Migrate config to mcdsl: Load[T], env overrides, embedded types

Replace local TOML loading with mcdsl/config.Load[Config] which adds METACRYPT_ environment variable overrides. ServerConfig and MCIASConfig now embed their mcdsl counterparts, extending with ExternalURL and ServiceToken respectively. DatabaseConfig and LogConfig replaced with mcdsl types directly. TOML structure is preserved — no config file changes needed. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-26 14:09:58 -07:00
parent d887ca30ca
commit 2a927e5359
4 changed files with 79 additions and 63 deletions
--- a/internal/config/config.go
+++ b/internal/config/config.go
@@ -3,9 +3,9 @@ package config

 import (
 	"fmt"
-	"os"

-	"github.com/pelletier/go-toml/v2"
+	mcdslauth "git.wntrmute.dev/kyle/mcdsl/auth"
+	mcdslconfig "git.wntrmute.dev/kyle/mcdsl/config"
 )

 // Config is the top-level configuration for Metacrypt.
@@ -13,29 +13,24 @@ type Config struct {
 	Server   ServerConfig   `toml:"server"`
 	Web      WebConfig      `toml:"web"`
 	MCIAS    MCIASConfig    `toml:"mcias"`
-	Database DatabaseConfig `toml:"database"`
-	Log      LogConfig      `toml:"log"`
+	Database mcdslconfig.DatabaseConfig `toml:"database"`
+	Log      mcdslconfig.LogConfig      `toml:"log"`
 	Seal     SealConfig     `toml:"seal"`
 	Audit    AuditConfig    `toml:"audit"`
 }

-// AuditConfig holds audit logging settings.
-type AuditConfig struct {
-	// Mode controls audit log output: "file", "stdout", or "" (disabled).
-	Mode string `toml:"mode"`
-	// Path is the audit log file path (required when mode is "file").
-	Path string `toml:"path"`
-	// IncludeReads enables audit logging for read-only operations.
-	IncludeReads bool `toml:"include_reads"`
+// ServerConfig holds HTTP/gRPC server settings. It embeds the standard
+// mcdsl server config and adds the ACME external URL.
+type ServerConfig struct {
+	mcdslconfig.ServerConfig
+	ExternalURL string `toml:"external_url"` // public base URL for ACME directory
 }

-// ServerConfig holds HTTP/gRPC server settings.
-type ServerConfig struct {
-	ListenAddr  string `toml:"listen_addr"`
-	GRPCAddr string `toml:"grpc_addr"`
-	TLSCert     string `toml:"tls_cert"`
-	TLSKey      string `toml:"tls_key"`
-	ExternalURL string `toml:"external_url"` // public base URL for ACME directory, e.g. "https://metacrypt.example.com"
+// MCIASConfig holds MCIAS integration settings. It embeds the standard
+// mcdsl auth config and adds the service token for web UI login.
+type MCIASConfig struct {
+	mcdslauth.Config
+	ServiceToken string `toml:"service_token"`
 }

 // WebConfig holds settings for the standalone web UI server (metacrypt-web).
@@ -56,16 +51,14 @@ type WebConfig struct {
 	TLSKey  string `toml:"tls_key"`
 }

-// DatabaseConfig holds SQLite database settings.
-type DatabaseConfig struct {
+// AuditConfig holds audit logging settings.
+type AuditConfig struct {
+	// Mode controls audit log output: "file", "stdout", or "" (disabled).
+	Mode string `toml:"mode"`
+	// Path is the audit log file path (required when mode is "file").
 	Path string `toml:"path"`
-}
-
-// MCIASConfig holds MCIAS integration settings.
-type MCIASConfig struct {
-	ServerURL    string `toml:"server_url"`
-	CACert       string `toml:"ca_cert"`
-	ServiceToken string `toml:"service_token"`
+	// IncludeReads enables audit logging for read-only operations.
+	IncludeReads bool `toml:"include_reads"`
 }

 // SealConfig holds Argon2id parameters for the seal process.
@@ -75,46 +68,31 @@ type SealConfig struct {
 	Argon2Threads uint8  `toml:"argon2_threads"`
 }

-// LogConfig holds logging settings.
-type LogConfig struct {
-	Level string `toml:"level"`
-}
-
-// Load reads and parses a TOML config file.
+// Load reads and parses a TOML config file with METACRYPT_ env var overrides.
 func Load(path string) (*Config, error) {
-	data, err := os.ReadFile(path) //nolint:gosec
-	if err != nil {
-		return nil, fmt.Errorf("config: read file: %w", err)
-	}
-	var cfg Config
-	if err := toml.Unmarshal(data, &cfg); err != nil {
-		return nil, fmt.Errorf("config: parse: %w", err)
-	}
-	if err := cfg.Validate(); err != nil {
-		return nil, err
-	}
-	return &cfg, nil
+	return mcdslconfig.Load[Config](path, "METACRYPT")
 }

-// Validate checks required fields and applies defaults.
+// Validate implements mcdslconfig.Validator for metacrypt-specific rules.
 func (c *Config) Validate() error {
+	// Required fields.
 	if c.Server.ListenAddr == "" {
-		return fmt.Errorf("config: server.listen_addr is required")
+		return fmt.Errorf("server.listen_addr is required")
 	}
 	if c.Server.TLSCert == "" {
-		return fmt.Errorf("config: server.tls_cert is required")
+		return fmt.Errorf("server.tls_cert is required")
 	}
 	if c.Server.TLSKey == "" {
-		return fmt.Errorf("config: server.tls_key is required")
+		return fmt.Errorf("server.tls_key is required")
 	}
 	if c.Database.Path == "" {
-		return fmt.Errorf("config: database.path is required")
+		return fmt.Errorf("database.path is required")
 	}
 	if c.MCIAS.ServerURL == "" {
-		return fmt.Errorf("config: mcias.server_url is required")
+		return fmt.Errorf("mcias.server_url is required")
 	}

-	// Apply defaults for seal parameters.
+	// Seal defaults.
 	if c.Seal.Argon2Time == 0 {
 		c.Seal.Argon2Time = 3
 	}
@@ -125,25 +103,26 @@ func (c *Config) Validate() error {
 		c.Seal.Argon2Threads = 4
 	}

+	// Log default.
 	if c.Log.Level == "" {
 		c.Log.Level = "info"
 	}

-	// Apply defaults for web server.
+	// Web default.
 	if c.Web.ListenAddr == "" {
 		c.Web.ListenAddr = "127.0.0.1:8080"
 	}

-	// Validate audit config.
+	// Audit validation.
 	switch c.Audit.Mode {
 	case "", "stdout":
 		// ok
 	case "file":
 		if c.Audit.Path == "" {
-			return fmt.Errorf("config: audit.path is required when audit.mode is \"file\"")
+			return fmt.Errorf("audit.path is required when audit.mode is \"file\"")
 		}
 	default:
-		return fmt.Errorf("config: audit.mode must be \"file\", \"stdout\", or empty")
+		return fmt.Errorf("audit.mode must be \"file\", \"stdout\", or empty")
 	}

 	return nil