Add some more docs

Signed-off-by: Gabriel Adrian Samfira <gsamfira@cloudbasesolutions.com>

doc/config_api_server.md

@@ -0,0 +1,32 @@
+# The API server config section
+
+This section allows you to configure the GARM API server. The API server is responsible for serving all the API endpoints used by the `garm-cli`, the runners that phone home their status and by GitHub when it sends us webhooks.
+
+The config options are fairly straight forward.
+
+```toml
+[apiserver]
+  # Bind the API to this IP
+  bind = "0.0.0.0"
+  # Bind the API to this port
+  port = 9997
+  # Whether or not to set up TLS for the API endpoint. If this is set to true,
+  # you must have a valid apiserver.tls section.
+  use_tls = false
+  # Set a list of allowed origins
+  # By default, if this option is ommited or empty, we will check
+  # only that the origin is the same as the originating server.
+  # A literal of "*" will allow any origin
+  cors_origins = ["*"]
+  [apiserver.tls]
+    # Path on disk to a x509 certificate bundle.
+    # NOTE: if your certificate is signed by an intermediary CA, this file
+    # must contain the entire certificate bundle needed for clients to validate
+    # the certificate. This usually means concatenating the certificate and the
+    # CA bundle you received.
+    certificate = ""
+    # The path on disk to the corresponding private key for the certificate.
+    key = ""
+```
+
+The GARM API server has the option to enable TLS, but I suggest you use a reverse proxy and enable TLS termination in that reverse proxy. There is an `nginx` sample in this repository.

doc/config_jwt_auth.md

@@ -0,0 +1,19 @@
+# The JWT authentication config section
+
+This section configures the JWT authentication used by the API server. GARM is currently a single user system and that user has the right to do anything and everything GARM is capable of. As a result, the JWT auth we have does not include a refresh token. The token is valid for the duration of the time to live (TTL) set in the config file. Once the token expires, you will need to log in again.
+
+It is recommended that the secret be a long, randomly generated string. Changing the secret at any time will invalidate all existing tokens.
+
+```toml
+[jwt_auth]
+# A JWT token secret used to sign tokens.
+# Obviously, this needs to be changed :).
+secret = ")9gk_4A6KrXz9D2u`0@MPea*sd6W`%@5MAWpWWJ3P3EqW~qB!!(Vd$FhNc*eU4vG"
+
+# Time to live for tokens. Both the instances and you will use JWT tokens to
+# authenticate against the API. However, this TTL is applied only to tokens you
+# get when logging into the API. The tokens issued to the instances we manage,
+# have a TTL based on the runner bootstrap timeout set on each pool. The minimum
+# TTL for this token is 24h.
+time_to_live = "8760h"
+```

doc/providers.md

@@ -4,7 +4,6 @@ GARM was designed to be extensible. Providers can be written either as built-in
 
 GARM currently ships with one built-in provider for [LXD](https://linuxcontainers.org/lxd/introduction/) and the external provider interface which allows you to write your own provider in any language you want.
 
-
 - [LXD provider](#lxd-provider)
     - [LXD remotes](#lxd-remotes)
     - [LXD Security considerations](#lxd-security-considerations)