notmain

type Config struct {
	SFE struct {
		DebugAddr string `validate:"omitempty,hostname_port"`

		// ListenAddress is the address:port on which to listen for incoming
		// HTTP requests. Defaults to ":80".
		ListenAddress string `validate:"omitempty,hostname_port"`

		// Timeout is the per-request overall timeout. This should be slightly
		// lower than the upstream's timeout when making requests to this service.
		Timeout config.Duration `validate:"-"`

		// ShutdownStopTimeout determines the maximum amount of time to wait
		// for extant request handlers to complete before exiting. It should be
		// greater than Timeout.
		ShutdownStopTimeout config.Duration

		TLS cmd.TLSConfig

		RAService     *cmd.GRPCClientConfig
		SAService     *cmd.GRPCClientConfig
		EmailExporter *cmd.GRPCClientConfig

		// UnpauseHMACKey validates incoming JWT signatures at the unpause
		// endpoint. This key must be the same as the one configured for all
		// WFEs. This field is required to enable the pausing feature.
		UnpauseHMACKey cmd.HMACKeyConfig

		Zendesk *struct {
			BaseURL      string             `validate:"required,url"`
			TokenEmail   string             `validate:"required,email"`
			Token        cmd.PasswordConfig `validate:"required,dive"`
			CustomFields struct {
				Organization     int64 `validate:"required"`
				Tier             int64 `validate:"required"`
				RateLimit        int64 `validate:"required"`
				ReviewStatus     int64 `validate:"required"`
				AccountURI       int64 `validate:"required"`
				RegisteredDomain int64 `validate:"required"`
				IPAddress        int64 `validate:"required"`
			} `validate:"required,dive"`
		} `validate:"omitempty,dive"`

		Limiter struct {
			// Redis contains the configuration necessary to connect to Redis
			// for rate limiting. This field is required to enable rate
			// limiting.
			Redis *bredis.Config `validate:"required_with=Defaults"`

			// Defaults is a path to a YAML file containing default rate limits.
			// See: ratelimits/README.md for details. This field is required to
			// enable rate limiting. If any individual rate limit is not set,
			// that limit will be disabled. Failed Authorizations limits passed
			// in this file must be identical to those in the RA.
			Defaults string `validate:"required_with=Redis"`
		}

		// OverridesImporter configures the periodic import of approved rate
		// limit override requests from Zendesk.
		OverridesImporter struct {
			// Mode controls which tickets are processed. Valid values are:
			//   - "all": process all tickets
			//   - "even": process only tickets with even IDs
			//   - "odd": process only tickets with odd IDs
			// If unspecified or empty, defaults to "all".
			Mode string `validate:"omitempty,required_with=Interval,oneof=all even odd"`
			// Interval is the amount of time between runs of the importer. If
			// zero or unspecified, the importer is disabled. Minimum value is
			// 20 minutes.
			Interval config.Duration `validate:"omitempty,required_with=Mode,min=1200s"`
		} `validate:"omitempty,dive"`

		// AutoApproveOverrides enables automatic approval of override requests
		// for the following limits and tiers:
		//   - NewOrdersPerAccount: 1000
		//   - CertificatesPerDomain: 300
		//   - CertificatesPerDomainPerAccount: 300
		AutoApproveOverrides bool `validate:"-"`
		Features             features.Config
	}

	Syslog        cmd.SyslogConfig
	OpenTelemetry cmd.OpenTelemetryConfig

	// OpenTelemetryHTTPConfig configures tracing on incoming HTTP requests
	OpenTelemetryHTTPConfig cmd.OpenTelemetryHTTPConfig
}