server:
  host: "0.0.0.0"
  port: 8080
  log_level: "INFO"
  # CORS: restrict to localhost by default.
  # For LAN access, add your machine's IP, e.g. "http://192.168.1.100:8080"
  cors_origins:
    - "http://localhost:8080"
    - "http://192.168.2.100:8080"

auth:
  # API keys — required for any non-loopback (LAN) request.
  # When empty (default):
  #   - loopback (127.0.0.1, ::1, localhost) requests are allowed anonymously
  #   - LAN requests are REJECTED with 401 (security default)
  # To enable LAN access, uncomment the example below and replace the value
  # with a secret you generated yourself (e.g. `openssl rand -hex 32`).
  # Do NOT ship a hard-coded key here — a publicly-known token grants full
  # LAN access to anyone on the network.
  api_keys:
    default: "development-key-change-in-production"
  # api_keys:
  #   my-client: "replace-with-output-of-openssl-rand-hex-32"

# Storage paths default to ./data relative to the server's working directory.
# Set LEDGRAB_DATA_DIR in the environment to point at a different data root
# (the whole dir — both the database and assets), or uncomment the block
# below to pin an absolute database file.
# storage:
#   database_file: "/absolute/path/to/ledgrab.db"

mqtt:
  enabled: false
  broker_host: "localhost"
  broker_port: 1883
  username: ""
  password: ""
  client_id: "ledgrab"
  base_topic: "ledgrab"

logging:
  format: "json"  # json or text
  file: "logs/ledgrab.log"
  max_size_mb: 100
  backup_count: 5

updates:
  # When false (default), updates without a published sha256 checksum
  # (sibling .sha256 asset OR 64-hex string in release body) are aborted
  # before any installer/extractor runs. NEVER set true unless you
  # control the release server end-to-end.
  allow_unchecked: false