Debian Agent for Artica Meta - Administrator Installation Guide

Setting	Default	Description
`listen_addr`	`0.0.0.0`	Bind address
`listen_port`	`28811`	HTTPS port
`listen_interface`	``	Bind to specific interface (e.g., `eth0`)
`tls.require_mtls_on_api`	`true`	Require client certs for API
`enrollment.token_ttl_seconds`	`3600`	Token expiration (seconds)
`scheduler.interval_hours`	`6`	Background refresh interval

Issue	Solution
Service won't start	Check logs: `journalctl -u debian-agent -e`
Token rejected	Verify token format (XXX-000-XXX) and expiration
Connection refused	Check firewall and `listen_addr` setting
Certificate errors	Regenerate PKI: `rm -rf /var/lib/debian-agent/pki /var/lib/debian-agent/tls && systemctl restart debian-agent`

Path	Purpose
`/etc/debian-agent/config.json`	Configuration
`/var/lib/debian-agent/pki/`	CA certificate and key
`/var/lib/debian-agent/tls/`	Server certificate
`/var/lib/debian-agent/agent.db`	Database (tokens, certs)
`/var/log/debian-agent/agent.log`	Log file
`/run/debian-agent/admin.sock`	Local admin socket

¶ Prerequisites