<?xml version="1.0"?>
<!-- HTTPS configuration -->
<interfaceDefinition>
  <syntaxVersion component='https' version='2'></syntaxVersion>
  <node name="service">
    <children>
      <node name="https" owner="${vyos_conf_scripts_dir}/https.py">
        <properties>
          <help>HTTPS configuration</help>
          <priority>1001</priority>
        </properties>
        <children>
          <tagNode name="virtual-host">
            <properties>
              <help>Identifier for virtual host</help>
              <constraint>
                <regex>[a-zA-Z0-9-_.:]{1,255}</regex>
              </constraint>
              <constraintErrorMessage>illegal characters in identifier or identifier longer than 255 characters</constraintErrorMessage>
            </properties>
            <children>
              <leafNode name="listen-address">
                <properties>
                  <help>Address to listen for HTTPS requests</help>
                  <valueHelp>
                    <format>ipv4</format>
                   <description>HTTPS IPv4 address</description>
                  </valueHelp>
                  <valueHelp>
                    <format>ipv6</format>
                    <description>HTTPS IPv6 address</description>
                  </valueHelp>
                  <valueHelp>
                    <format>'*'</format>
                    <description>any</description>
                  </valueHelp>
                  <constraint>
                    <validator name="ipv4-address"/>
                    <validator name="ipv6-address"/>
                    <regex>\*$</regex>
                  </constraint>
                </properties>
              </leafNode>
              <leafNode name='listen-port'>
                <properties>
                  <help>Port to listen for HTTPS requests; default 443</help>
                  <valueHelp>
                    <format>1-65535</format>
                    <description>Numeric IP port</description>
                  </valueHelp>
                  <constraint>
                    <validator name="numeric" argument="--range 1-65535"/>
                  </constraint>
                </properties>
              </leafNode>
              <leafNode name="server-name">
                <properties>
                  <help>Server names: exact, wildcard, or regex</help>
                  <multi/>
                </properties>
              </leafNode>
            </children>
          </tagNode>
          <node name="api" owner="${vyos_conf_scripts_dir}/http-api.py">
            <properties>
              <help>VyOS HTTP API configuration</help>
              <priority>1002</priority>
            </properties>
            <children>
              <leafNode name="port">
                <properties>
                  <help>Port for HTTP API service</help>
                  <valueHelp>
                    <format>1-65535</format>
                    <description>Numeric IP port</description>
                  </valueHelp>
                  <constraint>
                    <validator name="numeric" argument="--range 1-65535"/>
                  </constraint>
                </properties>
              </leafNode>
              <node name="keys">
                <properties>
                  <help>HTTP API keys</help>
                </properties>
                <children>
                  <tagNode name="id">
                    <properties>
                      <help>HTTP API id</help>
                    </properties>
                    <children>
                      <leafNode name="key">
                        <properties>
                          <help>HTTP API plaintext key</help>
                        </properties>
                      </leafNode>
                    </children>
                  </tagNode>
                </children>
              </node>
              <leafNode name="strict">
                <properties>
                  <help>Enforce strict path checking</help>
                  <valueless/>
                </properties>
              </leafNode>
              <leafNode name="debug">
                <properties>
                  <help>Debug</help>
                  <valueless/>
                  <hidden/>
                </properties>
              </leafNode>
            </children>
          </node>
          <node name="api-restrict">
            <properties>
              <help>Restrict api proxy to subset of virtual hosts</help>
            </properties>
            <children>
              <leafNode name="virtual-host">
                <properties>
                  <help>Restrict proxy to virtual host(s)</help>
                  <multi/>
                </properties>
              </leafNode>
            </children>
          </node>
          <node name="certificates">
            <properties>
              <help>TLS certificates</help>
            </properties>
            <children>
              <node name="system-generated-certificate" owner="${vyos_conf_scripts_dir}/vyos_cert.py">
                <properties>
                  <help>Use an automatically generated self-signed certificate</help>
                </properties>
                <children>
                  <leafNode name="lifetime">
                    <properties>
                      <help>Lifetime in days; default is 365</help>
                      <valueHelp>
                        <format>1-65535</format>
                        <description>Number of days</description>
                      </valueHelp>
                    </properties>
                  </leafNode>
                </children>
              </node>
              <node name="certbot" owner="${vyos_conf_scripts_dir}/le_cert.py">
                <properties>
                  <help>Request or apply a letsencrypt certificate for domain-name</help>
                </properties>
                <children>
                  <leafNode name="domain-name">
                    <properties>
                      <help>Domain name(s) for which to obtain certificate</help>
                      <multi/>
                    </properties>
                  </leafNode>
                  <leafNode name="email">
                      <properties>
                          <help>Email address to associate with certificate</help>
                      </properties>
                  </leafNode>
                </children>
              </node>
            </children>
          </node>
        </children>
      </node>
    </children>
  </node>
</interfaceDefinition>