1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/radicale_ynh.git synced 2024-09-03 20:16:14 +02:00

Update config files to v3

This commit is contained in:
Maniack Crudelis 2022-11-22 13:29:11 +01:00
parent 9e6dd816e2
commit b68799a448
3 changed files with 181 additions and 205 deletions

View file

@ -15,41 +15,29 @@
# IPv4 syntax: address:port # IPv4 syntax: address:port
# IPv6 syntax: [address]:port # IPv6 syntax: [address]:port
# For example: 0.0.0.0:9999, [::]:9999 # For example: 0.0.0.0:9999, [::]:9999
# IPv6 adresses are configured to only allow IPv6 connections hosts = localhost:__PORT__
#hosts = 0.0.0.0:5232
# Daemon flag # Max parallel connections
#daemon = False #max_connections = 8
# File storing the PID in daemon mode # Max size of request body (bytes)
#pid = #max_content_length = 100000000
# Socket timeout (seconds)
#timeout = 30
# SSL flag, enable HTTPS protocol # SSL flag, enable HTTPS protocol
#ssl = False #ssl = False
# SSL certificate path # SSL certificate path
#certificate = /etc/apache2/ssl/server.crt #certificate = /etc/ssl/radicale.cert.pem
# SSL private key # SSL private key
#key = /etc/apache2/ssl/server.key #key = /etc/ssl/radicale.key.pem
# SSL Protocol used. See python's ssl module for available values # CA certificate for validating clients. This can be used to secure
#protocol = PROTOCOL_SSLv23 # TCP traffic between Radicale and a reverse proxy
#certificate_authority =
# Ciphers available. See python's ssl module for available ciphers
#ciphers =
# Reverse DNS to resolve client address in logs
dns_lookup = True
# Root URL of Radicale (starting and ending with a slash)
base_prefix = __PATH__
# Possibility to allow URLs cleaned by a HTTP server, without the base_prefix
#can_skip_base_prefix = False
# Message displayed in the client when a password is needed
#realm = Radicale - Password Required
[encoding] [encoding]
@ -61,45 +49,43 @@ request = utf-8
stock = utf-8 stock = utf-8
[well-known]
# Path where /.well-known/caldav/ is redirected
#caldav = '/%(user)s/caldav/'
# Path where /.well-known/carddav/ is redirected
#carddav = '/%(user)s/carddav/'
[auth] [auth]
# Authentication method # Authentication method
# Value: None | htpasswd | IMAP | LDAP | PAM | courier | http | remote_user | custom # Value: none | htpasswd | remote_user | http_x_remote_user
type = LDAP #type = none
type = htpasswd
# Custom authentication handler
#custom_handler =
# Htpasswd filename # Htpasswd filename
#htpasswd_filename = /etc/radicale/users htpasswd_filename = /etc/radicale/users
# Htpasswd encryption method # Htpasswd encryption method
# Value: plain | sha1 | ssha | crypt # Value: plain | bcrypt | md5
#htpasswd_encryption = crypt # bcrypt requires the installation of radicale[bcrypt].
htpasswd_encryption = bcrypt
# Incorrect authentication delay (seconds)
#delay = 1
# Message displayed in the client when a password is needed
#realm = Radicale - Password Required
# LDAP doesn't work for now...
# type = radicale_auth_ldap
# LDAP server URL, with protocol and port # LDAP server URL, with protocol and port
ldap_url = ldap://localhost:389/ # ldap_url = ldap://localhost:389/
# LDAP base path # LDAP base path
ldap_base = ou=users,dc=yunohost,dc=org # ldap_base = ou=users,dc=yunohost,dc=org
# LDAP login attribute # LDAP login attribute
ldap_attribute = uid # ldap_attribute = uid
# LDAP filter string # LDAP filter string
# placed as X in a query of the form (&(...)X) # placed as X in a query of the form (&(...)X)
# example: (objectCategory=Person)(objectClass=User)(memberOf=cn=calenderusers,ou=users,dc=example,dc=org) # example: (objectCategory=Person)(objectClass=User)(memberOf=cn=calenderusers,ou=users,dc=example,dc=org)
# leave empty if no additional filter is needed # ldap_filter =
ldap_filter =
# LDAP dn for initial login, used if LDAP server does not allow anonymous searches # LDAP dn for initial login, used if LDAP server does not allow anonymous searches
# Leave empty if searches are anonymous # Leave empty if searches are anonymous
@ -109,41 +95,17 @@ ldap_filter =
# ldap_password = # ldap_password =
# LDAP scope of the search # LDAP scope of the search
ldap_scope = OneLevel # ldap_scope = OneLevel
# IMAP Configuration
#imap_hostname = localhost
#imap_port = 143
#imap_ssl = False
# PAM group user should be member of
#pam_group_membership =
# Path to the Courier Authdaemon socket
#courier_socket =
# HTTP authentication request URL endpoint
#http_url =
# POST parameter to use for username
#http_user_parameter =
# POST parameter to use for password
#http_password_parameter =
[git]
# Git default options
#committer = Radicale <radicale@example.com>
# LDAP extended option
# If the server is samba, ldap_support_extended is should be no
# ldap_support_extended = yes
[rights] [rights]
# Rights backend # Rights backend
# Value: None | authenticated | owner_only | owner_write | from_file | custom # Value: none | authenticated | owner_only | owner_write | from_file
type = from_file #type = owner_only
# Custom rights handler
#custom_handler =
# File for rights management from_file # File for rights management from_file
file = /etc/radicale/rights file = /etc/radicale/rights
@ -152,37 +114,35 @@ file = /etc/radicale/rights
[storage] [storage]
# Storage backend # Storage backend
# ------- # Value: multifilesystem | multifilesystem_nolock
# WARNING: ONLY "filesystem" IS DOCUMENTED AND TESTED, #type = multifilesystem
# OTHER BACKENDS ARE NOT READY FOR PRODUCTION.
# -------
# Value: filesystem | multifilesystem | database | custom
type = filesystem
# Custom storage handler
#custom_handler =
# Folder for storing local collections, created if not present # Folder for storing local collections, created if not present
filesystem_folder = __FINALPATH__/collections filesystem_folder = __FINALPATH__/collections
# Database URL for SQLAlchemy # Delete sync token that are older (seconds)
# dialect+driver://user:password@host/dbname[?key=value..] #max_sync_token_age = 2592000
# For example: sqlite:///var/db/radicale.db, postgresql://user:password@localhost/radicale
# See http://docs.sqlalchemy.org/en/rel_0_8/core/engines.html#sqlalchemy.create_engine # Command that is run after changes to storage
#database_url = # Example: ([ -d .git ] || git init) && git add -A && (git diff --cached --quiet || git commit -m "Changes by "%(user)s)
#hook =
[web]
# Web interface backend
# Value: none | internal
#type = internal
[logging] [logging]
# Logging configuration file # Threshold for the logger
# If no config is given, simple information is printed on the standard output # Value: debug | info | warning | error | critical
# For more information about the syntax of the configuration file, see: #level = warning
# http://docs.python.org/library/logging.config.html
config = /etc/radicale/logging # Don't include passwords in logs
# Set the default logging level to debug #mask_passwords = True
debug = False
# Store all environment variables (including those set in the shell)
full_environment = False
[headers] [headers]
@ -192,3 +152,10 @@ Access-Control-Allow-Origin = *
Access-Control-Allow-Methods = GET, POST, OPTIONS, PROPFIND, PROPPATCH, REPORT, PUT, MOVE, DELETE, LOCK, UNLOCK Access-Control-Allow-Methods = GET, POST, OPTIONS, PROPFIND, PROPPATCH, REPORT, PUT, MOVE, DELETE, LOCK, UNLOCK
Access-Control-Allow-Headers = User-Agent, Authorization, Content-type, Depth, If-match, If-None-Match, Lock-Token, Timeout, Destination, Overwrite, X-clie$ Access-Control-Allow-Headers = User-Agent, Authorization, Content-type, Depth, If-match, If-None-Match, Lock-Token, Timeout, Destination, Overwrite, X-clie$
Access-Control-Expose-Headers = Etag Access-Control-Expose-Headers = Etag
#type = LDAP
#ldap_url = ldap://localhost:389/
#ldap_base = ou=users,dc=yunohost,dc=org
#ldap_attribute = uid
#ldap_filter =
#ldap_scope = OneLevel

View file

@ -1,49 +0,0 @@
# Loggers, handlers and formatters keys
[loggers]
# Loggers names, main configuration slots
keys = root
[handlers]
# Logging handlers, defining logging output methods
keys = console,file
[formatters]
# Logging formatters
keys = simple,full
# Loggers
[logger_root]
# Root logger
level = INFO
handlers = console,file
# Handlers
[handler_console]
# Console handler
class = StreamHandler
level = INFO
args = (sys.stdout,)
formatter = simple
[handler_file]
# File handler
class = FileHandler
level = INFO
args = ('/var/log/radicale/radicale.log',)
formatter = full
# Formatters
[formatter_simple]
# Simple output format
format = %(message)s
[formatter_full]
# Full output format
format = %(asctime)s - %(levelname)s: %(message)s

View file

@ -1,12 +1,116 @@
# Rights are based on a regex-based file whose name is specified in the config (section "right", key "file"). # -*- mode: conf -*-
# vim:ft=cfg
# Rights management file for Radicale - A simple calendar server
# #
# Authentication login is matched against the "user" key, and collection's path is matched against the "collection" key. You can use Python's ConfigParser interpolation values %(login)s and %(path)s. You can also get groups from the user regex in the collection with {0}, {1}, etc. # The default path for this file is /etc/radicale/rights
# The path can be specified in the rights section of the configuration file
# #
# For example, for the "user" key, ".+" means "authenticated user" and ".*" means "anybody" (including anonymous users). # Section names are used for naming rules and must be unique.
# # The first rule matching both user and collection patterns will be used.
# Section names are only used for naming the rule.
#
# Leading or ending slashes are trimmed from collection's path. # Example: owner_only plugin
# Allow reading root collection for authenticated users
#[root]
#user: .+
#collection:
#permissions: R
# Allow reading and writing principal collection (same as username)
#[principal]
#user: .+
#collection: {user}
#permissions: RW
# Allow reading and writing calendars and address books that are direct
# children of the principal collection
#[calendars]
#user: .+
#collection: {user}/[^/]+
#permissions: rw
# Example: owner_write plugin
# Only listed additional rules for the owner_only plugin example.
# Allow reading principal collections of all users
#[read-all-principals]
#user: .+
#collection: [^/]+
#permissions: R
# Allow reading all calendars and address books that are direct children of any
# principal collection
#[read-all-calendars]
#user: .+
#collection: [^/]+/[^/]+
#permissions: r
# Example: authenticated plugin
# Allow reading and writing root and principal collections of all users
#[root-and-principals]
#user: .+
#collection: [^/]*
#permissions: RW
# Allow reading and writing all calendars and address books that are direct
# children of any principal collection
#[calendars]
#user: .+
#collection: [^/]+/[^/]+
#permissions: rw
# Example: Allow user "admin" to read everything
#[admin-read-all]
#user: admin
#collection: .*
#permissions: Rr
# Example: Allow everybody (including unauthenticated users) to read
# the collection "public"
# Allow reading collection "public" for authenticated users
#[public-principal]
#user: .+
#collection: public
#permissions: R
# Allow reading all calendars and address books that are direct children of
# the collection "public" for authenticated users
#[public-calendars]
#user: .+
#collection: public/[^/]+
#permissions: r
# Allow access to public calendars and address books via HTTP GET for everyone
#[public-calendars-restricted]
#user: .*
#collection: public/[^/]+
#permissions: i
# Example: Grant users of the form user@domain.tld read access to the
# collection "domain.tld"
# Allow reading the domain collection
#[read-domain-principal]
#user: .+@([^@]+)
#collection: {0}
#permissions: R
# Allow reading all calendars and address books that are direct children of
# the domain collection
#[read-domain-calendars]
#user: .+@([^@]+)
#collection: {0}/[^/]+
#permissions: r
# User can read the root of all collection. And discovers your collection. # User can read the root of all collection. And discovers your collection.
[user-read-root-collection] [user-read-root-collection]
@ -17,51 +121,5 @@ permission: r
# Give read and write access to owners # Give read and write access to owners
[owner-read-write] [owner-read-write]
user: .+ user: .+
collection: ^%(login)s|^%(login)s/.* collection: ^{user}|^{user}/.*
permission: rw permission: rw
### EXAMPLES:
## Allow authenticated user to read all collections
# [allow-everyone-read]
# user: .+
# collection: .*
# permission: r
## This means all users starting with "admin" may read any collection
# [admin]
# user: ^admin.*$
# collection: .*
# permission: r
## A little more complex: give read access to users from a domain for all
# collections of all the users (ie. user@domain.tld can read domain/\*).
# [domain-wide-access]
# user: ^.+@(.+)\..+$
# collection: ^{0}/.+$
# permission: r
## This means all users may read and write any collection starting with public.
# [public]
# user: .*
# collection: ^public(/.+)?$
# permission: rw
## Partage public en lecture seule d'un agenda
# [public for readonly]
# user: .*
# collection: ^utilisateur/nom_calendrier.ics$
# permission: r
## Partage public en lecture/écriture d'un agenda
# [public for read/write]
# user: .*
# collection: ^utilisateur/nom_calendrier.ics$
# permission: rw
# [user1 can read and write user2/shared2]
# user: ^user1$
# collection: ^user2/shared2.ics$
# permission: rw