-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathconfig.example.toml
More file actions
92 lines (80 loc) · 3.35 KB
/
Copy pathconfig.example.toml
File metadata and controls
92 lines (80 loc) · 3.35 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
# door-sync configuration — non-secret settings.
# Copy this file to `config.toml` (dev) or `/etc/door-sync/config.toml` (prod) and edit.
# Secrets (API keys) live in the env file instead — see `.env.example`.
# Polling cadence in seconds. Minimum 60.
cadence_seconds = 600
[civicrm]
# Base URL for the CiviCRM site (must start with https://).
host = "https://civicrm.example.org"
# CiviCRM API4 custom field on the Contact entity holding the access card ID.
# Format: "CustomGroupName.field_name" (e.g. "Door_Access.card_id").
card_id_field = "Door_Access.card_id"
# CiviCRM membership status names that grant door access.
# Default: ["Current", "Grace", "New"]. Omit to use the default.
active_statuses = ["Current", "Grace", "New"]
[unifi]
# Base URL for the UniFi Access controller (must start with https://).
host = "https://unifi.example.org:12445"
# SHA-256 fingerprint of the controller's TLS certificate.
# 64 hex chars or 32 colon-separated bytes. Generate with:
# openssl s_client -connect host:port < /dev/null 2>/dev/null \
# | openssl x509 -fingerprint -sha256 -noout
tls_fingerprint = "AB:CD:EF:01:23:45:67:89:AB:CD:EF:01:23:45:67:89:AB:CD:EF:01:23:45:67:89:AB:CD:EF:01:23:45:67:89"
# Wiegand 26-bit facility code (0-255), constant per site.
# Get this from your access-control vendor or by reading any existing
# enrolled card via the UniFi Access UI > Credentials > NFC Cards
# (the value is encoded in nfc_id as the upper byte of the hex).
facility_code = 42
[safety]
# These match the defaults baked into SafetyThresholds; tune per deployment.
mass_deactivate_pct = 0.15
mass_add_pct = 0.25
mass_policy_pct = 0.20
baseline_floor = 10
# One [tier_mapping.rules.<TypeName>] table per CiviCRM Membership Type.
# Resolution kinds:
# "tier" — assign credential + UniFi policy (target_policy required)
# "none" — intentionally no door access (deactivate if present)
# "day-pass" — skip entirely; day pass flow handles per-visit (Appendix C)
# rank: highest wins when a contact holds multiple types.
# Use quoted keys for type names containing spaces or punctuation.
[tier_mapping.rules.Gold]
resolution = "tier"
target_policy = "policy-id-from-unifi"
rank = 100
[tier_mapping.rules.Comp]
resolution = "none"
rank = 50
[tier_mapping.rules."Day Pass"]
resolution = "day-pass"
rank = 10
# Alert transport. Options: "flag-file" (default), "smtp", "mailgun".
# The flag file is always written regardless of transport — external
# monitoring can detect halts without the email transport being configured.
# Un-comment ONE of the transport sections below.
# [alert]
# transport = "mailgun"
#
# [alert.mailgun]
# domain = "mg.example.com"
# from = "door-sync@mg.example.com"
# to = ["admin@example.com"]
# subject_prefix = "[door-sync]"
# [alert]
# transport = "smtp"
#
# [alert.smtp]
# host = "smtp.example.com"
# port = 587
# starttls = true
# from = "door-sync@example.com"
# to = ["admin@example.com"]
# subject_prefix = "[door-sync]"
[ops]
# Operational file paths. All three are optional; defaults shown.
# - audit_jsonl: append-only JSONL of every cycle's outcome (logrotate-friendly).
# - state_json: persistent last-success/last-halt for healthchecks.
# - alert_flag: written on halt, removed on success; for external monitoring.
audit_jsonl = "/var/log/door-sync/audit.jsonl"
state_json = "/var/lib/door-sync/state.json"
alert_flag = "/var/run/door-sync/alert.flag"