added some variables

README.md

@@ -197,14 +197,18 @@ with `systemctl start fastapi-dls.service` (and enable autostart with `systemctl
 
 # Configuration
 
-| Variable            | Default               | Usage                                                                                 |
-|---------------------|-----------------------|---------------------------------------------------------------------------------------|
-| `DEBUG`             | `false`               | Toggles `fastapi` debug mode                                                          |
-| `DLS_URL`           | `localhost`           | Used in client-token to tell guest driver where dls instance is reachable             |
-| `DLS_PORT`          | `443`                 | Used in client-token to tell guest driver where dls instance is reachable             |
-| `LEASE_EXPIRE_DAYS` | `90`                  | Lease time in days                                                                    |
-| `DATABASE`          | `sqlite:///db.sqlite` | See [official dataset docs](https://dataset.readthedocs.io/en/latest/quickstart.html) |
-| `CORS_ORIGINS`      | `https://{DLS_URL}`   | Sets `Access-Control-Allow-Origin` header (comma separated string)                    |
+| Variable            | Default                                | Usage                                                                                 |
+|---------------------|----------------------------------------|---------------------------------------------------------------------------------------|
+| `DEBUG`             | `false`                                | Toggles `fastapi` debug mode                                                          |
+| `DLS_URL`           | `localhost`                            | Used in client-token to tell guest driver where dls instance is reachable             |
+| `DLS_PORT`          | `443`                                  | Used in client-token to tell guest driver where dls instance is reachable             |
+| `LEASE_EXPIRE_DAYS` | `90`                                   | Lease time in days                                                                    |
+| `DATABASE`          | `sqlite:///db.sqlite`                  | See [official dataset docs](https://dataset.readthedocs.io/en/latest/quickstart.html) |
+| `CORS_ORIGINS`      | `https://{DLS_URL}`                    | Sets `Access-Control-Allow-Origin` header (comma separated string)                    |
+| `SITE_KEY_XID`      | `00000000-0000-0000-0000-000000000000` | Site identification uuid                                                              |
+| `INSTANCE_REF`      | `00000000-0000-0000-0000-000000000000` | Instance identification uuid                                                          |
+| `INSTANCE_KEY_RSA`  | `<app-dir>/cert/instance.private.pem`  | Site-wide private RSA key for singing JWTs                                            |
+| `INSTANCE_KEY_PUB`  | `<app-dir>/cert/instance.public.pem`   | Site-wide public key                                                                  |
 
 # Setup (Client)
 

app/main.py

@@ -54,8 +54,8 @@ DLS_URL = str(getenv('DLS_URL', 'localhost'))
 DLS_PORT = int(getenv('DLS_PORT', '443'))
 SITE_KEY_XID = str(getenv('SITE_KEY_XID', '00000000-0000-0000-0000-000000000000'))
 INSTANCE_REF = str(getenv('INSTANCE_REF', '00000000-0000-0000-0000-000000000000'))
-INSTANCE_KEY_RSA = load_key(join(dirname(__file__), 'cert/instance.private.pem'))
-INSTANCE_KEY_PUB = load_key(join(dirname(__file__), 'cert/instance.public.pem'))
+INSTANCE_KEY_RSA = load_key(str(getenv('INSTANCE_KEY_RSA', join(dirname(__file__), 'cert/instance.private.pem'))))
+INSTANCE_KEY_PUB = load_key(str(getenv('INSTANCE_KEY_PUB', join(dirname(__file__), 'cert/instance.public.pem'))))
 
 CORS_ORIGINS = getenv('CORS_ORIGINS').split(',') if (getenv('CORS_ORIGINS')) else f'https://{DLS_URL}'  # todo: prevent static https