Targets save to PFSENSE_TARGETS_PATH so golden-pfsense and other firewalls reload across MCP sessions.
30 lines
920 B
Python
30 lines
920 B
Python
"""Configuration loaded from environment variables."""
|
|
|
|
from __future__ import annotations
|
|
|
|
from pydantic_settings import BaseSettings, SettingsConfigDict
|
|
|
|
|
|
class Settings(BaseSettings):
|
|
model_config = SettingsConfigDict(env_prefix="PFSENSE_", extra="ignore")
|
|
|
|
url: str = "https://192.168.1.1"
|
|
# REST API v2 key (preferred). Generate in pfSense: System → REST API → Keys.
|
|
api_key: str = ""
|
|
# Fallback: local user basic auth (requires auth_methods to include BasicAuth).
|
|
username: str = ""
|
|
password: str = ""
|
|
verify_ssl: bool = False
|
|
timeout: float = 60.0
|
|
|
|
# Safety controls
|
|
allow_writes: bool = False
|
|
dry_run: bool = False
|
|
require_description_prefix: str = "mcp:"
|
|
block_wan_inbound_any: bool = True
|
|
audit_log_path: str = "/root/.hermes/logs/pfsense-mcp-audit.jsonl"
|
|
targets_path: str = "~/.local/share/pfsense-mcp/targets.json"
|
|
|
|
|
|
settings = Settings()
|