server:
  bind: "127.0.0.1:8080"
  # Base URL the orchestrator is reachable at from the operator's
  # browser. Used as the click-through link in notifications, so it
  # should be the *external* URL (e.g. https://vetting.lan:8443),
  # not the bind address.
  public_url: "http://127.0.0.1:8080"
  tls:
    enabled: false
    cert_file: ""
    key_file: ""

database:
  path: "./var/vetting.db"

artifacts:
  dir: "./var/artifacts"
  # Days to keep per-run artifact files (report.html, report.json, fio,
  # iperf, inventory.json, hold keys). DB rows are preserved. 0 = forever.
  retention_days: 30

logs:
  dir: "./var/logs"
  # Days to keep per-run log files. 0 = forever.
  retention_days: 30

janitor:
  # Interval between cleanup sweeps. 0 defaults to 60.
  interval_minutes: 60

auth:
  # bcrypt hash of your admin password.
  # Generate via: ./bin/gen-admin-password "your-password"
  admin_password_bcrypt: "$2a$10$REPLACE_ME_WITH_A_REAL_BCRYPT_HASH_0123456789abcdefABCDEFxx"
  # Random 32-byte hex string used to sign session cookies.
  # Generate via: openssl rand -hex 32  (or use PowerShell equivalent)
  session_secret_hex: "0000000000000000000000000000000000000000000000000000000000000000"
  session_ttl_hours: 24

dispatcher:
  max_concurrent_runs: 3

# Fields below are populated in later phases and ignored in Phase 1.

pxe:
  enabled: false
  interface: ""                          # e.g. "eth0"
  dhcp_range: ""                         # e.g. "10.77.0.100,10.77.0.200,12h"
  orchestrator_url: ""                   # e.g. "http://10.77.0.1:8080"
  tftp_root: ""                          # holds ipxe.efi + undionly.kpxe
  live_dir: ""                           # holds vmlinuz + initrd.img; served at /live/*

# Notifications fire on StageFailed, SpecMismatch, HoldingOpened,
# RunCompleted. Declare one or more notifiers and route each event
# kind (and optionally severity) to a notifier by name. Delivery is
# fire-and-forget (one attempt per event, logged on failure).
#
# Example (uncomment and fill in):
#
# notifiers:
#   - name: ops-ntfy
#     type: ntfy
#     server: https://ntfy.sh
#     topic: vetting-YOUR-TOPIC
#   - name: ops-discord
#     type: discord
#     webhook_url: https://discord.com/api/webhooks/XXX/YYY
#   - name: ops-email
#     type: smtp
#     smtp:
#       host: mail.lan
#       port: 25
#       from: vetting@lan.local
#       to: [ops@lan.local]
#
# routes:
#   # Critical events (failures / holds) fire on all three channels.
#   - match_severity: [critical]
#     notifier: ops-ntfy
#   - match_severity: [critical]
#     notifier: ops-discord
#   - match_severity: [critical]
#     notifier: ops-email
#   # RunCompleted is informational — push to ntfy only.
#   - match_kind: [RunCompleted]
#     notifier: ops-ntfy

notifiers: []
routes: []