# Linux Patch API Configuration
# Example configuration file - copy to /etc/linux_patch_api/config.yaml

# Server Configuration
server:
  port: 12443
  bind: "0.0.0.0"
  timeout_seconds: 30

# TLS/mTLS Configuration
tls:
  enabled: true
  port: 12443
  ca_cert: "/etc/linux_patch_api/certs/ca.pem"
  server_cert: "/etc/linux_patch_api/certs/server.pem"
  server_key: "/etc/linux_patch_api/certs/server.key"
  min_tls_version: "1.3"

# Job Configuration
jobs:
  max_concurrent: 5
  timeout_minutes: 30
  storage_path: "/var/lib/linux_patch_api/jobs"

# Logging Configuration
logging:
  level: "info"
  journal_enabled: true
  syslog_enabled: false
  # syslog_server: "udp://localhost:514"
  file_path: "/var/log/linux_patch_api/audit.log"
  retention_days: 30

# IP Whitelist Configuration
whitelist:
  path: "/etc/linux_patch_api/whitelist.yaml"
  # Entries can be:
  # - Individual IPs: "192.168.1.100"
  # - CIDR subnets: "192.168.1.0/24"
  # - Hostnames: "admin-server.internal"

# Package Manager Backend
package_manager:
  # Primary backend (auto-detected if not specified)
  # Options: apt, dnf, yum, apk, pacman
  backend: "auto"

# Enrollment Configuration (optional)
# Uncomment and configure for self-enrollment with linux_patch_manager
# enrollment:
#   # URL of the enrollment manager for polling status updates
#   manager_url: "https://manager.example.com/enroll"
#   # Authentication token for enrollment polling requests
#   polling_token: "your-enrollment-token-here"
#   # How often to poll the manager in seconds (default: 60)
#   polling_interval_seconds: 60
#   # Maximum number of polling attempts before giving up
#   # Default: 1440 (24 hours at 60s intervals = 86400 seconds total)
#   max_poll_attempts: 1440