version = "1.0"

[main]
name = "Auto-configuration"

    [main.vpn]
    name = ""
    optional = false

        [main.vpn.status]
        ask = "The status of your VPN is unknown."
        type = "alert"
        style = "info"

        [main.vpn.service_enabled]
        ask = "Enable VPN"
        type = "boolean"
        help = "If disabled, the VPN service will not automatically be started at boot."

        [main.vpn.doc]
        ask.en = "VPNclient only interfaces with *dedicated, public IP VPNs accepting inbound traffic*, preferably with an associated `.cube` (or `.ovpn/.conf`) configuration file. Checkout the [list of known compatible providers](https://yunohost.org/providers/vpn) for more info."
        ask.fr = "VPNclient est prévu pour fonctionner avec des *VPN dédiés et à IP publique qui acceptent le traffic entrant*, et de préférence avec un fichier de configuration `.cube` (ou `.ovpn/.conf`) associé. Consultez [la liste des fournisseurs connus et compatibles](https://yunohost.org/providers/vpn) pour plus d'infos."
        type = "alert"
        style = "info"

        [main.vpn.config_file]
        ask = "Configuration file"
        type = "file"
        accept = [ ".cube", ".ovpn", ".conf" ]
        help = ".cube file recommended, .ovpn file accepted"
        bind = "/etc/openvpn/client.conf"
        redact = true

        [main.vpn.config_template]
        type = "file"
        bind = "/etc/openvpn/client.conf.tpl"
        redact = true
        optional = true
        visible = false

        [main.vpn.cube_file]
        type = "file"
        bind = "/etc/openvpn/client.cube"
        redact = true
        optional = true
        visible = false

        [main.vpn.ovpn_file]
        type = "file"
        bind = "/etc/openvpn/client.ovpn"
        redact = true
        optional = true
        visible = false

    [main.auth]
    name = "Authentication"
    optional = true
    visible = 'config_file && ((match(config_file,"^\s*ca\s") && ! match(config_file,"^\s*<ca>")) || (match(config_file,"^\s*cert\s") && ! match(config_file,"^\s*<cert>")) || (match(config_file,"^\s*key\s") && ! match(config_file,"^\s*<key>")) || (match(config_file,"^\s*tls-auth\s") && ! match(config_file,"^\s*<tls-auth>")) || match(config_file,"^\s*auth-user-pass(\s.*)?$"))'

        [main.auth.crt_server_ca]
        ask = "Update Server CA"
        type = "file"
        bind = "/etc/openvpn/keys/ca-server.crt"
        visible = 'config_file && match(config_file,"^\s*ca\s") && ! match(config_file,"^\s*<ca>")'

        [main.auth.crt_client]
        ask = "Update Client Certificate"
        type = "file"
        bind = "/etc/openvpn/keys/user.crt"
        visible = 'config_file && match(config_file,"^\s*cert\s") && ! match(config_file,"^\s*<cert>")'

        [main.auth.crt_client_key]
        ask = "Update Client Key"
        type = "file"
        help = "This file begins with -----BEGIN PRIVATE KEY-----"
        bind = "/etc/openvpn/keys/user.key"
        visible = 'config_file && match(config_file,"^\s*key\s") && ! match(config_file,"^\s*<key>")'
        redact = true

        [main.auth.login_user]
        ask = "Username"
        type = "string"
        example = "camille"
        pattern.regexp = '^[a-zA-Z0-9_\-\\\.@]+$'
        pattern.error = "OpenVPN accept only alphabetic chars and -_\\.@"
        visible = 'config_file && match(config_file,"^\s*auth-user-pass\s")'

        [main.auth.login_passphrase]
        ask = "Password"
        type = "password"
        visible = 'config_file && match(config_file,"^\s*auth-user-pass(\s.*)?$")'

        [main.auth.crt_client_ta]
        ask = "TLS Auth shared secret"
        type = "file"
        example = "ta.key"
        help = "Some servers have an additional protection agains Deny of Service attack. If you have no tls-auth key in your ovpn, skip this question."
        bind = "/etc/openvpn/keys/user_ta.key"
        visible = 'config_file && match(config_file,"^\s*tls-auth\s") && ! match(config_file,"^\s*<tls-auth>")'
        redact = true

[advanced]
name = "DNS & IPv6"
    [advanced.dns]
    name = "DNS"

        [advanced.dns.dns_method]
        ask = "DNS resolvers"
        type = "select"
        choices.yunohost = "Default DNS resolvers from YunoHost"
        choices.custom = "Use custom DNS resolvers"

        [advanced.dns.nameservers]
        ask = "Custom DNS resolvers"
        type = "tags"
        optional = true
        visible = "dns_method == 'custom'"
        pattern.regexp = "^([0-9.]{7,15}|[0-9a-fA-F:]+)$"
        pattern.error = "Not an ip"

    [advanced.ipv6]
    name = "IPv6"

        [advanced.ipv6.ip6_net]
        ask = "IPv6 prefix"
        type = "string"
        optional = true
        example = "2001:db8:42::"
        pattern.regexp = "^[0-9a-fA-F:]+$"
        pattern.error = "Please provide a valid IPv6 Prefix"

        [advanced.ipv6.ip6_addr]
        ask = "IPv6"
        type = "string"
        optional = true
        example = "2001:db8:42::2"
        help = "If no IPv6 address is pushed directly by your VPN provider, you can indicate a specific IP to use here."
        pattern.regexp = "^[0-9a-fA-F:]+$"
        pattern.error = "Please provide a valid IPv6"