{
    "groups": {
        "group:admin": [ %{~ for admin in admins ~} "${admin}@${domain}", %{~ endfor ~} ]
    },
    "acls": [
        { "action": "accept", "users": ["*"], "ports": ["*:*"] }
    ],
    "tagOwners": {
        "${tag}": ["group:admin", "${tag}"]
    },
    "autoApprovers": {
        "routes": {
            %{~ for route in routes ~}
            "${route}": ["${tag}"],
            %{~ endfor ~}
        },
        "exitNode": ["${tag}"]
    },
    %{~ if enable_ssh ~}
    "ssh": [
        {
            "action": "check",
            "src": ["autogroup:members"],
            "dst": ["autogroup:self"],
            "users": ["autogroup:nonroot", "root"]
        }
    ]
    %{~ endif ~}
}