config { profiles: { infra: { subjectRegexp: ".*@example.org" type: ldap servers: [ "ldap.example.org" ] bindCn: "cn=readonly,dc=example,dc=org" bindPw: "**********" baseDN: "ou=users,dc=example,dc=org" searchFilter: "(&(mail=%s))" attribute: "description" pgpAttribute: "pgpKey" validValues: [ "infra", "vwf" ] } devServer: { subjectRegexp: "[a-z0-9-]*\\.dev\\.[a-z0-9]*\\.example.org" type: regexp } letsencrypt: { subjectRegexp: "probe-[0-9]*\\.adm\\.dc3\\.example.org" type: regexp } icscale: { subjectRegexp: "icscale-[0-9]*\\.adm\\.[a-z0-9]*\\.example.org" type: regexp } } pdnsAcls: { "dev": { regexp: "zones/dev\\.[a-z0-9]*\\.example.org" perms: ["r"] profiles: [ "devServer", "devUsers" ] }, "letsencrypt": { regexp: "zones/.*" perms: ["r", "w"] profiles: [ "letsencrypt" ] }, "infra": { regexp: ".*" perms: ["r", "w"] profiles: [ "infra" ] }, "scale": { regexp: "zones/kube.dm.gg" perms: ["r", "w"] profiles: [ "icscale" ] }, } jrpcAcls: { } http: { port: ":443" ca: "/usr/local/share/ca-certificates/ca.crt" key: "/etc/ssl/private/server-key.pem" cert: "/etc/ssl/certs/server-bundle.pem" } pdns: { api-key: "" api-url: "http://127.0.0.1:8081/api/v1/servers/localhost" } zoneProfile: { private: { nameservers: [ "a.example.org", "b.example.org" ] zoneType: "MASTER" } public: { nameservers: [ "a.iana-servers.net", "b.iana-servers.net" ] zoneType: "NATIVE" } } }