config reference

docs/docs/disclaimer.md

@@ -0,0 +1,3 @@
+# Disclaimer
+
+trifid-api and the Trifid project are in no way intended to disrupt Defined Networking's buisness. Please, if you are a commercial customer, use their service instead. Trifid was developed and released with the full knowledge and permission of the Defined Networking team.

docs/docs/intro.md

@@ -2,46 +2,6 @@
 sidebar_position: 1
 ---
 
-# Tutorial Intro
+# Trifid Introduction
 
-Let's discover **Docusaurus in less than 5 minutes**.
-
-## Getting Started
-
-Get started by **creating a new site**.
-
-Or **try Docusaurus immediately** with **[docusaurus.new](https://docusaurus.new)**.
-
-### What you'll need
-
-- [Node.js](https://nodejs.org/en/download/) version 16.14 or above:
-  - When installing Node.js, you are recommended to check all checkboxes related to dependencies.
-
-## Generate a new site
-
-Generate a new Docusaurus site using the **classic template**.
-
-The classic template will automatically be added to your project after you run the command:
-
-```bash
-npm init docusaurus@latest my-website classic
-```
-
-You can type this command into Command Prompt, Powershell, Terminal, or any other integrated terminal of your code editor.
-
-The command also installs all necessary dependencies you need to run Docusaurus.
-
-## Start your site
-
-Run the development server:
-
-```bash
-cd my-website
-npm run start
-```
-
-The `cd` command changes the directory you're working with. In order to work with your newly created Docusaurus site, you'll need to navigate the terminal there.
-
-The `npm run start` command builds your website locally and serves it through a development server, ready for you to view at http://localhost:3000/.
-
-Open `docs/intro.md` (this page) and edit some lines: the site **reloads automatically** and displays your changes.
+Welcome to the Trifid project documentation! Trifid is a free and open-source reimplementation of the [Defined Networking](https://defined.net) protocol for managing [Nebula](https://github.com/slackhq/nebula) networks.

docs/docs/tfcli/_category_.json

@@ -0,0 +1,8 @@
+{
+  "label": "tfcli",
+  "position": 5,
+  "link": {
+    "type": "generated-index",
+    "description": "Documentation for tfcli, the CLI for the management API."
+  }
+}

docs/docs/tfcli/intro.md

@@ -0,0 +1,5 @@
+---
+sidebar_position: 1
+---
+
+# Introduction

docs/docs/tfclient/_category_.json

@@ -0,0 +1,8 @@
+{
+  "label": "tfclient",
+  "position": 4,
+  "link": {
+    "type": "generated-index",
+    "description": "Documentation for tfclient, trifid's VPN client reimplementation."
+  }
+}

docs/docs/tfclient/intro.md

@@ -0,0 +1,5 @@
+---
+sidebar_position: 1
+---
+
+# Introduction

docs/docs/tfweb/_category_.json

@@ -0,0 +1,8 @@
+{
+  "label": "tfweb",
+  "position": 3,
+  "link": {
+    "type": "generated-index",
+    "description": "Documentation for tfweb, trifid's web UI."
+  }
+}

docs/docs/tfweb/intro.md

@@ -0,0 +1,5 @@
+---
+sidebar_position: 1
+---
+
+# Introduction

docs/docs/trifid-api/_category_.json

@@ -0,0 +1,8 @@
+{
+  "label": "trifid-api",
+  "position": 2,
+  "link": {
+    "type": "generated-index",
+    "description": "Documentation for trifid-api, the API server reimplementation."
+  }
+}

docs/docs/trifid-api/config_reference/_category_.json

@@ -0,0 +1,8 @@
+{
+  "label": "Configuration Reference",
+  "position": 2,
+  "link": {
+    "type": "generated-index",
+    "description": "Configuration options for trifid-api."
+  }
+}

docs/docs/trifid-api/config_reference/cryptography.md

@@ -0,0 +1,33 @@
+# cryptography
+
+Essential, extremely important cryptography settings. Relate directly to key handling and certificate generation.
+
+```toml title="/etc/trifid/config.toml"
+[cryptography]
+data_encryption_key = "010aecf4b545bb9bc918e154181eb6fd59f08430a78a23ec7eac69e6d06c6fed"
+local_keystore_directory = "/var/lib/trifid"
+certs_expiry_time = 32140800 # 1 year
+```
+
+### cryptography.data_encryption_key (required)
+
+:::caution
+**You must change this value!** It controls how CA keys are encrypted. Generate a new value for this with `openssl rand -hex 32`, and never share it with anyone.
+:::
+
+:::danger
+**DO NOT CHANGE THIS VALUE ON AN EXISTING INSTANCE!** Doing so will render all existing CAs and networks permanently unusable, and will require manual database manipulation and re-enrollment of all devices on your instance to fix.
+:::
+
+The 32-byte hex-encoded AES-256 key to encrypt CA keys with before storing them to the database.
+
+### cryptography.local_keystore_directory (required)
+
+The path to the legacy keystore. This is currently unused and will be removed entirely in a future release.
+The value of this does not matter.
+
+### cryptography.certs_expiry_time
+
+Default: 32140800 (1 year)
+
+The amount of time to make certs valid for, in seconds.

docs/docs/trifid-api/config_reference/database.md

@@ -0,0 +1,61 @@
+# database
+
+Defines the connection details and options for managing the database connection pool.
+
+```toml title="/etc/trifid/config.toml"
+[database]
+url = "postgres://username:password@host/database"
+max_connections = 100
+min_connections = 5
+connect_timeout = 8
+acquire_timeout = 8
+idle_timeout = 8
+max_lifetime = 8
+sqlx_logging = true
+```
+
+### database.url (required)
+
+The postgres connection URL to access the database. Takes the form `postgres://username:password@host/database`.
+
+### database.max_connections
+
+Default: 100
+
+The maximum number of connections that will be opened to the database at any one time.
+
+### database.min_connections
+
+Default: 5
+
+The minimum number of connections that will be maintained to the database at any one time.
+
+### database.connect_timeout
+
+Default: 8
+
+The timeout, in seconds, to use when creating new connections to the database.
+
+### database.acquire_timeout
+
+Defualt: 8
+
+The timeout, in seconds, to use when acquiring a connection from the connection pool.
+
+### database.idle_timeout
+
+Default: 8
+
+The amount of time, in seconds, that inactive connections will be kept in the pool before they are dropped.
+
+### database.max_lifetime
+
+Default: 8
+
+The maximum amount of time, in seconds, that connections will be maintained for.
+
+### database.sqlx_logging
+
+Default: true
+
+If true, verbose sqlx query logs will be enabled. If false, they will be hidden.

docs/docs/trifid-api/config_reference/server.md

@@ -0,0 +1,19 @@
+# server
+
+Settings related to the HTTP server itself.
+
+```toml title="/etc/trifid/config.toml"
+[server]
+bind = "0.0.0.0:8080"
+workers = 32
+```
+
+### server.bind (required)
+
+A SocketAddr that the server will listen to connections on. Takes the form `IP:PORT`
+
+### server.workers
+
+Default: 32
+
+The number of thread workers that will be created to process incoming requests.

docs/docs/trifid-api/config_reference/tokens.md

@@ -0,0 +1,42 @@
+# tokens
+
+Settings related to the various token types issued by the server.
+
+```toml title="/etc/trifid/config.toml"
+[tokens]
+magic_link_expiry_time_seconds = 3600 # 1 hour
+session_token_expiry_time_seconds = 15780000 # 6 months
+totp_setup_timeout_time_seconds = 600 # 10 minutes
+mfa_tokens_expiry_time_seconds = 600 # 10 minutes
+enrollment_tokens_expiry_time = 600 # 10 minutes
+```
+
+### tokens.magic_link_expiry_time_seconds
+
+Default: 3600 (1 hour)
+
+How long magic links should be valid for, in seconds.
+
+### tokens.session_token_expiry_time_seconds
+
+Default: 15780000 (6 months)
+
+How long session tokens should remain valid for, in seconds. This controls how often you need to re-authenticate with magic links.
+
+### tokens.totp_setup_timeout_time_seconds
+
+Default: 600 (10 minutes)
+
+How long TOTP setup tokens should be valid for, in seconds, before a new one must be generated.
+
+### tokens.mfa_tokens_expiry_time_seconds
+
+Default: 600 (10 minutes)
+
+How long MFA tokens should remain valid for, in seconds. This controls how often you need to re-authenticate with 2fa.
+
+### tokens.enrollment_tokens_expiry_time
+
+Default: 600 (10 minutes)
+
+How long enrollment tokens should be valid for, in seconds, before a new one must be generated.

docs/docs/trifid-api/intro.md

@@ -0,0 +1,12 @@
+---
+sidebar_position: 1
+---
+
+# Introduction
+
+Welcome to the trifid-api documentation!
+trifid-api is a complete reimplementation of the [Defined Networking](https://defined.net) API server, designed to allow you to self-host your own networks.
+
+:::caution
+Although trifid-api is battle-tested and has been used in production networks for months with no major issues, it should still be considered experimental software. Please, [report any bugs you find](https://git.e3t.cc/core/trifid/issues) to assist with further development of trifid-api.
+:::

docs/docs/tutorial-basics/_category_.json

@@ -1,6 +1,6 @@
 {
   "label": "Tutorial - Basics",
-  "position": 2,
+  "position": 6,
   "link": {
     "type": "generated-index",
     "description": "5 minutes to learn the most important Docusaurus concepts."

docs/docs/tutorial-extras/_category_.json

@@ -1,6 +1,6 @@
 {
   "label": "Tutorial - Extras",
-  "position": 3,
+  "position": 7,
   "link": {
     "type": "generated-index"
   }

docs/docusaurus.config.js

@@ -66,7 +66,7 @@ const config = {
             type: 'docSidebar',
             sidebarId: 'tutorialSidebar',
             position: 'left',
-            label: 'Tutorial',
+            label: 'Docs',
           },
           {to: '/blog', label: 'Blog', position: 'left'},
         ],
@@ -78,9 +78,25 @@ const config = {
             title: 'Docs',
             items: [
               {
-                label: 'Tutorial',
+                label: 'Overview',
                 to: '/docs/intro',
               },
+              {
+                label: 'trifid-api',
+                to: '/docs/trifid-api/intro',
+              },
+              {
+                label: 'tfweb',
+                to: '/docs/tfweb/intro',
+              },
+              {
+                label: 'tfclient',
+                to: '/docs/tfclient/intro',
+              },
+              {
+                label: 'tfcli',
+                to: '/docs/tfcli/intro',
+              },
             ],
           },
           {
@@ -90,6 +106,10 @@ const config = {
                 label: 'Blog',
                 to: '/blog',
               },
+              {
+                label: 'Git',
+                href: 'https://git.e3t.cc/core/trifid',
+              },
             ],
           },
         ],
@@ -98,6 +118,7 @@ const config = {
       prism: {
         theme: lightCodeTheme,
         darkTheme: darkCodeTheme,
+        additionalLanguages: ["toml"]
       },
     }),
 };

docs/src/components/HomepageFeatures/index.js

@@ -5,31 +5,28 @@ import styles from './styles.module.css';
 const FeatureList = [
   {
     title: 'Easy to Use',
-    Svg: require('@site/static/img/undraw_docusaurus_mountain.svg').default,
+    Svg: require('@site/static/img/undraw_setup_wizard_re_nday.svg').default,
     description: (
       <>
-        Docusaurus was designed from the ground up to be easily installed and
-        used to get your website up and running quickly.
+        Trifid is easy to install, simple to configure and is designed to get out of your way so you can focus on what matters most.
       </>
     ),
   },
   {
-    title: 'Focus on What Matters',
-    Svg: require('@site/static/img/undraw_docusaurus_tree.svg').default,
+    title: 'Incredibly Fast',
+    Svg: require('@site/static/img/undraw_fast_loading_re_8oi3.svg').default,
     description: (
       <>
-        Docusaurus lets you focus on your docs, and we&apos;ll do the chores. Go
-        ahead and move your docs into the <code>docs</code> directory.
+          Trifid was built from the ground-up with speed in mind. Written entirely in Go and Rust, Trifid is fast and safe.
       </>
     ),
   },
   {
-    title: 'Powered by React',
-    Svg: require('@site/static/img/undraw_docusaurus_react.svg').default,
+    title: 'Simple Security',
+    Svg: require('@site/static/img/undraw_secure_server_re_8wsq.svg').default,
     description: (
       <>
-        Extend or customize your website layout by reusing React. Docusaurus can
-        be extended while reusing the same header and footer.
+        Built around the Defined Networking protocol, the server never handles any sensitive client keys.
       </>
     ),
   },