Update template

conf/lutim.conf.template

@@ -52,8 +52,8 @@
 
     # twitter account which will appear on twitter cards
     # see https://dev.twitter.com/docs/cards/validation/validator to register your Lutim instance on twitter
-    # optional, default is @framasky
-    #tweet_card_via    => '@framasky',
+    # optional, no default
+    #tweet_card_via    => '@foo',
 
     # max image size, in octets
     # you can write it 10*1024*1024
@@ -66,7 +66,7 @@
     #piwik_img         => 'https://piwik.example.org/piwik.php?idsite=1&rec=1',
 
     # if you want to include something in the right of the screen, put it here
-    # here's an exemple to put the logo of your hoster
+    # here's an example to put the logo of your hoster
     # optional, no default
     #hosted_by         => 'My super hoster <img src="http://hoster.example.com" alt="Hoster logo">',
     hosted_by         => '<a href="stats">Statistiques</a>',
@@ -91,6 +91,10 @@
     # optional, default is 0 (no limit)
     default_delay     => 365,
 
+    # comma-separated values proposed for delays
+    # optional, default is '0,1,7,30,365'
+    #proposed_delays         => '0,1,7,30,365',
+
     # number of days after which the images will be deleted, even if they were uploaded with "no delay" (or value superior to max_delay)
     # a warning message will be displayed on homepage
     # optional, default is 0 (no limit)
@@ -116,6 +120,7 @@
     # optional, default is sqlite
     #dbtype => 'sqlite',
 
+    # SQLite ONLY - only used if dbtype is set to sqlite
     # define a path to the SQLite database
     # you can define it relative to lutim directory or set an absolute path
     # remember that it has to be in a directory writable by Lutim user
@@ -157,6 +162,34 @@
     #    }
     #},
 
+    # set `ldap` if you want that only authenticated users can shorten URLs
+    # please note that everybody can still use shortend URLs
+    # optional, no default
+    #ldap => {
+    #    uri         => 'ldaps://ldap.example.org',                 # server URI
+    #    user_tree   => 'ou=users,dc=example,dc=org',               # search base DN
+    #    bind_dn     => 'uid=ldap_user,ou=users,dc=example,dc=org', # search bind DN
+    #    bind_pwd    => 'secr3t',                                   # search bind password
+    #    user_attr   => 'uid',                                      # user attribute (uid, mail, sAMAccountName, etc.)
+    #    user_filter => '(!(uid=ldap_user))',                       # user filter (to exclude some users, etc.)
+    #},
+
+    # set `htpasswd` if you want to use an htpasswd file instead of ldap
+    # create the file with `htpasswd -c lutim.passwd user`, update it with `htpasswd lutim.passwd user2`
+    # make sure that lutim can read the file!
+    # optional, no default
+    #htpasswd => 'lutim.passwd',
+
+    # if you've set ldap or htpasswd above, the session will last `session_duration` seconds before
+    # the user needs to reauthenticate
+    # optional, default is 3600
+    #session_duration => 3600,
+
+    # disable counters of images
+    # set to 1 to disable counters
+    # optional, counters are enabled by default
+    #disable_img_stats => 0,
+
     # define the height of the thumbnails generated at users' will
     # this is not the height of the thumbnails send after upload,
     # we're talking about thumbnails generated when someone asked for
@@ -173,6 +206,66 @@
     # optional, default is 15
     #max_files_in_zip => 15,
 
+    # maximum size (in MB) of memory allowed for the image cache
+    # Lutim has a built-in memory-based image cache to accelerate responses to often-viewed images.
+    # This setting makes the cache remove oldest viewed image if the cache size is over it.
+    # WARNING: a cache is created for each hypnotoad worker, which by default is twice the number of
+    # CPUs you have. See http://mojolicious.org/perldoc/Mojo/Server/Hypnotoad#workers for details
+    # So, if you have 4 workers and set cache_max_size to 100, the real maximum size of RAM used for
+    # cache is 400MB.
+    # If set to 0, the cache is disabled
+    # optional, default is 0
+    #cache_max_size => 0,
+
+    # array of memcached servers to cache URL in order to accelerate responses to often-viewed URL.
+    # If set to [], the use of memcached is disabled.
+    # If you use memcached, the internal cache (see cache_max_size option above) will not be used.
+    # Please see https://framagit.org/luc/lutim/wikis/memcached to know how to configure your memcached
+    # servers.
+    # exemple of valid value: ['127.0.0.1:11211']
+    # optional, default is []
+    #memcached_servers => [],
+
+    # enable or disable Lutim built-in logs
+    # set to 1 to disable logs
+    # optional, default is 0
+    #quiet_logs => 0,
+
+    # Content-Security-Policy header that will be sent by Lstu
+    # Set to '' to disable CSP header
+    # https://content-security-policy.com/ provides a good documentation about CSP.
+    # https://report-uri.com/home/generate provides a tool to generate a CSP header.
+    # optional, default is "base-uri 'self'; connect-src 'self'; default-src 'none'; font-src 'self'; form-action 'self'; img-src 'self' data:; script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline'"
+    # NB: unsafe-inline for script-src and style-src are here only because morris,
+    # the graph library used in the stats page requires it
+    # the default value is good for `default` theme
+    #csp => "base-uri 'self'; connect-src 'self'; default-src 'none'; font-src 'self'; form-action 'self'; img-src 'self' data:; script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline'",
+
+    # X-Frame-Options header that will be sent by Lstu
+    # Valid values are: 'DENY', 'SAMEORIGIN', 'ALLOW-FROM https://example.com/'
+    # Set to '' to disable X-Frame-Options header
+    # See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
+    # Please note that this will add a "frame-ancestors" directive to the CSP header (see above) accordingly
+    # to the chosen setting (See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors)
+    # optional, default is 'DENY'
+    #x_frame_options => 'DENY',
+
+    # X-Content-Type-Options that will be sent by Lstu
+    # See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options
+    # Set to '' to disable X-Content-Type-Options header
+    # optional, default is 'nosniff'
+    #x_content_type_options => 'nosniff',
+
+    # X-XSS-Protection that will be sent by Lstu
+    # See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection
+    # Set to '' to disable X-XSS-Protection header
+    # optional, default is '1; mode=block'
+    #x_xss_protection => '1; mode=block',
+
+    # if set, the uploaded images will use this domain
+    # optional
+    #fixed_domain => 'example.org',
+
     ##########################
     # Lutim cron jobs settings
     ##########################