feat: Add comprehensive YAML-based configuration system for bssh-server (#130)

[inureyes]

Summary

Implements #130 - Create a comprehensive configuration system for bssh-server with YAML files, environment variables, and CLI argument overrides.

Implementation Details

New Configuration System

File Structure:

• src/server/config/mod.rs - Module exports and backward compatibility layer
• src/server/config/types.rs - Comprehensive configuration types with serde
• src/server/config/loader.rs - Config loader with validation and env overrides

Key Features:

• ✅ YAML configuration file support with default search paths
• ✅ Environment variable overrides (BSSH_* prefix)
• ✅ Hierarchical configuration: CLI > Environment > File > Defaults
• ✅ Configuration validation at startup (host keys, CIDR ranges, etc.)
• ✅ Config template generation function
• ✅ Full backward compatibility with existing ServerConfig API

Configuration Types

The new ServerFileConfig includes:

• ServerSettings: bind_address, port, host_keys, max_connections, timeout, keepalive
• AuthConfig: authentication methods (publickey/password), authorized_keys settings
• ShellConfig: default shell, environment variables, command timeout
• SftpConfig: enable/disable, root directory
• ScpConfig: enable/disable
• FilterConfig: file transfer filtering rules
• AuditConfig: audit logging exporters (file/otel/logstash)
• SecurityConfig: auth attempts, ban time, session limits, IP allowlist/blocklist

Environment Variables

Supported environment variables:

• BSSH_PORT - Server port
• BSSH_BIND_ADDRESS - Bind address
• BSSH_HOST_KEY - Comma-separated host key paths
• BSSH_MAX_CONNECTIONS - Maximum concurrent connections
• BSSH_KEEPALIVE_INTERVAL - Keepalive interval in seconds
• BSSH_AUTH_METHODS - Comma-separated auth methods
• BSSH_AUTHORIZED_KEYS_DIR - Directory for authorized_keys
• BSSH_AUTHORIZED_KEYS_PATTERN - Pattern for authorized_keys paths
• BSSH_SHELL - Default shell path
• BSSH_COMMAND_TIMEOUT - Command timeout in seconds

Dependencies

Added ipnetwork = "0.20" for CIDR notation validation.

Testing

• ✅ 25 comprehensive tests covering all features
• ✅ YAML parsing tests
• ✅ Environment variable override tests
• ✅ Configuration validation tests
• ✅ Backward compatibility tests
• ✅ All existing tests pass (839 tests)
• ✅ Clippy clean

Backward Compatibility

The existing ServerConfig and ServerConfigBuilder APIs remain unchanged. The new system adds:

• ServerFileConfig for YAML-based configuration
• load_config() function to load from files/env
• generate_config_template() for generating config templates
• into_server_config() method to convert file config to builder config

Existing code continues to work without changes.

Example Usage

// Load from default locations or environment
let file_config = load_config(None)?;

// Convert to ServerConfig for use with BsshServer
let server_config = file_config.into_server_config();
let server = BsshServer::new(server_config);

// Or use existing builder API
let server_config = ServerConfig::builder()
    .host_key("/etc/ssh/ssh_host_ed25519_key")
    .listen_address("0.0.0.0:2222")
    .build();

Related Issues

• Closes Create server configuration system #130
• Part of Implement bssh-server with SFTP/SCP support #123 (bssh-server implementation)
• Depends on Create shared module structure for client/server code reuse #124 (shared module structure)

[inureyes]

PR Finalization Report

Project Structure Discovered

• Project Type: Rust (Cargo.toml)
• Test Framework: cargo test
• Documentation System: Plain markdown with docs/architecture/ structure
• Multi-language Docs: No
• Lint Tools: cargo fmt, cargo clippy

Checklist

Tests

• Analyzed existing test structure (inline tests in src/server/config/*.rs)
• Verified 32 server config tests exist and pass
• All tests passing (845 passed, 1 pre-existing unrelated failure in jump/chain/auth.rs)

Documentation

• ARCHITECTURE.md updated with server configuration system details
• docs/architecture/README.md updated with server config links
• docs/architecture/server-configuration.md created with comprehensive documentation
  • Configuration precedence
  • Complete YAML schema
  • Environment variable overrides
  • Validation rules
  • Data model types
  • Usage examples

Code Quality

• cargo fmt: Passed (minor formatting fixes applied)
• cargo clippy -- -D warnings: Passed (no warnings)

Changes Made

• Created /home/inureyes/Development/backend.ai/bssh/docs/architecture/server-configuration.md - Comprehensive server configuration documentation
• Updated /home/inureyes/Development/backend.ai/bssh/ARCHITECTURE.md - Added server config system documentation
• Updated /home/inureyes/Development/backend.ai/bssh/docs/architecture/README.md - Added links to server configuration docs
• Applied formatting fixes to /home/inureyes/Development/backend.ai/bssh/src/server/config/loader.rs

Notes

• One pre-existing test failure in jump::chain::auth::tests::test_determine_auth_method_tries_default_keys - requires ~/.ssh/id_ed25519 to exist, unrelated to this PR
• The *.md gitignore rule required force-adding the new documentation file