---
# Patching configuration
patch_window_start: "02:00"
patch_window_end: "04:00"
enforce_patch_window: true
patch_security_only: true
backup_before_patch: true
reboot_if_required: false
reboot_timeout: 300

# Services to restart after patching
services_to_restart:
  - sshd
  - fail2ban

# Services to verify after patching
critical_services:
  - systemd-journald
  - systemd-logind
  - cron