#    Copyright (C) 2019-2024  Marcus Rickert
#
#    See https://github.com/marcus67/little_brother
#
#    This program is free software; you can redistribute it and/or modify
#    it under the terms of the GNU General Public License as published by
#    the Free Software Foundation; either version 3 of the License, or
#    (at your option) any later version.
#
#    This program is distributed in the hope that it will be useful,
#    but WITHOUT ANY WARRANTY; without even the implied warranty of
#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
#    GNU General Public License for more details.
#
#    You should have received a copy of the GNU General Public License along
#    with this program; if not, write to the Free Software Foundation, Inc.,
#    51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.

# This file contains a LittleBrother configuration for a master host.

[LittleBrother]

# Interval in seconds between applying the rules to the collected process statistics. Default: 5
check_interval=5

# Logging level of the application. Default: INFO
# Allowed values: DEBUG, INFO, WARNING, ERROR
#log_level=DEBUG

# Run the application in debugging mode. If active, any exception will print a
# stack trace and terminate the application. Do not activate in "production" mode.
# Default: False
#debug_mode=True

[RuleHandler]
# Set the number of minutes before logout that LittleBrother starts issuing notifications (every minute).
# Default to 5 minutes.
#warning_before_logout = 3
#[PrometheusClient]
# Activate the prometheus client by providing a port number. See https://github.com/prometheus/client_python
#port=8888

[AppControl]

# If active, the processes on the host will be checked. Use "False" if users
# do not log onto the master host. Default: True
scan_active=true

# Sets the number of seconds for automatic refresh on pages with variable data (such as the status page). In the
# classical GUI this will trigger a reload of the HTML page. In the Angular GUI this will trigger an AJAX call to the
# backend.
#index_refresh_interval = 60

# Sets the number of days that user play statistics will be available in the frontend.
# Default: 7
#process_lookback_in_days = 14

# Sets the number of days that entries of entities 'process_info', 'admin_event' and 'rule_override' will be kept
# in the database. This number should always be at least one day larger than 'process_lookback_in_days'!
# Default: 180
#history_length_in_days = 30

# Sets the number of future days that user play time configuration will be available in the frontend.
# Default: 7
#admin_lookahead_in_days = 14

# Use this to replace the canonical hostname retrieved from the system. This hostname will occur in all statistics.
#hostname = MY.BEAUTIFIED.HOSTNAME

# Set the minimum duration in seconds that a process has to be active to be considered relevant "play time".
# Default: 60. Increase if there e.g. are short scheduled processes running on the hosts matching the patterns
# of "play" processes.
#min_activity_duration = 120

# Number of seconds before warnings are issued about missing connectivity (no successful send events from client to master)
# Defaults to 3 * DEFAULT_CHECK_INTERVAL.
#warning_time_without_send_events = 15

# Number of seconds before client terminates processes due to missing connectivity (no successful send events from client to master)
# Defaults to 10 * DEFAULT_CHECK_INTERVAL.
#maximum_time_without_send_events = 50

# Number of seconds to delay the kill process events so that messages are safely played back on the clients
# Defaults to 10 seconds
#kill_process_delay = 15

#[VersionChecker]
# Set the number days between version checks. A value of 0 deactivates the check.
#check_interval_in_days = 1

#[MasterConnector]

# Unique token that authorizes a client host with the master host. It has to match the
# corresponding entry on the client hosts.
#access_token=SOME_LONG_AND_SECRET_TOKEN

# Time in seconds that a client waits while sending data to the master before a timeout occurs. In a stable network
# this value can be set to a smaller value resulting in a decreased likelihood that the slave will "freeze" when the
# master has some transient trouble.
#request_timeout = 5

[ClientProcessHandler]
# Interval in seconds between two checks of the processes on a host. Default: 10
# Since reading the process table is often a time-consuming task it may be suitable to increase
# this value to about 20-60 seconds.
check_interval=10

# Activate the scanning of the binary path and the command line options (in addition to the name of the binary).
# Defaults to False
#scan_command_line_options=True

[ClientDeviceHandler]
# Interval in seconds between two pings to configured monitored devices. Default: 10
# Since pinging is often a time-consuming task it may be suitable to increase this value to about 30-60 seconds.
check_interval=30
# Path of the "ping" utility. Default: /bin/ping
#ping_command = /SOME/OTHER/PATH/PING
# Regular expression to extract the round trip time from a ping call. Use paranthethes to mark the actual time duration
# in milliseconds. Default: rtt min/avg/max/mdev = [\d\.]+/([\d\.]+)/[\d\.]+/[\d\.]+ ms
#ping_result_regex = SOME OTHER ELABORATE EXPRESSION

# Factor by which the value max_active_ping_delay is multiplied to compute the delay if no answer is received from
# the device. Defaults to 2
#inactive_factor = 3

[StatusServer]
# Set IP address that the webserver will listen to. Default: 0.0.0.0, hence it will listen to all local interfaces.
#host=localhost

# Set the port number, the webserver will listen to. Default: None, hence the webserver will not be started. The
# port is shared by both the classic and the new Angular frontends!
port=5555

# Set a unique secret which will be used to generate HTML cookies
app_secret=SOME_OTHER_LONG_AND_SECRET_TOKEN

# Activate the classic GUI (based on Flask and HTTP requests, activated by default)
#classic_gui_active=true

# Set a prefix for all pages of the classic frontend. Default: None, which implies no prefix at all
#base_url=/LittleBrother

# Activate the new Angular GUI (based AJAX calls to backend, deactivated by default)
#angular_gui_active=false

# Set the base URL for the new Angular frontend. Must not be same as the base URL of the classic frontend if both
# are active at the same time. This is the landing page of the user to login into the new frontend.
#angular_gui_base_url=/AngularLittleBrother

# Set the base URL for the backend API of new Angular frontend. This API will be used by the frontend to communicate
# with the backend.
#angular_api_base_url=/AngularLittleBrother/angular-api

[UnixUserHandler]
# Set the name of the administration user
admin_username=admin
# Set the password for the administration user
admin_password=test123

# Activate the following settings to configure the default route of the internet access. This will enable LittleBrother
# to use iptables to limit the internet access for client. See ADVANCED_TOPICS.md for detail.
#[FirewallHandler]
#target_ip[0] = 0.0.0.0

# Set the duration for which iptables entries are cached in the handler. Smaller values are more secure since the
# likelihood of a discrepancy between iptables and the cache becomes smaller, larger values improve performance.
#cache_ttl = 300

[DeviceActivationManager]
check_interval = 5

#[LdapUserHandler]

# Number of minutes that LDAP data is cached before re-reading
#cache_timeout_in_minutes = 1

# Name of the LDAP server. Defaults to 'localhost' (mandatory)
#ldap_host = some.other.host

# Port of the LDAP server. Defaults to 389 (mandatory)
#ldap_port = 389

# Distinguished name of a user permitted to read Posix users and groups in the LDAP directory (mandatory)
#ldap_bind_dn = cn=admin,dc=acme,dc=com

# Password of the user above (plain text, mandatory)
#ldap_bind_password = somesecret

# Distinguished name of the subtree containing Posix users and groups (mandatory). It is only used for groups
# if ldap_group_search_base_dn is not set!
#ldap_search_base_dn = dc=acme,dc=com

# Distinguished name of the subtree containing Posix groups (optional)
#ldap_group_search_base_dn = dc=acme,dc=com

# Name (cn) of the group containing all normal users to be offered for monitoring (optional)
#ldap_user_group_name = little-brother-users

# Name (cn) of the group containing all admin users to be offered for monitoring (mandatory)
#ldap_admin_group_name = little-brother-admins

# Name of the LDAP class to filter for when looking for users. Defaults to 'posixAccount'
#ldap_user_object_class = posixAccount

# Name of the LDAP class to filter for when looking for groups. Defaults to 'posixGroup'
#ldap_group_object_class = posixGroup


[Persistence]
# See http://docs.sqlalchemy.org/en/rel_0_9/dialects/mysql.html#module-sqlalchemy.dialects.mysql.pymysql
# Set the details and credentials for connecting to the backend database
# Set the name of the database driver. Default: mysql+pymysql
# For more information on how to configure the database driver see https://docs.sqlalchemy.org/en/13/core/engines.html
#
database_driver=sqlite
# Set the directory where the sqlite database will be placed. If empty it will be placed by the driver.
sqlite_dir=/var/spool/little-brother
# Set the filename for the sqlite database if the directory is set (see above).
sqlite_filename=little-brother.sqlite.db
# Set the name of the database host. Default: 'localhost'
#database_host = some.other.host
# Set the port number of the database running on the host above. Default: 3306  (for mysql)
# database_port = 3306
# Name of the database scheme used to create the tables for the application. Default: little_brother
#database_name = my_database
# Name of the database user accessing the scheme above (application user). Default: little_brother
#database_user = my_user
# Password of the user above. Default: None
#database_password = some_secret_password
# Set the name of the database admin with permission to create schemes and grant rights. Default: None
# Note that this name will usually be given as a command line option since it is only required during the
# initial startup for the creation of the scheme and not during normal operation.
#database_admin = some_admin_name
# Set the password of the database admin above with permission to create schemes and grant rights. Default: None
# Note that this name will usually be given as a command line option since it is only required during the
# initial startup for the creation of the scheme and not during normal operation.
#database_admin_password = some_secret_admin_password
# !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
# Note that the audio handling by the client process is obsolete. Use the little-brother-taskbar instead.
# See https://pypi.org/project/little-brother-taskbar/
# !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
#[AudioHandler]
# Set the volume of the audio output in percent. Default: None, hence no attempt will be made to change the setting.
#audio_mixer_volume=150
# Select the engine of the speech output.
# Permitted values:
# * google : Use the library 'python_google_speak' to generate the speech output. Note that this library requires an
#            internet connection!
# * external : Use an external command to generate the speech output. See setting 'speech_generator_cmd_line'.
# The default value is None, which deactivates spoken notifications.
#speech_engine=google

# If true, the generated files will be cached in the spool directory (see below). Default: False
#cache_audio_files = True

# Set the speed of the speech generator in words per minutes. Default: 100
# speech_words_per_minute = 80

# Set the minimum waiting time in seconds before a spoken messages is repeated. Any request to issue the same messages
# before this time will be silently ignored. Default: 30
#mininum_waiting_time_before_repeat = 20  # seconds

# Set the directory where generated speech files will be cached. Default: /var/spool/little-brother
#spool_dir = "/tmp"

# Set the prefix of the filenames used for generated speech files. Default: little-brother-speech-
#audio_file_prefix = "my-prefix-"

# Set the path of the mixer tool. Default: /usr/bin/amixer
#audio_mixer_bin = '/bin/amixer'

# Set the default locale of the speech output if the monitored user does not have a locale configured. If both are unset
# the system default locale will be used. Default: None
#locale = de_DE

# Set the command line for the external speech generation tool.
# Default: /usr/bin/festival --tts --language american_english {inline}
# The command line may contain the following patterns will be replaced before its execution:
# * {infile} : name of a file containing the text to be spoken
# * {text}: text to be spoken
#speech_generator_cmd_line =
# Set the audio engine playing generated MPEG files.
# Available options:
#  'playsound': use library 'playsound' (default, see https://pypi.org/project/playsound/)
#  'pyglet': use library 'pyglet' (see https://pyglet.readthedocs.io/en/stable/)
#  'mpg123': use external binary 'mpg123'
#audio_player=mpg123
# Command line of the mpg123 binary. Defaults to '/usr/bin/mpg123'
#mpg123_binary=