# Linux Patch API Configuration
# Example configuration file - copy to /etc/linux_patch_api/config.yaml

# Server Configuration
server:
  port: 12443
  bind: "0.0.0.0"
  timeout_seconds: 30

# TLS/mTLS Configuration
tls:
  enabled: true
  port: 12443
  ca_cert: "/etc/linux_patch_api/certs/ca.pem"
  server_cert: "/etc/linux_patch_api/certs/server.pem"
  server_key: "/etc/linux_patch_api/certs/server.key"
  min_tls_version: "1.3"

# Job Configuration
jobs:
  max_concurrent: 5
  timeout_minutes: 30
  storage_path: "/var/lib/linux_patch_api/jobs"

# Logging Configuration
logging:
  level: "info"
  journal_enabled: true
  syslog_enabled: false
  # syslog_server: "udp://localhost:514"
  file_path: "/var/log/linux_patch_api/audit.log"
  retention_days: 30

# IP Whitelist Configuration
whitelist:
  path: "/etc/linux_patch_api/whitelist.yaml"
  # Entries can be:
  # - Individual IPs: "192.168.1.100"
  # - CIDR subnets: "192.168.1.0/24"
  # - Hostnames: "admin-server.internal"

# Package Manager Backend
package_manager:
  # Primary backend (auto-detected if not specified)
  # Options: apt, dnf, yum, apk, pacman
  backend: "auto"