-
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy path.env-example
More file actions
138 lines (114 loc) · 3.21 KB
/
.env-example
File metadata and controls
138 lines (114 loc) · 3.21 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
# Squawk DNS Server Configuration
# Copy this file to .env and modify the values as needed for your deployment
# Server Configuration
PORT=8080
MAX_WORKERS=100
MAX_CONCURRENT_REQUESTS=1000
# Legacy Authentication (deprecated, use new token management system instead)
AUTH_TOKEN=your-legacy-token-here
# New Token Management System
USE_NEW_AUTH=true
DB_TYPE=sqlite
DB_URL=sqlite://dns_auth.db
# Cache Configuration
CACHE_ENABLED=true
CACHE_TTL=300
CACHE_PREFIX=squawk:dns:
VALKEY_URL=rediss://username:password@localhost:6380/0?ssl_cert_reqs=required&ssl_ca_certs=/path/to/ca.crt
REDIS_URL=rediss://username:password@localhost:6380/0?ssl_cert_reqs=required&ssl_ca_certs=/path/to/ca.crt
# Redis/Valkey Security (when using TLS)
# WARNING: For production use, always enable authentication and TLS
REDIS_USERNAME=
REDIS_PASSWORD=
REDIS_USE_TLS=true
REDIS_TLS_CERT_FILE=
REDIS_TLS_KEY_FILE=
REDIS_TLS_CA_FILE=
REDIS_TLS_VERIFY_MODE=required
# For development/testing only - disable security (NOT recommended for production)
# REDIS_USE_TLS=false
# REDIS_TLS_VERIFY_MODE=none
# mTLS Configuration
ENABLE_MTLS=false
MTLS_ENFORCE=false
MTLS_CA_CERT=certs/ca.crt
CERT_DIR=certs
USE_ECC_KEYS=true
ECC_CURVE=SECP384R1
# Blacklist Configuration
ENABLE_BLACKLIST=false
BLACKLIST_UPDATE_HOURS=24
# Authentication & Authorization
ALLOW_REGISTRATION=false
ENABLE_SSO=false
SSO_PROVIDER=saml
REQUIRE_MFA=false
MFA_ISSUER=Squawk DNS
# User Management
USER_REGISTRATION_REQUIRES_VERIFICATION=true
USER_REGISTRATION_REQUIRES_APPROVAL=false
BLOCK_PREVIOUS_PASSWORD_NUM=5
# Session Management
SESSION_TIMEOUT=3600
SESSION_SECRET=change-this-secret-key-in-production
MFA_SESSION_TIMEOUT=28800
# Brute Force Protection
# WARNING: Disabling brute force protection is NOT recommended for production
BRUTE_FORCE_PROTECTION=true
MAX_LOGIN_ATTEMPTS=5
LOCKOUT_DURATION_MINUTES=30
# For development/testing only - disable brute force protection (NOT recommended)
# BRUTE_FORCE_PROTECTION=false
# Email Notifications
ENABLE_EMAIL_NOTIFICATIONS=false
SMTP_SERVER=localhost
SMTP_PORT=587
SMTP_USERNAME=
SMTP_PASSWORD=
SMTP_USE_TLS=true
ADMIN_EMAIL=
# Logging Configuration
LOG_LEVEL=INFO
LOG_FORMAT=json
LOG_FILE=
TRUSTED_PROXIES=127.0.0.1,::1,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16
# Syslog Configuration
ENABLE_SYSLOG=false
SYSLOG_HOST=localhost
SYSLOG_PORT=514
SYSLOG_FACILITY=16
# Client Configuration (used by dns-client)
SQUAWK_SERVER_URL=https://dns.google/resolve
SQUAWK_AUTH_TOKEN=
SQUAWK_DOMAIN=
SQUAWK_RECORD_TYPE=A
SQUAWK_CLIENT_CERT=
SQUAWK_CLIENT_KEY=
SQUAWK_CA_CERT=
SQUAWK_VERIFY_SSL=true
SQUAWK_CONSOLE_URL=http://localhost:8080/dns_console
# Legacy Client Environment Variables (also supported)
CA_CERT_PATH=
CLIENT_CERT_PATH=
CLIENT_KEY_PATH=
# Web Console Configuration
WEB_SECRET_KEY=change-this-secret-key-in-production
SESSION_TIMEOUT=3600
# Database Configuration (for web console and token management)
DB_FOLDER=databases
DB_MIGRATE=true
# SSL/TLS Configuration
SSL_KEY_FILE=
SSL_CERT_FILE=
# Development Configuration
DEBUG=false
RELOAD=false
# Docker-specific Configuration
DOCKER_ENV=true
CONTAINER_NAME=squawk-dns
NETWORK_MODE=bridge
# External Services
UPSTREAM_DNS=8.8.8.8,1.1.1.1
DNS_OVER_TLS=false
DNS_OVER_TLS_HOSTNAME=