mirror of
https://github.com/YunoHost-Apps/radicale_ynh.git
synced 2024-09-03 20:16:14 +02:00
Update config files to v3
This commit is contained in:
parent
9e6dd816e2
commit
b68799a448
3 changed files with 181 additions and 205 deletions
167
conf/config
167
conf/config
|
@ -15,41 +15,29 @@
|
||||||
# IPv4 syntax: address:port
|
# IPv4 syntax: address:port
|
||||||
# IPv6 syntax: [address]:port
|
# IPv6 syntax: [address]:port
|
||||||
# For example: 0.0.0.0:9999, [::]:9999
|
# For example: 0.0.0.0:9999, [::]:9999
|
||||||
# IPv6 adresses are configured to only allow IPv6 connections
|
hosts = localhost:__PORT__
|
||||||
#hosts = 0.0.0.0:5232
|
|
||||||
|
|
||||||
# Daemon flag
|
# Max parallel connections
|
||||||
#daemon = False
|
#max_connections = 8
|
||||||
|
|
||||||
# File storing the PID in daemon mode
|
# Max size of request body (bytes)
|
||||||
#pid =
|
#max_content_length = 100000000
|
||||||
|
|
||||||
|
# Socket timeout (seconds)
|
||||||
|
#timeout = 30
|
||||||
|
|
||||||
# SSL flag, enable HTTPS protocol
|
# SSL flag, enable HTTPS protocol
|
||||||
#ssl = False
|
#ssl = False
|
||||||
|
|
||||||
# SSL certificate path
|
# SSL certificate path
|
||||||
#certificate = /etc/apache2/ssl/server.crt
|
#certificate = /etc/ssl/radicale.cert.pem
|
||||||
|
|
||||||
# SSL private key
|
# SSL private key
|
||||||
#key = /etc/apache2/ssl/server.key
|
#key = /etc/ssl/radicale.key.pem
|
||||||
|
|
||||||
# SSL Protocol used. See python's ssl module for available values
|
# CA certificate for validating clients. This can be used to secure
|
||||||
#protocol = PROTOCOL_SSLv23
|
# TCP traffic between Radicale and a reverse proxy
|
||||||
|
#certificate_authority =
|
||||||
# Ciphers available. See python's ssl module for available ciphers
|
|
||||||
#ciphers =
|
|
||||||
|
|
||||||
# Reverse DNS to resolve client address in logs
|
|
||||||
dns_lookup = True
|
|
||||||
|
|
||||||
# Root URL of Radicale (starting and ending with a slash)
|
|
||||||
base_prefix = __PATH__
|
|
||||||
|
|
||||||
# Possibility to allow URLs cleaned by a HTTP server, without the base_prefix
|
|
||||||
#can_skip_base_prefix = False
|
|
||||||
|
|
||||||
# Message displayed in the client when a password is needed
|
|
||||||
#realm = Radicale - Password Required
|
|
||||||
|
|
||||||
|
|
||||||
[encoding]
|
[encoding]
|
||||||
|
@ -61,45 +49,43 @@ request = utf-8
|
||||||
stock = utf-8
|
stock = utf-8
|
||||||
|
|
||||||
|
|
||||||
[well-known]
|
|
||||||
|
|
||||||
# Path where /.well-known/caldav/ is redirected
|
|
||||||
#caldav = '/%(user)s/caldav/'
|
|
||||||
|
|
||||||
# Path where /.well-known/carddav/ is redirected
|
|
||||||
#carddav = '/%(user)s/carddav/'
|
|
||||||
|
|
||||||
|
|
||||||
[auth]
|
[auth]
|
||||||
|
|
||||||
# Authentication method
|
# Authentication method
|
||||||
# Value: None | htpasswd | IMAP | LDAP | PAM | courier | http | remote_user | custom
|
# Value: none | htpasswd | remote_user | http_x_remote_user
|
||||||
type = LDAP
|
#type = none
|
||||||
|
type = htpasswd
|
||||||
# Custom authentication handler
|
|
||||||
#custom_handler =
|
|
||||||
|
|
||||||
# Htpasswd filename
|
# Htpasswd filename
|
||||||
#htpasswd_filename = /etc/radicale/users
|
htpasswd_filename = /etc/radicale/users
|
||||||
|
|
||||||
# Htpasswd encryption method
|
# Htpasswd encryption method
|
||||||
# Value: plain | sha1 | ssha | crypt
|
# Value: plain | bcrypt | md5
|
||||||
#htpasswd_encryption = crypt
|
# bcrypt requires the installation of radicale[bcrypt].
|
||||||
|
htpasswd_encryption = bcrypt
|
||||||
|
|
||||||
|
# Incorrect authentication delay (seconds)
|
||||||
|
#delay = 1
|
||||||
|
|
||||||
|
# Message displayed in the client when a password is needed
|
||||||
|
#realm = Radicale - Password Required
|
||||||
|
|
||||||
|
# LDAP doesn't work for now...
|
||||||
|
# type = radicale_auth_ldap
|
||||||
|
|
||||||
# LDAP server URL, with protocol and port
|
# LDAP server URL, with protocol and port
|
||||||
ldap_url = ldap://localhost:389/
|
# ldap_url = ldap://localhost:389/
|
||||||
|
|
||||||
# LDAP base path
|
# LDAP base path
|
||||||
ldap_base = ou=users,dc=yunohost,dc=org
|
# ldap_base = ou=users,dc=yunohost,dc=org
|
||||||
|
|
||||||
# LDAP login attribute
|
# LDAP login attribute
|
||||||
ldap_attribute = uid
|
# ldap_attribute = uid
|
||||||
|
|
||||||
# LDAP filter string
|
# LDAP filter string
|
||||||
# placed as X in a query of the form (&(...)X)
|
# placed as X in a query of the form (&(...)X)
|
||||||
# example: (objectCategory=Person)(objectClass=User)(memberOf=cn=calenderusers,ou=users,dc=example,dc=org)
|
# example: (objectCategory=Person)(objectClass=User)(memberOf=cn=calenderusers,ou=users,dc=example,dc=org)
|
||||||
# leave empty if no additional filter is needed
|
# ldap_filter =
|
||||||
ldap_filter =
|
|
||||||
|
|
||||||
# LDAP dn for initial login, used if LDAP server does not allow anonymous searches
|
# LDAP dn for initial login, used if LDAP server does not allow anonymous searches
|
||||||
# Leave empty if searches are anonymous
|
# Leave empty if searches are anonymous
|
||||||
|
@ -109,41 +95,17 @@ ldap_filter =
|
||||||
# ldap_password =
|
# ldap_password =
|
||||||
|
|
||||||
# LDAP scope of the search
|
# LDAP scope of the search
|
||||||
ldap_scope = OneLevel
|
# ldap_scope = OneLevel
|
||||||
|
|
||||||
# IMAP Configuration
|
|
||||||
#imap_hostname = localhost
|
|
||||||
#imap_port = 143
|
|
||||||
#imap_ssl = False
|
|
||||||
|
|
||||||
# PAM group user should be member of
|
|
||||||
#pam_group_membership =
|
|
||||||
|
|
||||||
# Path to the Courier Authdaemon socket
|
|
||||||
#courier_socket =
|
|
||||||
|
|
||||||
# HTTP authentication request URL endpoint
|
|
||||||
#http_url =
|
|
||||||
# POST parameter to use for username
|
|
||||||
#http_user_parameter =
|
|
||||||
# POST parameter to use for password
|
|
||||||
#http_password_parameter =
|
|
||||||
|
|
||||||
|
|
||||||
[git]
|
|
||||||
|
|
||||||
# Git default options
|
|
||||||
#committer = Radicale <radicale@example.com>
|
|
||||||
|
|
||||||
|
# LDAP extended option
|
||||||
|
# If the server is samba, ldap_support_extended is should be no
|
||||||
|
# ldap_support_extended = yes
|
||||||
|
|
||||||
[rights]
|
[rights]
|
||||||
|
|
||||||
# Rights backend
|
# Rights backend
|
||||||
# Value: None | authenticated | owner_only | owner_write | from_file | custom
|
# Value: none | authenticated | owner_only | owner_write | from_file
|
||||||
type = from_file
|
#type = owner_only
|
||||||
|
|
||||||
# Custom rights handler
|
|
||||||
#custom_handler =
|
|
||||||
|
|
||||||
# File for rights management from_file
|
# File for rights management from_file
|
||||||
file = /etc/radicale/rights
|
file = /etc/radicale/rights
|
||||||
|
@ -152,37 +114,35 @@ file = /etc/radicale/rights
|
||||||
[storage]
|
[storage]
|
||||||
|
|
||||||
# Storage backend
|
# Storage backend
|
||||||
# -------
|
# Value: multifilesystem | multifilesystem_nolock
|
||||||
# WARNING: ONLY "filesystem" IS DOCUMENTED AND TESTED,
|
#type = multifilesystem
|
||||||
# OTHER BACKENDS ARE NOT READY FOR PRODUCTION.
|
|
||||||
# -------
|
|
||||||
# Value: filesystem | multifilesystem | database | custom
|
|
||||||
type = filesystem
|
|
||||||
|
|
||||||
# Custom storage handler
|
|
||||||
#custom_handler =
|
|
||||||
|
|
||||||
# Folder for storing local collections, created if not present
|
# Folder for storing local collections, created if not present
|
||||||
filesystem_folder = __FINALPATH__/collections
|
filesystem_folder = __FINALPATH__/collections
|
||||||
|
|
||||||
# Database URL for SQLAlchemy
|
# Delete sync token that are older (seconds)
|
||||||
# dialect+driver://user:password@host/dbname[?key=value..]
|
#max_sync_token_age = 2592000
|
||||||
# For example: sqlite:///var/db/radicale.db, postgresql://user:password@localhost/radicale
|
|
||||||
# See http://docs.sqlalchemy.org/en/rel_0_8/core/engines.html#sqlalchemy.create_engine
|
# Command that is run after changes to storage
|
||||||
#database_url =
|
# Example: ([ -d .git ] || git init) && git add -A && (git diff --cached --quiet || git commit -m "Changes by "%(user)s)
|
||||||
|
#hook =
|
||||||
|
|
||||||
|
|
||||||
|
[web]
|
||||||
|
|
||||||
|
# Web interface backend
|
||||||
|
# Value: none | internal
|
||||||
|
#type = internal
|
||||||
|
|
||||||
|
|
||||||
[logging]
|
[logging]
|
||||||
|
|
||||||
# Logging configuration file
|
# Threshold for the logger
|
||||||
# If no config is given, simple information is printed on the standard output
|
# Value: debug | info | warning | error | critical
|
||||||
# For more information about the syntax of the configuration file, see:
|
#level = warning
|
||||||
# http://docs.python.org/library/logging.config.html
|
|
||||||
config = /etc/radicale/logging
|
# Don't include passwords in logs
|
||||||
# Set the default logging level to debug
|
#mask_passwords = True
|
||||||
debug = False
|
|
||||||
# Store all environment variables (including those set in the shell)
|
|
||||||
full_environment = False
|
|
||||||
|
|
||||||
|
|
||||||
[headers]
|
[headers]
|
||||||
|
@ -192,3 +152,10 @@ Access-Control-Allow-Origin = *
|
||||||
Access-Control-Allow-Methods = GET, POST, OPTIONS, PROPFIND, PROPPATCH, REPORT, PUT, MOVE, DELETE, LOCK, UNLOCK
|
Access-Control-Allow-Methods = GET, POST, OPTIONS, PROPFIND, PROPPATCH, REPORT, PUT, MOVE, DELETE, LOCK, UNLOCK
|
||||||
Access-Control-Allow-Headers = User-Agent, Authorization, Content-type, Depth, If-match, If-None-Match, Lock-Token, Timeout, Destination, Overwrite, X-clie$
|
Access-Control-Allow-Headers = User-Agent, Authorization, Content-type, Depth, If-match, If-None-Match, Lock-Token, Timeout, Destination, Overwrite, X-clie$
|
||||||
Access-Control-Expose-Headers = Etag
|
Access-Control-Expose-Headers = Etag
|
||||||
|
|
||||||
|
#type = LDAP
|
||||||
|
#ldap_url = ldap://localhost:389/
|
||||||
|
#ldap_base = ou=users,dc=yunohost,dc=org
|
||||||
|
#ldap_attribute = uid
|
||||||
|
#ldap_filter =
|
||||||
|
#ldap_scope = OneLevel
|
||||||
|
|
49
conf/logging
49
conf/logging
|
@ -1,49 +0,0 @@
|
||||||
# Loggers, handlers and formatters keys
|
|
||||||
|
|
||||||
[loggers]
|
|
||||||
# Loggers names, main configuration slots
|
|
||||||
keys = root
|
|
||||||
|
|
||||||
[handlers]
|
|
||||||
# Logging handlers, defining logging output methods
|
|
||||||
keys = console,file
|
|
||||||
|
|
||||||
[formatters]
|
|
||||||
# Logging formatters
|
|
||||||
keys = simple,full
|
|
||||||
|
|
||||||
|
|
||||||
# Loggers
|
|
||||||
|
|
||||||
[logger_root]
|
|
||||||
# Root logger
|
|
||||||
level = INFO
|
|
||||||
handlers = console,file
|
|
||||||
|
|
||||||
|
|
||||||
# Handlers
|
|
||||||
|
|
||||||
[handler_console]
|
|
||||||
# Console handler
|
|
||||||
class = StreamHandler
|
|
||||||
level = INFO
|
|
||||||
args = (sys.stdout,)
|
|
||||||
formatter = simple
|
|
||||||
|
|
||||||
[handler_file]
|
|
||||||
# File handler
|
|
||||||
class = FileHandler
|
|
||||||
level = INFO
|
|
||||||
args = ('/var/log/radicale/radicale.log',)
|
|
||||||
formatter = full
|
|
||||||
|
|
||||||
|
|
||||||
# Formatters
|
|
||||||
|
|
||||||
[formatter_simple]
|
|
||||||
# Simple output format
|
|
||||||
format = %(message)s
|
|
||||||
|
|
||||||
[formatter_full]
|
|
||||||
# Full output format
|
|
||||||
format = %(asctime)s - %(levelname)s: %(message)s
|
|
166
conf/rights
166
conf/rights
|
@ -1,12 +1,116 @@
|
||||||
# Rights are based on a regex-based file whose name is specified in the config (section "right", key "file").
|
# -*- mode: conf -*-
|
||||||
|
# vim:ft=cfg
|
||||||
|
|
||||||
|
# Rights management file for Radicale - A simple calendar server
|
||||||
#
|
#
|
||||||
# Authentication login is matched against the "user" key, and collection's path is matched against the "collection" key. You can use Python's ConfigParser interpolation values %(login)s and %(path)s. You can also get groups from the user regex in the collection with {0}, {1}, etc.
|
# The default path for this file is /etc/radicale/rights
|
||||||
|
# The path can be specified in the rights section of the configuration file
|
||||||
#
|
#
|
||||||
# For example, for the "user" key, ".+" means "authenticated user" and ".*" means "anybody" (including anonymous users).
|
# Section names are used for naming rules and must be unique.
|
||||||
#
|
# The first rule matching both user and collection patterns will be used.
|
||||||
# Section names are only used for naming the rule.
|
|
||||||
#
|
|
||||||
# Leading or ending slashes are trimmed from collection's path.
|
# Example: owner_only plugin
|
||||||
|
|
||||||
|
# Allow reading root collection for authenticated users
|
||||||
|
#[root]
|
||||||
|
#user: .+
|
||||||
|
#collection:
|
||||||
|
#permissions: R
|
||||||
|
|
||||||
|
# Allow reading and writing principal collection (same as username)
|
||||||
|
#[principal]
|
||||||
|
#user: .+
|
||||||
|
#collection: {user}
|
||||||
|
#permissions: RW
|
||||||
|
|
||||||
|
# Allow reading and writing calendars and address books that are direct
|
||||||
|
# children of the principal collection
|
||||||
|
#[calendars]
|
||||||
|
#user: .+
|
||||||
|
#collection: {user}/[^/]+
|
||||||
|
#permissions: rw
|
||||||
|
|
||||||
|
|
||||||
|
# Example: owner_write plugin
|
||||||
|
# Only listed additional rules for the owner_only plugin example.
|
||||||
|
|
||||||
|
# Allow reading principal collections of all users
|
||||||
|
#[read-all-principals]
|
||||||
|
#user: .+
|
||||||
|
#collection: [^/]+
|
||||||
|
#permissions: R
|
||||||
|
|
||||||
|
# Allow reading all calendars and address books that are direct children of any
|
||||||
|
# principal collection
|
||||||
|
#[read-all-calendars]
|
||||||
|
#user: .+
|
||||||
|
#collection: [^/]+/[^/]+
|
||||||
|
#permissions: r
|
||||||
|
|
||||||
|
|
||||||
|
# Example: authenticated plugin
|
||||||
|
|
||||||
|
# Allow reading and writing root and principal collections of all users
|
||||||
|
#[root-and-principals]
|
||||||
|
#user: .+
|
||||||
|
#collection: [^/]*
|
||||||
|
#permissions: RW
|
||||||
|
|
||||||
|
# Allow reading and writing all calendars and address books that are direct
|
||||||
|
# children of any principal collection
|
||||||
|
#[calendars]
|
||||||
|
#user: .+
|
||||||
|
#collection: [^/]+/[^/]+
|
||||||
|
#permissions: rw
|
||||||
|
|
||||||
|
|
||||||
|
# Example: Allow user "admin" to read everything
|
||||||
|
#[admin-read-all]
|
||||||
|
#user: admin
|
||||||
|
#collection: .*
|
||||||
|
#permissions: Rr
|
||||||
|
|
||||||
|
|
||||||
|
# Example: Allow everybody (including unauthenticated users) to read
|
||||||
|
# the collection "public"
|
||||||
|
|
||||||
|
# Allow reading collection "public" for authenticated users
|
||||||
|
#[public-principal]
|
||||||
|
#user: .+
|
||||||
|
#collection: public
|
||||||
|
#permissions: R
|
||||||
|
|
||||||
|
# Allow reading all calendars and address books that are direct children of
|
||||||
|
# the collection "public" for authenticated users
|
||||||
|
#[public-calendars]
|
||||||
|
#user: .+
|
||||||
|
#collection: public/[^/]+
|
||||||
|
#permissions: r
|
||||||
|
|
||||||
|
# Allow access to public calendars and address books via HTTP GET for everyone
|
||||||
|
#[public-calendars-restricted]
|
||||||
|
#user: .*
|
||||||
|
#collection: public/[^/]+
|
||||||
|
#permissions: i
|
||||||
|
|
||||||
|
# Example: Grant users of the form user@domain.tld read access to the
|
||||||
|
# collection "domain.tld"
|
||||||
|
|
||||||
|
# Allow reading the domain collection
|
||||||
|
#[read-domain-principal]
|
||||||
|
#user: .+@([^@]+)
|
||||||
|
#collection: {0}
|
||||||
|
#permissions: R
|
||||||
|
|
||||||
|
# Allow reading all calendars and address books that are direct children of
|
||||||
|
# the domain collection
|
||||||
|
#[read-domain-calendars]
|
||||||
|
#user: .+@([^@]+)
|
||||||
|
#collection: {0}/[^/]+
|
||||||
|
#permissions: r
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
# User can read the root of all collection. And discovers your collection.
|
# User can read the root of all collection. And discovers your collection.
|
||||||
[user-read-root-collection]
|
[user-read-root-collection]
|
||||||
|
@ -17,51 +121,5 @@ permission: r
|
||||||
# Give read and write access to owners
|
# Give read and write access to owners
|
||||||
[owner-read-write]
|
[owner-read-write]
|
||||||
user: .+
|
user: .+
|
||||||
collection: ^%(login)s|^%(login)s/.*
|
collection: ^{user}|^{user}/.*
|
||||||
permission: rw
|
permission: rw
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
### EXAMPLES:
|
|
||||||
|
|
||||||
## Allow authenticated user to read all collections
|
|
||||||
# [allow-everyone-read]
|
|
||||||
# user: .+
|
|
||||||
# collection: .*
|
|
||||||
# permission: r
|
|
||||||
|
|
||||||
## This means all users starting with "admin" may read any collection
|
|
||||||
# [admin]
|
|
||||||
# user: ^admin.*$
|
|
||||||
# collection: .*
|
|
||||||
# permission: r
|
|
||||||
|
|
||||||
## A little more complex: give read access to users from a domain for all
|
|
||||||
# collections of all the users (ie. user@domain.tld can read domain/\*).
|
|
||||||
# [domain-wide-access]
|
|
||||||
# user: ^.+@(.+)\..+$
|
|
||||||
# collection: ^{0}/.+$
|
|
||||||
# permission: r
|
|
||||||
|
|
||||||
## This means all users may read and write any collection starting with public.
|
|
||||||
# [public]
|
|
||||||
# user: .*
|
|
||||||
# collection: ^public(/.+)?$
|
|
||||||
# permission: rw
|
|
||||||
|
|
||||||
## Partage public en lecture seule d'un agenda
|
|
||||||
# [public for readonly]
|
|
||||||
# user: .*
|
|
||||||
# collection: ^utilisateur/nom_calendrier.ics$
|
|
||||||
# permission: r
|
|
||||||
|
|
||||||
## Partage public en lecture/écriture d'un agenda
|
|
||||||
# [public for read/write]
|
|
||||||
# user: .*
|
|
||||||
# collection: ^utilisateur/nom_calendrier.ics$
|
|
||||||
# permission: rw
|
|
||||||
|
|
||||||
# [user1 can read and write user2/shared2]
|
|
||||||
# user: ^user1$
|
|
||||||
# collection: ^user2/shared2.ics$
|
|
||||||
# permission: rw
|
|
||||||
|
|
Loading…
Reference in a new issue