<?xml version='1.0' encoding='UTF-8'?>
<rougail version="0.10">
  <services>
    <service name="mailman3" target="multi-user">
      <override/>
      <file owner="root" group="mailman" mode="640">/etc/mailman.cfg</file>
      <file owner="root" group="mailman" mode="640">/etc/mailman3.d/postfix.cfg</file>
      <file engine="none" source="sysuser-mailman.conf">/sysusers.d/0mailman.conf</file>
      <file engine="none" source="tmpfile-mailman.conf">/tmpfiles.d/0mailman.conf</file>
    </service>
    <service name="postorius" target="multi-user" engine="creole">
      <file engine="none">/etc/postorius/gunicorn_config.py</file>
      <file engine="none" source="sysuser-postorius.conf">/sysusers.d/0postorius.conf</file>
      <file source="config-nginx.conf">/etc/nginx/conf.d/postorius.conf</file>
      <file source="postorius-settings.py">/etc/mailman3.d/postorius.py</file>
    </service>
    <service name="postgresqlclient" target="multi-user" engine="creole">
      <file owner="postorius" mode="400">/etc/pki/tls/private/postgresql_postorius.key</file>
    </service>
  </services>
  <variables>
    <family name="mailman" description="Gestionnaire de liste">
      <variable name="mailman_mail_owner" type="mail" description="Courriel du gestionnaire de liste du site"/>
      <variable name="mailman_domains" type="domainname" description="Nom de domaine des listes" multi="True" mandatory="True"/>
      <variable name="postorius_secret_key" type="password" description="Internal secret key" mandatory="True" hidden="True" auto_save="False"/>
    </family>
    <family name="oauth2_client">
      <variable name="oauth2_is_client_application" redefine='True'>
        <value>True</value>
      </variable>
      <variable name="oauth2_client_name" redefine='True'>
        <value>Liste de distribution</value>
      </variable>
      <variable name="oauth2_client_description" redefine='True'>
        <value>Liste de distribution Mailman</value>
      </variable>
      <variable name="oauth2_client_category" redefine='True'>
        <value>Développement</value>
      </variable>
      <variable name="oauth2_client_logo" redefine='True'>
        <value>silique_email.png</value>
      </variable>
      <variable name="oauth2_client_token_signature_algo" redefine="True">
        <value>RS256</value>
      </variable>
      <family name="external">
        <variable name="oauth2_client_external" redefine="True" remove_fill="True"/>
      </family>
    </family>
    <family name="postgresql">
      <variable name="pg_client_key_owner" redefine="True">
        <value>mailman</value>
      </variable>
    </family>
  </variables>
  <constraints>
    <fill name="get_password">
      <param name="server_name" type="variable">domain_name_eth0</param>
      <param name="username">postorius</param>
      <param name="description">secret_key</param>
      <param name="type">cleartext</param>
      <param name="hide" type="variable">hide_secret</param>
      <target>postorius_secret_key</target>
    </fill>
    <fill name="calc_oauth2_client_external">
      <param type="variable">revprox_client_external_domainnames</param>
      <param type="variable">revprox_client_location</param>
      <param>accounts/risotto/login/</param>
      <target>oauth2_client_external</target>
    </fill>
  </constraints>
</rougail>