1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/lufi_ynh.git synced 2024-09-03 19:36:28 +02:00
lufi_ynh/conf/lufi.conf.template

385 lines
17 KiB
Perl
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# vim:set sw=4 ts=4 sts=4 ft=perl expandtab:
{
####################
# Hypnotoad settings
####################
# see http://mojolicio.us/perldoc/Mojo/Server/Hypnotoad for a full list of settings
hypnotoad => {
# array of IP addresses and ports you want to listen to
# you can specify a unix socket too, like 'http+unix://%2Ftmp%2Flufi.sock'
listen => ['http://127.0.0.1:__PORT__'],
# if you use Lufi behind a reverse proxy like Nginx, you want to set proxy to 1
# if you use Lufi directly, let it commented
proxy => 1,
# Please read http://mojolicious.org/perldoc/Mojo/Server/Hypnotoad#workers
# to adjust this to your server
workers => 30,
clients => 1,
},
# Put a way to contact you here and uncomment it
# You can put some HTML in it
# MANDATORY
contact => '<a href="mailto:webmaster@__DOMAIN__">Contact page</a>',
# Put an URL or an email address to receive file reports and uncomment it
# It's for make reporting illegal files easy for users
# MANDATORY
report => 'webmaster@__DOMAIN__',
# Array of random strings used to encrypt cookies
# optional, default is ['fdjsofjoihrei'], PLEASE, CHANGE IT
secrets => ['__SECRET__'],
# Name of the instance, displayed next to the logo
# optional, default is Lufi
#instance_name => 'Lufi',
# Choose a theme. See the available themes in `themes` directory
# Optional, default is 'default'
#theme => 'default',
# Length of the random URL
# optional, default is 8
#length => 8,
# How many URLs will be provisioned in a batch ?
# optional, default is 5
#provis_step => 5,
# Max number of URLs to be provisioned
# optional, default is 100
#provisioning => 100,
# Length of the modify/delete token
# optional, default is 32
#token_length => 32,
# Max file size, in octets
# You can write it 100*1024*1024
# optional, no default
__MAX_SIZE_SET__max_file_size => __MAX_FILE_SIZE__*1024*1024,
# If you want to have piwik statistics, provide a piwik image tracker
# Only the image tracker is allowed, no javascript
# optional, no default
#piwik_img => 'https://piwik.example.org/piwik.php?idsite=1&amp;rec=1',
# Broadcast_message which will displayed on the index page
# optional, no default
#broadcast_message => 'Maintenance',
# Default time limit for files
# Valid values are 0, 1, 7, 30 and 365
# optional, default is 0 (no limit)
default_delay => 365,
# Number of days after which the files will be deleted, even if they were uploaded with "no delay" (or value superior to max_delay)
# A warning message will be displayed on homepage
# optional, default is 0 (no limit)
#max_delay => 0,
# Size thresholds: if you want to define max delays for different sizes of file
# The keys are size in Bytes, you can't have 10*1000*10000 as key
# If a file is smaller than the smallest configured size, it will have a expiration delay of max_delay (see above)
# optional, default is using max_delay (see above) for all sizes
#delay_for_size => {
# 10000000 => 90, # between 10MB and 50MB => max is 90 days, less than 10MB => max is max_delay (see above)
# 50000000 => 60, # between 50MB ans 1GB => max is 60 days
# 1000000000 => 2, # more than 1GB => max is 2 days
#},
# URL sub-directory in which you want Lufi to be accessible
# example: you want to have Lufi under https://example.org/lufi/
# => set prefix to '/lufi' or to '/lufi/', it doesn't matter
# optional, defaut is /
prefix => '__PATH__',
# Array of authorized domains for API calls.
# If you want to authorize everyone to use the API: ['*']
# optional, no domains allowed by default
#allowed_domains => ['http://1.example.com', 'http://2.example.com'],
# String of the URL to be redirected to when accessing /logout
# optional, default is no redirection after logging out
#logout_custom => 'https://sso.example.com/logout?redirect_uri=https%3A%2F%2Fexample.com',
# Define a path to the upload directory, where the uploaded files will be stored
# You can define it relative to lufi directory or set an absolute path
# Remember that it has to be in a directory writable by Lufi user
# DO NOT CHANGE THIS IF FILES HAVE BEEN ALREADY UPLOADED: THEY WILL NOT BE DOWNLOADABLE ANYMORE
# optional, default is 'files'
upload_dir => '__DATADIR__/upload',
#!!!!!!!!!!!!!!!
# EXPERIMENTAL !
#!!!!!!!!!!!!!!!
# You can store files on Swift object storage (https://en.wikipedia.org/wiki/OpenStack#Swift) instead of filesystem
# Please read https://metacpan.org/pod/Net::OpenStack::Swift#SYNOPSIS to know how to configure this setting
# IMPORTANT: add a `container` key in it, to let Lufi know which container to use. This is not a regular Net::OpenStack::Swift setting, but Lufi need it.
# EXPERIMENTAL: if the upload or download of files are stucked, reload Lufi and create a cron task to reload Lufi once a day
# You can copy Lufi files to Swift object storage by launching the command `carton exec script/lufi copyFilesToSwift` (can take a long time)
# optional, no default
#swift => {
# auth_url => 'https://auth-endpoint-url/v2.0',
# user => 'userid',
# password => 'password',
# tenant_name => 'project_id',
# container => 'lufi'
#},
# Allow to add a password on files, asked before allowing to download files
# optional, default is 0
allow_pwd_on_files => 1,
# Force all files to be in "Burn after reading mode"
# optional, default is 0
#force_burn_after_reading => 0,
# If set, the files' URLs will always use this domain
# optional, no default
#fixed_domain => 'example.org',
# Abuse reasons
# Set an integer in the abuse field of a file in the database and it will not be downloadable anymore
# The reason will be displayed to the downloader, according to the reasons you will configure here.
# optional, no default
#abuse => {
# 0 => 'Copyright infringment',
# 1 => 'Illegal content',
#},
###############
# Mail settings
###############
# Mail configuration
# See https://metacpan.org/pod/Mojolicious::Plugin::Mail#EXAMPLES
# optional, default to sendmail method with no arguments
#mail => {
# # Valid values are 'sendmail' and 'smtp'
# how => 'smtp',
# howargs => ['smtp.example.org']
#},
# Email sender address
# optional, default to no-reply@lufi.io
#mail_sender => 'no-reply@lufi.io',
# Disable sending mail through the server
# optional, default is false
disable_mail_sending => 1,
#############
# DB settings
#############
# Choose what database you want to use
# Valid choices are sqlite, postgresql and mysql (all lowercase)
# optional, default is sqlite
dbtype => 'postgresql',
# SQLite ONLY - only used if dbtype is set to sqlite
# Define a path to the SQLite database
# You can define it relative to lufi directory or set an absolute path
# Remember that it has to be in a directory writable by Lufi user
# optional, default is lufi.db
#db_path => 'lufi.db',
# PostgreSQL ONLY - only used if dbtype is set to postgresql
# These are the credentials to access the PostgreSQL database
# mandatory if you choosed postgresql as dbtype
pgdb => {
database => '__DB_NAME__',
host => 'localhost',
# optional, default is 5432
#port => 5432,
user => '__DB_USER__',
pwd => '__DB_PWD__',
# https://mojolicious.org/perldoc/Mojo/Pg#max_connections
# optional, default is 1
#max_connections => 1,
},
# MySQL ONLY - only used if dbtype is set to mysql
# These are the credentials to access the MySQL database
# mandatory if you choosed mysql as dbtype
#mysqldb => {
# database => 'lufi',
# host => 'localhost',
# # optional, default is 3306
# #port => 3306,
# user => 'DBUSER',
# pwd => 'DBPASSWORD',
# # https://metacpan.org/pod/Mojo::mysql#max_connections
# # optional, default is 5 (set to 0 to disable persistent connections)
# #max_connections => 5,
#},
#############################################
# LDAP settings (authentication and features)
#############################################
# Set `ldap` if you want that only authenticated users can upload files
# Please note that everybody can still download files
# optional, no default
__LDAP__ldap => {
__LDAP__ uri => 'ldap://localhost:389', # server URI
__LDAP__ user_tree => 'dc=yunohost,dc=org', # search base DN
__LDAP__ bind_dn => 'ou=users,dc=yunohost,dc=org', # search bind DN
__LDAP__ #bind_pwd => 'secr3t', # search bind password
__LDAP__ user_attr => 'uid', # user attribute (uid, mail, sAMAccountName, etc.)
__LDAP__ user_filter => '(&(objectClass=posixAccount)(permission=cn=__APP__.main,ou=permission,dc=yunohost,dc=org))', # user filter (to exclude some users, etc.)
__LDAP__ # optional start_tls configuration. See https://metacpan.org/pod/distribution/perl-ldap/lib/Net/LDAP.pod#start_tls
__LDAP__ # don't set or uncomment if you don't want to configure it
__LDAP__ #start_tls => {
__LDAP__ # verify => 'optional',
__LDAP__ # clientcert => '/etc/ssl/certs/ca-bundle.pem'
__LDAP__ #}
__LDAP__},
# If you've set ldap above, the session will last `session_duration` seconds before
# the user needs to reauthenticate
# optional, default is 3600
#session_duration => 3600,
# If you use `ldap` for authentication, you can map some attributes from LDAP to be able to access them in Lufi
# Those attributes will be accessible with:
# $c->current_user->{lufi_attribute_name} in Lufi backend files (all that is in `lib` directory)
# <%= $self->current_user->{lufi_attribute_name} %> in templates files (in `themes` directory)
#
# Define the attributes like this: `lufi_attribute_name => 'LDAP_attribute_name'`
# Note that you cant use `username` as a Lufi attribute name: this name is reserved and will contain the login of the user
# optional, no default
#ldap_map_attr => {
# displayname => 'cn',
# mail => 'mail'
#},
# When using LDAP authentication, LDAP users can invite people (by mail) to use Lufi to send them files without
# being authenticated.
# This is where you configure the behavior of the invitations.
# You may need to fetch some attributes from LDAP to use some invitations settings. See `ldap_map_attr` above.
# optional, no default
#invitations => {
# # The name of the key set in `ldap_map_attr` (above) that corresponds to the mail of the LDAP user
# # optional, default is `mail`
# mail_attr => 'mail',
# # The `From` header of invitation mail can be the mail of the LDAP user
# # Be sure to have a mail system that will correctly send the mail from your users! (DKIM, SPF…)
# # To enable this feature, set it to 1
# # optional, disabled by default
# send_invitation_with_ldap_user_mail => 1,
# # The user is able to set an expiration delay for the invitation.
# # This expiration delay cant be more than this setting (in days).
# # optional, default is 30 days
# max_invitation_expiration_delay => 30,
# # Once the guest has submitted his files, he has an additional period of time to submit forgotten files.
# # You can set that additional period of time in minutes here.
# # To disable that feature, set it to 0 or less
# # optional, default is 10 minutes
# max_additional_period => 10,
# # Lufi follows privacy-by-design, so, by default, no files URLs (with the decode secret) are stored in database.
# # However, the concern is different for this case. Storing files URLs makes users able to retrieve the guests sent files
# # from their `invitations` page.
# # Set to 1 to store guests files URLs in database
# # optional, default is 0 (disabled)
# save_files_url_in_db => 0,
# # Users can resend the invitation to their guest. This does not extend the invitations expiration delay unless you
# # set this option to 1.
# # optional, default is 0 (disabled)
# extend_invitation_expiration_on_resend => 0,
#},
#########################
# Htpasswd authentication
#########################
# Set `htpasswd` if you want to use an htpasswd file instead of ldap
# See 'man htpasswd' to know how to create such file
#htpasswd => 'lufi.passwd',
############################
# HTTP header authentication
############################
# Set `auth_headers` if you want to use HTTP header auth.
# Typically, these headers are set by a reverse-proxy
# acting as an authentication server. Useful for SSO.
# `auth_headers` should contains the user's username.
#
# /!\ LUFI BLINDLY TRUSTS THESE HEADERS
# /!\ IT'S UP TO YOU TO SANITIZE INCOMING HEADERS TO SECURE YOUR INSTANCE
#
#auth_headers => 'X-AUTH-PREFERRED-USERNAME',
#auth_headers_map_value => {
# # Like ldap_map_attr but for headers
# displayname => 'X-AUTH-DISPLAYNAME',
# firstname => 'X-AUTH-GIVENNAME',
# lastname => 'X-AUTH-LASTNAME',
# mail => 'X-AUTH-EMAIL'
#},
#######################
# HTTP Headers settings
#######################
# Content-Security-Policy header that will be sent by Lufi
# Set to '' to disable CSP header
# https://content-security-policy.com/ provides a good documentation about CSP.
# https://report-uri.com/home/generate provides a tool to generate a CSP header.
# optional, default is "base-uri 'self'; connect-src 'self' ws://YOUR_HOST; default-src 'none'; font-src 'self'; form-action 'self'; frame-ancestors 'none'; img-src 'self' blob:; media-src blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'"
#csp => "",
# X-Frame-Options header that will be sent by Lufi
# Valid values are: 'DENY', 'SAMEORIGIN', 'ALLOW-FROM https://example.com/'
# Set to '' to disable X-Frame-Options header
# See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
# Please note that this will add a "frame-ancestors" directive to the CSP header (see above) accordingly
# to the chosen setting (See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors)
# optional, default is 'DENY'
#x_frame_options => 'DENY',
# X-Content-Type-Options that will be sent by Lufi
# See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options
# Set to '' to disable X-Content-Type-Options header
# optional, default is 'nosniff'
#x_content_type_options => 'nosniff',
# X-XSS-Protection that will be sent by Lufi
# See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection
# Set to '' to disable X-XSS-Protection header
# optional, default is '1; mode=block'
#x_xss_protection => '1; mode=block',
#########################
# Lufi cron jobs settings
#########################
# Expired files will be kept for 2 additional days after the expiration time has passed!
# The reasoning behind this is to allow downloads to complete and avoid deleting them while
# they are still being tranfered.
# Number of days senders' IP addresses are kept in database
# After that delay, they will be deleted from database (used with script/lufi cron cleanbdd)
# optional, default is 365
#keep_ip_during => 365,
# Max size of the files directory, in octets
# Used by script/lufi cron watch to trigger an action
# optional, no default
#max_total_size => 10*1024*1024*1024,
# Default action when files directory is over max_total_size (used with script/lufi cron watch)
# Valid values are 'warn', 'stop-upload' and 'delete'
# Please, see README.md
# optional, default is 'warn'
#policy_when_full => 'warn',
# Files which are not viewed since delete_no_longer_viewed_files days will be deleted by the cron cleanfiles task
# If delete_no_longer_viewed_files is not set, the no longer viewed files will NOT be deleted
# optional, no default
#delete_no_longer_viewed_files => 90,
};