provisioning/schemas/platform/defaults/control-center-defaults.ncl

# Control Center Service Default Configuration
# Policy management, RBAC, and compliance defaults

let control_center_schema = import "../schemas/control-center.ncl" in
let monitoring_defaults = import "./common/monitoring-defaults.ncl" in
let logging_defaults = import "./common/logging-defaults.ncl" in

{
  control_center | control_center_schema.ControlCenterConfig = {
    # Workspace Configuration
    workspace = {
      name = "default",
      path = "/var/lib/provisioning/control-center",
      enabled = true,
      multi_workspace = false,
    },

    # HTTP Server Settings
    server = {
      host = "127.0.0.1",
      port = 8080,
      workers = 4,
      keep_alive = 75,
      max_connections = 100,
      request_timeout = 30000,
      graceful_shutdown = true,
      shutdown_timeout = 30,
    },

    # Database Configuration
    database = {
      backend = "rocksdb",
      path = "/var/lib/provisioning/control-center/data",
      pool_size = 10,
      timeout = 30,
      retry = true,
      max_retries = "3",
    },

    # Security Configuration
    security = {
      jwt = {
        issuer = "control-center",
        audience = "provisioning",
        expiration = 3600,
        refresh_expiration = 86400,
        secret = "change_me_in_production",
        algorithm = "HS256",
      },
      rbac = {
        enabled = true,
        inheritance = true,
        default_role = "user",
      },
      mfa = {
        required = false,
        methods = ["totp"],
        max_attempts = "5",
        lockout_duration = 15,
      },
      rate_limiting = {
        enabled = false,
        max_requests = "1000",
        window_seconds = 60,
      },
      tls = {
        enabled = false,
      },
      cors = {
        enabled = false,
      },
      session = {
        max_duration = 86400,
        idle_timeout = 3600,
        tracking = false,
      },
    },

    # Policy Engine Configuration
    policy = {
      enabled = true,
      cache = {
        enabled = true,
        ttl = 3600,
        max_policies = 10000,
      },
      versioning = {
        enabled = true,
        max_versions = 20,
      },
    },

    # RBAC Configuration
    rbac = {
      enabled = true,
      hierarchy = true,
      dynamic_roles = false,
      default_role = "user",
      roles = {
        admin = true,
        operator = true,
        viewer = true,
      },
      attribute_based = false,
    },

    # User Management
    users = {
      enabled = true,
      registration = {
        enabled = true,
        requires_approval = false,
        auto_assign_role = "user",
      },
      sessions = {
        max_active = 5,
        idle_timeout = 3600,
        absolute_timeout = 86400,
      },
      audit_enabled = false,
    },

    # Audit Logging
    audit = {
      enabled = false,
      storage = {
        retention_days = 90,
        immutable = false,
      },
      redact_sensitive = true,
    },

    # Compliance Configuration
    compliance = {
      enabled = false,
      validation = {
        enabled = false,
        interval_hours = 24,
      },
      data_retention = {
        policy_years = 7,
        audit_log_days = 2555,
      },
      encryption_required = false,
    },

    # Integrations
    integrations = {
      ldap = {
        enabled = false,
      },
      oauth2 = {
        enabled = false,
      },
      webhooks = {
        enabled = false,
      },
    },

    # Monitoring Configuration
    monitoring = monitoring_defaults.monitoring,

    # Logging Configuration
    logging = logging_defaults.logging,
  },
}
chore: complete nickel migration and consolidate legacy configs - Remove KCL ecosystem (~220 files deleted) - Migrate all infrastructure to Nickel schema system - Consolidate documentation: legacy docs → provisioning/docs/src/ - Add CI/CD workflows (.github/) and Rust build config (.cargo/) - Update core system for Nickel schema parsing - Update README.md and CHANGES.md for v5.0.0 release - Fix pre-commit hooks: end-of-file, trailing-whitespace - Breaking changes: KCL workspaces require migration - Migration bridge available in docs/src/development/ 2026-01-08 09:55:37 +00:00			`# Control Center Service Default Configuration`
			`# Policy management, RBAC, and compliance defaults`

			`let control_center_schema = import "../schemas/control-center.ncl" in`
			`let monitoring_defaults = import "./common/monitoring-defaults.ncl" in`
			`let logging_defaults = import "./common/logging-defaults.ncl" in`

			`{`
			`control_center \| control_center_schema.ControlCenterConfig = {`
			`# Workspace Configuration`
			`workspace = {`
			`name = "default",`
			`path = "/var/lib/provisioning/control-center",`
			`enabled = true,`
			`multi_workspace = false,`
			`},`

			`# HTTP Server Settings`
			`server = {`
			`host = "127.0.0.1",`
			`port = 8080,`
			`workers = 4,`
			`keep_alive = 75,`
			`max_connections = 100,`
			`request_timeout = 30000,`
			`graceful_shutdown = true,`
			`shutdown_timeout = 30,`
			`},`

			`# Database Configuration`
			`database = {`
			`backend = "rocksdb",`
			`path = "/var/lib/provisioning/control-center/data",`
			`pool_size = 10,`
			`timeout = 30,`
			`retry = true,`
			`max_retries = "3",`
			`},`

			`# Security Configuration`
			`security = {`
			`jwt = {`
			`issuer = "control-center",`
			`audience = "provisioning",`
			`expiration = 3600,`
			`refresh_expiration = 86400,`
			`secret = "change_me_in_production",`
			`algorithm = "HS256",`
			`},`
			`rbac = {`
			`enabled = true,`
			`inheritance = true,`
			`default_role = "user",`
			`},`
			`mfa = {`
			`required = false,`
			`methods = ["totp"],`
			`max_attempts = "5",`
			`lockout_duration = 15,`
			`},`
			`rate_limiting = {`
			`enabled = false,`
			`max_requests = "1000",`
			`window_seconds = 60,`
			`},`
			`tls = {`
			`enabled = false,`
			`},`
			`cors = {`
			`enabled = false,`
			`},`
			`session = {`
			`max_duration = 86400,`
			`idle_timeout = 3600,`
			`tracking = false,`
			`},`
			`},`

			`# Policy Engine Configuration`
			`policy = {`
			`enabled = true,`
			`cache = {`
			`enabled = true,`
			`ttl = 3600,`
			`max_policies = 10000,`
			`},`
			`versioning = {`
			`enabled = true,`
			`max_versions = 20,`
			`},`
			`},`

			`# RBAC Configuration`
			`rbac = {`
			`enabled = true,`
			`hierarchy = true,`
			`dynamic_roles = false,`
			`default_role = "user",`
			`roles = {`
			`admin = true,`
			`operator = true,`
			`viewer = true,`
			`},`
			`attribute_based = false,`
			`},`

			`# User Management`
			`users = {`
			`enabled = true,`
			`registration = {`
			`enabled = true,`
			`requires_approval = false,`
			`auto_assign_role = "user",`
			`},`
			`sessions = {`
			`max_active = 5,`
			`idle_timeout = 3600,`
			`absolute_timeout = 86400,`
			`},`
			`audit_enabled = false,`
			`},`

			`# Audit Logging`
			`audit = {`
			`enabled = false,`
			`storage = {`
			`retention_days = 90,`
			`immutable = false,`
			`},`
			`redact_sensitive = true,`
			`},`

			`# Compliance Configuration`
			`compliance = {`
			`enabled = false,`
			`validation = {`
			`enabled = false,`
			`interval_hours = 24,`
			`},`
			`data_retention = {`
			`policy_years = 7,`
			`audit_log_days = 2555,`
			`},`
			`encryption_required = false,`
			`},`

			`# Integrations`
			`integrations = {`
			`ldap = {`
			`enabled = false,`
			`},`
			`oauth2 = {`
			`enabled = false,`
			`},`
			`webhooks = {`
			`enabled = false,`
			`},`
			`},`

			`# Monitoring Configuration`
			`monitoring = monitoring_defaults.monitoring,`

			`# Logging Configuration`
			`logging = logging_defaults.logging,`
			`},`
			`}`