app:
  name: "DMARC Sentinel"
  base_url: "https://dmarc-sentinel.lan"
  timezone: "Europe/Zurich"
  poll_interval_minutes: 30
  database_url: "sqlite:////app/data/dmarc-sentinel.sqlite3"
  log_level: "INFO"
  max_attachment_decompressed_mb: 20
  max_attachment_compressed_mb: 10
  max_attachments_per_message: 20
  max_reports_per_message: 20
  max_reports_per_archive: 20
  max_archive_compression_ratio: 100
  max_xml_records_per_report: 10000
  max_record_count: 10000000
  max_report_future_days: 3
  max_report_past_days: 3650
  max_reports_per_poll: 200

security:
  dashboard_auth_enabled: true
  dashboard_username_env: "DASHBOARD_USERNAME"
  dashboard_password_env: "DASHBOARD_PASSWORD"
  api_token_required: true
  homepage_token_env: "HOMEPAGE_API_TOKEN"

llm:
  provider: "openai"
  api_key_env: "OPENAI_API_KEY"
  model: "gpt-4.1-mini"
  temperature: 0.2
  timeout_seconds: 45
  max_retries: 2
  generate_alert_explanations: true
  generate_daily_summary: true
  generate_weekly_summary: true
  store_llm_outputs: true
  send_raw_xml_to_llm: false
  send_raw_email_to_llm: false
  system_prompt_path: "config/prompts/system.md"
  alert_prompt_path: "config/prompts/alert_explanation.md"
  digest_prompt_path: "config/prompts/posture_digest.md"
  weekly_prompt_path: "config/prompts/weekly_summary.md"

inboxes:
  - id: "tukutoi"
    label: "TukuToi"
    domain: "tukutoi.com"
    imap_host: "mail.dynamicpress.org"
    imap_port: 993
    imap_ssl: true
    username_env: "DOMAIN_IMAP_USER"
    password_env: "DOMAIN_IMAP_PASSWORD"
    folder: "DMARC"
    recipient: "dmarcreports@tukutoi.com"
    processed_folder: null
    failed_folder: null
    move_after_success: false
    move_after_failure: false
    mark_seen_after_success: true
    enabled: true
  - id: "anamaka"
    label: "Anamaka"
    domain: "anamaka.net"
    imap_host: "mail.dynamicpress.org"
    imap_port: 993
    imap_ssl: true
    username_env: "DOMAIN_IMAP_USER"
    password_env: "DOMAIN_IMAP_PASSWORD"
    folder: "DMARC"
    recipient: "dmarcreports@anamaka.net"
    processed_folder: null
    failed_folder: null
    move_after_success: false
    move_after_failure: false
    mark_seen_after_success: true
    enabled: true

known_senders:
  tukutoi.com:
    - id: "postmark-transactional"
      name: "Postmark Transactional"
      ip_allowlist:
        - "50.31.156.96/27"
        - "104.245.209.192/26"
        - "50.31.205.204/30"
      dkim_domains:
        - "tukutoi.com"
      spf_domains:
        - "tukutoi.com"
    - id: "postmark-broadcast"
      name: "Postmark Broadcast"
      ip_allowlist:
        - "50.31.205.0/24"
      dkim_domains:
        - "tukutoi.com"
      spf_domains:
        - "tukutoi.com"
  anamaka.net:
    - id: "mailcow"
      name: "Mailcow"
      ip_allowlist:
        - "45.148.30.200"
        - "2a06:1301:4050:45:148:30:200:0"
      dkim_domains:
        - "anamaka.net"
      spf_domains:
        - "anamaka.net"

alerts:
  email:
    enabled: true
    smtp_host_env: "ALERT_SMTP_HOST"
    smtp_port_env: "ALERT_SMTP_PORT"
    smtp_user_env: "ALERT_SMTP_USER"
    smtp_password_env: "ALERT_SMTP_PASSWORD"
    from_env: "ALERT_EMAIL_FROM"
    to_env: "ALERT_EMAIL_TO"
  thresholds:
    unknown_source_fail_count: 10
    unknown_source_fail_rate_percent: 5
    known_source_fail_rate_percent: 2
    total_volume_spike_multiplier: 3
    total_volume_drop_percent: 80
    min_messages_for_rate_alert: 20
    repeated_failure_days: 2
    missing_reporter_days: 3