2015-12-13 09:34:12 +00:00
|
|
|
import os
|
|
|
|
basedir = os.path.abspath(os.path.dirname(__file__))
|
|
|
|
|
|
|
|
# BASIC APP CONFIG
|
|
|
|
WTF_CSRF_ENABLED = True
|
|
|
|
SECRET_KEY = 'We are the world'
|
2016-04-13 04:13:59 +00:00
|
|
|
BIND_ADDRESS = '127.0.0.1'
|
2018-03-30 06:49:35 +00:00
|
|
|
PORT = 9191
|
2015-12-13 09:34:12 +00:00
|
|
|
|
2016-03-17 04:59:33 +00:00
|
|
|
# TIMEOUT - for large zones
|
|
|
|
TIMEOUT = 10
|
|
|
|
|
2016-08-12 08:15:38 +00:00
|
|
|
# LOG CONFIG
|
2015-12-13 09:34:12 +00:00
|
|
|
LOG_LEVEL = 'DEBUG'
|
|
|
|
LOG_FILE = 'logfile.log'
|
2016-08-31 21:11:04 +00:00
|
|
|
# For Docker, leave empty string
|
|
|
|
#LOG_FILE = ''
|
2015-12-13 09:34:12 +00:00
|
|
|
|
2015-12-16 17:50:28 +00:00
|
|
|
# Upload
|
|
|
|
UPLOAD_DIR = os.path.join(basedir, 'upload')
|
|
|
|
|
2015-12-13 09:34:12 +00:00
|
|
|
# DATABASE CONFIG
|
2016-08-16 16:54:07 +00:00
|
|
|
#You'll need MySQL-python
|
|
|
|
SQLA_DB_USER = 'powerdnsadmin'
|
|
|
|
SQLA_DB_PASSWORD = 'powerdnsadminpassword'
|
|
|
|
SQLA_DB_HOST = 'mysqlhostorip'
|
|
|
|
SQLA_DB_NAME = 'powerdnsadmin'
|
|
|
|
|
|
|
|
#MySQL
|
2017-11-02 01:32:51 +00:00
|
|
|
#SQLALCHEMY_DATABASE_URI = 'mysql://'+SQLA_DB_USER+':'\
|
|
|
|
# +SQLA_DB_PASSWORD+'@'+SQLA_DB_HOST+'/'+SQLA_DB_NAME
|
2016-08-16 16:54:07 +00:00
|
|
|
#SQLite
|
2018-06-13 02:55:57 +00:00
|
|
|
SQLALCHEMY_DATABASE_URI = 'sqlite:///' + os.path.join(basedir, 'pdns.db')
|
2015-12-13 09:34:12 +00:00
|
|
|
SQLALCHEMY_MIGRATE_REPO = os.path.join(basedir, 'db_repository')
|
|
|
|
SQLALCHEMY_TRACK_MODIFICATIONS = True
|
|
|
|
|
|
|
|
|
2016-08-16 15:21:29 +00:00
|
|
|
## AD CONFIG
|
|
|
|
#LDAP_TYPE = 'ad'
|
|
|
|
#LDAP_URI = 'ldaps://your-ad-server:636'
|
|
|
|
#LDAP_USERNAME = 'cn=dnsuser,ou=Users,dc=domain,dc=local'
|
|
|
|
#LDAP_PASSWORD = 'dnsuser'
|
|
|
|
#LDAP_SEARCH_BASE = 'dc=domain,dc=local'
|
|
|
|
## You may prefer 'userPrincipalName' instead
|
|
|
|
#LDAP_USERNAMEFIELD = 'sAMAccountName'
|
|
|
|
## AD Group that you would like to have accesss to web app
|
|
|
|
#LDAP_FILTER = 'memberof=cn=DNS_users,ou=Groups,dc=domain,dc=local'
|
|
|
|
|
2016-08-05 08:20:41 +00:00
|
|
|
# Github Oauth
|
|
|
|
GITHUB_OAUTH_ENABLE = False
|
2018-04-01 00:05:57 +00:00
|
|
|
GITHUB_OAUTH_KEY = ''
|
|
|
|
GITHUB_OAUTH_SECRET = ''
|
2016-08-05 08:20:41 +00:00
|
|
|
GITHUB_OAUTH_SCOPE = 'email'
|
2018-04-01 00:05:57 +00:00
|
|
|
GITHUB_OAUTH_URL = 'http://127.0.0.1:9191/api/v3/'
|
|
|
|
GITHUB_OAUTH_TOKEN = 'http://127.0.0.1:9191/oauth/token'
|
|
|
|
GITHUB_OAUTH_AUTHORIZE = 'http://127.0.0.1:9191/oauth/authorize'
|
2016-08-05 08:20:41 +00:00
|
|
|
|
2017-11-01 21:18:43 +00:00
|
|
|
|
2017-09-22 14:28:09 +00:00
|
|
|
# Google OAuth
|
|
|
|
GOOGLE_OAUTH_ENABLE = False
|
|
|
|
GOOGLE_OAUTH_CLIENT_ID = ' '
|
|
|
|
GOOGLE_OAUTH_CLIENT_SECRET = ' '
|
2017-09-28 14:05:52 +00:00
|
|
|
GOOGLE_REDIRECT_URI = '/user/authorized'
|
2017-09-22 14:28:09 +00:00
|
|
|
GOOGLE_TOKEN_URL = 'https://accounts.google.com/o/oauth2/token'
|
|
|
|
GOOGLE_TOKEN_PARAMS = {
|
|
|
|
'scope': 'email profile'
|
|
|
|
}
|
|
|
|
GOOGLE_AUTHORIZE_URL='https://accounts.google.com/o/oauth2/auth'
|
|
|
|
GOOGLE_BASE_URL='https://www.googleapis.com/oauth2/v1/'
|
|
|
|
|
2017-10-31 18:21:22 +00:00
|
|
|
# SAML Authnetication
|
2017-10-31 22:45:24 +00:00
|
|
|
SAML_ENABLED = False
|
2017-11-01 16:31:51 +00:00
|
|
|
SAML_DEBUG = True
|
|
|
|
SAML_PATH = os.path.join(os.path.dirname(__file__), 'saml')
|
|
|
|
##Example for ADFS Metadata-URL
|
|
|
|
SAML_METADATA_URL = 'https://<hostname>/FederationMetadata/2007-06/FederationMetadata.xml'
|
|
|
|
#Cache Lifetime in Seconds
|
|
|
|
SAML_METADATA_CACHE_LIFETIME = 1
|
2018-05-02 22:45:28 +00:00
|
|
|
|
2018-08-11 13:12:06 +00:00
|
|
|
# SAML SSO binding format to use
|
|
|
|
## Default: library default (urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect)
|
|
|
|
#SAML_IDP_SSO_BINDING = 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST'
|
|
|
|
|
2018-05-02 22:45:28 +00:00
|
|
|
## EntityID of the IdP to use. Only needed if more than one IdP is
|
|
|
|
## in the SAML_METADATA_URL
|
|
|
|
### Default: First (only) IdP in the SAML_METADATA_URL
|
|
|
|
### Example: https://idp.example.edu/idp
|
|
|
|
#SAML_IDP_ENTITY_ID = 'https://idp.example.edu/idp'
|
|
|
|
## NameID format to request
|
|
|
|
### Default: The SAML NameID Format in the metadata if present,
|
|
|
|
### otherwise urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
|
|
|
|
### Example: urn:oid:0.9.2342.19200300.100.1.1
|
|
|
|
#SAML_NAMEID_FORMAT = 'urn:oid:0.9.2342.19200300.100.1.1'
|
|
|
|
|
|
|
|
## Attribute to use for Email address
|
|
|
|
### Default: email
|
|
|
|
### Example: urn:oid:0.9.2342.19200300.100.1.3
|
|
|
|
#SAML_ATTRIBUTE_EMAIL = 'urn:oid:0.9.2342.19200300.100.1.3'
|
|
|
|
|
|
|
|
## Attribute to use for Given name
|
|
|
|
### Default: givenname
|
|
|
|
### Example: urn:oid:2.5.4.42
|
|
|
|
#SAML_ATTRIBUTE_GIVENNAME = 'urn:oid:2.5.4.42'
|
|
|
|
|
|
|
|
## Attribute to use for Surname
|
|
|
|
### Default: surname
|
|
|
|
### Example: urn:oid:2.5.4.4
|
|
|
|
#SAML_ATTRIBUTE_SURNAME = 'urn:oid:2.5.4.4'
|
|
|
|
|
|
|
|
## Attribute to use for username
|
|
|
|
### Default: Use NameID instead
|
|
|
|
### Example: urn:oid:0.9.2342.19200300.100.1.1
|
|
|
|
#SAML_ATTRIBUTE_USERNAME = 'urn:oid:0.9.2342.19200300.100.1.1'
|
|
|
|
|
|
|
|
## Attribute to get admin status from
|
|
|
|
### Default: Don't control admin with SAML attribute
|
|
|
|
### Example: https://example.edu/pdns-admin
|
|
|
|
### If set, look for the value 'true' to set a user as an administrator
|
|
|
|
### If not included in assertion, or set to something other than 'true',
|
|
|
|
### the user is set as a non-administrator user.
|
|
|
|
#SAML_ATTRIBUTE_ADMIN = 'https://example.edu/pdns-admin'
|
|
|
|
|
2018-06-25 11:15:35 +00:00
|
|
|
## Attribute to get account names from
|
|
|
|
### Default: Don't control accounts with SAML attribute
|
|
|
|
### If set, the user will be added and removed from accounts to match
|
|
|
|
### what's in the login assertion. Accounts that don't exist will
|
|
|
|
### be created and the user added to them.
|
|
|
|
SAML_ATTRIBUTE_ACCOUNT = 'https://example.edu/pdns-account'
|
|
|
|
|
2017-11-01 16:31:51 +00:00
|
|
|
SAML_SP_ENTITY_ID = 'http://<SAML SP Entity ID>'
|
|
|
|
SAML_SP_CONTACT_NAME = '<contact name>'
|
|
|
|
SAML_SP_CONTACT_MAIL = '<contact mail>'
|
2018-01-20 16:17:02 +00:00
|
|
|
#Cofigures if SAML tokens should be encrypted.
|
|
|
|
#If enabled a new app certificate will be generated on restart
|
|
|
|
SAML_SIGN_REQUEST = False
|
2017-12-04 23:14:31 +00:00
|
|
|
#Use SAML standard logout mechanism retreived from idp metadata
|
|
|
|
#If configured false don't care about SAML session on logout.
|
|
|
|
#Logout from PowerDNS-Admin only and keep SAML session authenticated.
|
|
|
|
SAML_LOGOUT = False
|
|
|
|
#Configure to redirect to a different url then PowerDNS-Admin login after SAML logout
|
|
|
|
#for example redirect to google.com after successful saml logout
|
|
|
|
#SAML_LOGOUT_URL = 'https://google.com'
|
2017-10-31 18:21:22 +00:00
|
|
|
|
2016-04-26 20:04:33 +00:00
|
|
|
|
2015-12-13 09:34:12 +00:00
|
|
|
# POWERDNS CONFIG
|
|
|
|
PDNS_STATS_URL = 'http://172.16.214.131:8081/'
|
|
|
|
PDNS_API_KEY = 'you never know'
|
2018-04-01 00:05:57 +00:00
|
|
|
PDNS_VERSION = '4.1.1'
|
2015-12-13 09:34:12 +00:00
|
|
|
|
|
|
|
# RECORDS ALLOWED TO EDIT
|
2018-07-05 03:42:46 +00:00
|
|
|
RECORDS_ALLOW_EDIT = ['A', 'AAAA', 'CAA', 'CNAME', 'MX', 'PTR', 'SPF', 'SRV', 'TXT', 'LOC', 'NS', 'PTR', 'SOA']
|
2018-02-16 19:02:16 +00:00
|
|
|
FORWARD_RECORDS_ALLOW_EDIT = ['A', 'AAAA', 'CAA', 'CNAME', 'MX', 'PTR', 'SPF', 'SRV', 'TXT', 'LOC' 'NS']
|
2018-04-06 06:22:09 +00:00
|
|
|
REVERSE_RECORDS_ALLOW_EDIT = ['SOA', 'TXT', 'LOC', 'NS', 'PTR']
|
2016-08-19 23:04:20 +00:00
|
|
|
|
2018-06-06 10:42:57 +00:00
|
|
|
# ALLOW DNSSEC CHANGES FOR ADMINS ONLY
|
|
|
|
DNSSEC_ADMINS_ONLY = False
|
|
|
|
|
2016-08-19 23:04:20 +00:00
|
|
|
# EXPERIMENTAL FEATURES
|
|
|
|
PRETTY_IPV6_PTR = False
|
2018-06-08 09:46:17 +00:00
|
|
|
|
|
|
|
# Domain updates in background, for big installations
|
|
|
|
BG_DOMAIN_UPDATES = False
|