Echo
9a129170f8
Some checks failed
CI/CD Pipeline / Code Format (push) Failing after 1s
CI/CD Pipeline / Clippy Lints (push) Failing after 43s
CI/CD Pipeline / Enrollment Tests (push) Has been skipped
CI/CD Pipeline / Verify Enrollment CLI Flag (push) Has been skipped
CI/CD Pipeline / All Unit Tests (push) Successful in 1m14s
CI/CD Pipeline / Build Debian Package (push) Has been skipped
CI/CD Pipeline / Build Debian Package (Ubuntu 22.04) (push) Has been skipped
CI/CD Pipeline / Build RPM Package (push) Has been skipped
CI/CD Pipeline / Build Alpine Package (push) Has been skipped
CI/CD Pipeline / Build Arch Package (push) Has been skipped
CI/CD Pipeline / Security Audit (push) Successful in 5s
- Phase 1: CLI args (--enroll flag), enroll module skeleton, config support - Phase 2: Registration request, polling loop (24h timeout), main.rs integration - Phase 3: PKI extraction, atomic cert writing, whitelist auto-append, mTLS transition - Phase 4: E2E test suite, README/DEPLOYMENT docs, CI pipeline - Phase 5: SPEC.md, API_DOCUMENTATION.md, CHANGELOG.md, ROADMAP.md sync Security review: APPROVED (0 critical, 0 high findings) Cross-distro compatible: Debian/Ubuntu, RHEL/CentOS/Fedora, Alpine, Arch Linux
60 lines
1.7 KiB
Plaintext
60 lines
1.7 KiB
Plaintext
# Linux Patch API Configuration
|
|
# Example configuration file - copy to /etc/linux_patch_api/config.yaml
|
|
|
|
# Server Configuration
|
|
server:
|
|
port: 12443
|
|
bind: "0.0.0.0"
|
|
timeout_seconds: 30
|
|
|
|
# TLS/mTLS Configuration
|
|
tls:
|
|
enabled: true
|
|
port: 12443
|
|
ca_cert: "/etc/linux_patch_api/certs/ca.pem"
|
|
server_cert: "/etc/linux_patch_api/certs/server.pem"
|
|
server_key: "/etc/linux_patch_api/certs/server.key"
|
|
min_tls_version: "1.3"
|
|
|
|
# Job Configuration
|
|
jobs:
|
|
max_concurrent: 5
|
|
timeout_minutes: 30
|
|
storage_path: "/var/lib/linux_patch_api/jobs"
|
|
|
|
# Logging Configuration
|
|
logging:
|
|
level: "info"
|
|
journal_enabled: true
|
|
syslog_enabled: false
|
|
# syslog_server: "udp://localhost:514"
|
|
file_path: "/var/log/linux_patch_api/audit.log"
|
|
retention_days: 30
|
|
|
|
# IP Whitelist Configuration
|
|
whitelist:
|
|
path: "/etc/linux_patch_api/whitelist.yaml"
|
|
# Entries can be:
|
|
# - Individual IPs: "192.168.1.100"
|
|
# - CIDR subnets: "192.168.1.0/24"
|
|
# - Hostnames: "admin-server.internal"
|
|
|
|
# Package Manager Backend
|
|
package_manager:
|
|
# Primary backend (auto-detected if not specified)
|
|
# Options: apt, dnf, yum, apk, pacman
|
|
backend: "auto"
|
|
|
|
# Enrollment Configuration (optional)
|
|
# Uncomment and configure for self-enrollment with linux_patch_manager
|
|
# enrollment:
|
|
# # URL of the enrollment manager for polling status updates
|
|
# manager_url: "https://manager.example.com/enroll"
|
|
# # Authentication token for enrollment polling requests
|
|
# polling_token: "your-enrollment-token-here"
|
|
# # How often to poll the manager in seconds (default: 60)
|
|
# polling_interval_seconds: 60
|
|
# # Maximum number of polling attempts before giving up
|
|
# # Default: 1440 (24 hours at 60s intervals = 86400 seconds total)
|
|
# max_poll_attempts: 1440
|