technitium-api-proxy/config.example.yml at dev · spaaleks/technitium-api-proxy · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
technitium:
  url: "http://your-technitium-server:5380"
  token: "your-admin-api-token"
  verify_ssl: true

tokens:
  # Full access to a single zone
  - name: "full-access"
    token: "client-secret-token"
    zones:
      - name: "example.com"
        allowed_record_types: ["A", "AAAA", "CNAME", "TXT"]
        allowed_operations: ["list", "get", "add", "update", "delete"]

  # Shared policy for multiple specific zones
  - name: "multi-zone"
    token: "multi-zone-secret"
    zones:
      - names: ["example.com", "other.org", "third.io"]
        allowed_record_types: ["A", "AAAA", "CNAME"]
        allowed_operations: ["get", "add", "update", "delete"]

  # ACME challenge token for all zones
  - name: "acme-client"
    token: "acme-secret"
    zones:
      - name: "*"
        allowed_record_types: ["TXT"]
        allowed_operations: ["add", "delete"]
        subdomain_filter: "^_acme-challenge\\."

  # Only manage records under app.example.com
  # Allows: app.example.com
  # Denies: www.example.com, mail.example.com, v2.app.example.com
  - name: "app-team"
    token: "app-team-secret"
    zones:
      - name: "example.com"
        subdomain_filter: '^app\.'
        allowed_record_types: ["A", "AAAA", "CNAME"]
        allowed_operations: ["list", "get", "add", "update", "delete"]

  # Read-only access to all zones (no zone scoping)
  - name: "monitoring"
    token: "monitoring-secret"
    global_read_only: true