# Provisioning Platform Installer Configuration Template
# Version: 3.5.0
#
# This template defines all available configuration options for the installer.
# Copy this file to `installer-config.toml` and customize as needed.

# =============================================================================
# INSTALLER SETTINGS
# =============================================================================
[installer]
# Installation mode
# Options: "interactive" (TUI wizard), "headless" (non-interactive), "config-driven" (from config file)
mode = "interactive"

# Platform auto-detection
# If true, installer will auto-detect available container platforms
auto_detect_platform = true

# Skip confirmation prompts in headless mode
# WARNING: Only use in automated environments
skip_confirmations = false

# Verbose output
# Enable detailed logging during installation
verbose = false

# Installation timeout in seconds
# Maximum time to wait for installation to complete
timeout = 1800  # 30 minutes

# Dry run mode
# Validate configuration without making changes
dry_run = false

# =============================================================================
# DEPLOYMENT CONFIGURATION
# =============================================================================
[deployment]
# Container platform
# Options: "docker", "podman", "kubernetes", "orbstack"
# If not specified, installer will use auto-detected platform
platform = "docker"

# Deployment mode
# Options: "solo", "multi-user", "cicd", "enterprise"
# Determines which services are deployed and resource requirements
mode = "solo"

# Base domain for services
# All services will be accessible under this domain
# For local development, use "localhost" or a .local domain
domain = "localhost"

# Deployment location
# Options: "local" (current machine), "remote" (SSH to remote host)
location = "local"

# Remote deployment settings (only used if location = "remote")
[deployment.remote]
# SSH connection string (user@host:port)
host = ""

# SSH private key path
# Leave empty to use default SSH key (~/.ssh/id_rsa)
ssh_key = ""

# Use SSH agent for authentication
use_ssh_agent = true

# Remote installation path
# Directory on remote host where platform will be installed
install_path = "/opt/provisioning"

# =============================================================================
# RESOURCE REQUIREMENTS
# =============================================================================
[resources]
# Minimum CPU cores required
# Will be auto-calculated based on deployment mode if not specified
min_cpu_cores = 2

# Minimum memory in GB
# Will be auto-calculated based on deployment mode if not specified
min_memory_gb = 4.0

# Minimum disk space in GB
min_disk_gb = 20.0

# Override resource checks
# WARNING: Only use if you understand the implications
skip_resource_check = false

# Resource allocation strategy
# Options: "auto" (installer decides), "minimal" (minimum resources), "recommended" (recommended resources)
allocation_strategy = "auto"

# =============================================================================
# SERVICE CONFIGURATION
# =============================================================================
[services]
# Core services (always installed)
# These services are required for basic platform operation

[services.orchestrator]
enabled = true
port = 8080
# CPU limit in millicores (1000m = 1 CPU core)
cpu_limit = "1000m"
# Memory limit
memory_limit = "512Mi"
# Restart policy: "always", "on-failure", "unless-stopped"
restart_policy = "always"

[services.control_center]
enabled = true
port = 8081
cpu_limit = "500m"
memory_limit = "256Mi"
restart_policy = "always"

[services.coredns]
enabled = true
port = 5353
cpu_limit = "100m"
memory_limit = "128Mi"
restart_policy = "always"

# Optional services (can be enabled/disabled based on deployment mode)

[services.mcp_server]
# Model Context Protocol server for AI integration
enabled = false
port = 8084
cpu_limit = "500m"
memory_limit = "512Mi"
restart_policy = "always"

[services.api_gateway]
# REST API gateway
enabled = false
port = 8085
cpu_limit = "500m"
memory_limit = "256Mi"
restart_policy = "always"

[services.extension_registry]
# Extension package hosting
enabled = false
port = 8082
cpu_limit = "200m"
memory_limit = "256Mi"
restart_policy = "always"

[services.oci_registry]
# OCI container registry (Zot)
enabled = false
port = 5000
cpu_limit = "500m"
memory_limit = "512Mi"
restart_policy = "always"
# Registry storage path
storage_path = "/var/lib/provisioning/registry"

[services.gitea]
# Git server for multi-user mode
enabled = false
port = 3000
cpu_limit = "1000m"
memory_limit = "1Gi"
restart_policy = "always"
# Gitea data path
data_path = "/var/lib/provisioning/gitea"

[services.postgres]
# Shared database for multi-user/enterprise modes
enabled = false
port = 5432
cpu_limit = "1000m"
memory_limit = "1Gi"
restart_policy = "always"
# PostgreSQL data path
data_path = "/var/lib/provisioning/postgres"
# PostgreSQL version
version = "15"

[services.harbor]
# Harbor OCI registry (enterprise mode)
enabled = false
port = 5000
cpu_limit = "2000m"
memory_limit = "2Gi"
restart_policy = "always"
# Harbor data path
data_path = "/var/lib/provisioning/harbor"

[services.kms]
# Cosmian KMS for enterprise secrets management
enabled = false
port = 9998
cpu_limit = "500m"
memory_limit = "512Mi"
restart_policy = "always"

[services.prometheus]
# Metrics collection
enabled = false
port = 9090
cpu_limit = "1000m"
memory_limit = "1Gi"
restart_policy = "always"
# Retention period
retention_days = 15

[services.grafana]
# Metrics dashboards
enabled = false
port = 3001
cpu_limit = "500m"
memory_limit = "512Mi"
restart_policy = "always"

[services.loki]
# Log aggregation
enabled = false
port = 3100
cpu_limit = "1000m"
memory_limit = "1Gi"
restart_policy = "always"
# Log retention period
retention_days = 7

[services.nginx]
# Reverse proxy (enterprise mode)
enabled = false
port = 80
cpu_limit = "500m"
memory_limit = "256Mi"
restart_policy = "always"
# SSL/TLS configuration
[services.nginx.tls]
enabled = false
cert_path = ""
key_path = ""
# Auto-generate self-signed cert for development
auto_generate = false

# =============================================================================
# SECRETS MANAGEMENT
# =============================================================================
[secrets]
# Auto-generate secrets
# If true, installer will generate secure random secrets
auto_generate = true

# Secrets storage backend
# Options: "file" (local files), "env" (environment variables), "kms" (Cosmian KMS)
storage_backend = "file"

# Secrets file path (only used if storage_backend = "file")
secrets_path = "/var/lib/provisioning/secrets"

# Use SOPS for secret encryption
use_sops = false

# SOPS age key path
sops_age_key = ""

# KMS endpoint (only used if storage_backend = "kms")
kms_endpoint = "http://localhost:9998"

# Pre-defined secrets (leave empty to auto-generate)
[secrets.database]
postgres_password = ""
postgres_user = "provisioning"

[secrets.registry]
admin_password = ""
admin_user = "admin"

[secrets.gitea]
admin_password = ""
admin_user = "gitadmin"
secret_key = ""
internal_token = ""

[secrets.jwt]
# JWT signing key for API authentication
signing_key = ""
# Token expiration in hours
expiration_hours = 24

# =============================================================================
# MCP (MODEL CONTEXT PROTOCOL) INTEGRATION
# =============================================================================
[mcp]
# Enable MCP server
enabled = false

# MCP server mode
# Options: "stdio" (standard input/output), "http" (HTTP server), "sse" (Server-Sent Events)
mode = "http"

# HTTP/SSE endpoint (only used if mode = "http" or "sse")
endpoint = "http://localhost:8084"

# Auto-configure Claude Desktop integration
# If true, installer will update Claude Desktop config with MCP server
auto_configure_claude = false

# Claude Desktop config path
# Leave empty to use default platform-specific path
claude_config_path = ""

# MCP tools to enable
# Available tools: workspace, config, server, taskserv, cluster, workflow, batch
enabled_tools = [
    "workspace",
    "config",
    "server",
    "taskserv",
    "cluster"
]

# MCP server startup timeout in seconds
startup_timeout = 30

# =============================================================================
# UNATTENDED INSTALLATION
# =============================================================================
[unattended]
# Enable completely unattended installation
# Requires valid configuration file, no user interaction
enabled = false

# Accept all defaults for missing configuration
accept_defaults = true

# Skip all confirmation prompts
skip_all_prompts = true

# Email for installation notifications (optional)
notification_email = ""

# Post-installation script
# Script to run after installation completes
post_install_script = ""

# Post-installation script timeout in seconds
post_install_timeout = 300

# Generate installation report
# If true, creates detailed report at installation completion
generate_report = true

# Report output path
report_path = "/var/log/provisioning/installer-report.json"

# =============================================================================
# ADVANCED SETTINGS
# =============================================================================
[advanced]
# Container image registry
# Base registry for pulling platform images
image_registry = "ghcr.io/provisioning"

# Image pull policy
# Options: "always", "if-not-present", "never"
image_pull_policy = "if-not-present"

# Network configuration
[advanced.network]
# Container network name
network_name = "provisioning-net"
# Network driver: "bridge", "host", "overlay"
network_driver = "bridge"
# Network subnet (CIDR notation)
subnet = "172.20.0.0/16"
# DNS servers
dns_servers = ["8.8.8.8", "8.8.4.4"]

# Storage configuration
[advanced.storage]
# Base storage path
base_path = "/var/lib/provisioning"
# Storage driver: "local", "overlay2", "zfs", "btrfs"
driver = "overlay2"
# Enable volume encryption
encrypt_volumes = false

# Logging configuration
[advanced.logging]
# Log level: "debug", "info", "warn", "error"
level = "info"
# Log format: "json", "text"
format = "text"
# Log output: "stdout", "file", "both"
output = "both"
# Log file path (only used if output includes "file")
file_path = "/var/log/provisioning/installer.log"
# Max log file size in MB
max_size_mb = 100
# Max number of log files to keep
max_backups = 5

# Health check configuration
[advanced.health_check]
# Enable health checks during installation
enabled = true
# Health check interval in seconds
interval = 5
# Health check timeout in seconds
timeout = 30
# Number of retries before failure
max_retries = 10

# Rollback configuration
[advanced.rollback]
# Enable automatic rollback on failure
enabled = true
# Create backup before installation
create_backup = true
# Backup path
backup_path = "/var/lib/provisioning/backups"
# Keep backups after successful installation
keep_backups = true
# Maximum number of backups to keep
max_backups = 3