# Pulse Sensor Proxy Configuration
# This file is optional. If not provided, the proxy will use sensible defaults.

# Network Configuration
# Specify which networks are allowed to connect to the proxy
# If not specified, the proxy will auto-detect host IP addresses
allowed_source_subnets:
  - "127.0.0.1/32"       # Localhost
  - "192.168.0.0/24"     # Local network

# Peer Authorization
# Specify which UIDs/GIDs are allowed to connect
# A peer is authorized when its UID OR GID matches one of these entries
# Required when running Pulse in a container (use mapped UID/GID from container)
allowed_peer_uids: [100999]  # Legacy format; grants all capabilities unless overridden below
allowed_peer_gids: [100996]

# Preferred format with explicit capabilities (read, write, admin)
allowed_peers:
  - uid: 0
    capabilities: [read, write, admin]  # Host root retains full control
  - uid: 100999
    capabilities: [read]  # Container peer limited to read-only RPCs

require_proxmox_hostkeys: false  # Enforce Proxmox-known host keys before falling back to ssh-keyscan

# ID-Mapped Root Authentication
# Allow connections from ID-mapped root users (for LXC containers)
allow_idmapped_root: true
allowed_idmap_users:
  - root

# Metrics Server
# Address for Prometheus metrics endpoint
metrics_address: "127.0.0.1:9127"

# Limit SSH output size (bytes) when fetching temperatures
max_ssh_output_bytes: 1048576  # 1 MiB

# Rate Limiting (Optional)
# Control how frequently peers can make requests to prevent abuse
# Adjust these values based on your deployment size:
#   - Small (1-3 nodes): Use defaults (1000ms, burst 5)
#   - Medium (4-10 nodes): 500ms, burst 10
#   - Large (10-20 nodes): 250ms, burst 20
#   - Very Large (30+ nodes): 100ms, burst 30-50
#
# Formula: To poll all nodes in one cycle, set burst >= node_count
# For optimal performance: per_peer_interval_ms = (polling_interval_ms / node_count)
# Example: 10 second polling with 30 nodes = 10000ms / 30 ≈ 300ms interval
rate_limit:
  per_peer_interval_ms: 1000  # Minimum milliseconds between requests per peer (1000ms = 1 qps = 60 requests/min)
  per_peer_burst: 5            # Number of requests allowed in a burst (supports up to 5 simultaneous requests)

# Default values if not specified:
#   per_peer_interval_ms: 1000 (1 second = 1 qps = 60 requests/min)
#   per_peer_burst: 5
#
# Security note: Lower intervals increase throughput but also increase exposure
# to potential abuse. For production, keep interval >= 100ms unless necessary.