# Server config
server {
  address = "0.0.0.0"  # Optional. IP address to listen on
  port = 80  # Port to listen on
  user = "www" # Optional. User to which the server drops privileges to
  cookie_secret = "supersecret"  # Authentication key for the client cookie
  csrf_secret = "supersecret"  # Authentication key for the CSRF token
  secure_cookie = true
  http_logfile = "http.log"  # Logfile for HTTP requests
}

# Oauth2 configuration
github {
  oauth_client_id = "nnnnnnnnnnnnnnnn.apps.googleusercontent.com"  # Oauth client ID
  oauth_client_secret = "yyyyyyyyyyyyyyyyyyyyyy"  # Oauth client secret
  oauth_callback_url = "https://sshca.example.com/auth/callback"  # Oauth callback url
  users_whitelist = ["marco@gmail.com", "niall@gmail.com", "patrick@gmail.com"]
  orgs_whitelist = ["org1", "org2"]
}

# Configuration for the certificate signer.
ssh {
  signing_key = "signing_key"  # Path to the CA signing secret key
  additional_principals = ["ec2-user", "ubuntu"]  # Additional principals to allow
  max_age = "720h"  # Maximum lifetime of a ssh certificate
  permissions = ["permit-pty", "permit-X11-forwarding", "permit-agent-forwarding", "permit-port-forwarding", "permit-user-rc", "force-command=/bin/ls"]  #  Permissions associated with a certificate
}