# Full-Featured Configuration Example
# This configuration demonstrates all available features and settings
# Use this as a reference for comprehensive deployments

[server]
protocol = "https"
host = "0.0.0.0"
port = 443
environment = "production"
log_level = "info"

[server.tls]
cert_path = "certs/server.crt"
key_path = "certs/server.key"

[app]
name = "Rustelo-full-featured"
version = "0.1.0"
debug = false
enable_metrics = true
enable_health_check = true
enable_compression = true
max_request_size = 52428800  # 50MB

[database]
url = "postgresql://rustelo:secure_password@localhost:5432/rustelo_full"
max_connections = 25
min_connections = 5
connect_timeout = 30
idle_timeout = 600
max_lifetime = 1800

[database.migrations]
auto_migrate = true
migration_dir = "migrations"
create_db_if_missing = true

[database.health]
enable_ping = true
ping_timeout = 5
max_retries = 3

[database.logging]
log_queries = false
log_slow_queries = true
slow_query_threshold = 500  # milliseconds

[session]
secret = "@encrypted_session_secret"
cookie_name = "rustelo_session"
cookie_secure = true
cookie_http_only = true
cookie_same_site = "strict"
max_age = 7200  # 2 hours

[security]
enable_csrf = true
csrf_token_name = "csrf_token"
rate_limit_requests = 1000
rate_limit_window = 60
bcrypt_cost = 14

[cors]
allowed_origins = ["https://yourdomain.com", "https://api.yourdomain.com", "https://admin.yourdomain.com"]
allowed_methods = ["GET", "POST", "PUT", "DELETE", "OPTIONS", "PATCH"]
allowed_headers = ["Content-Type", "Authorization", "X-Requested-With", "X-API-Key"]
allow_credentials = true
max_age = 86400

[static]
assets_dir = "public"
site_root = "target/site"
site_pkg_dir = "pkg"

[server_dirs]
public_dir = "public"
uploads_dir = "uploads"
logs_dir = "logs"
temp_dir = "tmp"
cache_dir = "cache"
config_dir = "config"
data_dir = "data"
backup_dir = "backups"

[logging]
format = "json"
level = "info"
file_path = "logs/full_app.log"
max_file_size = 52428800  # 50MB
max_files = 10
enable_console = false
enable_file = true

# Authentication Configuration
[auth]
enabled = true

[auth.jwt]
secret = "@encrypted_jwt_secret"
expiration = 86400  # 24 hours
refresh_token_expiration = 604800  # 7 days
algorithm = "HS256"
issuer = "rustelo-full"
audience = "rustelo-users"

[auth.password]
min_length = 12
require_uppercase = true
require_lowercase = true
require_numbers = true
require_special_chars = true
max_age_days = 90
history_count = 12

[auth.security]
max_login_attempts = 3
lockout_duration = 1800  # 30 minutes
session_timeout = 7200  # 2 hours
require_email_verification = true
password_reset_timeout = 3600  # 1 hour

[auth.two_factor]
enabled = true
backup_codes_count = 10
totp_issuer = "Rustelo Full Featured"
totp_digits = 6
totp_period = 30

[auth.registration]
enabled = true
require_email_verification = true
auto_approve = false
default_role = "user"
allowed_domains = ["yourdomain.com", "trusted-partner.com"]

[auth.sessions]
cleanup_interval = 1800  # 30 minutes
max_concurrent_sessions = 3
remember_me_duration = 2592000  # 30 days

[auth.rate_limiting]
login_attempts_per_minute = 3
registration_attempts_per_hour = 2
password_reset_attempts_per_hour = 2

# OAuth Configuration
[oauth]
enabled = true

[oauth.google]
client_id = "@encrypted_google_client_id"
client_secret = "@encrypted_google_client_secret"
redirect_uri = "https://yourdomain.com/auth/google/callback"

[oauth.github]
client_id = "@encrypted_github_client_id"
client_secret = "@encrypted_github_client_secret"
redirect_uri = "https://yourdomain.com/auth/github/callback"

# Email Configuration
[email]
enabled = true
from_email = "noreply@yourdomain.com"
from_name = "Rustelo Full Featured"
reply_to = "support@yourdomain.com"
default_provider = "smtp"

[email.smtp]
host = "smtp.yourdomain.com"
port = 587
username = "@encrypted_smtp_username"
password = "@encrypted_smtp_password"
use_tls = true
use_starttls = true
timeout = 30
pool_size = 10

[email.templates]
template_dir = "templates/email"
default_language = "en"
supported_languages = ["en", "es", "fr", "de", "ja"]
cache_templates = true
reload_on_change = false

[email.queue]
enabled = true
max_retry_attempts = 5
retry_delay = 120  # seconds
batch_size = 25
processing_interval = 15  # seconds

[email.rate_limiting]
max_emails_per_minute = 100
max_emails_per_hour = 5000
max_emails_per_day = 50000
burst_limit = 50

[email.validation]
check_mx_records = true
check_disposable_domains = true
allowed_domains = []
blocked_domains = ["tempmail.org", "10minutemail.com", "guerrillamail.com"]

[email.bounce_handling]
enabled = true
webhook_url = "/webhooks/email/bounce"
webhook_secret = "@encrypted_email_webhook_secret"
max_bounce_rate = 0.02  # 2%
auto_suppress_bounces = true

[email.security]
enable_dkim = true
dkim_selector = "default"
dkim_private_key_path = "certs/dkim_private.key"
enable_spf = true
enable_dmarc = true

# Content Management Configuration
[content]
enabled = true
content_dir = "content"
cache_enabled = true
cache_ttl = 7200  # 2 hours
max_file_size = 10485760  # 10MB
auto_save_interval = 30  # seconds
enable_versioning = true
max_versions = 25

[content.types.article]
enabled = true
template = "article.hbs"
slug_prefix = "articles"
allow_comments = true
enable_seo = true
max_length = 100000

[content.types.page]
enabled = true
template = "page.hbs"
slug_prefix = "pages"
allow_comments = false
enable_seo = true
max_length = 200000

[content.types.blog_post]
enabled = true
template = "blog_post.hbs"
slug_prefix = "blog"
allow_comments = true
enable_seo = true
max_length = 50000
enable_series = true

[content.markdown]
enable_syntax_highlighting = true
theme = "github"
enable_tables = true
enable_strikethrough = true
enable_autolinks = true
enable_task_lists = true
enable_footnotes = true
enable_math = true
heading_anchors = true
code_block_line_numbers = true

[content.seo]
auto_generate_meta = true
default_meta_description_length = 160
auto_generate_og_tags = true
enable_json_ld = true
sitemap_enabled = true
sitemap_path = "/sitemap.xml"
robots_txt_enabled = true

[content.publishing]
auto_publish = false
require_review = true
enable_drafts = true
enable_scheduling = true
default_status = "draft"

[content.taxonomy]
enable_categories = true
max_categories_per_content = 10
enable_tags = true
max_tags_per_content = 50
enable_hierarchical_categories = true

[content.media]
enabled = true
upload_dir = "uploads/content"
allowed_extensions = ["jpg", "jpeg", "png", "gif", "webp", "svg", "pdf", "doc", "docx", "mp4", "webm"]
max_file_size = 52428800  # 50MB
enable_image_optimization = true
generate_thumbnails = true
thumbnail_sizes = [150, 300, 600, 1200, 1920]

[content.media.images]
auto_optimize = true
quality = 90
progressive_jpeg = true
strip_metadata = true
enable_webp_conversion = true
enable_lazy_loading = true

[content.search]
enabled = true
search_engine = "database"
index_content = true
index_metadata = true
search_fields = ["title", "content", "excerpt", "tags", "categories", "author"]
min_search_length = 2
max_results = 100

[content.search.fulltext]
enable_stemming = true
enable_fuzzy_search = true
fuzzy_distance = 2
boost_title = 3.0
boost_tags = 2.0
boost_categories = 1.5

[content.cache]
enable_redis = true
redis_url = "redis://localhost:6379/1"
redis_prefix = "content:"
cache_rendered_content = true
cache_search_results = true
search_cache_ttl = 600  # 10 minutes

[content.api]
enabled = true
enable_public_api = true
enable_admin_api = true
api_prefix = "/api/content"
rate_limit_per_minute = 200
require_auth_for_write = true
enable_bulk_operations = true

[content.backup]
enabled = true
backup_interval = 43200  # 12 hours
backup_retention_days = 90
backup_dir = "backups/content"
include_media = true
compress_backups = true

[content.workflows]
enabled = true
require_approval = true
approval_roles = ["editor", "admin"]
notification_on_submission = true
notification_on_approval = true
auto_notify_authors = true

[content.comments]
enabled = true
require_approval = true
enable_replies = true
max_nesting_level = 5
enable_voting = true
enable_email_notifications = true
anti_spam_enabled = true

[content.analytics]
track_views = true
track_reading_time = true
track_popular_content = true
analytics_retention_days = 365
enable_heatmaps = true

[content.feeds]
enabled = true
rss_enabled = true
atom_enabled = true
feed_title = "Rustelo Full Featured Content"
feed_description = "Latest content from our full-featured Rustelo application"
max_items = 50
include_full_content = true

[content.security]
enable_content_sanitization = true
allowed_html_tags = ["p", "br", "strong", "em", "ul", "ol", "li", "h1", "h2", "h3", "h4", "h5", "h6", "blockquote", "code", "pre", "a", "img", "table", "thead", "tbody", "tr", "th", "td"]
enable_xss_protection = true
enable_csrf_protection = true
max_content_length = 5000000  # 5MB

[content.i18n]
enabled = true
default_language = "en"
supported_languages = ["en", "es", "fr", "de", "ja", "zh"]
fallback_to_default = true
auto_detect_language = true

[content.performance]
enable_lazy_loading = true
enable_pagination = true
default_page_size = 25
max_page_size = 100
enable_content_compression = true
minify_html = true

# Metrics Configuration
[metrics]
enabled = true
endpoint = "/metrics"
health_endpoint = "/metrics/health"
collection_interval = 30  # seconds
enable_process_metrics = true
enable_runtime_metrics = true

[metrics.prometheus]
namespace = "rustelo_full"
subsystem = ""
registry_type = "default"
enable_exemplars = true
histogram_buckets = [0.0005, 0.001, 0.0025, 0.005, 0.01, 0.025, 0.05, 0.1, 0.25, 0.5, 1.0, 2.5, 5.0, 10.0]

[metrics.http]
enabled = true
track_request_count = true
track_request_duration = true
track_requests_in_flight = true
track_response_size = true
track_request_size = true
include_user_agent = false
include_ip_address = false
slow_request_threshold = 0.5  # seconds

[metrics.database]
enabled = true
track_connection_pool = true
track_query_duration = true
track_query_count = true
track_connection_errors = true
track_migration_status = true
slow_query_threshold = 0.05  # seconds
include_query_tags = false

[metrics.auth]
enabled = true
track_login_attempts = true
track_login_failures = true
track_session_duration = true
track_active_sessions = true
track_token_generations = true
track_password_resets = true
track_registration_attempts = true
include_failure_reasons = true

[metrics.content]
enabled = true
track_content_requests = true
track_cache_performance = true
track_content_processing_time = true
track_search_queries = true
track_content_views = true
track_popular_content = true

[metrics.email]
enabled = true
track_emails_sent = true
track_email_failures = true
track_queue_size = true
track_processing_time = true
track_bounce_rate = true
track_delivery_rate = true
include_provider_metrics = true

[metrics.system]
enabled = true
track_memory_usage = true
track_cpu_usage = true
track_disk_usage = true
track_network_io = true
track_file_descriptors = true
track_uptime = true
collection_interval = 15  # seconds

[metrics.business]
enabled = true
track_user_registrations = true
track_user_logins = true
track_content_creation = true
track_api_usage = true
track_feature_usage = true
track_error_rates = true
track_conversion_metrics = true

[metrics.custom]
enabled = true
allow_custom_counters = true
allow_custom_gauges = true
allow_custom_histograms = true
max_custom_metrics = 500
custom_metric_prefix = "custom_"

[metrics.labels]
include_environment = true
include_version = true
include_instance_id = true
include_hostname = true
custom_labels = {datacenter = "us-west-1", team = "platform"}

[metrics.security]
enable_authentication = true
allowed_ips = ["10.0.0.0/8", "172.16.0.0/12", "192.168.0.0/16"]
api_key_header = "X-Metrics-API-Key"
api_key = "@encrypted_metrics_api_key"

# TLS Configuration
[tls]
enabled = true
port = 443
bind_address = "0.0.0.0"
protocols = ["TLSv1.2", "TLSv1.3"]
prefer_server_cipher_order = true
enable_http2 = true
enable_ocsp_stapling = true

[tls.certificates]
cert_path = "certs/production.crt"
key_path = "certs/production.key"
chain_path = "certs/chain.pem"
verify_client_certs = false

[tls.letsencrypt]
enabled = true
email = "admin@yourdomain.com"
domains = ["yourdomain.com", "www.yourdomain.com", "api.yourdomain.com"]
acme_server = "https://acme-v02.api.letsencrypt.org/directory"
challenge_type = "http-01"
cert_path = "certs/letsencrypt"
auto_renew = true
renew_days_before = 30

[tls.monitoring]
check_expiry = true
expiry_warning_days = 30
expiry_critical_days = 7
notify_on_expiry = true
health_check_enabled = true

[tls.ciphers]
allowed_ciphers = [
    "TLS_AES_256_GCM_SHA384",
    "TLS_CHACHA20_POLY1305_SHA256",
    "TLS_AES_128_GCM_SHA256",
    "ECDHE-RSA-AES256-GCM-SHA384",
    "ECDHE-RSA-CHACHA20-POLY1305",
    "ECDHE-RSA-AES128-GCM-SHA256"
]
allow_legacy_ciphers = false

[tls.hsts]
enabled = true
max_age = 31536000  # 1 year
include_subdomains = true
preload = true

[tls.redirect]
enable_http_redirect = true
redirect_port = 80
permanent_redirect = true
redirect_status_code = 301

# Redis Configuration
[redis]
enabled = true
url = "redis://localhost:6379/0"
pool_size = 20
connection_timeout = 10
command_timeout = 10

# Feature Flags
[features]
auth = true
tls = true
content_db = true
two_factor_auth = true

# Build Configuration
[build]
features = ["auth", "content-db", "crypto", "email", "metrics", "tls"]