default {
    default {
        deny spoof
        deny spoof_all
        deny spoof_privport
        deny random
        deny random_numeric
        deny numeric
        deny hide
        deny forward
    }
}

user root {
    default {
        force reply "nobody"
    }
}

% for user, allows in node.metadata.get('oidentd/allows', {}).items():
user ${user} {
    default {
%   for allow in sorted(allows):
        allow ${allow}
%   endfor
    }
}

% endfor