<?php

$g_domains = [
     'example.domain' => [ 'transfer_server' => 'localhost', 'update_server' => 'localhost' ],
     'subzone.example.domain' => [ 'transfer_server' => 'localhost', 'update_server' => 'localhost' ],
     'example.org' => [ 'transfer_server' => 'ns-prod1.lan.example.org', 'update_server' => 'ns-prod1.lan.example.org' ],
     'prod.example.org' => [ 'transfer_server' => 'ns-prod1.lan.example.org', 'update_server' => 'ns-prod1.lan.example.org' ],
     'nonprod.example.org' => [ 'transfer_server' => 'ns-prod1.lan.example.org', 'update_server' => 'ns-prod1.lan.example.org' ],
     'ad.example.org' => [ 'transfer_server' => 'windows.example.org', 'update_server' => '', read_only => true ]
];

// Audit
$g_audit = true;
$g_audit_log = '/var/log/dns/int_audit.log';

$g_audit_events['display'] = true;
$g_audit_events['get_record'] = true;

$g_auth = "ldap";
$g_auth_domain_prefix = "CORP\\";
$g_auth_fetch_domain_groups = true;
$g_auth_ldap_dn = "OU=CORP,DC=evilcorp,DC=net";
$g_auth_login_banner = "You can login using your CORP account, for example: michael.smith";
$g_auth_ldap_url = "ldaps://ldap.evilcorp.net";
$g_session_timeout = 3600;

// API enable
$g_api_enabled = true;

// Role based permissions matrix

$g_auth_roles = [ 'devops' => [
                                   'nonprod.example.org' => 'rw',
                                   'prod.example.org' => 'r',
                                   'example.domain' => 'r'
                              ],
                  // these are just a placeholder, this role is filled up using code later
                  'readonly' => [ ],
                  'reverse_rw_all' => [],
                  'reverse_ro_all' => []
                ];


///////////////////////////////////////////////
// hacks
///////////////////////////////////////////////
foreach ($g_domains as $key => $value)
{
    // hack to load every single zone into 'readonly' and pseudo-root roles
    $g_auth_roles['readonly'][$key] = 'r';
    $g_auth_roles['admin'][$key] = 'rw';

    // reverse
    if (psf_string_endsWith($key, 'in-addr.arpa'))
    {
        $g_auth_roles['reverse_rw_all'][$key] = 'rw';
        $g_auth_roles['reverse_ro_all'][$key] = 'r';
    }
}

// Grant access to AD groups
$g_auth_roles['Security'] = array_merge($g_auth_roles['reverse_ro_in'], $g_auth_roles['readonly']);
$g_auth_roles['Developers'] = array_merge($g_auth_roles['reverse_rw_in'], $g_auth_roles['readonly'], $g_auth_roles['devops']);
$g_auth_roles['Operations'] = $g_auth_roles['admin'];