// Satellite Security Profile
// For laptops and mobile devices with strict isolation and limited network

profile "Satellite" {
  version "1.0"
  description "Strict isolation with limited network for remote/mobile systems"

  // Isolation settings (strict for mobile security)
  isolation {
    level "Strict"  // Mount + PID + network + IPC namespaces

    namespaces {
      mount true
      pid true
      network true
      ipc true
      user false
      uts false
    }
  }

  // Desktop integration (maintained for usability)
  desktop {
    integration true
    themes true
    fonts true
    clipboard false  // Disabled for security
    dbus true
  }

  // Network access (limited for mobile)
  network {
    access "Limited"
    restrictions [
      "no_local_network"
      "vpn_required"
    ]
    allow_local_network false
  }

  // Resource limits (conservative for battery life)
  resources {
    max_memory "2GB"
    max_cpu 0.6
    max_disk "1GB"
    max_processes 50
    max_open_files 512
  }

  // XDG enforcement (strict)
  xdg {
    enforce true
    redirect_legacy true
    strict_mode true
  }

  // Security settings (enhanced for mobile)
  security {
    allow_system_units false
    audit_logging "Enhanced"
    network_namespace true
    filesystem_isolation true
    encryption_required true
  }

  // Default packages for mobile use
  recommended_packages [
    "firefox"
    "thunderbird"
    "vim"
    "wireguard"
  ]
}