diff --git a/config.yml.sample b/config.yml.sample index 607dc55e..c4c918ae 100644 --- a/config.yml.sample +++ b/config.yml.sample @@ -60,11 +60,11 @@ database: type: "sqlite" # Database user which is used to connect to the database. user: "vikunja" - # Databse password + # Database password password: "" - # Databse host + # Database host host: "localhost" - # Databse to use + # Database to use database: "vikunja" # When using sqlite, this is the path where to store the data path: "./vikunja.db" @@ -77,6 +77,12 @@ database: # Secure connection mode. Only used with postgres. # (see https://pkg.go.dev/github.com/lib/pq?tab=doc#hdr-Connection_String_Parameters) sslmode: disable + # The path to the client cert. Only used with postgres. + sslcert: "" + # The path to the client key. Only used with postgres. + sslkey: "" + # The path to the ca cert. Only used with postgres. + sslrootcert: "" # Enable SSL/TLS for mysql connections. Options: false, true, skip-verify, preferred tls: false diff --git a/docs/content/doc/setup/config.md b/docs/content/doc/setup/config.md index e6e17f95..d297f851 100644 --- a/docs/content/doc/setup/config.md +++ b/docs/content/doc/setup/config.md @@ -340,7 +340,7 @@ Environment path: `VIKUNJA_DATABASE_USER` ### password -Databse password +Database password Default: `` @@ -351,7 +351,7 @@ Environment path: `VIKUNJA_DATABASE_PASSWORD` ### host -Databse host +Database host Default: `localhost` @@ -362,7 +362,7 @@ Environment path: `VIKUNJA_DATABASE_HOST` ### database -Databse to use +Database to use Default: `vikunja` @@ -426,6 +426,35 @@ Full path: `database.sslmode` Environment path: `VIKUNJA_DATABASE_SSLMODE` +### sslcert + +The path to the client cert. Only used with postgres. + +Default: `` + +Full path: `database.sslcert` + +Environment path: `VIKUNJA_DATABASE_SSLCERT` + +### sslkey + +The path to the client key. Only used with postgres. + +Default: `` + +Full path: `database.sslkey` + +Environment path: `VIKUNJA_DATABASE_SSLKEY` + +### sslrootcert + +The path to the ca cert. Only used with postgres. + +Default: `` + +Full path: `database.sslrootcert` + +Environment path: `VIKUNJA_DATABASE_SSLROOTCERT` ### tls diff --git a/pkg/config/config.go b/pkg/config/config.go index f5eee2de..9e7bedb3 100644 --- a/pkg/config/config.go +++ b/pkg/config/config.go @@ -78,6 +78,9 @@ const ( DatabaseMaxIdleConnections Key = `database.maxidleconnections` DatabaseMaxConnectionLifetime Key = `database.maxconnectionlifetime` DatabaseSslMode Key = `database.sslmode` + DatabaseSslCert Key = `database.sslcert` + DatabaseSslKey Key = `database.sslkey` + DatabaseSslRootCert Key = `database.sslrootcert` DatabaseTLS Key = `database.tls` CacheEnabled Key = `cache.enabled` @@ -268,6 +271,9 @@ func InitDefaultConfig() { DatabaseMaxIdleConnections.setDefault(50) DatabaseMaxConnectionLifetime.setDefault(10000) DatabaseSslMode.setDefault("disable") + DatabaseSslCert.setDefault("") + DatabaseSslKey.setDefault("") + DatabaseSslRootCert.setDefault("") DatabaseTLS.setDefault("false") // Cacher diff --git a/pkg/db/db.go b/pkg/db/db.go index 617b8b7b..ab532979 100644 --- a/pkg/db/db.go +++ b/pkg/db/db.go @@ -150,13 +150,16 @@ func parsePostgreSQLHostPort(info string) (string, string) { func initPostgresEngine() (engine *xorm.Engine, err error) { host, port := parsePostgreSQLHostPort(config.DatabaseHost.GetString()) - connStr := fmt.Sprintf("host=%s port=%s user=%s password=%s dbname=%s sslmode=%s", + connStr := fmt.Sprintf("host=%s port=%s user=%s password=%s dbname=%s sslmode=%s sslcert=%s sslkey=%s sslrootcert=%s", host, port, url.PathEscape(config.DatabaseUser.GetString()), url.PathEscape(config.DatabasePassword.GetString()), config.DatabaseDatabase.GetString(), config.DatabaseSslMode.GetString(), + config.DatabaseSslCert.GetString(), + config.DatabaseSslKey.GetString(), + config.DatabaseSslRootCert.GetString(), ) engine, err = xorm.NewEngine("postgres", connStr)