# This is just YAML, but I decided to use JSON-like formatting because I like it better.

# Global configuration
global: {
  # IP defines the IP address to bind to.
  ip: "0.0.0.0",
  # serviceDirectory defines the directory to look for services in.
  serviceDirectory: "./services",
  # resourceDirectory defines the directory to look for resources in.
  resourceDirectory: "./resources",
  # compression defines the compression settings on a global level - per-route settings override these. It is optional.
  compression: {
    # algorithm defines the compression algorithm to use, possible values are "gzip", "brotli" and "zstd".
    algorithm: "gzip",
    # level defines the compression level to use, possible values are 1-9 for gzip, 0-11 for brotli and 1-22 for zstd.
    level: 5
  },
  # logging defines the logging settings.
  logging: {
    # enabled defines whether logging is enabled.
    enabled: true,
    # file defines the file to log to, relative to the working directory.
    file: "fulgens.log"
  },
  # database defines the database settings.
  database: {
    # type defines the type of database to use, possible values are "sqlite" and "postgres".
    type: "sqlite",
    # path defines the path to the directory to store database files in (sqlite only).
    path: "./databases",
    # connectionString defines the connection string to use for the database (postgres only).
    connectionString: "postgres://user:password@localhost:5432/database"
  },
  # stealth enables stealth mode, which makes the server look like some preset http servers.
  # stealth mode overrides all proxy preservations and headers.
  stealth: {
    # enabled defines whether stealth mode is enabled.
    enabled: true,
    # server defines the server to pretend to be, possible values are "nginx" or "net/http".
    server: "nginx",
    # php defines if the server should pretend to be running PHP. This should only be used on nginx.
    php: {
      # enabled defines whether PHP spoofing is enabled.
      enabled: true,
      # version defines the version of PHP to pretend to be.
      version: "8.2.25"
    },
    # aspnet defines if the server should pretend to be running ASP.NET. This should only be used on nginx.
    aspNet: true
  }
}

# Routes define per-subdomain routing settings.
routes: [
  {
    # none is a special subdomain that matches all requests without a subdomain (Host header).
    subdomain: "none",
    # port defines the port to use for this route. They do not have to be unique.
    port: "8080",
    # services defines the services to use for this route. Services must be defined on a per-subdomain basis.
    # Each service may not be used more than once globally. The server will fail to start if this is violated.
    services: ["authentication"]
  },
  {
    # any subdomain value that isn't "none" will match that specific subdomain.
    subdomain: "www.localhost",
    # port defines the port to use for this route. They do not have to be unique.
    port: "8443",
    # https defines the HTTPS settings for this route. If this block is missing, HTTPS will not be enabled for this port.
    # If https is set once for any subdomain with this port, it will be enabled for all subdomains with this port.
    # The connection will fail if the above condition is true, but there is not an HTTPS block for that subdomain.
    https: {
      # certificate defines the path to the certificate file.
      certificate: "./certs/localhost.crt",
      # key defines the path to the key file.
      key: "./certs/localhost.key"
    },
    # paths defines per-path settings (NOT for services, which MUST be defined on a per-subdomain basis).
    paths: [
      {
        # paths defines the paths to match. They can contain wildcards.
        paths: ["/static", "/static/*"],
        # static defines the static file serving settings for this path. This conflicts with proxy and redirect.
        # static > proxy > redirect in terms of precedence.
        static: {
          # root defines the root directory to serve static files from.
          root: "./static",
          # directoryListing defines whether to show a directory listing when a directory is requested.
          # if it is false or unset, a 403 Forbidden will be returned instead.
          directoryListing: true
        }
      },
      {
        # paths defines the paths to match. They can contain wildcards.
        paths: ["/proxy", "/proxy/*"],
        # proxy defines the proxy settings for this path. This conflicts with static and redirect.
        # static > proxy > redirect in terms of precedence.
        proxy: {
          # url defines the URL to proxy requests to.
          url: "http://localhost:8000",
          # stripPrefix defines whether to strip the prefix from the path before proxying.
          stripPrefix: true,
          headers: {
            # forbid defines the headers to forbid from being sent to the proxied server.
            forbid: [ "User-Agent" ],
            # preserveServer defines whether to preserve the server header from the proxied server.
            preserveServer: true,
            # preserveAltSvc defines whether to preserve the Alt-Svc header from the proxied server.
            preserveAltSvc: true,
            # preserveXPoweredBy defines whether to preserve the X-Powered-By header from the proxied server.
            preserveXPoweredBy: true,
            # passHost defines whether the host / :authority header should be sent to the proxied server.
            passHost: true,
            # xForward defines whether to send the X-Forwarded-For and X-Forwarded-Proto headers.
            xForward: false
          }
        },
      },
      {
        # paths defines the paths to match. They can contain wildcards.
        paths: ["/redirect", "/redirect/*"],
        # redirect defines the redirect settings for this path. This conflicts with proxy and static.
        # static > proxy > redirect in terms of precedence.
        redirect: {
          # url defines the URL to redirect to.
          url: "https://www.ailur.dev",
          # permanent defines whether the redirect is permanent (301) or temporary (302).
          permanent: true
        }
      }
    ]
  }
]

# Services define the settings for services.
services: {
  # authentication defines the settings for the authentication service, which is built-in.
  authentication: {
    # privacyPolicy defines the URL to the privacy policy.
    privacyPolicy: "https://git.ailur.dev/Paperwork/nucleus/src/commit/5d191eea87cffae8bdca42017ac26dc19e6cb3de/Privacy.md",
    # url defines the publicly-facing URL of the service, in case of it being behind a reverse proxy.
    url: "http://localhost:8000",
    # identifier defines the identifier for the service, in the form of [Identifier] Accounts.
    identifier: "Authenticator",
    # adminKey defines the key to use for administrative operations, such as listing all users.
    adminKey: "supersecretkey",
    # testAppIsInternalApp defines whether the test app is an internal app, which allows it to bypass the user consent screen.
    testAppIsInternalApp: true,
    # testAppEnabled defines whether the test app is enabled, which is recommended for testing purposes.
    testAppEnabled: true
  },
  # storage defines the settings for the storage service, which is built-in.
  storage: {
    # path defines the path to store blobs in.
    path: "./blob",
    # defaultQuota defines the default quota for users in bytes.
    defaultQuota: 50000000
  }
}