niklas/amduat-api
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity
amduat-api/ops/asl-auth-host-config-1.md
Carl Niklas Rydberg 74efedf62c Rework ops specs
2026-01-17 09:21:47 +01:00

3.2 KiB
Raw Blame History

ASL/AUTH-HOST-CONFIG/1 - Configuration Schema

Status: Draft Owner: Architecture Version: 0.1.0 SoT: No Last Updated: 2026-01-17 Tags: [ops, authority, config]

Document ID: ASL/AUTH-HOST-CONFIG/1 Layer: O2C - Authority host configuration

Depends on (normative):

  • ASL/AUTH-HOST/1
  • ASL/HOST/1

Informative references:

  • ENC-ASL-AUTH-HOST/1

0. Conventions

The key words MUST, MUST NOT, REQUIRED, SHOULD, and MAY are to be interpreted as in RFC 2119.

1. Purpose and Scope

This document defines the configuration schema for an ASL authority host. Configuration is expressed as a single YAML file.

2. File Format

  • UTF-8 YAML 1.2
  • Root object with the fields defined below
  • Unknown fields SHOULD be ignored with warning

3. Root Schema

host:
  name: string
  version: string
  mode: "rescue" | "admission" | "normal"

domains:
  <name>:
    id: string
    type: "courtesy" | "private" | "authority"
    description: string
    path: string
    snapshot_retention: duration
    allowed_operations: [read, write, append, seal, gc]
    courtesy_lease: duration

certificates:
  root_offline_path: string
  domain_authority_path: string
  sops_bundle_path: string

policy:
  hash_file: string
  description: string

logging:
  path: string
  level: "DEBUG" | "INFO" | "WARN" | "ERROR"

store:
  type: "posix" | "zfs"
  pools:
    - name: string
      mount_point: string
  enable_snapshotting: boolean
  snapshot_prefix: string

hooks:
  pre_start: string
  post_start: string

4. Semantics

  • host.mode controls startup behavior.
  • domains entries are keyed by stable names; id is the authoritative domain identifier.
  • courtesy_lease is required for type: courtesy and MUST be omitted for type: authority.
  • store.type selects the host backend. If zfs, each pool entry MUST be mounted before starting the host.

5. Example Configuration

host:
  name: "asl-auth-host-01"
  version: "0.1"
  mode: "rescue"

domains:
  common:
    id: "00000000-0000-0000-0000-000000000001"
    type: "courtesy"
    description: "Shared courtesy domain"
    path: "/var/lib/asl/common"
    snapshot_retention: 30d
    allowed_operations: [read, write, append]
    courtesy_lease: 7d
  personal:
    id: "00000000-0000-0000-0000-000000000002"
    type: "private"
    description: "Private rescue domain"
    path: "/var/lib/asl/personal"
    snapshot_retention: 90d
    allowed_operations: [read, write, append, seal, gc]

certificates:
  root_offline_path: "/var/lib/asl/certs/root-offline"
  domain_authority_path: "/var/lib/asl/certs/domain-authority"
  sops_bundle_path: "/var/lib/asl/certs/sops"

policy:
  hash_file: "/etc/asl-auth-host/policy.hash"
  description: "Offline policy hash"

logging:
  path: "/var/log/asl-auth-host.log"
  level: "INFO"

store:
  type: "zfs"
  pools:
    - name: "common_pool"
      mount_point: "/var/lib/asl/common"
    - name: "personal_pool"
      mount_point: "/var/lib/asl/personal"
  enable_snapshotting: true
  snapshot_prefix: "asl_snap"

hooks:
  pre_start: "/bin/init-asl-host.sh"
  post_start: "/bin/helper-mount.sh"

6. Versioning

Backward-incompatible schema changes MUST bump the major version.