diff --git a/conf/default.yaml b/conf/default.yaml index 2b48a5d..89b5698 100644 --- a/conf/default.yaml +++ b/conf/default.yaml @@ -396,7 +396,7 @@ accounts: # options for email verification of account registrations email-verification: - enabled: false + enabled: true sender: "ergoadmin@__DOMAIN__" require-tls: true helo-domain: "__DOMAIN__" # defaults to server name if unset @@ -417,9 +417,9 @@ accounts: timeout: 60s # email-based password reset: password-reset: - enabled: false + enabled: true # time before we allow resending the email - cooldown: 1h + cooldown: 4h # time for which a password reset code is valid timeout: 1d @@ -429,10 +429,10 @@ accounts: enabled: true # window - duration: 1m + duration: 10m # number of attempts allowed within the window - max-attempts: 3 + max-attempts: 5 # some clients (notably Pidgin and Hexchat) offer only a single password field, # which makes it impossible to specify a separate server password (for the PASS @@ -556,7 +556,7 @@ accounts: # pluggable authentication mechanism, via subprocess invocation # see the manual for details on how to write an authentication plugin script auth-script: - enabled: false + enabled: __LDAPOPTION__ command: "__FINALPATH__/ergo-ldap" # constant list of args to pass to the command; the actual authentication # data is transmitted over stdin/stdout: @@ -674,7 +674,7 @@ opers: # or by certificate fingerprint, or both. if a password hash is set, then a # password is required to oper up (e.g., /OPER dan mypassword). to generate # the hash, use `ergo genpasswd`. - password: "$2a$04$HR0neg/TjG015DvtvTo0He9t5H3iBeAfqKURnJ9iLs5FpETBhXS1K" #ergo@YunoHost + password: "__PASSWORDHASH__" #ergo@YunoHost # if a SHA-256 certificate fingerprint is configured here, then it will be # required to /OPER. if you comment out the password hash above, then you can diff --git a/manifest.json b/manifest.json index 3f43eb4..c2501ba 100644 --- a/manifest.json +++ b/manifest.json @@ -65,6 +65,22 @@ "name": "server_name", "type": "string", "default": "ergo.yunohost" + }, + { + "name": "password", + "type": "password", + "help": { + "en": "Server admin password for using /OPER", + "fr": "Utilisez le champ aide pour ajouter une information à l'intention de l'administrateur à propos de cette question." + } + }, + { + "name": "enable_ldap", + "type": "boolean", + "default": false, + "help": { + "en": "Enable ldap authentication script" + } } ] } diff --git a/scripts/install b/scripts/install index 8e7f399..daf45eb 100755 --- a/scripts/install +++ b/scripts/install @@ -27,10 +27,12 @@ ynh_abort_if_errors domain=$YNH_APP_ARG_DOMAIN path_url=$YNH_APP_ARG_PATH is_public=$YNH_APP_ARG_IS_PUBLIC +enable_ldap=$YNH_APP_ARG_ENABLE_LDAP language=$YNH_APP_ARG_LANGUAGE architecture=$YNH_ARCH network_name=$YNH_APP_ARG_NETWORK_NAME server_name=$YNH_APP_ARG_SERVER_NAME +password=$YNH_APP_ARG_PASSWORD app=$YNH_APP_INSTANCE_NAME @@ -125,8 +127,21 @@ ynh_add_nginx_config #================================================= # ADD A CONFIGURATION #================================================= + ynh_script_progression --message="Adding a configuration file..." --time --weight=1 +# Get Password Hash +passwordhash=$((echo "$password"; echo "$password") | $final_path/ergo genpasswd) + +# Enable ldap authentication if necessary + +ldapoption=false + +if [ $enable_ldap -eq 1 ] +then + ldapoption=true +fi + server=$domain ynh_add_config --template="../conf/default.yaml" --destination="$final_path/ircd.yaml" ynh_add_config --template="../conf/ldap-config.yaml" --destination="$final_path/ldap-config.yaml"