###
### Important: empty values in multiselect fields need to end with a blank!!! Don't do white-space clean-up in those lines!!!
###

# Keep in sync with: `find . -name "*.templates" | xargs cat | grep Template:`

# During FAI installation, don't restart networks. This happens only at reboot.
debian-edu-router-config debian-edu-router-config/net-setup-mode string SKIP-NETWORK-SETUP - don't configure network interface assignments for now, at all

# Enable IPv4 only for now, the IPv6 setup needs to be tested before enabling it by default in Debian Edu networks
# Furthermore, Debian Edu is not yet IPv6 ready, either.
debian-edu-router-config debian-edu-router-config/net-ip-versions-enabled multiselect IPv4

# Configure 'Education' as the only internal network (on physical interface)
debian-edu-router-config debian-edu-router-config/net-int-supportednetworks select Education

# Don't use VLANs for internal networks by default.
debian-edu-router-config debian-edu-router-config/net-int-with-vlans                 boolean false
debian-edu-router-config debian-edu-router-config/net-int-supportednetworks-via-vlan multiselect 

# But set up our favourite VLAN IDs, in case the site admin switches to a VLAN based setup
debian-edu-router-config debian-edu-router-config/net-int-vlanid-openlan              string 1
debian-edu-router-config debian-edu-router-config/net-int-vlanid-education            string 2
debian-edu-router-config debian-edu-router-config/net-int-vlanid-mgmt                 string 3
debian-edu-router-config debian-edu-router-config/net-int-vlanid-schooladministration string 4
debian-edu-router-config debian-edu-router-config/net-int-vlanid-wifistudents         string 21
debian-edu-router-config debian-edu-router-config/net-int-vlanid-wifiteachers         string 22
debian-edu-router-config debian-edu-router-config/net-int-vlanid-wifiguests           string 24
debian-edu-router-config debian-edu-router-config/net-int-vlanid-printers             string 30

# In Debian Edu, the Edu-Interface uses a static IPv4 address
debian-edu-router-config debian-edu-router-config/net-networks-staticip-v4   multiselect Education
debian-edu-router-config debian-edu-router-config/net-networks-dhcpclient-v4 multiselect 
debian-edu-router-config debian-edu-router-config/net-networks-manual-v4     multiselect 
debian-edu-router-config debian-edu-router-config/net-networks-staticip-v6   multiselect 
debian-edu-router-config debian-edu-router-config/net-networks-auto-v6       multiselect 
debian-edu-router-config debian-edu-router-config/net-networks-dhcpclient-v6 multiselect 
debian-edu-router-config debian-edu-router-config/net-networks-manual-v6     multiselect Education

# Some meaningful defaults for router operation in Debian Edu networks
debian-edu-router-config debian-edu-router-config/net-int-address-v4-openlan              string 192.168.100.253/24
debian-edu-router-config debian-edu-router-config/net-int-address-v4-education            string 10.0.0.1/8
debian-edu-router-config debian-edu-router-config/net-int-address-v4-mgmt                 string 172.16.0.253/24
debian-edu-router-config debian-edu-router-config/net-int-address-v4-schooladministration string 172.16.8.253/24
debian-edu-router-config debian-edu-router-config/net-int-address-v4-wifistudents         string 172.21.0.1/21
debian-edu-router-config debian-edu-router-config/net-int-address-v4-wifiteachers         string 172.21.8.1/21
debian-edu-router-config debian-edu-router-config/net-int-address-v4-wifiguests           string 172.21.16.1/21
debian-edu-router-config debian-edu-router-config/net-int-address-v4-printers             string 172.16.1.253/24
debian-edu-router-config debian-edu-router-config/net-int-address-v6-openlan              string 
debian-edu-router-config debian-edu-router-config/net-int-address-v6-education            string 
debian-edu-router-config debian-edu-router-config/net-int-address-v6-mgmt                 string 
debian-edu-router-config debian-edu-router-config/net-int-address-v6-schooladministration string 
debian-edu-router-config debian-edu-router-config/net-int-address-v6-wifistudents         string 
debian-edu-router-config debian-edu-router-config/net-int-address-v6-wifiteachers         string 
debian-edu-router-config debian-edu-router-config/net-int-address-v6-wifiguests           string 
debian-edu-router-config debian-edu-router-config/net-int-address-v6-printers             string 

# Debian Edu does not provide DHCP service via the gateway, but via TJENER
debian-edu-router-config debian-edu-router-config/service-dhcp-networks-v4 multiselect 
debian-edu-router-config debian-edu-router-config/service-dhcp-networks-v6 multiselect 

# Some meaningful DHCP ranges, if DHCP service gets activated for any of the below networks
debian-edu-router-config debian-edu-router-config/service-dhcp-range-v4-openlan              string 192.168.100.20,192.168.100.252,12h
debian-edu-router-config debian-edu-router-config/service-dhcp-range-v4-education            string 10.16.0.1,10.31.255.255,12h
debian-edu-router-config debian-edu-router-config/service-dhcp-range-v4-mgmt                 string 172.16.0.20,172.16.0.252,12h
debian-edu-router-config debian-edu-router-config/service-dhcp-range-v4-schooladministration string 172.16.8.20,172.16.8.252,12h
debian-edu-router-config debian-edu-router-config/service-dhcp-range-v4-wifistudents         string 172.21.0.2,172.21.7.254,12h
debian-edu-router-config debian-edu-router-config/service-dhcp-range-v4-wifiteachers         string 172.21.8.2,172.21.15.254,12h
debian-edu-router-config debian-edu-router-config/service-dhcp-range-v4-wifiguests           string 172.21.16.2,172.21.23.254,12h
debian-edu-router-config debian-edu-router-config/service-dhcp-range-v4-printers             string 172.16.1.21,172.16.1.80,12h

# Block direct internet access from 'Education' network and set up NAT for it
debian-edu-router-config debian-edu-router-config/service-firewall-networks-nat            multiselect Education
debian-edu-router-config debian-edu-router-config/service-firewall-networks-routed         multiselect 
debian-edu-router-config debian-edu-router-config/service-firewall-networks-hostonly       multiselect 
debian-edu-router-config debian-edu-router-config/service-firewall-networks-allow-internet multiselect 
debian-edu-router-config debian-edu-router-config/service-firewall-networks-block-internet multiselect Education

# Enable direct internet access for TJENER
debian-edu-router-config debian-edu-router-config/service-firewall-trustworthy-ips string 10.0.2.2

# Do not make anything public in Debian Edu networks.
debian-edu-router-config debian-edu-router-config/service-firewall-reverse-nat-configs string 

# Enable SSH server on firewall
debian-edu-router-config debian-edu-router-config/service-firewall-ssh-incoming multiselect Education Mgmt Printers

#
# Debian Edu Router Plugin: Content filter
#
debian-edu-router-plugin.content-filter debian-edu-router-plugin.content-filter/content-filter-enabled                     boolean false
debian-edu-router-plugin.content-filter debian-edu-router-plugin.content-filter/service-httpproxy-transparent-mode-enabled boolean false
debian-edu-router-plugin.content-filter debian-edu-router-plugin.content-filter/dns-alias                                  string webcache
debian-edu-router-plugin.content-filter debian-edu-router-plugin.content-filter/dns-servers                                string 10.0.2.2
debian-edu-router-plugin.content-filter debian-edu-router-plugin.content-filter/proxy-port-exposed-to-clients              string 3128
debian-edu-router-plugin.content-filter debian-edu-router-plugin.content-filter/apache2-http-port                          string 80
debian-edu-router-plugin.content-filter debian-edu-router-plugin.content-filter/apache2-https-port                         string 
debian-edu-router-plugin.content-filter debian-edu-router-plugin.content-filter/parent-proxy                               string 
debian-edu-router-plugin.content-filter debian-edu-router-plugin.content-filter/service-contentfilter-autoregenerate-ips   boolean true

# Enable SSL bumping via Squid and deep content introspection via e2guardian.
debian-edu-router-plugin.content-filter debian-edu-router-plugin.content-filter/service-contentfilter-autorefresh-blacklist boolean true
debian-edu-router-plugin.content-filter debian-edu-router-plugin.content-filter/service-contentfilter-networks-enabled      boolean true
debian-edu-router-plugin.content-filter debian-edu-router-plugin.content-filter/service-httpproxy-enable-sslbumping         boolean true
debian-edu-router-plugin.content-filter debian-edu-router-plugin.content-filter/service-httpproxy-networks-enabled          multiselect Education
debian-edu-router-plugin.content-filter debian-edu-router-plugin.content-filter/service-httpproxy-networks-with-sslbumping  multiselect Education

debian-edu-router-plugin.content-filter debian-edu-router-plugin.content-filter/service-httpproxy-sslbumping-ca-org      string Debian
debian-edu-router-plugin.content-filter debian-edu-router-plugin.content-filter/service-httpproxy-sslbumping-ca-ou       string Debian Edu
debian-edu-router-plugin.content-filter debian-edu-router-plugin.content-filter/service-httpproxy-sslbumping-ca-province string My Region
debian-edu-router-plugin.content-filter debian-edu-router-plugin.content-filter/service-httpproxy-sslbumping-ca-country  string DE
debian-edu-router-plugin.content-filter debian-edu-router-plugin.content-filter/service-httpproxy-sslbumping-ca-city     string My City
debian-edu-router-plugin.content-filter debian-edu-router-plugin.content-filter/service-httpproxy-sslbumping-ca-cn       string Debian Edu Router SSL-MitM CA
debian-edu-router-plugin.content-filter debian-edu-router-plugin.content-filter/service-httpproxy-sslbumping-ca-email    string siteadmin@myschool.edu

#
# Debian Edu Router Plugin: LDAP/AD Connector
#
debian-edu-router-plugin.ldap-connector debian-edu-router-plugin.ldap-connector/ldap-connector-enabled  boolean false
debian-edu-router-plugin.ldap-connector debian-edu-router-plugin.ldap-connector/ldap-auth-type          select simple
debian-edu-router-plugin.ldap-connector debian-edu-router-plugin.ldap-connector/ldap-base               string dc=skole,dc=skolelinux,dc=no
debian-edu-router-plugin.ldap-connector debian-edu-router-plugin.ldap-connector/ldap-user-searchfilter  string uid=%s
debian-edu-router-plugin.ldap-connector debian-edu-router-plugin.ldap-connector/ldap-binddn             string cn=admin,ou=ldap-access,dc=skole,dc=skolelinux,dc=no
# debian-edu-router-plugin.ldap-connector debian-edu-router-plugin.ldap-connector/ldap-bindpw             password
debian-edu-router-plugin.ldap-connector debian-edu-router-plugin.ldap-connector/ldap-dns-servers        string 10.0.2.2
debian-edu-router-plugin.ldap-connector debian-edu-router-plugin.ldap-connector/ldap-install-cert-type  select manually
debian-edu-router-plugin.ldap-connector debian-edu-router-plugin.ldap-connector/ldap-reqcert            select demand
debian-edu-router-plugin.ldap-connector debian-edu-router-plugin.ldap-connector/ldap-starttls           boolean false
# Keep in sync with /etc/hosts!
debian-edu-router-plugin.ldap-connector debian-edu-router-plugin.ldap-connector/ldap-uri                string ldaps://ldap.intern
debian-edu-router-plugin.ldap-connector debian-edu-router-plugin.ldap-connector/ldap-refresh-filterlists boolean true

debian-edu-router-plugin.ldap-connector debian-edu-router-plugin.ldap-connector/ldap-groups-type-nisNetgroup  multiselect ProxyTrustedClient, ProxyAllowClient, ProxyDenyClient, ProxyBlacklistClient, ProxyWhitelistClient, ProxyNoauthClient, ProxyTrustedUser, ProxyAllowUser, ProxyDenyUser, ProxyBlacklistUser, ProxyWhitelistUser
debian-edu-router-plugin.ldap-connector debian-edu-router-plugin.ldap-connector/ldap-groups-type-group        multiselect 
debian-edu-router-plugin.ldap-connector debian-edu-router-plugin.ldap-connector/ldap-groups-type-groupOfNames multiselect 
debian-edu-router-plugin.ldap-connector debian-edu-router-plugin.ldap-connector/ldap-groups-type-posixGroup   multiselect 

debian-edu-router-plugin.ldap-connector debian-edu-router-plugin.ldap-connector/ldap-group-name-ProxyTrustedClient   string proxy-trusted
debian-edu-router-plugin.ldap-connector debian-edu-router-plugin.ldap-connector/ldap-group-name-ProxyAllowClient     string proxy-allow
debian-edu-router-plugin.ldap-connector debian-edu-router-plugin.ldap-connector/ldap-group-name-ProxyDenyClient      string proxy-deny
debian-edu-router-plugin.ldap-connector debian-edu-router-plugin.ldap-connector/ldap-group-name-ProxyBlacklistClient string proxy-blacklist
debian-edu-router-plugin.ldap-connector debian-edu-router-plugin.ldap-connector/ldap-group-name-ProxyWhitelistClient string proxy-whitelist
debian-edu-router-plugin.ldap-connector debian-edu-router-plugin.ldap-connector/ldap-group-name-ProxyNoauthClient    string proxy-noauth-client
debian-edu-router-plugin.ldap-connector debian-edu-router-plugin.ldap-connector/ldap-group-name-ProxyTrustedUser     string proxy-trusted
debian-edu-router-plugin.ldap-connector debian-edu-router-plugin.ldap-connector/ldap-group-name-ProxyAllowUser       string proxy-allow
debian-edu-router-plugin.ldap-connector debian-edu-router-plugin.ldap-connector/ldap-group-name-ProxyDenyUser        string proxy-deny
debian-edu-router-plugin.ldap-connector debian-edu-router-plugin.ldap-connector/ldap-group-name-ProxyBlacklistUser   string proxy-blacklist
debian-edu-router-plugin.ldap-connector debian-edu-router-plugin.ldap-connector/ldap-group-name-ProxyWhitelistUser   string proxy-whitelist

debian-edu-router-plugin.ldap-connector debian-edu-router-plugin.ldap-connector/ldap-groups-search-via-base-dn multiselect ProxyAllowUser ProxyBlacklistUser
debian-edu-router-plugin.ldap-connector debian-edu-router-plugin.ldap-connector/ldap-group-base-dn-ProxyTrustedClient    string OU=People,dc=skole,dc=skolelinux,dc=no
debian-edu-router-plugin.ldap-connector debian-edu-router-plugin.ldap-connector/ldap-group-base-dn-ProxyAllowClient      string OU=People,dc=skole,dc=skolelinux,dc=no
debian-edu-router-plugin.ldap-connector debian-edu-router-plugin.ldap-connector/ldap-group-base-dn-ProxyDenyClient       string OU=People,dc=skole,dc=skolelinux,dc=no
debian-edu-router-plugin.ldap-connector debian-edu-router-plugin.ldap-connector/ldap-group-base-dn-ProxyBlacklistClient  string OU=People,dc=skole,dc=skolelinux,dc=no
debian-edu-router-plugin.ldap-connector debian-edu-router-plugin.ldap-connector/ldap-group-base-dn-ProxyWhitelistClient  string OU=People,dc=skole,dc=skolelinux,dc=no
debian-edu-router-plugin.ldap-connector debian-edu-router-plugin.ldap-connector/ldap-group-base-dn-ProxyNoauthClient     string OU=People,dc=skole,dc=skolelinux,dc=no
debian-edu-router-plugin.ldap-connector debian-edu-router-plugin.ldap-connector/ldap-group-base-dn-ProxyTrustedUser      string OU=People,dc=skole,dc=skolelinux,dc=no
debian-edu-router-plugin.ldap-connector debian-edu-router-plugin.ldap-connector/ldap-group-base-dn-ProxyAllowUser        string OU=People,OU=Teachers,dc=skole,dc=skolelinux,dc=no
debian-edu-router-plugin.ldap-connector debian-edu-router-plugin.ldap-connector/ldap-group-base-dn-ProxyDenyUser         string OU=People,dc=skole,dc=skolelinux,dc=no
debian-edu-router-plugin.ldap-connector debian-edu-router-plugin.ldap-connector/ldap-group-base-dn-ProxyBlacklistUser    string OU=People,OU=Students,dc=skole,dc=skolelinux,dc=no
debian-edu-router-plugin.ldap-connector debian-edu-router-plugin.ldap-connector/ldap-group-base-dn-ProxyWhitelistUser    string OU=People,dc=skole,dc=skolelinux,dc=no

#
# Debian Edu Router Plugin: mDNS reflector
#
# Disable mDNS-reflector for now.
debian-edu-router-plugin.mdns-reflector debian-edu-router-plugin.mdns-reflector/mdns-reflector-enabled          boolean false
debian-edu-router-plugin.mdns-reflector debian-edu-router-plugin.mdns-reflector/service-mdns-reflector-networks multiselect 

#
# Debian Edu Router Plugin: Krb5 Connector
#
debian-edu-router-plugin.krb5-connector debian-edu-router-plugin.krb5-connector/krb5-connector-enabled            boolean false
# Keep in sync with /etc/hosts!
debian-edu-router-plugin.krb5-connector debian-edu-router-plugin.krb5-connector/kerberos-server-kdc-host          string kerberos.intern
debian-edu-router-plugin.krb5-connector debian-edu-router-plugin.krb5-connector/kerberos-server-admin-host        string kerberos.intern
debian-edu-router-plugin.krb5-connector debian-edu-router-plugin.krb5-connector/kerberos-server-admin-variant     string MIT
# debian-edu-router-plugin.krb5-connector debian-edu-router-plugin.krb5-connector/computer-account-create-mode      select
# debian-edu-router-plugin.krb5-connector debian-edu-router-plugin.krb5-connector/computer-account-initial-password password
# debian-edu-router-plugin.krb5-connector debian-edu-router-plugin.krb5-connector/computer-account-base-ou          string
debian-edu-router-plugin.krb5-connector debian-edu-router-plugin.krb5-connector/kerberos-server-admin-principal   string root/admin@INTERN
# debian-edu-router-plugin.krb5-connector debian-edu-router-plugin.krb5-connector/kerberos-server-admin-password    password
debian-edu-router-plugin.krb5-connector debian-edu-router-plugin.krb5-connector/kerberos-domain                   string intern
debian-edu-router-plugin.krb5-connector debian-edu-router-plugin.krb5-connector/kerberos-realm                    string INTERN
debian-edu-router-plugin.krb5-connector debian-edu-router-plugin.krb5-connector/kerberos-realm-default            string INTERN
