server:
  host: "0.0.0.0"
  port: 8080
  log_level: "INFO"
  # CORS: restrict to localhost by default.
  # For LAN access, add your machine's IP, e.g. "http://192.168.1.100:8080"
  cors_origins:
    - "http://localhost:8080"

auth:
  # API keys — required for any non-loopback (LAN) request.
  # When empty:
  #   - loopback (127.0.0.1, ::1, localhost) requests are allowed anonymously
  #   - LAN requests are REJECTED with 401 (security default)
  # To enable LAN access, add one or more label: "api-key" entries below
  # and send `Authorization: Bearer <api-key>` with each request.
  # Generate secure keys: openssl rand -hex 32
  api_keys: {}
  #  dev: "replace-with-openssl-rand-hex-32"

storage:
  database_file: "data/ledgrab.db"

mqtt:
  enabled: false
  broker_host: "localhost"
  broker_port: 1883
  username: ""
  password: ""
  client_id: "ledgrab"
  base_topic: "ledgrab"

logging:
  format: "json"  # json or text
  file: "logs/ledgrab.log"
  max_size_mb: 100
  backup_count: 5

updates:
  # When false (default), updates without a published sha256 checksum
  # (sibling .sha256 asset OR 64-hex string in release body) are aborted
  # before any installer/extractor runs. NEVER set true unless you
  # control the release server end-to-end.
  allow_unchecked: false