# Network Configuration Schema
# Common schema for bind addresses, CORS, TLS, and networking

{
  # Supported IP versions

  NetworkConfig = {
    # Bind address (IP:port format)
    bind_address | String | optional,

    # IP version to use
    ip_version | String | default = 'ipv4,

    # Enable IPv6
    enable_ipv6 | Bool | default = false,

    # Network interface to bind to (eth0, lo, etc.)
    interface | String | optional,

    # Connection settings
    connection | {
      # TCP backlog size
      backlog | String | optional,

      # TCP nodelay (disable Nagle algorithm)
      tcp_nodelay | Bool | default = true,

      # SO_KEEPALIVE socket option
      so_keepalive | Bool | default = true,

      # Read timeout in milliseconds
      read_timeout | Number | optional,

      # Write timeout in milliseconds
      write_timeout | Number | optional,
    } | optional,

    # Proxy Configuration
    proxy | {
      # Enable proxy support
      enabled | Bool | default = false,

      # Trust proxy headers
      trust_proxy_headers | Bool | default = false,

      # Trusted proxy IPs (CIDR notation)
      trusted_proxies | Array String | optional,

      # Client IP header name
      client_ip_header | String | optional,
    } | optional,

    # Rate Limiting by IP
    ip_rate_limiting | {
      # Enable per-IP rate limiting
      enabled | Bool | default = false,

      # Max requests per IP per window
      max_requests | String | optional,

      # Window size in seconds
      window_seconds | Number | optional,

      # IP whitelist (bypass rate limiting)
      whitelist | Array String | optional,

      # IP blacklist (block entirely)
      blacklist | Array String | optional,
    } | optional,

    # TLS Configuration
    tls | {
      # Enable TLS
      enabled | Bool | default = false,

      # Minimum TLS version
      min_version | String | optional,

      # Maximum TLS version
      max_version | String | optional,

      # Certificate file path
      cert_file | String | optional,

      # Key file path
      key_file | String | optional,

      # CA certificate for client verification
      ca_file | String | optional,

      # Require client certificate
      client_cert_required | Bool | default = false,

      # Cipher suites (use defaults if empty)
      cipher_suites | Array String | optional,
    } | optional,

    # DNS Configuration
    dns | {
      # DNS servers to use
      servers | Array String | optional,

      # DNS timeout in seconds
      timeout | Number | optional,

      # Enable DNS caching
      cache | Bool | default = true,

      # DNS cache TTL in seconds
      cache_ttl | Number | optional,
    } | optional,
  },
}