# Control Center Configuration - Nickel Format
# Auto-generated by provisioning TypeDialog
# Edit via: nu provisioning/.typedialog/provisioning/platform/scripts/configure.nu control-center {mode}

let control_center_schema = import "../schemas/control-center.ncl" in

{
  control_center | control_center_schema.ControlCenterConfig = {
    # Workspace Configuration
    workspace = {
      {%- if workspace_name %}
      name = "{{ workspace_name }}",
      {%- endif %}
      {%- if workspace_path %}
      path = "{{ workspace_path }}",
      {%- endif %}
      {%- if workspace_enabled is defined %}
      enabled = {{ workspace_enabled | lower }},
      {%- endif %}
      {%- if multi_workspace_mode is defined %}
      multi_workspace = {{ multi_workspace_mode | lower }},
      {%- endif %}
    },

    # HTTP Server Configuration
    server = {
      {%- if server_host %}
      host = "{{ server_host }}",
      {%- endif %}
      {%- if server_port %}
      port = {{ server_port }},
      {%- endif %}
      {%- if server_workers %}
      workers = {{ server_workers }},
      {%- endif %}
      {%- if server_keep_alive %}
      keep_alive = {{ server_keep_alive }},
      {%- endif %}
      {%- if server_max_connections %}
      max_connections = {{ server_max_connections }},
      {%- endif %}
      {%- if server_request_timeout %}
      request_timeout = {{ server_request_timeout }},
      {%- endif %}
      {%- if server_graceful_shutdown is defined %}
      graceful_shutdown = {{ server_graceful_shutdown | lower }},
      {%- endif %}
      {%- if server_shutdown_timeout %}
      shutdown_timeout = {{ server_shutdown_timeout }},
      {%- endif %}
    },

    # Database Configuration
    database = {
      {%- if database_backend %}
      backend = "{{ database_backend }}",
      {%- endif %}
      {%- if database_path %}
      path = "{{ database_path }}",
      {%- endif %}
      {%- if database_pool_size %}
      pool_size = {{ database_pool_size }},
      {%- endif %}
      {%- if database_timeout %}
      timeout = {{ database_timeout }},
      {%- endif %}
      {%- if database_retry_attempts %}
      retry_attempts = {{ database_retry_attempts }},
      {%- endif %}
      {%- if database_retry_delay %}
      retry_delay = {{ database_retry_delay }},
      {%- endif %}
    },

    # Security Configuration (JWT, RBAC, MFA, etc.)
    security = {
      {%- if jwt_enabled is defined %}
      jwt = {
        enabled = {{ jwt_enabled | lower }},
        {%- if jwt_issuer %}
        issuer = "{{ jwt_issuer }}",
        {%- endif %}
        {%- if jwt_audience %}
        audience = "{{ jwt_audience }}",
        {%- endif %}
        {%- if jwt_token_expiration %}
        token_expiration = {{ jwt_token_expiration }},
        {%- endif %}
        {%- if jwt_signing_method %}
        signing_method = "{{ jwt_signing_method }}",
        {%- endif %}
        {%- if jwt_algorithm %}
        algorithm = "{{ jwt_algorithm }}",
        {%- endif %}
      },
      {%- endif %}
      {%- if rbac_enabled is defined %}
      rbac = {
        enabled = {{ rbac_enabled | lower }},
        {%- if rbac_hierarchy is defined %}
        hierarchy = {{ rbac_hierarchy | lower }},
        {%- endif %}
        {%- if rbac_default_role %}
        default_role = "{{ rbac_default_role }}",
        {%- endif %}
      },
      {%- endif %}
    },

    # Policy Engine Configuration
    policy = {
      {%- if policy_enabled is defined %}
      enabled = {{ policy_enabled | lower }},
      {%- endif %}
      {%- if policy_cache_enabled is defined %}
      cache = {
        enabled = {{ policy_cache_enabled | lower }},
        {%- if policy_cache_ttl %}
        ttl = {{ policy_cache_ttl }},
        {%- endif %}
        {%- if policy_cache_max_policies %}
        max_policies = {{ policy_cache_max_policies }},
        {%- endif %}
      },
      {%- endif %}
      {%- if policy_versioning_enabled is defined %}
      versioning = {
        enabled = {{ policy_versioning_enabled | lower }},
        {%- if policy_versioning_max_versions %}
        max_versions = {{ policy_versioning_max_versions }},
        {%- endif %}
      },
      {%- endif %}
    },

    # RBAC Configuration
    rbac = {
      {%- if rbac_roles_admin is defined %}
      enabled = true,
      hierarchy = true,
      {%- if rbac_dynamic_roles is defined %}
      dynamic_roles = {{ rbac_dynamic_roles | lower }},
      {%- endif %}
      {%- if rbac_default_role_name %}
      default_role = "{{ rbac_default_role_name }}",
      {%- endif %}
      roles = {
        {%- if rbac_roles_admin is defined %}
        admin = {{ rbac_roles_admin | lower }},
        {%- endif %}
        {%- if rbac_roles_operator is defined %}
        operator = {{ rbac_roles_operator | lower }},
        {%- endif %}
        {%- if rbac_roles_viewer is defined %}
        viewer = {{ rbac_roles_viewer | lower }},
        {%- endif %}
      },
      {%- endif %}
    },

    # User Management
    users = {
      {%- if users_enabled is defined %}
      enabled = {{ users_enabled | lower }},
      {%- endif %}
      {%- if users_registration_enabled is defined %}
      registration = {
        enabled = {{ users_registration_enabled | lower }},
        {%- if users_registration_requires_approval is defined %}
        requires_approval = {{ users_registration_requires_approval | lower }},
        {%- endif %}
        {%- if users_registration_auto_role %}
        auto_assign_role = "{{ users_registration_auto_role }}",
        {%- endif %}
      },
      {%- endif %}
      {%- if users_sessions_max_active %}
      sessions = {
        max_active = {{ users_sessions_max_active }},
        {%- if users_sessions_idle_timeout %}
        idle_timeout = {{ users_sessions_idle_timeout }},
        {%- endif %}
        {%- if users_sessions_absolute_timeout %}
        absolute_timeout = {{ users_sessions_absolute_timeout }},
        {%- endif %}
      },
      {%- endif %}
      {%- if users_audit_enabled is defined %}
      audit_enabled = {{ users_audit_enabled | lower }},
      {%- endif %}
    },

    # Audit Logging Configuration
    {%- if audit_enabled is defined %}
    audit = {
      enabled = {{ audit_enabled | lower }},
      {%- if audit_retention_days %}
      storage = {
        retention_days = {{ audit_retention_days }},
        {%- if audit_immutable is defined %}
        immutable = {{ audit_immutable | lower }},
        {%- endif %}
      },
      {%- endif %}
      {%- if audit_redact_sensitive is defined %}
      redact_sensitive = {{ audit_redact_sensitive | lower }},
      {%- endif %}
    },
    {%- endif %}

    # Compliance Configuration
    {%- if compliance_enabled is defined %}
    compliance = {
      enabled = {{ compliance_enabled | lower }},
      {%- if compliance_validation_enabled is defined %}
      validation = {
        enabled = {{ compliance_validation_enabled | lower }},
        {%- if compliance_validation_interval %}
        interval_hours = {{ compliance_validation_interval }},
        {%- endif %}
      },
      {%- endif %}
      {%- if compliance_data_retention_years %}
      data_retention = {
        policy_years = {{ compliance_data_retention_years }},
        {%- if compliance_audit_log_days %}
        audit_log_days = {{ compliance_audit_log_days }},
        {%- endif %}
      },
      {%- endif %}
      {%- if compliance_encryption_required is defined %}
      encryption_required = {{ compliance_encryption_required | lower }},
      {%- endif %}
    },
    {%- endif %}

    # Monitoring Configuration (optional)
    {%- if monitoring_enabled is defined %}
    monitoring = {
      enabled = {{ monitoring_enabled | lower }},
    },
    {%- endif %}

    # Logging Configuration (optional)
    {%- if logging_level %}
    logging = {
      level = "{{ logging_level }}",
      {%- if logging_format %}
      format = "{{ logging_format }}",
      {%- endif %}
    },
    {%- endif %}
  },
}