r00t2/xml
1
0
Fork 0
Code Issues Pull Requests Projects Releases Activity

i think this is a better path forward

Browse Source
This commit is contained in:
brent s.
2019-12-09 07:16:33 -05:00
parent 47f81b4159
commit fb9ce235fa
9 changed files with 335 additions and 307 deletions
Download Patch File Download Diff File Expand all files Collapse all files

251
schema/lib/types/aif.xsd Normal file
View File

@@ -0,0 +1,251 @@
<?xml version="1.0" encoding="UTF-8" ?>
<xs:schema targetNamespace="https://schema.xml.r00t2.io/lib/types/aif.xsd"
xmlns="https://schema.xml.r00t2.io/lib/types/aif.xsd"
xmlns:t_aif="https://schema.xml.r00t2.io/lib/types/aif.xsd"
xmlns:linux="https://schema.xml.r00t2.io/lib/types/linux.xsd"
xmlns:net="https://schema.xml.r00t2.io/lib/types/net.xsd"
xmlns:std="https://schema.xml.r00t2.io/lib/types/std.xsd"
xmlns:unix="https://schema.xml.r00t2.io/lib/types/unix.xsd"
xmlns:xs="http://www.w3.org/2001/XMLSchema"
elementFormDefault="unqualified"
attributeFormDefault="unqualified">
<xs:import namespace="https://schema.xml.r00t2.io/lib/types/linux.xsd"
schemaLocation="./linux.xsd"/>
<xs:import namespace="https://schema.xml.r00t2.io/lib/types/net.xsd"
schemaLocation="./net.xsd"/>
<xs:import namespace="https://schema.xml.r00t2.io/lib/types/std.xsd"
schemaLocation="./std.xsd"/>
<xs:import namespace="https://schema.xml.r00t2.io/lib/types/unix.xsd"
schemaLocation="./unix.xsd"/>
<xs:simpleType name="t_auto_ip6">
<xs:union memberTypes="net:t_auto_ip6">
<xs:simpleType>
<xs:restriction base="xs:string">
<xs:enumeration value="false"/>
<xs:enumeration value="none"/>
<xs:enumeration value="0"/>
<xs:whiteSpace value="collapse"/>
</xs:restriction>
</xs:simpleType>
</xs:union>
</xs:simpleType>
<xs:simpleType name="t_bootloaders">
<!-- TODO: expand?
https://wiki.archlinux.org/index.php/Category:Boot_loaders
https://wiki.archlinux.org/index.php/Arch_boot_process#Boot_loader -->
<xs:restriction base="xs:token">
<xs:enumeration value="grub"/>
<xs:enumeration value="systemd"/>
<xs:enumeration value="syslinux"/>
<xs:enumeration value="lilo"/>
<xs:whiteSpace value="collapse"/>
</xs:restriction>
</xs:simpleType>
<xs:simpleType name="t_dhcp_clients">
<!-- Only valid for netctl. AIF-NG uses the internal daemons for systemd-networkd and NM. -->
<xs:restriction base="xs:string">
<xs:enumeration value="dhcpcd"/>
<xs:enumeration value="dhclient"/>
</xs:restriction>
</xs:simpleType>
<xs:complexType name="t_iface">
<xs:sequence>
<xs:choice maxOccurs="unbounded">
<xs:element name="addresses" minOccurs="0" maxOccurs="1">
<xs:complexType>
<xs:sequence>
<xs:choice minOccurs="1" maxOccurs="unbounded">
<xs:element name="ipv4">
<xs:complexType>
<xs:sequence>
<xs:element name="address" minOccurs="0" maxOccurs="unbounded">
<xs:complexType>
<xs:simpleContent>
<xs:extension base="net:t_qualified_addr_ip4">
<xs:attribute name="gateway"
type="net:t_addr_ip4"
use="optional"/>
</xs:extension>
</xs:simpleContent>
</xs:complexType>
</xs:element>
</xs:sequence>
<xs:attribute name="auto" type="xs:boolean" use="optional" default="true"/>
</xs:complexType>
<xs:unique name="uniq_ipv4_addr">
<xs:selector xpath="t_aif:address"/>
<xs:field xpath="."/>
</xs:unique>
</xs:element>
<xs:element name="ipv6">
<xs:complexType>
<xs:sequence>
<xs:element name="address" minOccurs="0" maxOccurs="unbounded">
<xs:complexType>
<xs:simpleContent>
<xs:extension base="net:t_qualified_addr_ip6">
<xs:attribute name="gateway"
type="net:t_addr_ip6"
use="optional"/>
</xs:extension>
</xs:simpleContent>
</xs:complexType>
</xs:element>
</xs:sequence>
<xs:attribute name="auto" type="net:t_auto_ip6"
use="optional" default="slaac"/>
</xs:complexType>
<xs:unique name="uniq_ipv6_addr">
<xs:selector xpath="t_aif:address"/>
<xs:field xpath="."/>
</xs:unique>
</xs:element>
</xs:choice>
</xs:sequence>
</xs:complexType>
</xs:element>
<xs:element name="resolvers" minOccurs="0" maxOccurs="1">
<xs:complexType>
<xs:sequence minOccurs="1" maxOccurs="unbounded">
<xs:choice minOccurs="1" maxOccurs="unbounded">
<xs:element name="resolver" minOccurs="1" maxOccurs="unbounded" type="net:t_both_addr"/>
<xs:element name="ipv4" minOccurs="0" maxOccurs="1">
<xs:complexType>
<xs:attribute name="auto" type="xs:boolean"
use="required"/>
</xs:complexType>
</xs:element>
<xs:element name="ipv6" minOccurs="0" maxOccurs="1">
<xs:complexType>
<xs:attribute name="auto" type="xs:boolean"
use="required"/>
</xs:complexType>
</xs:element>
</xs:choice>
</xs:sequence>
</xs:complexType>
</xs:element>
<xs:element name="routes" minOccurs="0" maxOccurs="1">
<xs:complexType>
<xs:sequence minOccurs="1" maxOccurs="unbounded">
<xs:choice minOccurs="1" maxOccurs="unbounded">
<xs:element name="ipv4">
<xs:complexType>
<xs:sequence>
<xs:element name="route" minOccurs="0" maxOccurs="unbounded">
<xs:complexType>
<xs:simpleContent>
<xs:extension base="net:t_qualified_addr_ip4">
<xs:attribute name="gateway"
type="net:t_addr_ip4"
use="required"/>
</xs:extension>
</xs:simpleContent>
</xs:complexType>
</xs:element>
</xs:sequence>
<xs:attribute name="auto" type="xs:boolean" use="optional" default="true"/>
</xs:complexType>
<xs:unique name="uniq_ipv4_route">
<xs:selector xpath="t_aif:route"/>
<xs:field xpath="."/>
</xs:unique>
</xs:element>
<xs:element name="ipv6">
<xs:complexType>
<xs:sequence>
<xs:element name="address" minOccurs="0" maxOccurs="unbounded">
<xs:complexType>
<xs:simpleContent>
<xs:extension base="net:t_qualified_addr_ip6">
<xs:attribute name="gateway"
type="net:t_addr_ip6"
use="required"/>
</xs:extension>
</xs:simpleContent>
</xs:complexType>
</xs:element>
</xs:sequence>
<!-- DHCPv6 does not have an option to send routes,
so you need to use RAs. -->
<!-- See https://www.isc.org/blogs/routing-configuration-over-dhcpv6-2/
for more information. -->
<!-- https://datatracker.ietf.org/doc/draft-ietf-mif-dhcpv6-route-option/
expired. Shame, that. -->
<xs:attribute name="auto" type="xs:boolean" use="optional" default="true"/>
</xs:complexType>
<xs:unique name="uniq_ipv6_route">
<xs:selector xpath="t_aif:route"/>
<xs:field xpath="."/>
</xs:unique>
</xs:element>
</xs:choice>
</xs:sequence>
</xs:complexType>
</xs:element>
</xs:choice>
</xs:sequence>
<xs:attribute name="id" type="xs:ID" use="required"/>
<xs:attribute name="device" type="linux:t_iface_name" use="required"/>
<xs:attribute name="defroute" type="xs:boolean" use="optional" default="false"/>
<xs:attribute name="searchDomain" type="std:t_nonempty" use="optional"/>
</xs:complexType>
<xs:simpleType name="t_iface_name">
<xs:union memberTypes="linux:t_iface_name">
<xs:simpleType>
<xs:restriction base="xs:string">
<xs:enumeration value="auto"/>
</xs:restriction>
</xs:simpleType>
</xs:union>
</xs:simpleType>
<xs:complexType name="t_iface_wifi">
<xs:complexContent>
<xs:extension base="t_iface">
<xs:sequence>
<xs:element name="encryption" type="net:t_wifi_crypto" minOccurs="0" maxOccurs="1"/>
</xs:sequence>
<!-- TODO: SSID needs to support unicode chars in both XML(/XSD type=?) and program -->
<xs:attribute name="essid" type="xs:string" use="required"/>
<xs:attribute name="bssid" type="net:t_mac_addr" use="optional"/>
<xs:attribute name="hidden" type="xs:boolean" use="optional" default="false"/>
</xs:extension>
</xs:complexContent>
</xs:complexType>
<xs:simpleType name="t_netproto">
<xs:union memberTypes="net:t_netproto">
<xs:simpleType>
<xs:restriction base="xs:string">
<xs:enumeration value="both"/>
</xs:restriction>
</xs:simpleType>
</xs:union>
</xs:simpleType>
<xs:simpleType name="t_netprov">
<xs:restriction base="xs:token">
<xs:enumeration value="netctl"/>
<xs:enumeration value="nm"/>
<xs:enumeration value="networkd"/>
<xs:whiteSpace value="collapse"/>
</xs:restriction>
</xs:simpleType>
<xs:simpleType name="t_pacuri">
<!-- xs:anyURI is too permissive. -->
<!-- <xs:restriction base="xs:anyURI"> -->
<xs:restriction base="xs:token">
<xs:pattern value="(file|https?)://.+"/>
<xs:whiteSpace value="collapse"/>
</xs:restriction>
</xs:simpleType>
</xs:schema>

43
schema/lib/types/bsd.xsd Normal file
View File

@@ -0,0 +1,43 @@
<?xml version="1.0" encoding="UTF-8" ?>
<xs:schema targetNamespace="https://schema.xml.r00t2.io/lib/types/bsd.xsd"
xmlns="https://schema.xml.r00t2.io/lib/types/bsd.xsd"
xmlns:bsd="https://schema.xml.r00t2.io/lib/types/bsd.xsd"
xmlns:linux="https://schema.xml.r00t2.io/lib/types/linux.xsd"
xmlns:std="https://schema.xml.r00t2.io/lib/types/std.xsd"
xmlns:unix="https://schema.xml.r00t2.io/lib/types/bsd.xsd"
xmlns:xs="http://www.w3.org/2001/XMLSchema"
elementFormDefault="unqualified"
attributeFormDefault="unqualified">
<xs:import namespace="https://schema.xml.r00t2.io/lib/types/linux.xsd"
schemaLocation="./linux.xsd"/>
<xs:import namespace="https://schema.xml.r00t2.io/lib/types/std.xsd"
schemaLocation="./std.xsd"/>
<xs:import namespace="https://schema.xml.r00t2.io/lib/types/unix.xsd"
schemaLocation="./unix.xsd"/>
<xs:simpleType name="t_passwd_hashtypes">
<xs:union memberTypes="linux:t_passwd_hashtypes">
<xs:simpleType>
<xs:restriction>
<!-- <xs:enumeration value="des"/> -->
<!-- bcrypt/blowfish are the same. -->
<xs:enumeration value="bcrypt"/>
<xs:enumeration value="blowfish"/>
</xs:restriction>
</xs:simpleType>
</xs:union>
</xs:simpleType>
<xs:simpleType name="t_shadowhash">
<xs:union memberTypes="linux:t_shadowhash">
<xs:simpleType>
<xs:restriction>
<!-- Blowfish/bcrypt -->
<xs:pattern value="($2[abxy]?)?($[0-9]+)$[a-zA-Z0-9./]{53}"/>
</xs:restriction>
</xs:simpleType>
</xs:union>
</xs:simpleType>
</xs:schema>

489
schema/lib/types/linux.xsd Normal file
View File

@@ -0,0 +1,489 @@
<?xml version="1.0" encoding="UTF-8" ?>
<xs:schema targetNamespace="https://schema.xml.r00t2.io/lib/types/linux.xsd"
xmlns="https://schema.xml.r00t2.io/lib/types/linux.xsd"
xmlns:linux="https://schema.xml.r00t2.io/lib/types/linux.xsd"
xmlns:std="https://schema.xml.r00t2.io/lib/types/std.xsd"
xmlns:sys="https://schema.xml.r00t2.io/lib/types/sys.xsd"
xmlns:unix="https://schema.xml.r00t2.io/lib/types/unix.xsd"
xmlns:xs="http://www.w3.org/2001/XMLSchema"
elementFormDefault="unqualified"
attributeFormDefault="unqualified">
<xs:import namespace="https://schema.xml.r00t2.io/lib/types/std.xsd"
schemaLocation="./std.xsd"/>
<xs:import namespace="https://schema.xml.r00t2.io/lib/types/sys.xsd"
schemaLocation="./sys.xsd"/>
<xs:import namespace="https://schema.xml.r00t2.io/lib/types/unix.xsd"
schemaLocation="./unix.xsd"/>
<xs:simpleType name="t_console_pageformats">
<xs:restriction base="xs:positiveInteger">
<xs:enumeration value="8"/>
<xs:enumeration value="14"/>
<xs:enumeration value="16"/>
</xs:restriction>
</xs:simpleType>
<xs:complexType name="t_disk">
<xs:sequence>
<xs:element name="part" minOccurs="1" maxOccurs="unbounded" type="linux:t_partition"/>
</xs:sequence>
<xs:attribute name="id" type="xs:ID" use="required"/>
<xs:attribute name="device" type="linux:t_diskdev" use="required"/>
<xs:attribute name="diskFormat" type="sys:t_diskfmt" use="required"/>
</xs:complexType>
<xs:simpleType name="t_diskdev">
<xs:restriction base="xs:string">
<!-- TODO: is "auto" okay here? -->
<xs:pattern value="(/dev/([A-Za-z0-9_]+/)?[A-Za-z0-9_]+[0-9]?|auto)"/>
<xs:whiteSpace value="collapse"/>
</xs:restriction>
</xs:simpleType>
<xs:simpleType name="t_disksize">
<xs:restriction base="xs:string">
<xs:pattern value="[-|+]?\s*([0-9]+)\s*(%|((k|Ki)|[MGTPEZY]i?)?B?|)\s*"/>
<xs:whiteSpace value="collapse"/>
</xs:restriction>
</xs:simpleType>
<xs:simpleType name="t_fstype">
<xs:union memberTypes="std:t_UUID4">
<xs:simpleType>
<!-- parted names -->
<!-- https://en.wikipedia.org/wiki/GUID_Partition_Table#Partition_type_GUIDs -->
<!-- ', '.join(sorted(list(dict(vars(parted.filesystem))['fileSystemType'].keys()))) -->
<xs:restriction base="xs:token">
<xs:enumeration value="affs0"/>
<xs:enumeration value="affs1"/>
<xs:enumeration value="affs2"/>
<xs:enumeration value="affs3"/>
<xs:enumeration value="affs4"/>
<xs:enumeration value="affs5"/>
<xs:enumeration value="affs6"/>
<xs:enumeration value="affs7"/>
<xs:enumeration value="amufs"/>
<xs:enumeration value="amufs0"/>
<xs:enumeration value="amufs1"/>
<xs:enumeration value="amufs2"/>
<xs:enumeration value="amufs3"/>
<xs:enumeration value="amufs4"/>
<xs:enumeration value="amufs5"/>
<xs:enumeration value="apfs1"/>
<xs:enumeration value="apfs2"/>
<xs:enumeration value="asfs"/>
<xs:enumeration value="btrfs"/>
<xs:enumeration value="ext2"/>
<xs:enumeration value="ext3"/>
<xs:enumeration value="ext4"/>
<xs:enumeration value="fat16"/>
<xs:enumeration value="fat32"/>
<xs:enumeration value="hfs"/>
<xs:enumeration value="hfs+"/>
<xs:enumeration value="hfsx"/>
<xs:enumeration value="hp-ufs"/>
<xs:enumeration value="jfs"/>
<xs:enumeration value="linux-swap(v0)"/>
<xs:enumeration value="linux-swap(v1)"/>
<xs:enumeration value="nilfs2"/>
<xs:enumeration value="ntfs"/>
<xs:enumeration value="reiserfs"/>
<xs:enumeration value="sun-ufs"/>
<xs:enumeration value="swsusp"/>
<xs:enumeration value="udf"/>
<xs:enumeration value="xfs"/>
<xs:whiteSpace value="collapse"/>
</xs:restriction>
</xs:simpleType>
</xs:union>
</xs:simpleType>
<xs:simpleType name="t_iface_name">
<xs:restriction base="xs:token">
<!-- https://github.com/systemd/systemd/blob/master/src/udev/udev-builtin-net_id.c.
I have no idea if this will work. TODO: simplify, validate in-code. -->
<xs:pattern
value="((en|sl|wl|ww)(b[0-9]+|c[a-z0-9]|o[0-9]+(n.*(d.*)?)?|s[0-9]+(f.*)?([nd].*)?|x([A-Fa-f0-9]:){5}[A-Fa-f0-9]|(P.*)?p[0-9]+s[0-9]+(([fnd].*)|u.*)?))"/>
<xs:whiteSpace value="collapse"/>
</xs:restriction>
</xs:simpleType>
<xs:complexType name="t_luks">
<xs:sequence>
<!-- TODO: add support for custom flags/opts? -->
<xs:element name="luksDev" minOccurs="1" maxOccurs="unbounded">
<xs:complexType>
<xs:sequence>
<xs:element name="secrets" minOccurs="1" maxOccurs="10" type="t_luks_secrets"/>
</xs:sequence>
<xs:attribute name="id" type="xs:ID" use="required"/>
<xs:attribute name="name" type="std:t_nonempty" use="required"/>
<xs:attribute name="source" type="xs:IDREF" use="required"/>
</xs:complexType>
</xs:element>
</xs:sequence>
</xs:complexType>
<xs:complexType name="t_luks_secrets">
<xs:sequence minOccurs="1" maxOccurs="unbounded">
<xs:element name="passphrase" minOccurs="0" maxOccurs="unbounded"
type="std:t_nonempty"/>
<!-- TODO: support URI to *read* bytes from? -->
<xs:element name="keyFile" minOccurs="0" maxOccurs="unbounded">
<xs:complexType>
<xs:simpleContent>
<xs:extension base="unix:t_filepath">
<xs:attribute name="size" type="xs:positiveInteger" use="optional"/>
</xs:extension>
</xs:simpleContent>
</xs:complexType>
</xs:element>
</xs:sequence>
</xs:complexType>
<xs:complexType name="t_lvm">
<xs:sequence>
<xs:element name="volumeGroup" minOccurs="1" maxOccurs="unbounded">
<xs:complexType>
<xs:all>
<xs:element name="physicalVolumes" minOccurs="1" maxOccurs="1">
<xs:complexType>
<xs:sequence>
<xs:element name="pv" minOccurs="1" maxOccurs="unbounded" type="linux:t_lvm_pv"/>
</xs:sequence>
</xs:complexType>
</xs:element>
<xs:element name="logicalVolumes" minOccurs="1" maxOccurs="1" type="linux:t_lvm_lv"/>
</xs:all>
<xs:attribute name="id" type="xs:ID" use="required"/>
<xs:attribute name="name" type="std:t_nonempty" use="required"/>
<xs:attribute name="extentSize" type="linux:t_pesize" use="optional" default="0"/>
</xs:complexType>
</xs:element>
</xs:sequence>
</xs:complexType>
<xs:complexType name="t_lvm_lv">
<xs:sequence>
<xs:element name="lv" minOccurs="1" maxOccurs="unbounded">
<xs:complexType>
<xs:sequence minOccurs="0" maxOccurs="unbounded">
<xs:element name="pvMember" minOccurs="1" maxOccurs="unbounded">
<xs:complexType>
<xs:attribute name="source" use="required" type="xs:IDREF"/>
</xs:complexType>
</xs:element>
</xs:sequence>
<xs:attribute name="id" type="xs:ID" use="required"/>
<xs:attribute name="name" type="std:t_nonempty" use="required"/>
<xs:attribute name="size" type="linux:t_lvsize" use="required"/>
</xs:complexType>
</xs:element>
</xs:sequence>
</xs:complexType>
<xs:complexType name="t_lvm_pv">
<xs:attribute name="id" type="xs:ID" use="required"/>
<xs:attribute name="source" type="xs:IDREF" use="required"/>
</xs:complexType>
<xs:simpleType name="t_lvsize">
<!-- If no suffix is provided, program should assume the size is in *extents*. -->
<xs:restriction base="xs:string">
<xs:pattern value="\s*([0-9]+)\s*(%|((k|Ki)|[MGTPEZY]i?)?B?|)\s*"/>
<xs:whiteSpace value="collapse"/>
</xs:restriction>
</xs:simpleType>
<xs:complexType name="t_mdadm">
<xs:sequence minOccurs="1" maxOccurs="unbounded">
<xs:element name="array" minOccurs="1" maxOccurs="unbounded">
<xs:complexType>
<xs:sequence minOccurs="1" maxOccurs="unbounded">
<xs:element name="member" minOccurs="1" maxOccurs="unbounded">
<xs:complexType>
<xs:attribute name="source" type="xs:IDREF"
use="required"/>
</xs:complexType>
</xs:element>
</xs:sequence>
<xs:attribute name="id" use="required" type="xs:ID"/>
<xs:attribute name="name" use="required" type="std:t_nonempty"/>
<xs:attribute name="meta" use="optional" default="1.2" type="linux:t_raid_meta"/>
<xs:attribute name="level" use="required" type="linux:t_raid_levels"/>
<!-- KB *only*. -->
<!-- Can be pretty important!
https://www.zdnet.com/article/chunks-the-hidden-key-to-raid-performance/ -->
<xs:attribute name="chunkSize" use="optional" type="xs:positiveInteger"
default="512"/>
<xs:attribute name="layout" use="optional" type="linux:t_raid_layout"
default="none"/>
</xs:complexType>
</xs:element>
</xs:sequence>
</xs:complexType>
<xs:simpleType name="t_mountpath">
<xs:union memberTypes="unix:t_filepath">
<xs:simpleType>
<xs:restriction base="xs:string">
<xs:enumeration value="swap"/>
</xs:restriction>
</xs:simpleType>
</xs:union>
</xs:simpleType>
<xs:complexType name="t_mounts">
<xs:sequence minOccurs="1" maxOccurs="unbounded">
<xs:element name="mount" minOccurs="1" maxOccurs="unbounded">
<xs:complexType>
<xs:sequence minOccurs="0" maxOccurs="unbounded">
<xs:element name="opt" minOccurs="1" maxOccurs="unbounded"
type="std:t_cmdopts"/>
</xs:sequence>
<xs:attribute name="source" type="xs:IDREF" use="required"/>
<xs:attribute name="target" type="linux:t_mountpath" use="required"/>
</xs:complexType>
</xs:element>
</xs:sequence>
</xs:complexType>
<xs:complexType name="t_nixpass">
<xs:choice minOccurs="1" maxOccurs="1">
<xs:element name="passwordPlain">
<xs:complexType>
<xs:simpleContent>
<xs:extension base="xs:string">
<xs:attribute name="hashType" use="optional" default="sha512"
type="linux:t_passwd_hashtypes"/>
<xs:attribute name="rounds" use="optional" default="5000" type="xs:positiveInteger"/>
</xs:extension>
</xs:simpleContent>
</xs:complexType>
</xs:element>
<xs:element name="passwordHash">
<xs:complexType>
<xs:simpleContent>
<xs:extension base="linux:t_shadowhash">
<xs:attribute name="hashType" use="optional" default="(detect)"
type="linux:t_passwd_hashtypes_detect"/>
</xs:extension>
</xs:simpleContent>
</xs:complexType>
</xs:element>
</xs:choice>
<xs:attribute name="locked" use="optional" default="false" type="xs:boolean"/>
</xs:complexType>
<xs:complexType name="t_package">
<xs:simpleContent>
<xs:extension base="std:t_nonempty">
<xs:attribute name="repo" type="std:t_nonempty" use="optional"/>
</xs:extension>
</xs:simpleContent>
</xs:complexType>
<xs:simpleType name="t_part_flags">
<xs:union>
<xs:simpleType>
<!-- parted.partition.partitionFlag -->
<xs:restriction base="xs:string">
<xs:enumeration value="atvrecv"/>
<xs:enumeration value="bios_grub"/>
<xs:enumeration value="boot"/>
<xs:enumeration value="diag"/>
<xs:enumeration value="esp"/>
<xs:enumeration value="hidden"/>
<xs:enumeration value="hp-service"/>
<xs:enumeration value="irst"/>
<xs:enumeration value="lba"/>
<xs:enumeration value="legacy_boot"/>
<xs:enumeration value="lvm"/>
<xs:enumeration value="msftdata"/>
<xs:enumeration value="msftres"/>
<xs:enumeration value="palo"/>
<xs:enumeration value="prep"/>
<xs:enumeration value="raid"/>
<xs:enumeration value="root"/>
<xs:enumeration value="swap"/>
<xs:whiteSpace value="collapse"/>
</xs:restriction>
</xs:simpleType>
<xs:simpleType>
<!-- These deviate from the parted flags (and in the case of the gpt_* ones, have no parted
equivalent it seems).
fdisk's "e(x)pert mode" has numerical GUID identifers for these ("Attrs").
Details on these are at:
https://en.wikipedia.org/wiki/GUID_Partition_Table#Partition_entries_(LBA_2%E2%80%9333)
BD_PART_FLAGS = BlockDev.PartFlag(-1)
BD_PART_FLAGS_FRIENDLY = dict(zip(BD_PART_FLAGS.value_nicks, BD_PART_FLAGS.value_names))
sorted(list(BD_PART_FLAGS_FRIENDLY.keys()))
-->
<xs:restriction base="xs:string">
<xs:enumeration value="apple_tv_recovery"/>
<xs:enumeration value="cpalo"/>
<xs:enumeration value="gpt_hidden"/><!-- No parted equivalent -->
<xs:enumeration value="gpt_no_automount"/><!-- No parted equivalent -->
<xs:enumeration value="gpt_read_only"/><!-- No parted equivalent -->
<xs:enumeration value="gpt_system_part"/><!-- No parted equivalent -->
<xs:enumeration value="hpservice"/>
<xs:enumeration value="msft_data"/>
<xs:enumeration value="msft_reserved"/>
<xs:whiteSpace value="collapse"/>
</xs:restriction>
</xs:simpleType>
</xs:union>
</xs:simpleType>
<xs:complexType name="t_partition">
<xs:sequence minOccurs="0" maxOccurs="1">
<xs:element name="partitionFlag" minOccurs="1" maxOccurs="unbounded" type="linux:t_part_flags"/>
</xs:sequence>
<xs:attribute name="id" type="xs:ID" use="required"/>
<xs:attribute name="name" type="std:t_nonempty" use="optional"/>
<xs:attribute name="label" type="std:t_nonempty" use="optional"/>
<xs:attribute name="start" type="linux:t_disksize" use="required"/>
<xs:attribute name="stop" type="linux:t_disksize" use="required"/>
<xs:attribute name="fsType" type="linux:t_fstype" use="required"/>
</xs:complexType>
<xs:simpleType name="t_passwd_hashtypes">
<xs:union memberTypes="unix:t_passwd_hashtypes">
<xs:simpleType>
<xs:restriction base="xs:string">
<!-- Unsupported in glibc. libxcrypt (https://github.com/besser82/libxcrypt/) has additional support. -->
<!-- bcrypt/blowfish are the same. -->
<!-- <xs:enumeration value="bcrypt"/> -->
<!-- <xs:enumeration value="blowfish"/> -->
<!-- <xs:enumeration value="scrypt"/> -->
<xs:enumeration value="sha256"/>
<xs:enumeration value="sha512"/>
</xs:restriction>
</xs:simpleType>
</xs:union>
</xs:simpleType>
<xs:simpleType name="t_passwd_hashtypes_detect">
<xs:union memberTypes="linux:t_passwd_hashtypes">
<xs:simpleType>
<xs:restriction base="xs:string">
<xs:enumeration value="(detect)"/>
</xs:restriction>
</xs:simpleType>
</xs:union>
</xs:simpleType>
<xs:simpleType name="t_pesize">
<!-- This is *basically* t_lvsize except we don't allow percentages. -->
<!-- If no suffix is provided, we assume the size is in sectors
UNLESS it's "0", which means use the default (which I *think* is dynamically generated). -->
<xs:restriction base="xs:string">
<xs:pattern value="\s*([0-9]+)\s*(((k|Ki)|[MGTPEZY]i?)?B?|)\s*"/>
<xs:whiteSpace value="collapse"/>
</xs:restriction>
</xs:simpleType>
<xs:simpleType name="t_raid_layout">
<!-- mdadm(8), "layout=" option -->
<!-- We don't need to cook in the "faulty" levels. -->
<xs:restriction base="xs:token">
<xs:pattern
value="((left|right)-a?symmetric(-6)?|[lr][as]|parity-(fir|la)st|ddf-(zero|N)-restart|ddf-N-continue|parity-first-6|[nof][0-9]+|none)"/>
<xs:whiteSpace value="collapse"/>
</xs:restriction>
</xs:simpleType>
<xs:simpleType name="t_raid_levels">
<xs:restriction base="xs:integer">
<xs:enumeration value="0"/>
<xs:enumeration value="1"/>
<xs:enumeration value="4"/>
<xs:enumeration value="5"/>
<xs:enumeration value="6"/>
<xs:enumeration value="10"/>
</xs:restriction>
</xs:simpleType>
<xs:simpleType name="t_raid_meta">
<!-- Program should warn about 1.x used for non-aware bootloaders.
0.90 should be used in that case. -->
<xs:restriction base="xs:token">
<xs:enumeration value="0"/><!-- Same as 0.90 -->
<xs:enumeration value="0.90"/><!-- Same as 0 -->
<xs:enumeration value="1"/><!-- Same as 1.2, default -->
<xs:enumeration value="1.0"/>
<xs:enumeration value="1.1"/>
<xs:enumeration value="1.2"/><!-- Same as 1, default -->
<xs:enumeration value="default"/><!-- Same as 1, 1.2 -->
<xs:enumeration value="ddf"/>
<xs:enumeration value="imsm"/>
<xs:whiteSpace value="collapse"/>
</xs:restriction>
</xs:simpleType>
<xs:complexType name="t_service">
<xs:simpleContent>
<xs:extension base="std:t_nonempty">
<xs:attribute name="status" type="xs:boolean" use="optional" default="true"/>
</xs:extension>
</xs:simpleContent>
</xs:complexType>
<xs:simpleType name="t_shadowhash">
<xs:union memberTypes="unix:t_shadowhash">
<xs:simpleType>
<xs:restriction base="xs:string">
<xs:pattern value="($5)?($[a-zA-Z0-9./]{1,16})$[a-zA-Z0-9./]{43}"/><!-- sha256 -->
<xs:pattern value="($6)?($[a-zA-Z0-9./]{1,16})$[a-zA-Z0-9./]{86}"/><!-- sha512 -->
</xs:restriction>
</xs:simpleType>
</xs:union>
</xs:simpleType>
<xs:complexType name="t_user">
<xs:sequence>
<xs:element name="password" minOccurs="0" maxOccurs="1"
type="linux:t_nixpass"/>
<xs:element name="xGroup" minOccurs="0" maxOccurs="unbounded">
<xs:complexType>
<xs:attribute name="name" type="unix:t_posixUserGroup"
use="required"/>
<xs:attribute name="create" type="xs:boolean" use="optional"
default="false"/>
<xs:attribute name="gid" type="xs:positiveInteger"
use="optional"/>
</xs:complexType>
<xs:unique name="uniq_grp">
<xs:selector xpath="."/>
<xs:field xpath="@name"/>
</xs:unique>
</xs:element>
</xs:sequence>
<xs:attribute name="name" type="unix:t_posixUserGroup" use="required"/>
<xs:attribute name="home" type="unix:t_filepath" use="optional"/>
<xs:attribute name="uid" type="xs:positiveInteger" use="optional"/>
<xs:attribute name="group" type="unix:t_posixUserGroup" use="optional"/>
<xs:attribute name="gid" type="xs:positiveInteger" use="optional"/>
<xs:attribute name="comment" type="std:t_nonempty" use="optional"/>
<xs:attribute name="sudo" type="xs:boolean" use="optional"
default="false"/>
<xs:attribute name="sudoPassword" type="xs:boolean" use="optional"
default="true"/>
<xs:attribute name="shell" type="unix:t_filepath" use="optional"
default="/bin/bash"/>
<!-- TODO: change the positiveIntegers to xs:duration? or union? -->
<!-- Might be pointless since the smallest increment is 1 day in
shadow(5). -->
<xs:attribute name="minAge" type="xs:positiveInteger" use="optional"/>
<xs:attribute name="maxAge" type="xs:positiveInteger" use="optional"/>
<xs:attribute name="warnDays" type="xs:positiveInteger"
use="optional"/>
<xs:attribute name="inactiveDays" type="xs:positiveInteger"
use="optional"/>
<xs:attribute name="expireDate" type="std:t_epoch_or_iso"
use="optional"/>
</xs:complexType>
</xs:schema>

155
schema/lib/types/net.xsd Normal file
View File

@@ -0,0 +1,155 @@
<?xml version="1.0" encoding="UTF-8" ?>
<xs:schema targetNamespace="https://schema.xml.r00t2.io/lib/types/net.xsd"
xmlns="https://schema.xml.r00t2.io/lib/types/net.xsd"
xmlns:net="https://schema.xml.r00t2.io/lib/types/net.xsd"
xmlns:std="https://schema.xml.r00t2.io/lib/types/std.xsd"
xmlns:xs="http://www.w3.org/2001/XMLSchema"
elementFormDefault="unqualified"
attributeFormDefault="unqualified">
<xs:import namespace="https://schema.xml.r00t2.io/lib/types/std.xsd"
schemaLocation="./std.xsd"/>
<xs:simpleType name="t_addr_ip4">
<xs:restriction base="xs:string">
<!-- This is a REALLY LAZY regex. Matching IPv4 in regex is ugly as heck, so we do that in-code.
This is just a gatekeeper. -->
<xs:pattern value="[0-9.]{7,15}"/>
<xs:whiteSpace value="collapse"/>
</xs:restriction>
</xs:simpleType>
<xs:simpleType name="t_addr_ip6">
<xs:restriction base="xs:string">
<!-- This is a REALLY LAZY regex. Matching IPv6 in regex is ugly as heck, so we do that in-code.
This is just a gatekeeper. -->
<xs:pattern value="[A-Za-z0-9:]+"/>
<xs:whiteSpace value="collapse"/>
</xs:restriction>
</xs:simpleType>
<xs:simpleType name="t_authselect">
<xs:restriction base="xs:token">
<xs:enumeration value="basic"/>
<xs:enumeration value="digest"/>
<xs:enumeration value="none"/>
<xs:whiteSpace value="collapse"/>
</xs:restriction>
</xs:simpleType>
<xs:simpleType name="t_auto_ip6">
<xs:restriction base="xs:string">
<xs:enumeration value="slaac"/>
<xs:enumeration value="dhcp6"/>
</xs:restriction>
</xs:simpleType>
<xs:simpleType name="t_both_addr">
<xs:union memberTypes="net:t_addr_ip4 net:t_addr_ip6"/>
</xs:simpleType>
<xs:simpleType name="t_both_qualified_addr">
<xs:union memberTypes="net:t_qualified_addr_ip4 net:t_qualified_addr_ip6"/>
</xs:simpleType>
<xs:complexType name="t_http_resource">
<xs:simpleContent>
<xs:extension base="std:t_uri">
<xs:attribute name="user" type="std:t_nonempty" use="optional"/>
<xs:attribute name="password" type="std:t_nonempty" use="optional"/>
<xs:attribute name="realm" type="std:t_nonempty" use="optional"/>
<xs:attribute name="authtype" type="net:t_authselect" use="optional" default="none"/>
</xs:extension>
</xs:simpleContent>
</xs:complexType>
<xs:simpleType name="t_mac_addr">
<xs:restriction base="xs:token">
<!-- EUI48[RFC7043§3] (previously MAC48[RFC7042§2.1]) -->
<xs:pattern value="([A-Fa-f0-9]{2}[:-]?){5}[A-Fa-f0-9]{2}"/>
<!-- EUI64[RFC7043§4, RFC4291§2.5.1] -->
<xs:pattern value="([A-Fa-f0-9]{2}[:-]?){3}[Ff]{3}[FfEe][:-]?([A-Fa-f0-9]{2}[:-]?){2}[A-Fa-f0-9]{2}"/>
<xs:pattern value="([A-Fa-f0-9]{2}[:-]?){3}[A-Fa-f0-9]{4}[:-]?([A-Fa-f0-9]{2}[:-]?){2}[A-Fa-f0-9]{2}"/>
<xs:whiteSpace value="collapse"/>
</xs:restriction>
</xs:simpleType>
<xs:simpleType name="t_netproto">
<xs:restriction base="xs:token">
<xs:enumeration value="ipv4"/>
<xs:enumeration value="ipv6"/>
<xs:whiteSpace value="collapse"/>
</xs:restriction>
</xs:simpleType>
<xs:simpleType name="t_proto">
<!-- TODO: expand? Remove gre? -->
<xs:restriction base="xs:string">
<xs:enumeration value="tcp"/>
<xs:enumeration value="udp"/>
<xs:enumeration value="icmp"/>
<xs:enumeration value="gre"/>
</xs:restriction>
</xs:simpleType>
<xs:simpleType name="t_qualified_addr_ip4">
<!-- This is a REALLY LAZY regex. Matching IPv4 in regex is ugly as heck, so we do that in-code.
This is just a gatekeeper. -->
<xs:restriction base="xs:string">
<xs:pattern value="[0-9.]{7,15}/[0-9]{1,2}"/>
<xs:whiteSpace value="collapse"/>
</xs:restriction>
</xs:simpleType>
<xs:simpleType name="t_qualified_addr_ip6">
<!-- This is a REALLY LAZY regex. Matching IPv6 in regex is ugly as heck, so we do that in-code.
This is just a gatekeeper. -->
<xs:restriction base="xs:string">
<xs:pattern value="[A-Za-z0-9:]+/[0-9]{1,3}"/>
<xs:whiteSpace value="collapse"/>
</xs:restriction>
</xs:simpleType>
<!-- TODO: "enterprise" WPA2 (add'l details)?
WPA3?
EAP,
eduroam (https://github.com/rst0git/netctl-eduroam-config/blob/master/eduroam), etc. -->
<!-- wep64, wep128, wpa-psk:tkip, wpa-psk:aes, wpa2-psk:tkip, wpa2-psk:aes, wpa2-psk:tkip/aes -->
<xs:complexType name="t_wifi_crypto">
<xs:all>
<xs:element name="type" minOccurs="1" maxOccurs="1" default="wpa2">
<xs:simpleType>
<xs:restriction base="xs:token">
<!-- <xs:enumeration value="wep"/> -->
<xs:enumeration value="wpa"/>
<xs:enumeration value="wpa2"/>
<!-- <xs:enumeration value="wpa3"/> -->
<xs:whiteSpace value="collapse"/>
</xs:restriction>
</xs:simpleType>
</xs:element>
<!-- Only valid for WPA/WPA2 (and maybe WPA3 once supported?) -->
<xs:element name="creds" minOccurs="1" maxOccurs="1">
<xs:complexType>
<xs:choice minOccurs="1" maxOccurs="1">
<!-- "personal" -->
<xs:element name="psk">
<xs:complexType>
<xs:simpleContent>
<xs:extension base="xs:string">
<!-- A key can be generated via "wpa_passphrase <ssid> <passphrase>" -->
<!-- or via genPSK.py in extras/ -->
<xs:attribute name="isKey" type="xs:boolean" use="optional" default="false"/>
</xs:extension>
</xs:simpleContent>
</xs:complexType>
</xs:element>
<!-- TODO -->
<!-- <xs:element name="enterprise"></xs:element> -->
</xs:choice>
</xs:complexType>
</xs:element>
</xs:all>
</xs:complexType>
</xs:schema>

139
schema/lib/types/std.xsd Normal file
View File

@@ -0,0 +1,139 @@
<?xml version="1.0" encoding="UTF-8" ?>
<xs:schema targetNamespace="https://schema.xml.r00t2.io/lib/types/std.xsd"
xmlns="https://schema.xml.r00t2.io/lib/types/std.xsd"
xmlns:std="https://schema.xml.r00t2.io/lib/types/std.xsd"
xmlns:xs="http://www.w3.org/2001/XMLSchema"
elementFormDefault="unqualified"
attributeFormDefault="unqualified">
<xs:simpleType name="t_UUID4">
<xs:restriction base="xs:token">
<xs:pattern value="[A-Fa-f0-9]{8}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{12}"/>
<xs:whiteSpace value="collapse"/>
</xs:restriction>
</xs:simpleType>
<xs:complexType name="t_cksum">
<xs:simpleContent>
<xs:extension base="std:t_cksum_hashtypes">
<xs:attribute name="hashType" use="required" type="std:t_cksum_hashtypes"/>
</xs:extension>
</xs:simpleContent>
</xs:complexType>
<xs:complexType name="t_cksum_file">
<xs:simpleContent>
<xs:extension base="std:t_uri">
<xs:attribute name="hashType" use="required" type="std:t_cksum_hashtypes"/>
</xs:extension>
</xs:simpleContent>
</xs:complexType>
<xs:simpleType name="t_cksum_hashtypes">
<xs:restriction base="xs:string">
<xs:enumeration value="adler32"/>
<xs:enumeration value="crc32"/>
<xs:enumeration value="md5"/>
<xs:enumeration value="sha1"/>
<xs:enumeration value="sha224"/>
<xs:enumeration value="sha256"/>
<xs:enumeration value="sha384"/>
<xs:enumeration value="sha512"/>
<xs:enumeration value="blake2b"/>
<xs:enumeration value="blake22"/>
<xs:enumeration value="sha3_224"/>
<xs:enumeration value="sha3_256"/>
<xs:enumeration value="sha3_384"/>
<xs:enumeration value="sha3_512"/>
<xs:enumeration value="shake_128"/>
<xs:enumeration value="shake_256"/>
<xs:whiteSpace value="collapse"/>
</xs:restriction>
</xs:simpleType>
<xs:complexType name="t_cmdopts">
<xs:simpleContent>
<xs:extension base="xs:string">
<xs:attribute name="name" use="required" type="xs:token"/>
</xs:extension>
</xs:simpleContent>
</xs:complexType>
<xs:simpleType name="t_epoch_or_iso">
<!-- positiveInteger is used for UNIX Epoch. -->
<xs:union memberTypes="xs:dateTime xs:positiveInteger"/>
</xs:simpleType>
<xs:complexType name="t_gpg_keys">
<xs:sequence minOccurs="1" maxOccurs="unbounded">
<xs:element name="keyID" minOccurs="1" maxOccurs="unbounded" type="std:t_gpg_key_id"/>
</xs:sequence>
</xs:complexType>
<xs:simpleType name="t_gpg_key_id">
<xs:restriction base="xs:string">
<xs:pattern value="(auto|default)"/><!-- Program should accept any key IDs it finds (INSECURE) -->
<xs:pattern value="(0x)?[0-9A-Fa-f]{40}"/><!-- Full key ID -->
<xs:pattern value="(0x)?[0-9A-Fa-f]{16}"/><!-- Shorthand key ID -->
<xs:pattern value="(0x)?[0-9A-Fa-f]{8}"/><!-- Legacy shorter shorthand -->
<xs:pattern value="([0-9A-Fa-f ]{4}){5} ?([0-9A-Fa-f ]{4}){4}[0-9A-Fa-f]{4}"/><!-- Fingerprint -->
<xs:whiteSpace value="collapse"/>
</xs:restriction>
</xs:simpleType>
<xs:simpleType name="t_gpg_sig">
<xs:restriction base="xs:string">
<xs:whiteSpace value="preserve"/>
</xs:restriction>
</xs:simpleType>
<xs:simpleType name="t_nonempty">
<xs:restriction base="xs:token">
<xs:minLength value="1"/>
</xs:restriction>
</xs:simpleType>
<xs:simpleType name="t_uri">
<xs:restriction base="xs:anyURI">
<xs:pattern value="(https?|ftps?|file)://.+"/>
<xs:whiteSpace value="collapse"/>
</xs:restriction>
</xs:simpleType>
<xs:complexType name="t_verifyfile">
<xs:all minOccurs="1">
<xs:element name="gpg" minOccurs="0" maxOccurs="1" type="std:t_verify_gpg">
<xs:unique name="uniq_gpg_sig">
<xs:selector xpath="std:signature"/>
<xs:field xpath="."/>
</xs:unique>
<xs:unique name="uniq_gpg_sigfile">
<xs:selector xpath="std:signatureFile"/>
<xs:field xpath="."/>
</xs:unique>
</xs:element>
<xs:element name="hash" minOccurs="0" maxOccurs="1" type="std:t_verify_cksum"/>
</xs:all>
</xs:complexType>
<xs:complexType name="t_verify_cksum">
<xs:sequence>
<xs:element name="checksum" minOccurs="0" maxOccurs="unbounded" type="std:t_cksum"/>
<xs:element name="checksumFile" minOccurs="0" maxOccurs="unbounded" type="std:t_cksum_file"/>
</xs:sequence>
</xs:complexType>
<xs:complexType name="t_verify_gpg">
<xs:choice minOccurs="1" maxOccurs="1">
<xs:element name="signature" minOccurs="0" maxOccurs="unbounded" type="std:t_gpg_sig"/>
<xs:element name="signatureFile" minOccurs="0" maxOccurs="unbounded" type="std:t_uri"/>
<xs:element name="gpgKeyIDs" minOccurs="1" maxOccurs="1" type="std:t_gpg_keys">
<xs:unique name="uniq_key_id">
<xs:selector xpath="std:keyID"/>
<xs:field xpath="."/>
</xs:unique>
</xs:element>
</xs:choice>
</xs:complexType>
</xs:schema>

18
schema/lib/types/sys.xsd Normal file
View File

@@ -0,0 +1,18 @@
<?xml version="1.0" encoding="UTF-8" ?>
<xs:schema targetNamespace="https://schema.xml.r00t2.io/lib/types/sys.xsd"
xmlns="https://schema.xml.r00t2.io/lib/types/sys.xsd"
xmlns:xs="http://www.w3.org/2001/XMLSchema"
elementFormDefault="unqualified"
attributeFormDefault="unqualified">
<xs:simpleType name="t_diskfmt">
<xs:restriction base="xs:token">
<xs:enumeration value="gpt"/>
<xs:enumeration value="bios"/>
<xs:enumeration value="dos"/>
<xs:enumeration value="msdos"/>
<xs:whiteSpace value="collapse"/>
</xs:restriction>
</xs:simpleType>
</xs:schema>

111
schema/lib/types/unix.xsd Normal file
View File

@@ -0,0 +1,111 @@
<?xml version="1.0" encoding="UTF-8" ?>
<xs:schema targetNamespace="https://schema.xml.r00t2.io/lib/types/unix.xsd"
xmlns="https://schema.xml.r00t2.io/lib/types/unix.xsd"
xmlns:std="https://schema.xml.r00t2.io/lib/types/std.xsd"
xmlns:unix="https://schema.xml.r00t2.io/lib/types/unix.xsd"
xmlns:xs="http://www.w3.org/2001/XMLSchema"
elementFormDefault="unqualified"
attributeFormDefault="unqualified">
<xs:import namespace="https://schema.xml.r00t2.io/lib/types/std.xsd"
schemaLocation="./std.xsd"/>
<xs:simpleType name="t_filepath">
<xs:restriction base="xs:string">
<xs:pattern value="(/[^/]+)+/?"/>
</xs:restriction>
</xs:simpleType>
<xs:complexType name="t_nixpass">
<xs:choice minOccurs="1" maxOccurs="1">
<xs:element name="passwordPlain">
<xs:complexType>
<xs:simpleContent>
<xs:extension base="xs:string">
<xs:attribute name="hashType" use="optional" default="md5" type="unix:t_passwd_hashtypes"/>
<xs:attribute name="rounds" use="optional" default="5000" type="xs:positiveInteger"/>
</xs:extension>
</xs:simpleContent>
</xs:complexType>
</xs:element>
<xs:element name="passwordHash">
<xs:complexType>
<xs:simpleContent>
<xs:extension base="unix:t_shadowhash">
<xs:attribute name="hashType" use="optional" default="md5" type="unix:t_passwd_hashtypes"/>
</xs:extension>
</xs:simpleContent>
</xs:complexType>
</xs:element>
</xs:choice>
<xs:attribute name="locked" use="optional" default="false" type="xs:boolean"/>
</xs:complexType>
<xs:simpleType name="t_passwd_hashtypes">
<xs:restriction base="xs:string">
<xs:enumeration value="md5"/>
</xs:restriction>
</xs:simpleType>
<xs:simpleType name="t_posixUserGroup">
<!-- https://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap03.html#tag_03_437
https://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap03.html#tag_03_282
https://unix.stackexchange.com/a/435120/284004 -->
<xs:restriction base="xs:token">
<xs:pattern value="[a-z_]([a-z0-9_-]{0,31}|[a-z0-9_-]{0,30}$)"/>
<xs:whiteSpace value="collapse"/>
</xs:restriction>
</xs:simpleType>
<xs:simpleType name="t_shadowhash">
<!-- http://man7.org/linux/man-pages/man3/crypt.3.html#NOTES -->
<xs:restriction base="xs:token">
<xs:pattern value="($1)?($[a-zA-Z0-9./]{1,16})$[a-zA-Z0-9./]{22}"/><!-- md5 -->
<xs:whiteSpace value="collapse"/>
</xs:restriction>
</xs:simpleType>
<xs:complexType name="t_user">
<xs:sequence>
<xs:element name="password" minOccurs="0" maxOccurs="1" type="unix:t_nixpass"/>
<xs:element name="xGroup" minOccurs="0" maxOccurs="unbounded">
<xs:complexType>
<xs:attribute name="name" type="unix:t_posixUserGroup"
use="required"/>
<xs:attribute name="create" type="xs:boolean" use="optional"
default="false"/>
<xs:attribute name="gid" type="xs:positiveInteger"
use="optional"/>
</xs:complexType>
<xs:unique name="uniq_grp">
<xs:selector xpath="unix:xGroup"/>
<xs:field xpath="@name"/>
</xs:unique>
</xs:element>
</xs:sequence>
<xs:attribute name="name" type="unix:t_posixUserGroup" use="required"/>
<xs:attribute name="home" type="unix:t_filepath" use="optional"/>
<xs:attribute name="uid" type="xs:positiveInteger" use="optional"/>
<xs:attribute name="group" type="unix:t_posixUserGroup" use="optional"/>
<xs:attribute name="gid" type="xs:positiveInteger" use="optional"/>
<xs:attribute name="comment" type="std:t_nonempty" use="optional"/>
<xs:attribute name="sudo" type="xs:boolean" use="optional"
default="false"/>
<xs:attribute name="sudoPassword" type="xs:boolean" use="optional"
default="true"/>
<xs:attribute name="shell" type="unix:t_filepath" use="optional"
default="/bin/bash"/>
<!-- TODO: change the positiveIntegers to xs:duration? or union? -->
<!-- Might be pointless since the smallest increment is 1 day in
shadow(5). -->
<xs:attribute name="minAge" type="xs:positiveInteger" use="optional"/>
<xs:attribute name="maxAge" type="xs:positiveInteger" use="optional"/>
<xs:attribute name="warnDays" type="xs:positiveInteger"
use="optional"/>
<xs:attribute name="inactiveDays" type="xs:positiveInteger"
use="optional"/>
<xs:attribute name="expireDate" type="std:t_epoch_or_iso"
use="optional"/>
</xs:complexType>
</xs:schema>