Settings¶
All settings live in danbyte/settings.py. Most are driven by env vars with
sensible dev defaults.
Database (Postgres-only)¶
DATABASES["default"] = {
"ENGINE": "django.db.backends.postgresql",
"NAME": os.getenv("DB_NAME", "danbyte"),
"USER": os.getenv("DB_USER", "danbyte"),
"PASSWORD": os.getenv("DB_PASSWORD", "danbyte"),
"HOST": os.getenv("DB_HOST", "127.0.0.1"),
"PORT": os.getenv("DB_PORT", "5432"),
}
SQLite is no longer supported. Postgres 15+ is required for the
nulls_distinct=False unique constraint that makes the VRF model work.
CORS¶
DRF¶
The API is currently AllowAny to keep the MVP demo open. Tighten before any
real deployment.
REST_FRAMEWORK = {
"DEFAULT_AUTHENTICATION_CLASSES": [
"rest_framework.authentication.SessionAuthentication",
"rest_framework_simplejwt.authentication.JWTAuthentication",
],
"DEFAULT_PERMISSION_CLASSES": ["rest_framework.permissions.AllowAny"],
"DEFAULT_PAGINATION_CLASS": "rest_framework.pagination.PageNumberPagination",
"PAGE_SIZE": 50,
}
Static¶
STATICFILES_DIRS includes design/, so the mockup theme.js and
tokens.css are served at /static/theme.js and /static/tokens.css — used
by _shell.html.
Hosts¶
ALLOWED_HOSTS should be set in the systemd service env (already done for
local + Netbird in services/danbyte-backend.service):
Outbound requests (SSRF guard)¶
User-configured outbound URLs — webhooks, notification channels, and automation
targets — are validated before each request: the host is resolved and rejected
if it points at a loopback / RFC1918 / link-local / 169.254.0.0/16 (cloud
metadata) / ULA / reserved address. This stops a tenant admin pointing a webhook
at internal services and reading the response back.
If you need an internal target (e.g. an on-prem automation runner like the IaC runner), allow-list its address(es):
Comma-separated CIDRs/IPs whose resolved addresses are permitted. Empty by default (all internal addresses blocked).
Logging¶
Console logging is on by default (django at INFO, rq.worker at INFO).
Suitable for journalctl --user -fu danbyte-backend.
Secrets¶
| Setting | Where it lives | Dev default | Prod |
|---|---|---|---|
DJANGO_SECRET_KEY |
env | dev-key-change-in-prod |
env var, rotated |
DB_PASSWORD |
env | danbyte |
env var, rotated |
| Email creds | DB (UI) or env | console backend | Settings → Email & Delivery (encrypted) |
The EMAIL_* env vars remain the fallback, but the SMTP server, credentials,
and outbound-delivery options are normally configured at runtime under
Settings → Email & Delivery (users.manage). They live in the
deployment-wide singleton core.DeploymentSettings; the SMTP password is
Fernet-encrypted at rest. See
Notifications.
Monitoring¶
Settings for the Monitoring / check engine. All have working defaults, so the feature runs with none of them set.
| Setting | Default | Purpose |
|---|---|---|
MONITORING_SECRET_KEY |
derived from SECRET_KEY |
Encryption key for check credentials at rest (Fernet). Set a dedicated key in prod so rotating SECRET_KEY doesn't invalidate stored secrets. |
MONITORING_SECRETS_BACKEND |
empty (Fernet) | Dotted path to a factory returning a SecretsBackend. Swap in an external store (OpenBao/Vault) without touching models. |
MONITORING_CONCURRENCY |
100 |
Max concurrent check attempts in one worker job's asyncio loop. Raising it needs a matching LimitNOFILE bump on the worker unit. |
MONITORING_GLOBAL_INTERVAL_SECONDS |
300 |
Default schedule (seconds) for assignments in follow_global mode. |
MONITORING_GLOBAL_ENABLED |
True |
Global on/off switch that follow_global assignments obey. |
MONITORING_SHARD_SIZE |
2000 |
Targets per ICMP multiping shard (one RQ job each). |
MONITORING_GENERIC_SHARD_SIZE |
200 |
Targets per TCP/HTTP/… shard. |
MONITORING_INFLIGHT_DEADLINE_SECONDS |
600 |
A check claimed (in_flight) longer than this is treated as orphaned by a dead/restarted worker and reclaimed by the dispatcher's reaper, so it re-runs instead of being stuck unknown. A healthy run clears in_flight within seconds. |
MONITORING_EXEC_ENABLED |
False |
Master switch for exec (script/plugin) checks. Off by default — running local commands from the UI is privileged. Set True and MONITORING_PLUGIN_DIR to use them. See Script / exec checks. |
MONITORING_PLUGIN_DIR |
empty | Directory of trusted Nagios-style plugins. An exec check may only run a plugin (by bare name, no path traversal) inside this dir; args are passed without a shell. |
MONITORING_WEBHOOK_TIMEOUT |
5 |
Per-channel webhook POST timeout (seconds). |
MONITORING_RESULT_RETENTION_DAYS |
90 |
Delete CheckResult rows older than this (daily prune). |
MONITORING_TRANSITION_RETENTION_DAYS |
365 |
Delete StateTransition rows older than this. |