git-echo/linux_patch_api
Private
Public Access
1
0
Fork 0
Code Releases 32 Wiki Activity
Files
eac05ad1eb879b911c4376ee896bec483f76528a
linux_patch_api/configs/config.yaml.example
Draco-Lunaris-Echo eac05ad1eb
Some checks failed
CI/CD Pipeline / Code Format (push) Successful in 4s
CI/CD Pipeline / Clippy Lints (push) Successful in 44s
CI/CD Pipeline / All Unit Tests (push) Successful in 1m24s
CI/CD Pipeline / Security Audit (push) Successful in 4s
CI/CD Pipeline / Enrollment Tests (push) Successful in 1m15s
CI/CD Pipeline / Verify Enrollment CLI Flag (push) Successful in 1m0s
CI/CD Pipeline / Build Debian Package (push) Failing after 4s
CI/CD Pipeline / Build Debian Package (Ubuntu 22.04) (push) Failing after 4s
CI/CD Pipeline / Build RPM Package (push) Successful in 2m17s
CI/CD Pipeline / Build Arch Package (push) Successful in 2m25s
CI/CD Pipeline / Build Alpine Package (push) Failing after 3m15s
fix: remove dead min_tls_version config field, TLS 1.3 is only supported version (closes #16) 
Co-authored-by: git-echo <git-echo@moon-dragon.us>
2026-06-06 16:50:55 -05:00

74 lines
2.6 KiB
Plaintext
Raw Blame History

# Linux Patch API Configuration
# Example configuration file - copy to /etc/linux_patch_api/config.yaml
# Server Configuration
server:
port: 12443
bind: "0.0.0.0"
timeout_seconds: 30
# TLS/mTLS Configuration
tls:
enabled: true
port: 12443
ca_cert: "/etc/linux_patch_api/certs/ca.pem"
server_cert: "/etc/linux_patch_api/certs/server.pem"
server_key: "/etc/linux_patch_api/certs/server.key"
# TLS 1.3 is the only supported version (hardcoded, not configurable)
# Job Configuration
jobs:
max_concurrent: 5
timeout_minutes: 30
storage_path: "/var/lib/linux_patch_api/jobs"
# Logging Configuration
logging:
level: "info"
journal_enabled: true
syslog_enabled: false
# syslog_server: "udp://localhost:514"
file_path: "/var/log/linux_patch_api/audit.log"
retention_days: 30
# IP Whitelist Configuration
whitelist:
path: "/etc/linux_patch_api/whitelist.yaml"
# Entries can be:
# - Individual IPs: "192.168.1.100"
# - CIDR subnets: "192.168.1.0/24"
# - Hostnames: "admin-server.internal"
# Package Manager Backend
package_manager:
# Primary backend (auto-detected if not specified)
# Options: apt, dnf, yum, apk, pacman
backend: "auto"
# Enrollment Configuration (optional)
# Uncomment and configure for self-enrollment with linux_patch_manager
# enrollment:
# # URL of the enrollment manager for polling status updates
# manager_url: "https://manager.example.com/enroll"
# # Authentication token for enrollment polling requests
# polling_token: "your-enrollment-token-here"
# # How often to poll the manager in seconds (default: 60)
# polling_interval_seconds: 60
# # Maximum number of polling attempts before giving up
# # Default: 1440 (24 hours at 60s intervals = 86400 seconds total)
# max_poll_attempts: 1440
# # Network interface whose IPv4 address is reported to the manager.
# # Overrides auto-detection when the wrong IP is selected (e.g., Docker bridge).
# # Example: "eth0", "ens192", "enp0s3"
# report_interface: "eth0"
# # Explicit IPv4 address reported to the manager.
# # Highest priority — overrides both report_interface and route-based selection.
# # Useful when the host has multiple IPs or runs inside a container.
# report_ip: "192.168.3.36"
# # Route-based IP selection is enabled by default when manager_url is set.
# The agent resolves the manager hostname to an IP, then uses `ip route get <manager_ip>`
# to determine which local source IP the kernel would use to reach the manager.
# This is the most accurate method for multi-homed hosts because it queries
# the kernel routing table directly.
# Priority order: report_ip > report_interface > route-based > auto-detect
View Git Blame Copy Permalink