From 99f8047ef20a64f948ac2b703c81eb49bed091c0 Mon Sep 17 00:00:00 2001
From: Alan Pearce
Date: Thu, 30 Jan 2025 22:16:09 +0100
Subject: re-organise everything

---
 internal/server/tls.go | 52 +++++++++++++++++++++++++-------------------------
 1 file changed, 26 insertions(+), 26 deletions(-)

(limited to 'internal/server/tls.go')

diff --git a/internal/server/tls.go b/internal/server/tls.go
index 40fddac..5e2819f 100644
--- a/internal/server/tls.go
+++ b/internal/server/tls.go
@@ -24,31 +24,31 @@ type redisConfig struct {
 	Password      string `conf:"required"`
 	EncryptionKey string `conf:"required"`
 	KeyPrefix     string `conf:"default:certmagic"`
-	TLSEnabled    bool   `conf:"default:false,env:TLS_ENABLED"`
-	TLSInsecure   bool   `conf:"default:false,env:TLS_INSECURE"`
+	TLSEnabled    bool   `conf:"default:false"`
+	TLSInsecure   bool   `conf:"default:false"`
 }
 
 func (s *Server) serveTLS() (err error) {
 	log := s.log.Named("tls")
 
-	wildcardDomain := "*." + s.config.WildcardDomain
-	certificateDomains := slices.Clone(s.config.Domains)
+	wildcardDomain := "*." + s.options.Config.WildcardDomain
+	certificateDomains := slices.Clone(s.options.Config.Domains)
 
-	certmagic.HTTPPort = s.runtimeConfig.Port
-	certmagic.HTTPSPort = s.runtimeConfig.TLSPort
+	certmagic.HTTPPort = s.options.Port
+	certmagic.HTTPSPort = s.options.TLSPort
 	certmagic.Default.Logger = log.GetLogger().Named("certmagic")
 	cfg := certmagic.NewDefault()
 
 	acme := &certmagic.DefaultACME
 	acme.Logger = certmagic.Default.Logger
 	acme.Agreed = true
-	acme.Email = s.config.Email
-	acme.ListenHost = strings.Trim(s.runtimeConfig.ListenAddress, "[]")
+	acme.Email = s.options.Config.Email
+	acme.ListenHost = strings.Trim(s.options.ListenAddress, "[]")
 
-	if s.runtimeConfig.Development {
-		ca := s.runtimeConfig.ACMECA
+	if s.options.Development {
+		ca := s.options.ACMEIssuer
 		if ca == "" {
-			return errors.New("can't enable tls in development without an ACME_CA")
+			return errors.New("can't enable tls in development without an ACME_ISSUER")
 		}
 
 		cp, err := x509.SystemCertPool()
@@ -57,14 +57,14 @@ func (s *Server) serveTLS() (err error) {
 			cp = x509.NewCertPool()
 		}
 
-		if cacert := s.runtimeConfig.ACMECACert; cacert != "" {
+		if cacert := s.options.ACMEIssuerCert; cacert != "" {
 			cp.AppendCertsFromPEM([]byte(cacert))
 		}
 
 		// caddy's ACME server (step-ca) doesn't specify an OCSP server
 		cfg.OCSP.DisableStapling = true
 
-		acme.CA = s.runtimeConfig.ACMECA
+		acme.CA = s.options.ACMEIssuer
 		acme.TrustedRoots = cp
 		acme.DisableTLSALPNChallenge = true
 	} else {
@@ -87,7 +87,7 @@ func (s *Server) serveTLS() (err error) {
 			},
 		}
 
-		certificateDomains = append(slices.Clone(s.config.Domains), wildcardDomain)
+		certificateDomains = append(slices.Clone(s.options.Config.Domains), wildcardDomain)
 
 		rs := certmagic_redis.New()
 		rs.Address = []string{rc.Address}
@@ -107,7 +107,7 @@ func (s *Server) serveTLS() (err error) {
 
 	ln, err := listenfd.GetListener(
 		1,
-		net.JoinHostPort(s.runtimeConfig.ListenAddress, strconv.Itoa(s.runtimeConfig.Port)),
+		net.JoinHostPort(s.options.ListenAddress, strconv.Itoa(s.options.Port)),
 		log.Named("listenfd"),
 	)
 	if err != nil {
@@ -123,7 +123,7 @@ func (s *Server) serveTLS() (err error) {
 			}
 			url := r.URL
 			url.Scheme = "https"
-			port := s.config.BaseURL.Port()
+			port := s.options.Config.BaseURL.Port()
 			if port == "" {
 				url.Host = r.Host
 			} else {
@@ -132,9 +132,9 @@ func (s *Server) serveTLS() (err error) {
 					log.Warn("error splitting host and port", "error", err)
 					host = r.Host
 				}
-				url.Host = net.JoinHostPort(host, s.config.BaseURL.Port())
+				url.Host = net.JoinHostPort(host, s.options.Config.BaseURL.Port())
 			}
-			if slices.Contains(s.config.Domains, r.Host) {
+			if slices.Contains(s.options.Config.Domains, r.Host) {
 				http.Redirect(w, r, url.String(), http.StatusMovedPermanently)
 			} else {
 				http.NotFound(w, r)
@@ -146,18 +146,18 @@ func (s *Server) serveTLS() (err error) {
 			log.Error("error in http handler", "error", err)
 		}
 	}(ln, &http.Server{
-		ReadHeaderTimeout: s.ReadHeaderTimeout,
-		ReadTimeout:       s.ReadTimeout,
-		WriteTimeout:      s.WriteTimeout,
-		IdleTimeout:       s.IdleTimeout,
+		ReadHeaderTimeout: ReadHeaderTimeout,
+		ReadTimeout:       ReadTimeout,
+		WriteTimeout:      WriteTimeout,
+		IdleTimeout:       IdleTimeout,
 	})
 
 	log.Debug(
 		"starting certmagic",
 		"http_port",
-		s.runtimeConfig.Port,
+		s.options.Port,
 		"https_port",
-		s.runtimeConfig.TLSPort,
+		s.options.TLSPort,
 	)
 	cfg.Issuers = []certmagic.Issuer{certmagic.NewACMEIssuer(cfg, *acme)}
 	err = cfg.ManageAsync(context.TODO(), certificateDomains)
@@ -169,7 +169,7 @@ func (s *Server) serveTLS() (err error) {
 
 	sln, err := listenfd.GetListenerTLS(
 		0,
-		net.JoinHostPort(s.runtimeConfig.ListenAddress, strconv.Itoa(s.runtimeConfig.TLSPort)),
+		net.JoinHostPort(s.options.ListenAddress, strconv.Itoa(s.options.TLSPort)),
 		tlsConfig,
 		log.Named("listenfd"),
 	)
@@ -177,5 +177,5 @@ func (s *Server) serveTLS() (err error) {
 		return errors.WithMessage(err, "could not bind tls socket")
 	}
 
-	return s.Serve(sln)
+	return s.server.Serve(sln)
 }
-- 
cgit 1.4.1