Initial euclide.org release

2023-11-17 06:55:06 +01:00
commit 97379c8e8a
210 changed files with 32403 additions and 0 deletions
--- a/pdns-proxy.conf.example
+++ b/pdns-proxy.conf.example
@@ -0,0 +1,89 @@
+config
+{
+    profiles:
+    {
+        infra:
+        {
+            subjectRegexp:      ".*@example.org"
+            type:               ldap
+            servers:            [ "ldap.example.org" ]
+            bindCn:             "cn=readonly,dc=example,dc=org"
+            bindPw:             "**********"
+            baseDN:             "ou=users,dc=example,dc=org"
+            searchFilter:       "(&(mail=%s))"
+            attribute:          "description"
+            pgpAttribute:       "pgpKey"
+            validValues:        [ "infra", "vwf" ]
+        }
+        devServer:
+        {
+            subjectRegexp:      "[a-z0-9-]*\\.dev\\.[a-z0-9]*\\.example.org"
+            type:               regexp
+        }
+        letsencrypt:
+        {
+            subjectRegexp:      "probe-[0-9]*\\.adm\\.dc3\\.example.org"
+            type:               regexp
+        }
+        icscale:
+        {
+            subjectRegexp:      "icscale-[0-9]*\\.adm\\.[a-z0-9]*\\.example.org"
+            type:               regexp
+        }
+    }
+    pdnsAcls:
+    {
+        "dev":
+        {
+            regexp:            "zones/dev\\.[a-z0-9]*\\.example.org"
+            perms:             ["r"]
+            profiles:          [ "devServer", "devUsers" ]
+        },
+        "letsencrypt":
+        {
+            regexp:            "zones/.*"
+            perms:             ["r", "w"]
+            profiles:          [ "letsencrypt" ]
+        },
+        "infra":
+        {
+            regexp:            ".*"
+            perms:             ["r", "w"]
+            profiles:          [ "infra" ]
+        },
+        "scale":
+        {
+            regexp:            "zones/kube.dm.gg"
+            perms:             ["r", "w"]
+            profiles:          [ "icscale" ]
+        },
+    }
+    jrpcAcls:
+    {
+    }
+    http:
+    {
+        port:       ":443"
+        ca:         "/usr/local/share/ca-certificates/ca.crt"
+        key:        "/etc/ssl/private/server-key.pem"
+        cert:       "/etc/ssl/certs/server-bundle.pem"
+    }
+    pdns:
+    {
+        api-key:    "<pdns_api_key>"
+        api-url:    "http://127.0.0.1:8081/api/v1/servers/localhost"
+    }
+    zoneProfile:
+    {
+        private:
+        {
+            nameservers: [ "a.example.org", "b.example.org" ]
+            zoneType:    "MASTER"
+        }
+        public:
+        {
+            nameservers: [ "a.iana-servers.net", "b.iana-servers.net" ]
+            zoneType:    "NATIVE"
+        }
+    }
+}