---
version: 1.1

network:
  incoming_ports:
    redefine: true
    default:
      - 587
      - 993

ldap:

  client:

    family:
      redefine: true
      default: all

    key_file_owner:
      redefine: true
      default: dovecot

revprox:

  client:

    external_domainnames:
      redefine: true
      hidden: true
      default:
        jinja: |-
          {%- for domain in general.mail.domain.domains | calc_domains %}
          {{ domain }}
          {%- endfor -%}

    web_address:
      redefine: true
      hidden: true
      default:
        jinja: >-
          {{ __index |
              calc_well_known(general.network.interface_0.domain_name,
                              general.mail.domain.domains)
            }}
        params:
          __index:
            type: index

    location:
      redefine: true
      default:
        jinja: >-
          {{ _.external_domainnames | calc_locations(index) }}
        params:
          index:
            type: index

mail:
  description: Mail configuration
  help: >-
    Configure IMAP servers and submission to access email accounts and send
    emails

  domain:
    description: Mail domain
    type: leadership

    domains:
      type: domainname
      description: Final destination email address
      supplier: LMTP:criteria
      examples:
        - example.net
      help: >-
        These domain names are the domain names for emails (user@*example.net*)
        and for auto configuration of email clients
        (https://*example.net*/.well-known/autoconfig/mail/config-v1.1.xml)

    imap_domainname:
      type: domainname
      description: External IMAP server address
      examples:
        - imap.example.net
      help: >-
        Matches TLS connection’s SNI name, if it’s sent by the client. For some
        email clients, use in DNS configuration a line like "_submissions._tcp
        IN SRV 1 587 *imap.example.net*."

    submission_domainname:
      type: domainname
      description: External submission server address
      examples:
        - submission.example.net
      help: >-
        Matches TLS connection’s SNI name, if it’s sent by the client. For some
        email clients, add in DNS configuration a line like "_imaps._tcp IN SRV
        0 1 993 *submission.example.net*."

  crt_provider:
    description: >-
      Type of certificate autority signing external IMAP and submission
      domain certificates
    mode: basic
    help: >-
      The certificate can be self-signed (therefore invalid by default for the
      client) or obtained via the Let's Encrypt service (generally valid for
      the client)
    default: self-signed
    choices:
      - self-signed
      - letsencrypt

dovecot:  # IMAP mail server

  internal_addresses:
    type: domainname
    description: IMAP server connexion
    provider: IMAP
    multi: true
    hidden: true

  well_known_filenames:
    type: unix_filename
    hidden: true
    multi: true
    default:
      jinja: |-
        {%- for domain in __.mail.domain.domains %}
        /var/www/html/mail/{{ domain }}/autodiscover/autodiscover.xml
        {%- endfor -%}

nginx:
  redefine: true
  hidden: true

  root:
    redefine: true
    default: /var/www/html

oauth2:
  redefine: true
  hidden: true