YunoHost-Apps/lufi_ynh
1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/lufi_ynh.git synced 2024-09-03 19:36:28 +02:00
Code Issues Activity Actions
lufi_ynh/conf/lufi.conf.template
tytan652 223706b1e9 Allow LDAP on public install 
also upgrade and remove legacy permission
2022-01-19 22:02:50 +01:00

334 lines
14 KiB
Perl
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# vim:set sw=4 ts=4 sts=4 ft=perl expandtab:
{
####################
# Hypnotoad settings
####################
# see http://mojolicio.us/perldoc/Mojo/Server/Hypnotoad for a full list of settings
hypnotoad => {
# array of IP addresses and ports you want to listen to
# you can specify a unix socket too, like 'http+unix://%2Ftmp%2Flufi.sock'
listen => ['http://127.0.0.1:__PORT__'],
# if you use Lufi behind a reverse proxy like Nginx, you want to set proxy to 1
# if you use Lufi directly, let it commented
proxy => 1,
# Please read http://mojolicious.org/perldoc/Mojo/Server/Hypnotoad#workers
# to adjust this to your server
workers => 30,
clients => 1,
},
# put a way to contact you here and uncomment it
# you can put some HTML in it
# MANDATORY
contact => '<a href="mailto:webmaster@__DOMAIN__">Contact page</a>',
# put an URL or an email address to receive file reports and uncomment it
# it's for make reporting illegal files easy for users
# MANDATORY
report => 'webmaster@__DOMAIN__',
# array of random strings used to encrypt cookies
# optional, default is ['fdjsofjoihrei'], PLEASE, CHANGE IT
secrets => ['__SECRET__'],
# Name of the instance, displayed next to the logo
# optional, default is Lufi
#instance_name => 'Lufi',
# choose a theme. See the available themes in `themes` directory
# optional, default is 'default'
#theme => 'default',
# length of the random URL
# optional, default is 8
#length => 8,
# how many URLs will be provisioned in a batch ?
# optional, default is 5
#provis_step => 5,
# max number of URLs to be provisioned
# optional, default is 100
#provisioning => 100,
# length of the modify/delete token
# optional, default is 32
#token_length => 32,
# max file size, in octets
# you can write it 100*1024*1024
# optional, no default
max_file_size => __MAX_FILE_SIZE__*1024*1024,
# if you want to have piwik statistics, provide a piwik image tracker
# only the image tracker is allowed, no javascript
# optional, no default
#piwik_img => 'https://piwik.example.org/piwik.php?idsite=1&amp;rec=1',
# broadcast_message which will displayed on the index page
# optional, no default
#broadcast_message => 'Maintenance',
# default time limit for files
# valid values are 0, 1, 7, 30 and 365
# optional, default is 0 (no limit)
default_delay => 365,
# Number of days after which the files will be deleted, even if they were uploaded with "no delay" (or value superior to max_delay)
# a warning message will be displayed on homepage
# optional, default is 0 (no limit)
#max_delay => 0,
# size thresholds: if you want to define max delays for different sizes of file
# the keys are size in Bytes, you can't have 10*1000*10000 as key
# if a file is smaller than the smallest configured size, it will have a expiration delay of max_delay (see above)
# optional, default is using max_delay (see above) for all sizes
#delay_for_size => {
# 10000000 => 90, # between 10MB and 50MB => max is 90 days, less than 10MB => max is max_delay (see above)
# 50000000 => 60, # between 50MB ans 1GB => max is 60 days
# 1000000000 => 2, # more than 1GB => max is 2 days
#},
# URL sub-directory in which you want Lufi to be accessible
# example: you want to have Lufi under https://example.org/lufi/
# => set prefix to '/lufi' or to '/lufi/', it doesn't matter
# optional, defaut is /
prefix => '__PATH__',
# array of authorized domains for API calls.
# if you want to authorize everyone to use the API: ['*']
# optional, no domains allowed by default
#allowed_domains => ['http://1.example.com', 'http://2.example.com'],
# Define a path to the upload directory, where the uploaded files will be stored
# You can define it relative to lufi directory or set an absolute path
# Remember that it has to be in a directory writable by Lufi user
# DO NOT CHANGE THIS IF FILES HAVE BEEN ALREADY UPLOADED: THEY WILL NOT BE DOWNLOADABLE ANYMORE
# optional, default is 'files'
#upload_dir => 'files',
# allow to add a password on files, asked before allowing to download files
# optional, default is 0
allow_pwd_on_files => 1,
# force all files to be in "Burn after reading mode"
# optional, default is 0
#force_burn_after_reading => 0,
# if set, the files' URLs will always use this domain
# optional, no default
#fixed_domain => 'example.org',
# abuse reasons
# set an integer in the abuse field of a file in the database and it will not be downloadable anymore
# the reason will be displayed to the downloader, according to the reasons you will configure here.
# optional, no default
#abuse => {
# 0 => 'Copyright infringment',
# 1 => 'Illegal content',
#},
###############
# Mail settings
###############
# Mail configuration
# See https://metacpan.org/pod/Mojolicious::Plugin::Mail#EXAMPLES
# Optional, default to sendmail method with no arguments
#mail => {
# # Valid values are 'sendmail' and 'smtp'
# how => 'smtp',
# howargs => ['smtp.example.org']
#},
# Email sender address
# Optional, default to no-reply@lufi.io
#mail_sender => 'no-reply@lufi.io',
#############
# DB settings
#############
# choose what database you want to use
# valid choices are sqlite, postgresql and mysql (all lowercase)
# optional, default is sqlite
dbtype => 'postgresql',
# SQLite ONLY - only used if dbtype is set to sqlite
# define a path to the SQLite database
# you can define it relative to lufi directory or set an absolute path
# remember that it has to be in a directory writable by Lufi user
# optional, default is lufi.db
#db_path => 'lufi.db',
# PostgreSQL ONLY - only used if dbtype is set to postgresql
# these are the credentials to access the PostgreSQL database
# mandatory if you choosed postgresql as dbtype
pgdb => {
database => '__DB_NAME__',
host => 'localhost',
# optional, default is 5432
#port => 5432,
user => '__DB_USER__',
pwd => '__DB_PWD__',
# https://mojolicious.org/perldoc/Mojo/Pg#max_connections
# optional, default is 1
#max_connections => 1,
},
# MySQL ONLY - only used if dbtype is set to mysql
# these are the credentials to access the MySQL database
# mandatory if you choosed mysql as dbtype
#mysqldb => {
# database => 'lufi',
# host => 'localhost',
# # optional, default is 3306
# #port => 3306,
# user => 'DBUSER',
# pwd => 'DBPASSWORD',
# # https://metacpan.org/pod/Mojo::mysql#max_connections
# # optional, default is 5 (set to 0 to disable persistent connections)
# #max_connections => 5,
#},
#############################################
# LDAP settings (authentication and features)
#############################################
# set `ldap` if you want that only authenticated users can upload files
# please note that everybody can still download files
# optional, no default
__USE_LDAP__ldap => {
__USE_LDAP__ uri => 'ldap://localhost:389', # server URI
__USE_LDAP__ user_tree => 'dc=yunohost,dc=org', # search base DN
__USE_LDAP__ bind_dn => 'ou=users,dc=yunohost,dc=org', # search bind DN
__USE_LDAP__ #bind_pwd => 'secr3t', # search bind password
__USE_LDAP__ user_attr => 'uid', # user attribute (uid, mail, sAMAccountName, etc.)
__USE_LDAP__ user_filter => '(&(objectClass=posixAccount)(permission=cn=__APP__.main,ou=permission,dc=yunohost,dc=org))', # user filter (to exclude some users, etc.)
__USE_LDAP__ # optional start_tls configuration. See https://metacpan.org/pod/distribution/perl-ldap/lib/Net/LDAP.pod#start_tls
__USE_LDAP__ # don't set or uncomment if you don't want to configure it
__USE_LDAP__ #start_tls => {
__USE_LDAP__ # verify => 'optional',
__USE_LDAP__ # clientcert => '/etc/ssl/certs/ca-bundle.pem'
__USE_LDAP__ #}
__USE_LDAP__},
# if you've set ldap above, the session will last `session_duration` seconds before
# the user needs to reauthenticate
# optional, default is 3600
#session_duration => 3600,
# If you use `ldap` for authentication, you can map some attributes from LDAP to be able to access them in Lufi
# Those attributes will be accessible with:
# $c->current_user->{lufi_attribute_name} in Lufi backend files (all that is in `lib` directory)
# <%= $self->current_user->{lufi_attribute_name} %> in templates files (in `themes` directory)
#
# Define the attributes like this: `lufi_attribute_name => 'LDAP_attribute_name'`
# Note that you cant use `username` as a Lufi attribute name: this name is reserved and will contain the login of the user
# optional, no default
#ldap_map_attr => {
# displayname => 'cn',
# mail => 'mail'
#},
# When using LDAP authentication, LDAP users can invite people (by mail) to use Lufi to send them files without
# being authenticated.
# This is where you configure the behavior of the invitations.
# You may need to fetch some attributes from LDAP to use some invitations settings. See `ldap_map_attr` above.
# optional, no default
#invitations => {
# # The name of the key set in `ldap_map_attr` (above) that corresponds to the mail of the LDAP user
# # optional, default is `mail`
# mail_attr => 'mail',
# # The `From` header of invitation mail can be the mail of the LDAP user
# # Be sure to have a mail system that will correctly send the mail from your users! (DKIM, SPF…)
# # To enable this feature, set it to 1
# # optional, disabled by default
# send_invitation_with_ldap_user_mail => 1,
# # The user is able to set an expiration delay for the invitation.
# # This expiration delay cant be more than this setting (in days).
# # optional, default is 30 days
# max_invitation_expiration_delay => 30,
# # Once the guest has submitted his files, he has an additional period of time to submit forgotten files.
# # You can set that additional period of time in minutes here.
# # To disable that feature, set it to 0 or less
# # optional, default is 10 minutes
# max_additional_period => 10,
# # Lufi follows privacy-by-design, so, by default, no files URLs (with the decode secret) are stored in database.
# # However, the concern is different for this case. Storing files URLs makes users able to retrieve the guests sent files
# # from their `invitations` page.
# # Set to 1 to store guests files URLs in database
# # optional, default is 0 (disabled)
# save_files_url_in_db => 0,
# # Users can resend the invitation to their guest. This does not extend the invitations expiration delay unless you
# # set this option to 1.
# # optional, default is 0 (disabled)
# extend_invitation_expiration_on_resend => 0,
#},
#########################
# Htpasswd authentication
#########################
# set `htpasswd` if you want to use an htpasswd file instead of ldap
# see 'man htpasswd' to know how to create such file
#htpasswd => 'lufi.passwd',
#######################
# HTTP Headers settings
#######################
# Content-Security-Policy header that will be sent by Lufi
# Set to '' to disable CSP header
# https://content-security-policy.com/ provides a good documentation about CSP.
# https://report-uri.com/home/generate provides a tool to generate a CSP header.
# optional, default is "base-uri 'self'; connect-src 'self' ws://YOUR_HOST; default-src 'none'; font-src 'self'; form-action 'self'; frame-ancestors 'none'; img-src 'self' blob:; media-src blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'"
#csp => "",
# X-Frame-Options header that will be sent by Lufi
# Valid values are: 'DENY', 'SAMEORIGIN', 'ALLOW-FROM https://example.com/'
# Set to '' to disable X-Frame-Options header
# See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
# Please note that this will add a "frame-ancestors" directive to the CSP header (see above) accordingly
# to the chosen setting (See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors)
# optional, default is 'DENY'
#x_frame_options => 'DENY',
# X-Content-Type-Options that will be sent by Lufi
# See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options
# Set to '' to disable X-Content-Type-Options header
# optional, default is 'nosniff'
#x_content_type_options => 'nosniff',
# X-XSS-Protection that will be sent by Lufi
# See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection
# Set to '' to disable X-XSS-Protection header
# optional, default is '1; mode=block'
#x_xss_protection => '1; mode=block',
#########################
# Lufi cron jobs settings
#########################
# number of days senders' IP addresses are kept in database
# after that delay, they will be deleted from database (used with script/lufi cron cleanbdd)
# optional, default is 365
#keep_ip_during => 365,
# max size of the files directory, in octets
# used by script/lufi cron watch to trigger an action
# optional, no default
#max_total_size => 10*1024*1024*1024,
# default action when files directory is over max_total_size (used with script/lufi cron watch)
# valid values are 'warn', 'stop-upload' and 'delete'
# Please, see README.md
# optional, default is 'warn'
#policy_when_full => 'warn',
# Files which are not viewed since delete_no_longer_viewed_files days will be deleted by the cron cleanfiles task
# if delete_no_longer_viewed_files is not set, the no longer viewed files will NOT be deleted
# optional, no default
#delete_no_longer_viewed_files => 90,
};
Reference in a new issue View git blame Copy permalink