<?xml version="1.0" encoding="utf-8"?>
<rougail version="0.10">
  <services>
    <!-- FIXME activer le timer ? -->
    <service name='unbound' target="multi-user">
      <ip ip_type='variable'>unbound_allowed_client</ip>
      <override/>
      <file>/etc/unbound/conf.d/risotto.conf</file>
      <file>/etc/unbound/unbound.conf</file>
      <file engine="none" source="sysuser-unbound.conf">/sysusers.d/0unbound.conf</file>
      <file engine="none" source="tmpfile-unbound.conf">/tmpfiles.d/0unbound.conf</file>
    </service>
    <service name='unbound-anchor'>
      <override/>
    </service>
    <service name='unbound-keygen' disabled="True"/>
  </services>
  <variables>
    <family name="network">
      <variable name="dns_client_address" redefine="True" disabled="True"/>
      <variable name="ip_dns" redefine="True" remove_fill="True"/>
      <variable name="outgoing_ports" redefine="True">
        <value>udp:53</value>
        <value>53</value>
      </variable>
    </family>
    <family name='dns_resolver' description='Résolveur DNS'>
      <family name="forward_zones" description="Serveur DNS faisant autorité sur une zone particulière" leadership="True" hidden="True">
        <variable name="unbound_forward_address" description="Adresse du serveur faisant autorité" provider="ExternalDNS" multi="True"/>
        <variable name="unbound_forward_zones" type="domainname" description="Nom de domaine de la zone" multi="True" provider="ExternalDNS:authority_zones"/>
        <variable name="unbound_forward_reverse_zones" type="domainname" description="Nom de domaine de la zone" multi="True" provider="ExternalDNS:reverse_authority_zones"/>
      </family>
      <variable name="unbound_allowed_client" type="ip" description="IP des clients autorisés à faire des requêtes DNS" multi="True" mandatory="True"/>
      <variable name="unbound_default_forwards" description="Serveur résolveur DNS par défaut" multi="True" mandatory="True"/>
    </family>
  </variables>
  <constraints>
    <fill name="calc_value">
      <param type="variable">ip_eth0</param>
      <target>ip_dns</target>
    </fill>
    <fill name="get_ip">
      <param type="variable">unbound_forward_address</param>
      <target>unbound_allowed_client</target>
    </fill>
  </constraints>
</rougail>