Commit 4075e1e8 authored by Pavel Spirek's avatar Pavel Spirek

Minor code structure changes

parent 9eaed9f0
......@@ -2,24 +2,24 @@ GLOBAL:
TIMEZONE: "Europe/Prague"
LOGFILE: "-"
PIDFILE: "/tmp/jetconf.pid"
PERSISTENT_CHANGES: false
LOG_LEVEL: "debug"
PERSISTENT_CHANGES: true
LOG_LEVEL: "info"
LOG_DBG_MODULES: ["usr_conf_data_handlers", "knot_api", "nacm", "data"]
DATA_JSON_FILE: "/home/pspirek/dev-sw/jetconf/data/example-data.json"
DATA_JSON_FILE: "/home/user/jetconf/data/example-data.json"
HTTP_SERVER:
DOC_ROOT: "/home/pspirek/dev-sw/jetconf/data/doc-root"
DOC_ROOT: "/home/user/jetconf/data/doc-root"
DOC_DEFAULT_NAME: "index.html"
API_ROOT: "/restconf"
SERVER_NAME: "jetconf-h2"
SERVER_SSL_CERT: "/home/pspirek/dev-sw/jetconf/data/server.crt"
SERVER_SSL_PRIVKEY: "/home/pspirek/dev-sw/jetconf/data/server.key"
CA_CERT: "/home/pspirek/dev-sw/jetconf/data/ca.pem"
SERVER_SSL_CERT: "/home/user/jetconf/data/server.crt"
SERVER_SSL_PRIVKEY: "/home/user/jetconf/data/server.key"
CA_CERT: "/home/user/jetconf/data/ca.pem"
DBG_DISABLE_CERTS: false
NACM:
ALLOWED_USERS: ["lojza@mail.cz"]
KNOT:
SOCKET: "/home/pspirek/knot-conf/knot.sock"
SOCKET: "/home/user/knot-conf/knot.sock"
{
"dns-server:dns-server": {
"description": "Example DNS server configuration.",
"server-options": {
"description": "Server options.",
"knot-dns:async-start": true,
"chaos-identity": {
"id-server": "I have no mouth and must scream.",
"version": "2.0"
},
"nsid-identity": {
"nsid": "myserver0.example.com"
},
"listen-endpoint": [
{
"name": "01",
"ip-address": "127.0.0.1",
"port": 53531
}
],
"filesystem-paths": {
"run-time-dir": "/tmp/knot",
"pid-file": "knot.pid"
},
"privileges": {
"user": "knot",
"group": "wheel"
},
"resources": {
"knot-dns:tcp-workers": 3,
"knot-dns:udp-workers": 42
},
"response-rate-limiting": {
"table-size": 1000000
}
},
"knot-dns:log": [
{
"target": "syslog",
"any": "warning"
},
{
"target": "/tmp/knot.log",
"server": "info",
"zone": "info"
}
],
"access-control-list": [
{
"name": "acl-xfr-update",
"network": [
{
"name": "01",
"ip-prefix": "127.0.0.1/32"
}
],
"key": [
"key0.server0"
],
"operation": [
"transfer",
"update"
]
},
{
"name": "acl-notify",
"network": [
{
"name": "01",
"ip-prefix": "::1/128"
},
{
"name": "02",
"ip-prefix": "2001:db8::/64"
}
],
"operation": [
"notify"
],
"action": "deny"
},
{
"name": "socket",
"network": [
{
"name": "01",
"ip-prefix": "192.0.2.0/28"
}
],
"operation": [
"control"
]
}
],
"key": [
{
"name": "key0.server0",
"algorithm": "tsig-algorithms:hmac-sha256",
"secret": "Wg=="
},
{
"name": "key0.example.com",
"description": "slave key",
"secret": "Wg=="
}
],
"remote-server": [
{
"name": "server0",
"remote": {
"ip-address": "127.0.0.1",
"port": 53531
},
"key": "key0.server0",
"local": {
"ip-address": "127.0.0.1",
"port": 6378
}
},
{
"name": "server1",
"remote": {
"ip-address": "2001:db8:0:1::1"
},
"key": "key0.example.com"
}
],
"knot-dns:control-socket": {
"ip-address": "127.0.0.1",
"port": 55553,
"access-control-list": [
"socket"
]
},
"query-module": [
{
"type": "knot-dns:dnstap",
"name": "capture_all",
"knot-dns:dnstap": {
"file": "/tmp/capture.tap"
}
},
{
"type": "knot-dns:dnsproxy",
"name": "default",
"knot-dns:dnsproxy": {
"remote-server": {
"ip-address": "10.0.1.1"
}
}
},
{
"type": "knot-dns:rosedb",
"name": "default",
"knot-dns:rosedb": {
"db-dir": "/tmp/static_rrdb"
}
},
{
"type": "knot-dns:synth-record",
"name": "test1",
"knot-dns:synth-record": {
"record-type": "forward",
"prefix": "dynamic-",
"ttl": 400,
"network": "2620:0:b61::/52"
}
},
{
"type": "knot-dns:synth-record",
"name": "test2",
"knot-dns:synth-record": {
"record-type": "reverse",
"prefix": "dynamic-",
"origin": "example",
"ttl": 400,
"network": "2620:0:b61::/52"
}
}
],
"dnssec-signing:sign-policy": [
{
"name": "default_rsa",
"algorithm": "RSASHA256",
"zsk-size": 1024,
"ksk-size": 2048
}
],
"zones": {
"template": [
{
"name": "default",
"description": "Shared options for all zones.",
"default": true,
"zones-dir": "/tmp/zones",
"file": "samples/%s.zone",
"knot-dns:semantic-checks": true,
"any-to-tcp": true,
"serial-update-method": "unix-time",
"journal": {
"from-differences": false,
"zone-file-sync-delay": 3600,
"maximum-journal-size": "1125899906842624"
},
"dnssec-signing:dnssec-signing": {
"policy": "default_rsa",
"knot-dns:kasp-db": "/var/lib/knot/kasp"
},
"query-module": [
{
"type": "knot-dns:dnstap",
"name": "capture_all"
},
{
"type": "knot-dns:dnsproxy",
"name": "default"
},
{
"type": "knot-dns:rosedb",
"name": "default"
}
]
}
],
"zone": [
{
"domain": "example.com",
"template": "default",
"master": [
"server1"
],
"notify": {
"recipient": [
"server0"
]
},
"any-to-tcp": false,
"access-control-list": [
"acl-xfr-update",
"acl-notify"
],
"query-module": [
{
"type": "knot-dns:synth-record",
"name": "test1"
},
{
"type": "knot-dns:synth-record",
"name": "test2"
}
]
}
]
}
},
"ietf-netconf-acm:nacm": {
"enable-nacm": true,
"read-default": "permit",
"write-default": "deny",
"exec-default": "deny",
"groups": {
"group": [
{
"name": "admin",
"user-name": [
"root",
"dominik"
]
},
{
"name": "users",
"user-name": [
"lada",
"pavel",
"lojza@mail.cz"
]
}
]
},
"rule-list": [
{
"name": "admin-acl",
"group": [
"admin"
],
"rule": [
{
"name": "permit-all",
"module-name": "*",
"access-operations": "*",
"comment": "The 'admin' group has unlimited access.",
"action": "permit"
}
]
},
{
"name": "users-acl",
"group": [
"users"
],
"rule": [
{
"name": "no-writes-on-example.com",
"path": "/dns-server:dns-server/zones/zone[domain='example.com']",
"access-operations": "create update delete",
"comment": "Users cannot write example.com.",
"action": "deny"
},
{
"name": "no-reads-on-example.com qm",
"path": "/dns-server:dns-server/zones/zone[domain='example.com']/query-module",
"access-operations": "read",
"comment": "Users cannot read example.com. qm",
"action": "deny"
},
{
"name": "permit-zone-access",
"path": "/dns-server:dns-server/zones",
"access-operations": "*",
"comment": "Users can write other zones.",
"action": "permit"
},
{
"name": "permit-server-options-access",
"path": "/dns-server:dns-server/server-options",
"access-operations": "*",
"comment": "Users can write some server options.",
"action": "permit"
},
{
"name": "permit-zone-data-access",
"path": "/dns-zones:zone-data",
"access-operations": "*",
"comment": "Users can edit zone data.",
"action": "permit"
},
{
"name": "permit-zone-reload",
"module-name": "dns-server",
"rpc-name": "zone-reload",
"comment": "Users can reload zones",
"action": "permit"
},
{
"name": "permit-zone-sign",
"module-name": "dnssec-signing",
"rpc-name": "zone-sign",
"comment": "Users can sign zones",
"action": "permit"
}
]
}
]
},
"dns-zones:zone-data": {
"zone": [
{
"name": "example",
"class": "IN",
"description": "\n\tThis zone comes from RFC 4035.\n ",
"default-ttl": 3600,
"SOA": {
"ttl": 3599,
"mname": "ns1.example",
"rname": "bugs.x.w.example",
"serial": 1081539377,
"refresh": 3600,
"retry": 300,
"expire": 3600000,
"minimum": 3600,
"RRSIG": {
"algorithm": "RSASHA1",
"signature-expiration": "2050-01-01T00:00:00Z",
"signature-inception": "2014-09-08T11:59:12Z",
"key-tag": 35721,
"signature": "eUi219ENFoSmkCstQZ0D/eYNg3amKIdX8HvW1qHwM2rSv9Q7XaCI2NByki0poLwEuabZf8SHm2Kqh7EA35UFKYkEhEwtN/292ROuHVkZRCUzM3lD9PT1NPkleqT3JcjiBRy3BCTirnGX5qQXK9qKW08fIawvNhwexI3e5hjSQUU="
}
},
"rrset": [
{
"owner": "frobozz.example",
"type": "iana-dns-parameters:DNAME",
"rdata": [
{
"id": "1",
"DNAME": {
"target": "frobozz-division.acme.example"
}
}
]
},
{
"owner": "example",
"type": "iana-dns-parameters:NSEC3PARAM",
"rdata": [
{
"id": "1",
"NSEC3PARAM": {
"iterations": 12,
"salt": "aabbccdd"
}
}
]
},
{
"owner": "0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example",
"type": "iana-dns-parameters:NSEC3",
"rdata": [
{
"id": "1",
"NSEC3": {
"flags": "Opt-Out",
"iterations": 12,
"salt": "aabbccdd",
"next-hashed-owner-name": "2t7b4g4vsa5smi47k61mv5bv1a22bojr",
"rrset-type": [
"iana-dns-parameters:MX",
"iana-dns-parameters:DNSKEY",
"iana-dns-parameters:NS",
"iana-dns-parameters:SOA",
"iana-dns-parameters:NSEC3PARAM",
"iana-dns-parameters:RRSIG"
]
}
}
]
},
{
"owner": "example",
"type": "iana-dns-parameters:NS",
"ttl": 3601,
"RRSIG": {
"algorithm": "RSASHA1",
"signature-expiration": "2050-01-01T00:00:00Z",
"signature-inception": "2014-09-08T11:59:12Z",
"key-tag": 35721,
"signature": "XRYbz0NL/bcF4uOH+puXe5hSJgmG9wX+sWz7ksi3Vl4HO5InUkyltxknCdWw0M8cfpM8FM30inACCOOfBUEbyFL7TWUjfTwk3jKDX+7gm5FkItNE2ZMLK0QnyjWQOiE5G15+cvV31eQHBRFpYLrQBIeGiL+V9aDYafTLV+Yt0e0="
},
"rdata": [
{
"id": "1",
"NS": {
"nsdname": "ns1.example"
}
},
{
"id": "2",
"NS": {
"nsdname": "ns2.example"
}
}
]
},
{
"owner": "example",
"type": "iana-dns-parameters:MX",
"RRSIG": {
"algorithm": "RSASHA1",
"signature-expiration": "2050-01-01T00:00:00Z",
"signature-inception": "2014-09-08T11:59:12Z",
"key-tag": 35721,
"signature": "ejvossk9ErTnwuBQ0bcfwRXOvXeIJ419x/AphtwAJMtsj01kASdszAi1Rzlo1CSca18Z6nq0XZQ1KeDjLg07WEWS1WU8l30RAKgWawlCjjJeeOTyr0GJ2IYhtbFDm9BB3u6EUmrD5/1/1NBchvWATMCo4FfspGNwZ7BgiUB3ne4="
},
"rdata": [
{
"id": "1",
"MX": {
"preference": 1,
"exchange": "xx.example"
}
}
]
},
{
"owner": "example",
"type": "iana-dns-parameters:NSEC",
"RRSIG": {
"algorithm": "RSASHA1",
"signature-expiration": "2050-01-01T00:00:00Z",
"signature-inception": "2014-09-08T11:59:12Z",
"key-tag": 35721,
"signature": "X20KQj2os3I3fMWGXLoNccWhbP53v95PwHrKZJPCf0KawwAMsGNXfKfT9mDLGi4AJMImmJJfufSI/Za1clHQ5n5t2Ru5w0W4QAPkpBaWuQSU/5WUIV54lCVtBBgTMuf3zpMnRgda2Q/o1XoFvN3+5eFvk0Qgs3m4OxBIfeJuZ7c="
},
"rdata": [
{
"id": "1",
"NSEC": {
"next-domain-name": "a.example",
"rrset-type": [
"iana-dns-parameters:NS",
"iana-dns-parameters:SOA",
"iana-dns-parameters:MX",
"iana-dns-parameters:RRSIG",
"iana-dns-parameters:NSEC",
"iana-dns-parameters:DNSKEY"
]
}
}
]
},
{
"owner": "_443._tcp.www.example.com",
"type": "iana-dns-parameters:TLSA",
"rdata": [
{
"id": "1",
"TLSA": {
"certificate-usage": "PKIX-TA",
"selector": "Cert",
"matching-type": "SHA2-256",
"certificate-association-data": "d2abde240d7cd3ee6b4b28c54df034b97983a1d16e8a410e4561cb106618e971"
}
}
]
},
{
"owner": "example",
"type": "iana-dns-parameters:DNSKEY",
"RRSIG": {
"algorithm": "RSASHA1",
"signature-expiration": "2050-01-01T00:00:00Z",
"signature-inception": "2014-09-08T11:59:12Z",
"key-tag": 35721,
"signature": "zft/jYjZDK2eq6twehtmp6W3UgZQBVhDjDauBwGG6jimkZ00PwAL4Eh51ZM/nGnw8CPt6YxXK32FGoLy9VQTOgFUfp0myZiRggH1At7RSBusDyOAI/BaZhJ+X1hCG2wfvPfiD9irPHB11az+isrms4FmQrWsPkyF/A3ZJqclDpM="
},
"rdata": [
{
"id": "1",
"DNSKEY": {
"flags": "ZONE",
"algorithm": "RSASHA1",
"public-key": "AwEAAdcURIq28DnbSgdwnQjjX/9ihQAgPylq7HHnMjQOm59fGPMnsjy/AkpcNxadAVGRycM7jZHloPyp7Tty/11J9wKDsLR86YChcYk9KXFKakdrEE1jchkL7KYL7g0bUTAIJSDLhsn6TyLILzgTX6Ru4mCceS4wLJ30LSi+DR4cockH"
}
},
{
"id": "2",
"DNSKEY": {
"flags": "ZONE SEP",
"algorithm": "RSASHA1",
"public-key": "AwEAAeMNmQ/1/6yfFfp7jOqy2M7AGBtuSzZJFpnUqrcAmTTI+RxX9vN01Z5CpAs9nhYTVyLEQLaGQBwkrF+QBIPJ6DQ0SvHJEWEAN25tyvWmDdUjeDnevEpbQbkdaV+XQJ3SMWGf7OtzGo0BC4vO5ecw+zGteWT/UUbX9XkK3vWOirLAF1s5kNEEnUt+kIbr50vz+qOfvWa+ldWHSt2T2Ds6fMVkdE84gyb3mE0syQbEuSdgOO6Vko4qn9FtJ2Uz0L2i8vKb1chT+f7RISQhicTLX/RQgH0kV80UCBtn4CEgE6Cx5Yv+z50li0I4bNRI1BLBqJneCeN/eqQs/pYNJhZg4d8="
}
}
]
},
{
"owner": "*.a.example",
"type": "iana-dns-parameters:A",
"rdata": [
{
"id": "1",
"A": {
"address": "192.0.2.11"
}
}
]
},
{
"owner": "ns1.a.example",
"type": "iana-dns-parameters:A",
"rdata": [
{
"id": "1",
"A": {
"address": "192.0.2.5"
}
}
]
},
{
"owner": "ns2.a.example",
"type": "iana-dns-parameters:A",
"rdata": [
{
"id": "1",
"A": {
"address": "192.0.2.6"
}
}
]
},
{
"owner": "ns1.b.example",
"type": "iana-dns-parameters:A",
"rdata": [
{
"id": "1",
"A": {
"address": "192.0.2.7"
}
}
]
},
{
"owner": "ns2.b.example",
"type": "iana-dns-parameters:A",
"rdata": [
{
"id": "1",
"A": {
"address": "192.0.2.8"
}
}
]
},
{
"owner": "b.example",
"type": "iana-dns-parameters:NS",
"rdata": [
{
"id": "1",
"NS": {
"nsdname": "ns1.b.example"
}
},
{
"id": "2",
"NS": {
"nsdname": "ns2.b.example"
}
}
]
},
{
"owner": "b.example",
"type": "iana-dns-parameters:NSEC",
"RRSIG": {
"algorithm": "RSASHA1",
"signature-expiration": "2050-01-01T00:00:00Z",
"signature-inception": "2014-09-08T11:59:12Z",
"key-tag": 35721,
"signature": "gXx+XR8khxgHGl4Zc5H2Fk+ekZQMFyb8qVGGztE+sGh6YD8ERZyBi6J/GaL+PF7iDO9qJvrOHmULssCgiiTooWhnG8ezXt429ADB+8bsd9qjoyU1cAcYL6zXHpYdf8LOTSetEaaoZISF0buD3UMOmErSZ+z5liN09V+woZqu2K0="
},
"rdata": [
{
"id": "1",
"NSEC": {
"next-domain-name": "ns1.example",
"rrset-type": [
"iana-dns-parameters:NS",
"iana-dns-parameters:RRSIG",
"iana-dns-parameters:NSEC"
]
}
}
]
},
{
"owner": "a.example",
"type": "iana-dns-parameters:NS",
"rdata": [
{
"id": "1",
"NS": {
"nsdname": "ns1.a.example"
}
},
{
"id": "2",
"NS": {
"nsdname": "ns2.a.example"
}
}
]
},
{
"owner": "a.example",
"type": "iana-dns-parameters:DS",
"RRSIG": {
"algorithm": "RSASHA1",
"signature-expiration": "2050-01-01T00:00:00Z",
"signature-inception": "2014-09-08T11:59:12Z",
"key-tag": 35721,
"signature": "X5GpSOMM71nyseLAMDsZ0ClXiQknr4KNhnde+WYsSeQwSmHjxE7cyhrtKBrhRpaCTwjGn2ydmYteRWkeCGhatr19zqdHVbu0KCbX2RQ+dv2FUu2oaw4yzIGGPsw38BxwCECauLiPIAN9cx57QIIGNRxMsestpQf1xgdNrBPSp/s="
},
"rdata": [
{
"id": "1",
"DS": {
"key-tag": 57855,
"algorithm": "RSASHA1",
"digest-type": "SHA-1",
"digest": "B6DCD485719ADCA18E5F3D48A2331627FDD3636B"
}
}
]
},
{
"owner": "ai.example",
"type": "iana-dns-parameters:A",
"rdata": [
{
"id": "1",
"A": {
"address": "192.0.2.9"
}
}
]
},
{
"owner": "ai.example",
"type": "iana-dns-parameters:HINFO",
"rdata": [
{
"id": "1",
"HINFO": {
"cpu": "KLH-10",
"os": "ITS"
}
}
]
},
{
"owner": "ai.example",
"type": "iana-dns-parameters:AAAA",
"rdata": [
{
"id": "1",
"AAAA": {
"address": "2001:db8::f00:baa9"
}
}
]
},
{
"owner": "ns1.example",
"type": "iana-dns-parameters:A",
"rdata": [
{
"id": "1",
"A": {
"address": "192.0.2.1"
}
}
]
},
{
"owner": "ns2.example",
"type": "iana-dns-parameters:A",
"rdata": [
{
"id": "1",
"A": {
"address": "192.0.2.2"
}
}
]
},
{
"owner": "*.w.example",