version = "1.0"
i18n = "global_settings_setting"

[security]
name = "Security"
    [security.password]
    name = "Passwords"

        [security.password.admin_strength]
        type = "select"
        choices.1 = "Require at least 8 chars"
        choices.2 = "ditto, but also require at least one digit, one lower and one upper char"
        choices.3 = "ditto, but also require at least one special char"
        choices.4 = "ditto, but also require at least 12 chars"
        default = 1

        [security.password.user_strength]
        type = "select"
        choices.1 = "Require at least 8 chars"
        choices.2 = "ditto, but also require at least one digit, one lower and one upper char"
        choices.3 = "ditto, but also require at least one special char"
        choices.4 = "ditto, but also require at least 12 chars"
        default = 1

    [security.ssh]
    name = "SSH"
        [security.ssh.ssh_compatibility]
        type = "select"
        choices.intermediate = "Intermediate (compatible with older softwares)"
        choices.modern = "Modern (recommended)"
        default = "modern"

        [security.ssh.ssh_port]
        type = "number"
        default = 22

        [security.ssh.ssh_password_authentication]
        type = "boolean"
        default = true

    [security.nginx]
    name = "NGINX (web server)"
        [security.nginx.nginx_redirect_to_https]
        type = "boolean"
        default = true

        [security.nginx.nginx_compatibility]
        type = "select"
        choices.intermediate = "Intermediate (compatible with Firefox 27, Android 4.4.2, Chrome 31, Edge, IE 11, Opera 20, and Safari 9)"
        choices.modern = "Modern (compatible with Firefox 63, Android 10.0, Chrome 70, Edge 75, Opera 57, and Safari 12.1)"
        default = "intermediate"

    [security.postfix]
    name = "Postfix (SMTP email server)"
        [security.postfix.postfix_compatibility]
        type = "select"
        choices.intermediate = "Intermediate (allows TLS 1.2)"
        choices.modern = "Modern (TLS 1.3 only)"
        default = "intermediate"

    [security.webadmin]
    name = "Webadmin"
        [security.webadmin.webadmin_allowlist_enabled]
        type = "boolean"
        default = false

        [security.webadmin.webadmin_allowlist]
        type = "tags"
        visible = "webadmin_allowlist_enabled"
        optional = true
        default = ""

    [security.experimental]
    name = "Experimental"
        [security.experimental.security_experimental_enabled]
        type = "boolean"
        default = false


[email]
name = "Email"
    [email.pop3]
    name = "POP3"
        [email.pop3.pop3_enabled]
        type = "boolean"
        default = false
    
    [email.smtp]
    name = "SMTP"
        [email.smtp.smtp_allow_ipv6]
        type = "boolean"
        default = true

        [email.smtp.smtp_relay_enabled]
        type = "boolean"
        default = false
        
        [email.smtp.smtp_relay_host]
        type = "string"
        default = ""
        optional = true
        visible="smtp_relay_enabled"

        [email.smtp.smtp_relay_port]
        type = "number"
        default = 587
        visible="smtp_relay_enabled"

        [email.smtp.smtp_relay_user]
        type = "string"
        default = ""
        optional = true
        visible="smtp_relay_enabled"
        
        [email.smtp.smtp_relay_password]
        type = "password"
        default = ""
        optional = true
        visible="smtp_relay_enabled"
        help = ""  # This is empty string on purpose, otherwise the core automatically set the 'good_practice_admin_password' string here which is not relevant, because the admin is not actually "choosing" the password ...

[misc]
name = "Other"
    [misc.portal]
    name = "User portal"
        [misc.portal.ssowat_panel_overlay_enabled]
        type = "boolean"
        default = true
    
    [misc.backup]
    name = "Backup"
        [misc.backup.backup_compress_tar_archives]
        type = "boolean"
        default = false