + Some(path) => Toml::file(path), + None => Toml::file(CONFIG_FILENAME), }; Figment::from(rocket::Config::default()) - .merge(Toml::string(DEFAULT_CONFIG).nested()) - .merge(Toml::file(SYSTEM_CONFIG_FILENAME).nested()) + .merge(Toml::string(DEFAULT_CONFIG)) + .merge(Toml::file(SYSTEM_CONFIG_FILENAME)) .merge(leaf_config) } diff --git a/kms/src/main.rs b/kms/src/main.rs index 306243d5..84c6bb56 100644 --- a/kms/src/main.rs +++ b/kms/src/main.rs @@ -1,6 +1,6 @@ use anyhow::{anyhow, Context, Result}; -use tracing::info; use clap::Parser; +use tracing::info; mod config; mod main_service; @@ -26,9 +26,9 @@ async fn main() -> Result<()> { } let figment = config::load_config_figment(args.config.as_deref()); - let config = figment.clone().select("core").extract()?; + let config = figment.focus("core").extract()?; let state = main_service::KmsState::new(config).context("Failed to initialize KMS state")?; - let rocket = rocket::custom(figment.select("public")) + let rocket = rocket::custom(figment) .mount("/", web_routes::routes()) .manage(state); diff --git a/tappd/src/main.rs b/tappd/src/main.rs index 88eca8e5..e5202bb9 100644 --- a/tappd/src/main.rs +++ b/tappd/src/main.rs @@ -60,7 +60,7 @@ async fn main() -> Result<()> { let args = Args::parse(); let figment = config::load_config_figment(args.config.as_deref()); let state = - AppState::new(figment.clone().select("core").extract()?).context("Failed to create app state")?; + AppState::new(figment.focus("core").extract()?).context("Failed to create app state")?; let internal_figment = figment.clone().select("internal"); let external_figment = figment.select("external"); diff --git a/tappd/tappd.toml b/tappd/tappd.toml index cc94a65a..5e645379 100644 --- a/tappd/tappd.toml +++ b/tappd/tappd.toml @@ -6,6 +6,10 @@ temp_dir = "/tmp" keep_alive = 10 log_level = "debug" +[default.core] +cert_file = "/etc/tappd/app-ca.cert" +key_file = "/etc/tappd/app-ca.key" + [internal] address = "unix:/var/run/tappd.sock" reuse = false @@ -13,7 +17,3 @@ reuse = false [external] address = "0.0.0.0" port = 8090 - -[core] -cert_file = "/etc/tappd/app-ca.cert" -key_file = "/etc/tappd/app-ca.key" diff --git a/teepod/src/app.rs b/teepod/src/app.rs index 697c70a0..32f1e203 100644 --- a/teepod/src/app.rs +++ b/teepod/src/app.rs @@ -25,7 +25,7 @@ use serde::{Deserialize, Serialize}; use std::collections::HashMap; use std::path::{Path, PathBuf}; use std::sync::atomic::{AtomicU32, Ordering}; -use std::sync::{Arc, Mutex, MutexGuard}; +use std::sync::{Arc, Mutex}; use teepod_rpc::VmInfo; #[derive(Deserialize, Serialize, Builder)] diff --git a/teepod/src/config.rs b/teepod/src/config.rs index 00855eb6..ceade9a5 100644 --- a/teepod/src/config.rs +++ b/teepod/src/config.rs @@ -13,12 +13,12 @@ pub const DEFAULT_CONFIG: &str = include_str!("../teepod.toml"); pub fn load_config_figment(config_file: Option<&str>) -> Figment { let leaf_config = match config_file { - Some(path) => Toml::file(path).nested(), - None => Toml::file(CONFIG_FILENAME).nested(), + Some(path) => Toml::file(path), + None => Toml::file(CONFIG_FILENAME), }; Figment::from(rocket::Config::default()) - .merge(Toml::string(DEFAULT_CONFIG).nested()) - .merge(Toml::file(SYSTEM_CONFIG_FILENAME).nested()) + .merge(Toml::string(DEFAULT_CONFIG)) + .merge(Toml::file(SYSTEM_CONFIG_FILENAME)) .merge(leaf_config) } diff --git a/teepod/teepod.toml b/teepod/teepod.toml index e101db47..9d262f4b 100644 --- a/teepod/teepod.toml +++ b/teepod/teepod.toml @@ -1,4 +1,3 @@ -[default] workers = 8 max_blocking = 64 ident = "Teepod Server" @@ -7,18 +6,9 @@ keep_alive = 10 log_level = "debug" port = 8080 -[default.cvm] +[cvm] ca_cert = "../certs/ca.cert" tmp_ca_cert = "../certs/tmp-ca.cert" tmp_ca_key = "../certs/tmp-ca.key" kms_url = "http://127.0.0.1:8081" -tproxy_url = "http://127.0.0.1:8082" - -[default.limits] -bytes = "8KiB" -data-form = "2MiB" -file = "1MiB" -form = "32KiB" -json = "1MiB" -msgpack = "1MiB" -string = "8KiB" +tproxy_url = "http://127.0.0.1:8082" \ No newline at end of file diff --git a/tproxy/src/config.rs b/tproxy/src/config.rs index ac59b9cf..deb55ee4 100644 --- a/tproxy/src/config.rs +++ b/tproxy/src/config.rs @@ -46,11 +46,11 @@ pub const DEFAULT_CONFIG: &str = include_str!("../tproxy.toml"); pub fn load_config_figment(config_file: Option<&str>) -> Figment { let leaf_config = match config_file { - Some(path) => Toml::file(path).nested(), - None => Toml::file(CONFIG_FILENAME).nested(), + Some(path) => Toml::file(path), + None => Toml::file(CONFIG_FILENAME), }; Figment::from(rocket::Config::default()) - .merge(Toml::string(DEFAULT_CONFIG).nested()) - .merge(Toml::file(SYSTEM_CONFIG_FILENAME).nested()) + .merge(Toml::string(DEFAULT_CONFIG)) + .merge(Toml::file(SYSTEM_CONFIG_FILENAME)) .merge(leaf_config) } diff --git a/tproxy/src/main.rs b/tproxy/src/main.rs index ed147ad9..b8a67a80 100644 --- a/tproxy/src/main.rs +++ b/tproxy/src/main.rs @@ -22,7 +22,7 @@ async fn main() -> Result<()> { let args = Args::parse(); let figment = config::load_config_figment(args.config.as_deref()); - let config = figment.clone().select("core").extract::()?; + let config = figment.focus("core").extract::()?; let proxy_config_path = config.proxy.config_path.clone(); let state = main_service::AppState::new(config); state.lock().reconfigure()?; diff --git a/tproxy/tproxy.toml b/tproxy/tproxy.toml index 4ff63a12..c51dfb41 100644 --- a/tproxy/tproxy.toml +++ b/tproxy/tproxy.toml @@ -1,4 +1,3 @@ -[default] workers = 8 max_blocking = 64 ident = "Tproxy Server" @@ -7,15 +6,6 @@ keep_alive = 10 log_level = "debug" port = 8010 -[default.limits] -bytes = "8KiB" -data-form = "2MiB" -file = "1MiB" -form = "32KiB" -json = "1MiB" -msgpack = "1MiB" -string = "8KiB" - [core.wg] public_key = "" private_key = ""