# Pulse Sensor Proxy Configuration
# This file is optional. Defaults are safe for most installs; use it when you
# need to override CIDR allow lists, HTTP settings, or rate limits.

# Network configuration
# The installer auto-detects host CIDRs if this is empty.
allowed_source_subnets:
  - "127.0.0.1/32"
  - "192.168.0.0/24"

# Peer authorization
# Preferred capability-based format (legacy UID/GID lists still work)
allowed_peers:
  - uid: 0
    capabilities: [read, write, admin]  # Host root retains full control
  - uid: 100999
    capabilities: [read]                # Container peer limited to read-only RPCs
allowed_peer_uids: []
allowed_peer_gids: []

# ID-mapped root + namespaced users (LXC)
allow_idmapped_root: true
allowed_idmap_users:
  - root

# Logging and limits
log_level: info
metrics_address: "default"      # 127.0.0.1:9127 unless set otherwise
read_timeout: 5s
write_timeout: 10s
max_ssh_output_bytes: 1048576   # 1 MiB
require_proxmox_hostkeys: false # Only trust hosts in PVE known_hosts when true

# Allow list persistence (managed by installer/control-plane/CLI)
allowed_nodes_file: "/etc/pulse-sensor-proxy/allowed_nodes.yaml"
strict_node_validation: false   # Set true to require allow list entries

# Rate limiting (per calling UID)
rate_limit:
  per_peer_interval_ms: 1000  # 1 request per second
  per_peer_burst: 5           # Allow burst of 5

# HTTPS mode (for remote nodes)
http_enabled: false
http_listen_addr: ":8443"
http_tls_cert: "/etc/pulse-sensor-proxy/tls/server.crt"
http_tls_key: "/etc/pulse-sensor-proxy/tls/server.key"
http_auth_token: ""           # Populated by installer; keep secret

# Control-plane sync (keeps allowed_nodes.yaml updated automatically)
pulse_control_plane:
  url: "https://pulse.example.com:7655"
  token_file: "/etc/pulse-sensor-proxy/.pulse-control-token"
  refresh_interval: 60
  insecure_skip_verify: false