provisioning/schemas/platform/defaults/control-center-defaults.ncl

# Control Center Service Default Configuration
# Pattern: 3-Layer Config (flat notation + | default)

let control_center_schema = import "../control-center.ncl" in
let monitoring_defaults = import "./common/monitoring-defaults.ncl" in
let logging_defaults = import "./common/logging-defaults.ncl" in

let base_control_center = {
  # Workspace Configuration
  workspace.name | default = "default",
  workspace.path | default = "/var/lib/provisioning/control-center",
  workspace.enabled | default = true,
  workspace.multi_workspace | default = false,

  # HTTP Server Settings
  server.host | default = "127.0.0.1",
  server.port | default = 9091,
  server.workers | default = 4,
  server.keep_alive | default = 75,
  server.max_connections | default = 100,
  server.request_timeout | default = 30000,
  server.graceful_shutdown | default = true,
  server.shutdown_timeout | default = 30,

  # Database Configuration
  database.backend | default = "rocksdb",
  database.path | default = "/var/lib/provisioning/control-center/data",
  database.pool_size | default = 10,
  database.timeout | default = 30,
  database.retry | default = true,
  database.max_retries | default = "3",

  # Security - JWT Configuration
  security.jwt.issuer | default = "control-center",
  security.jwt.audience | default = "provisioning",
  security.jwt.expiration | default = 3600,
  security.jwt.refresh_expiration | default = 86400,
  security.jwt.secret | default = "change_me_in_production",
  security.jwt.algorithm | default = "HS256",

  # Security - RBAC Configuration
  security.rbac.enabled | default = true,
  security.rbac.inheritance | default = true,
  security.rbac.default_role | default = "user",

  # Security - MFA Configuration
  security.mfa.required | default = false,
  security.mfa.methods | default = ["totp"],
  security.mfa.max_attempts | default = "5",
  security.mfa.lockout_duration | default = 15,

  # Security - Rate Limiting Configuration
  security.rate_limiting.enabled | default = false,
  security.rate_limiting.max_requests | default = "1000",
  security.rate_limiting.window_seconds | default = 60,

  # Security - TLS Configuration
  security.tls.enabled | default = false,

  # Security - CORS Configuration
  security.cors.enabled | default = false,

  # Security - Session Configuration
  security.session.max_duration | default = 86400,
  security.session.idle_timeout | default = 3600,
  security.session.tracking | default = false,

  # Policy Engine Configuration
  policy.enabled | default = true,
  policy.cache.enabled | default = true,
  policy.cache.ttl | default = 3600,
  policy.cache.max_policies | default = 10000,
  policy.versioning.enabled | default = true,
  policy.versioning.max_versions | default = 20,

  # RBAC Configuration
  rbac.enabled | default = true,
  rbac.hierarchy | default = true,
  rbac.dynamic_roles | default = false,
  rbac.default_role | default = "user",
  rbac.roles.admin | default = true,
  rbac.roles.operator | default = true,
  rbac.roles.viewer | default = true,
  rbac.attribute_based | default = false,

  # User Management Configuration
  users.enabled | default = true,
  users.registration.enabled | default = true,
  users.registration.requires_approval | default = false,
  users.registration.auto_assign_role | default = "user",
  users.sessions.max_active | default = 5,
  users.sessions.idle_timeout | default = 3600,
  users.sessions.absolute_timeout | default = 86400,
  users.audit_enabled | default = false,

  # Audit Logging Configuration
  audit.enabled | default = false,
  audit.storage.retention_days | default = 90,
  audit.storage.immutable | default = false,
  audit.redact_sensitive | default = true,

  # Compliance Configuration
  compliance.enabled | default = false,
  compliance.validation.enabled | default = false,
  compliance.validation.interval_hours | default = 24,
  compliance.data_retention.policy_years | default = 7,
  compliance.data_retention.audit_log_days | default = 2555,
  compliance.encryption_required | default = false,

  # Integrations Configuration
  integrations.ldap.enabled | default = false,
  integrations.oauth2.enabled | default = false,
  integrations.webhooks.enabled | default = false,

  # Monitoring Configuration (from common defaults)
  monitoring.enabled | default = monitoring_defaults.monitoring.enabled,
  monitoring.metrics.enabled | default = monitoring_defaults.monitoring.metrics.enabled,
  monitoring.metrics.interval | default = monitoring_defaults.monitoring.metrics.interval,
  monitoring.health_check.enabled | default = monitoring_defaults.monitoring.health_check.enabled,
  monitoring.health_check.interval | default = monitoring_defaults.monitoring.health_check.interval,
  monitoring.resources.cpu | default = monitoring_defaults.monitoring.resources.cpu,
  monitoring.resources.memory | default = monitoring_defaults.monitoring.resources.memory,
  monitoring.resources.alert_threshold | default = monitoring_defaults.monitoring.resources.alert_threshold,

  # Logging Configuration (from common defaults)
  logging.level | default = logging_defaults.logging.level,
  logging.format | default = logging_defaults.logging.format,

  # Docker Build Configuration (no | default to override schema)
  build.package = "control-center",
  build.binary = "provisioning-control-center",
  build.port = 9091,
  build.features = ["all"],
  build.extra_runtime_pkgs = [],
  build.config_file = "config.defaults.toml",
} in

{
  # Base configuration with all defaults
  control_center = base_control_center | control_center_schema.ControlCenterConfig,
}
chore: complete nickel migration and consolidate legacy configs - Remove KCL ecosystem (~220 files deleted) - Migrate all infrastructure to Nickel schema system - Consolidate documentation: legacy docs → provisioning/docs/src/ - Add CI/CD workflows (.github/) and Rust build config (.cargo/) - Update core system for Nickel schema parsing - Update README.md and CHANGES.md for v5.0.0 release - Fix pre-commit hooks: end-of-file, trailing-whitespace - Breaking changes: KCL workspaces require migration - Migration bridge available in docs/src/development/ 2026-01-08 09:55:37 +00:00			`# Control Center Service Default Configuration`
docs: update README and CHANGELOG for nickel branch (2026-05-12) 2026-05-12 02:23:01 +01:00			`# Pattern: 3-Layer Config (flat notation + \| default)`
chore: complete nickel migration and consolidate legacy configs - Remove KCL ecosystem (~220 files deleted) - Migrate all infrastructure to Nickel schema system - Consolidate documentation: legacy docs → provisioning/docs/src/ - Add CI/CD workflows (.github/) and Rust build config (.cargo/) - Update core system for Nickel schema parsing - Update README.md and CHANGES.md for v5.0.0 release - Fix pre-commit hooks: end-of-file, trailing-whitespace - Breaking changes: KCL workspaces require migration - Migration bridge available in docs/src/development/ 2026-01-08 09:55:37 +00:00
docs: update README and CHANGELOG for nickel branch (2026-05-12) 2026-05-12 02:23:01 +01:00			`let control_center_schema = import "../control-center.ncl" in`
chore: complete nickel migration and consolidate legacy configs - Remove KCL ecosystem (~220 files deleted) - Migrate all infrastructure to Nickel schema system - Consolidate documentation: legacy docs → provisioning/docs/src/ - Add CI/CD workflows (.github/) and Rust build config (.cargo/) - Update core system for Nickel schema parsing - Update README.md and CHANGES.md for v5.0.0 release - Fix pre-commit hooks: end-of-file, trailing-whitespace - Breaking changes: KCL workspaces require migration - Migration bridge available in docs/src/development/ 2026-01-08 09:55:37 +00:00			`let monitoring_defaults = import "./common/monitoring-defaults.ncl" in`
			`let logging_defaults = import "./common/logging-defaults.ncl" in`

docs: update README and CHANGELOG for nickel branch (2026-05-12) 2026-05-12 02:23:01 +01:00			`let base_control_center = {`
			`# Workspace Configuration`
			`workspace.name \| default = "default",`
			`workspace.path \| default = "/var/lib/provisioning/control-center",`
			`workspace.enabled \| default = true,`
			`workspace.multi_workspace \| default = false,`

			`# HTTP Server Settings`
			`server.host \| default = "127.0.0.1",`
			`server.port \| default = 9091,`
			`server.workers \| default = 4,`
			`server.keep_alive \| default = 75,`
			`server.max_connections \| default = 100,`
			`server.request_timeout \| default = 30000,`
			`server.graceful_shutdown \| default = true,`
			`server.shutdown_timeout \| default = 30,`

			`# Database Configuration`
			`database.backend \| default = "rocksdb",`
			`database.path \| default = "/var/lib/provisioning/control-center/data",`
			`database.pool_size \| default = 10,`
			`database.timeout \| default = 30,`
			`database.retry \| default = true,`
			`database.max_retries \| default = "3",`

			`# Security - JWT Configuration`
			`security.jwt.issuer \| default = "control-center",`
			`security.jwt.audience \| default = "provisioning",`
			`security.jwt.expiration \| default = 3600,`
			`security.jwt.refresh_expiration \| default = 86400,`
			`security.jwt.secret \| default = "change_me_in_production",`
			`security.jwt.algorithm \| default = "HS256",`

			`# Security - RBAC Configuration`
			`security.rbac.enabled \| default = true,`
			`security.rbac.inheritance \| default = true,`
			`security.rbac.default_role \| default = "user",`

			`# Security - MFA Configuration`
			`security.mfa.required \| default = false,`
			`security.mfa.methods \| default = ["totp"],`
			`security.mfa.max_attempts \| default = "5",`
			`security.mfa.lockout_duration \| default = 15,`

			`# Security - Rate Limiting Configuration`
			`security.rate_limiting.enabled \| default = false,`
			`security.rate_limiting.max_requests \| default = "1000",`
			`security.rate_limiting.window_seconds \| default = 60,`

			`# Security - TLS Configuration`
			`security.tls.enabled \| default = false,`

			`# Security - CORS Configuration`
			`security.cors.enabled \| default = false,`

			`# Security - Session Configuration`
			`security.session.max_duration \| default = 86400,`
			`security.session.idle_timeout \| default = 3600,`
			`security.session.tracking \| default = false,`

			`# Policy Engine Configuration`
			`policy.enabled \| default = true,`
			`policy.cache.enabled \| default = true,`
			`policy.cache.ttl \| default = 3600,`
			`policy.cache.max_policies \| default = 10000,`
			`policy.versioning.enabled \| default = true,`
			`policy.versioning.max_versions \| default = 20,`

			`# RBAC Configuration`
			`rbac.enabled \| default = true,`
			`rbac.hierarchy \| default = true,`
			`rbac.dynamic_roles \| default = false,`
			`rbac.default_role \| default = "user",`
			`rbac.roles.admin \| default = true,`
			`rbac.roles.operator \| default = true,`
			`rbac.roles.viewer \| default = true,`
			`rbac.attribute_based \| default = false,`

			`# User Management Configuration`
			`users.enabled \| default = true,`
			`users.registration.enabled \| default = true,`
			`users.registration.requires_approval \| default = false,`
			`users.registration.auto_assign_role \| default = "user",`
			`users.sessions.max_active \| default = 5,`
			`users.sessions.idle_timeout \| default = 3600,`
			`users.sessions.absolute_timeout \| default = 86400,`
			`users.audit_enabled \| default = false,`

			`# Audit Logging Configuration`
			`audit.enabled \| default = false,`
			`audit.storage.retention_days \| default = 90,`
			`audit.storage.immutable \| default = false,`
			`audit.redact_sensitive \| default = true,`

			`# Compliance Configuration`
			`compliance.enabled \| default = false,`
			`compliance.validation.enabled \| default = false,`
			`compliance.validation.interval_hours \| default = 24,`
			`compliance.data_retention.policy_years \| default = 7,`
			`compliance.data_retention.audit_log_days \| default = 2555,`
			`compliance.encryption_required \| default = false,`

			`# Integrations Configuration`
			`integrations.ldap.enabled \| default = false,`
			`integrations.oauth2.enabled \| default = false,`
			`integrations.webhooks.enabled \| default = false,`

			`# Monitoring Configuration (from common defaults)`
			`monitoring.enabled \| default = monitoring_defaults.monitoring.enabled,`
			`monitoring.metrics.enabled \| default = monitoring_defaults.monitoring.metrics.enabled,`
			`monitoring.metrics.interval \| default = monitoring_defaults.monitoring.metrics.interval,`
			`monitoring.health_check.enabled \| default = monitoring_defaults.monitoring.health_check.enabled,`
			`monitoring.health_check.interval \| default = monitoring_defaults.monitoring.health_check.interval,`
			`monitoring.resources.cpu \| default = monitoring_defaults.monitoring.resources.cpu,`
			`monitoring.resources.memory \| default = monitoring_defaults.monitoring.resources.memory,`
			`monitoring.resources.alert_threshold \| default = monitoring_defaults.monitoring.resources.alert_threshold,`

			`# Logging Configuration (from common defaults)`
			`logging.level \| default = logging_defaults.logging.level,`
			`logging.format \| default = logging_defaults.logging.format,`

			`# Docker Build Configuration (no \| default to override schema)`
			`build.package = "control-center",`
			`build.binary = "provisioning-control-center",`
			`build.port = 9091,`
			`build.features = ["all"],`
			`build.extra_runtime_pkgs = [],`
			`build.config_file = "config.defaults.toml",`
			`} in`

chore: complete nickel migration and consolidate legacy configs - Remove KCL ecosystem (~220 files deleted) - Migrate all infrastructure to Nickel schema system - Consolidate documentation: legacy docs → provisioning/docs/src/ - Add CI/CD workflows (.github/) and Rust build config (.cargo/) - Update core system for Nickel schema parsing - Update README.md and CHANGES.md for v5.0.0 release - Fix pre-commit hooks: end-of-file, trailing-whitespace - Breaking changes: KCL workspaces require migration - Migration bridge available in docs/src/development/ 2026-01-08 09:55:37 +00:00			`{`
docs: update README and CHANGELOG for nickel branch (2026-05-12) 2026-05-12 02:23:01 +01:00			`# Base configuration with all defaults`
			`control_center = base_control_center \| control_center_schema.ControlCenterConfig,`
chore: complete nickel migration and consolidate legacy configs - Remove KCL ecosystem (~220 files deleted) - Migrate all infrastructure to Nickel schema system - Consolidate documentation: legacy docs → provisioning/docs/src/ - Add CI/CD workflows (.github/) and Rust build config (.cargo/) - Update core system for Nickel schema parsing - Update README.md and CHANGES.md for v5.0.0 release - Fix pre-commit hooks: end-of-file, trailing-whitespace - Breaking changes: KCL workspaces require migration - Migration bridge available in docs/src/development/ 2026-01-08 09:55:37 +00:00			`}`