mirror of
https://github.com/YunoHost-Apps/radicale_ynh.git
synced 2024-09-03 20:16:14 +02:00
Update config files to v3
This commit is contained in:
parent
9e6dd816e2
commit
b68799a448
3 changed files with 181 additions and 205 deletions
167
conf/config
167
conf/config
|
@ -15,41 +15,29 @@
|
|||
# IPv4 syntax: address:port
|
||||
# IPv6 syntax: [address]:port
|
||||
# For example: 0.0.0.0:9999, [::]:9999
|
||||
# IPv6 adresses are configured to only allow IPv6 connections
|
||||
#hosts = 0.0.0.0:5232
|
||||
hosts = localhost:__PORT__
|
||||
|
||||
# Daemon flag
|
||||
#daemon = False
|
||||
# Max parallel connections
|
||||
#max_connections = 8
|
||||
|
||||
# File storing the PID in daemon mode
|
||||
#pid =
|
||||
# Max size of request body (bytes)
|
||||
#max_content_length = 100000000
|
||||
|
||||
# Socket timeout (seconds)
|
||||
#timeout = 30
|
||||
|
||||
# SSL flag, enable HTTPS protocol
|
||||
#ssl = False
|
||||
|
||||
# SSL certificate path
|
||||
#certificate = /etc/apache2/ssl/server.crt
|
||||
#certificate = /etc/ssl/radicale.cert.pem
|
||||
|
||||
# SSL private key
|
||||
#key = /etc/apache2/ssl/server.key
|
||||
#key = /etc/ssl/radicale.key.pem
|
||||
|
||||
# SSL Protocol used. See python's ssl module for available values
|
||||
#protocol = PROTOCOL_SSLv23
|
||||
|
||||
# Ciphers available. See python's ssl module for available ciphers
|
||||
#ciphers =
|
||||
|
||||
# Reverse DNS to resolve client address in logs
|
||||
dns_lookup = True
|
||||
|
||||
# Root URL of Radicale (starting and ending with a slash)
|
||||
base_prefix = __PATH__
|
||||
|
||||
# Possibility to allow URLs cleaned by a HTTP server, without the base_prefix
|
||||
#can_skip_base_prefix = False
|
||||
|
||||
# Message displayed in the client when a password is needed
|
||||
#realm = Radicale - Password Required
|
||||
# CA certificate for validating clients. This can be used to secure
|
||||
# TCP traffic between Radicale and a reverse proxy
|
||||
#certificate_authority =
|
||||
|
||||
|
||||
[encoding]
|
||||
|
@ -61,45 +49,43 @@ request = utf-8
|
|||
stock = utf-8
|
||||
|
||||
|
||||
[well-known]
|
||||
|
||||
# Path where /.well-known/caldav/ is redirected
|
||||
#caldav = '/%(user)s/caldav/'
|
||||
|
||||
# Path where /.well-known/carddav/ is redirected
|
||||
#carddav = '/%(user)s/carddav/'
|
||||
|
||||
|
||||
[auth]
|
||||
|
||||
# Authentication method
|
||||
# Value: None | htpasswd | IMAP | LDAP | PAM | courier | http | remote_user | custom
|
||||
type = LDAP
|
||||
|
||||
# Custom authentication handler
|
||||
#custom_handler =
|
||||
# Value: none | htpasswd | remote_user | http_x_remote_user
|
||||
#type = none
|
||||
type = htpasswd
|
||||
|
||||
# Htpasswd filename
|
||||
#htpasswd_filename = /etc/radicale/users
|
||||
htpasswd_filename = /etc/radicale/users
|
||||
|
||||
# Htpasswd encryption method
|
||||
# Value: plain | sha1 | ssha | crypt
|
||||
#htpasswd_encryption = crypt
|
||||
# Value: plain | bcrypt | md5
|
||||
# bcrypt requires the installation of radicale[bcrypt].
|
||||
htpasswd_encryption = bcrypt
|
||||
|
||||
# Incorrect authentication delay (seconds)
|
||||
#delay = 1
|
||||
|
||||
# Message displayed in the client when a password is needed
|
||||
#realm = Radicale - Password Required
|
||||
|
||||
# LDAP doesn't work for now...
|
||||
# type = radicale_auth_ldap
|
||||
|
||||
# LDAP server URL, with protocol and port
|
||||
ldap_url = ldap://localhost:389/
|
||||
# ldap_url = ldap://localhost:389/
|
||||
|
||||
# LDAP base path
|
||||
ldap_base = ou=users,dc=yunohost,dc=org
|
||||
# ldap_base = ou=users,dc=yunohost,dc=org
|
||||
|
||||
# LDAP login attribute
|
||||
ldap_attribute = uid
|
||||
# ldap_attribute = uid
|
||||
|
||||
# LDAP filter string
|
||||
# placed as X in a query of the form (&(...)X)
|
||||
# example: (objectCategory=Person)(objectClass=User)(memberOf=cn=calenderusers,ou=users,dc=example,dc=org)
|
||||
# leave empty if no additional filter is needed
|
||||
ldap_filter =
|
||||
# ldap_filter =
|
||||
|
||||
# LDAP dn for initial login, used if LDAP server does not allow anonymous searches
|
||||
# Leave empty if searches are anonymous
|
||||
|
@ -109,41 +95,17 @@ ldap_filter =
|
|||
# ldap_password =
|
||||
|
||||
# LDAP scope of the search
|
||||
ldap_scope = OneLevel
|
||||
|
||||
# IMAP Configuration
|
||||
#imap_hostname = localhost
|
||||
#imap_port = 143
|
||||
#imap_ssl = False
|
||||
|
||||
# PAM group user should be member of
|
||||
#pam_group_membership =
|
||||
|
||||
# Path to the Courier Authdaemon socket
|
||||
#courier_socket =
|
||||
|
||||
# HTTP authentication request URL endpoint
|
||||
#http_url =
|
||||
# POST parameter to use for username
|
||||
#http_user_parameter =
|
||||
# POST parameter to use for password
|
||||
#http_password_parameter =
|
||||
|
||||
|
||||
[git]
|
||||
|
||||
# Git default options
|
||||
#committer = Radicale <radicale@example.com>
|
||||
# ldap_scope = OneLevel
|
||||
|
||||
# LDAP extended option
|
||||
# If the server is samba, ldap_support_extended is should be no
|
||||
# ldap_support_extended = yes
|
||||
|
||||
[rights]
|
||||
|
||||
# Rights backend
|
||||
# Value: None | authenticated | owner_only | owner_write | from_file | custom
|
||||
type = from_file
|
||||
|
||||
# Custom rights handler
|
||||
#custom_handler =
|
||||
# Value: none | authenticated | owner_only | owner_write | from_file
|
||||
#type = owner_only
|
||||
|
||||
# File for rights management from_file
|
||||
file = /etc/radicale/rights
|
||||
|
@ -152,37 +114,35 @@ file = /etc/radicale/rights
|
|||
[storage]
|
||||
|
||||
# Storage backend
|
||||
# -------
|
||||
# WARNING: ONLY "filesystem" IS DOCUMENTED AND TESTED,
|
||||
# OTHER BACKENDS ARE NOT READY FOR PRODUCTION.
|
||||
# -------
|
||||
# Value: filesystem | multifilesystem | database | custom
|
||||
type = filesystem
|
||||
|
||||
# Custom storage handler
|
||||
#custom_handler =
|
||||
# Value: multifilesystem | multifilesystem_nolock
|
||||
#type = multifilesystem
|
||||
|
||||
# Folder for storing local collections, created if not present
|
||||
filesystem_folder = __FINALPATH__/collections
|
||||
|
||||
# Database URL for SQLAlchemy
|
||||
# dialect+driver://user:password@host/dbname[?key=value..]
|
||||
# For example: sqlite:///var/db/radicale.db, postgresql://user:password@localhost/radicale
|
||||
# See http://docs.sqlalchemy.org/en/rel_0_8/core/engines.html#sqlalchemy.create_engine
|
||||
#database_url =
|
||||
# Delete sync token that are older (seconds)
|
||||
#max_sync_token_age = 2592000
|
||||
|
||||
# Command that is run after changes to storage
|
||||
# Example: ([ -d .git ] || git init) && git add -A && (git diff --cached --quiet || git commit -m "Changes by "%(user)s)
|
||||
#hook =
|
||||
|
||||
|
||||
[web]
|
||||
|
||||
# Web interface backend
|
||||
# Value: none | internal
|
||||
#type = internal
|
||||
|
||||
|
||||
[logging]
|
||||
|
||||
# Logging configuration file
|
||||
# If no config is given, simple information is printed on the standard output
|
||||
# For more information about the syntax of the configuration file, see:
|
||||
# http://docs.python.org/library/logging.config.html
|
||||
config = /etc/radicale/logging
|
||||
# Set the default logging level to debug
|
||||
debug = False
|
||||
# Store all environment variables (including those set in the shell)
|
||||
full_environment = False
|
||||
# Threshold for the logger
|
||||
# Value: debug | info | warning | error | critical
|
||||
#level = warning
|
||||
|
||||
# Don't include passwords in logs
|
||||
#mask_passwords = True
|
||||
|
||||
|
||||
[headers]
|
||||
|
@ -192,3 +152,10 @@ Access-Control-Allow-Origin = *
|
|||
Access-Control-Allow-Methods = GET, POST, OPTIONS, PROPFIND, PROPPATCH, REPORT, PUT, MOVE, DELETE, LOCK, UNLOCK
|
||||
Access-Control-Allow-Headers = User-Agent, Authorization, Content-type, Depth, If-match, If-None-Match, Lock-Token, Timeout, Destination, Overwrite, X-clie$
|
||||
Access-Control-Expose-Headers = Etag
|
||||
|
||||
#type = LDAP
|
||||
#ldap_url = ldap://localhost:389/
|
||||
#ldap_base = ou=users,dc=yunohost,dc=org
|
||||
#ldap_attribute = uid
|
||||
#ldap_filter =
|
||||
#ldap_scope = OneLevel
|
||||
|
|
49
conf/logging
49
conf/logging
|
@ -1,49 +0,0 @@
|
|||
# Loggers, handlers and formatters keys
|
||||
|
||||
[loggers]
|
||||
# Loggers names, main configuration slots
|
||||
keys = root
|
||||
|
||||
[handlers]
|
||||
# Logging handlers, defining logging output methods
|
||||
keys = console,file
|
||||
|
||||
[formatters]
|
||||
# Logging formatters
|
||||
keys = simple,full
|
||||
|
||||
|
||||
# Loggers
|
||||
|
||||
[logger_root]
|
||||
# Root logger
|
||||
level = INFO
|
||||
handlers = console,file
|
||||
|
||||
|
||||
# Handlers
|
||||
|
||||
[handler_console]
|
||||
# Console handler
|
||||
class = StreamHandler
|
||||
level = INFO
|
||||
args = (sys.stdout,)
|
||||
formatter = simple
|
||||
|
||||
[handler_file]
|
||||
# File handler
|
||||
class = FileHandler
|
||||
level = INFO
|
||||
args = ('/var/log/radicale/radicale.log',)
|
||||
formatter = full
|
||||
|
||||
|
||||
# Formatters
|
||||
|
||||
[formatter_simple]
|
||||
# Simple output format
|
||||
format = %(message)s
|
||||
|
||||
[formatter_full]
|
||||
# Full output format
|
||||
format = %(asctime)s - %(levelname)s: %(message)s
|
166
conf/rights
166
conf/rights
|
@ -1,12 +1,116 @@
|
|||
# Rights are based on a regex-based file whose name is specified in the config (section "right", key "file").
|
||||
# -*- mode: conf -*-
|
||||
# vim:ft=cfg
|
||||
|
||||
# Rights management file for Radicale - A simple calendar server
|
||||
#
|
||||
# Authentication login is matched against the "user" key, and collection's path is matched against the "collection" key. You can use Python's ConfigParser interpolation values %(login)s and %(path)s. You can also get groups from the user regex in the collection with {0}, {1}, etc.
|
||||
# The default path for this file is /etc/radicale/rights
|
||||
# The path can be specified in the rights section of the configuration file
|
||||
#
|
||||
# For example, for the "user" key, ".+" means "authenticated user" and ".*" means "anybody" (including anonymous users).
|
||||
#
|
||||
# Section names are only used for naming the rule.
|
||||
#
|
||||
# Leading or ending slashes are trimmed from collection's path.
|
||||
# Section names are used for naming rules and must be unique.
|
||||
# The first rule matching both user and collection patterns will be used.
|
||||
|
||||
|
||||
# Example: owner_only plugin
|
||||
|
||||
# Allow reading root collection for authenticated users
|
||||
#[root]
|
||||
#user: .+
|
||||
#collection:
|
||||
#permissions: R
|
||||
|
||||
# Allow reading and writing principal collection (same as username)
|
||||
#[principal]
|
||||
#user: .+
|
||||
#collection: {user}
|
||||
#permissions: RW
|
||||
|
||||
# Allow reading and writing calendars and address books that are direct
|
||||
# children of the principal collection
|
||||
#[calendars]
|
||||
#user: .+
|
||||
#collection: {user}/[^/]+
|
||||
#permissions: rw
|
||||
|
||||
|
||||
# Example: owner_write plugin
|
||||
# Only listed additional rules for the owner_only plugin example.
|
||||
|
||||
# Allow reading principal collections of all users
|
||||
#[read-all-principals]
|
||||
#user: .+
|
||||
#collection: [^/]+
|
||||
#permissions: R
|
||||
|
||||
# Allow reading all calendars and address books that are direct children of any
|
||||
# principal collection
|
||||
#[read-all-calendars]
|
||||
#user: .+
|
||||
#collection: [^/]+/[^/]+
|
||||
#permissions: r
|
||||
|
||||
|
||||
# Example: authenticated plugin
|
||||
|
||||
# Allow reading and writing root and principal collections of all users
|
||||
#[root-and-principals]
|
||||
#user: .+
|
||||
#collection: [^/]*
|
||||
#permissions: RW
|
||||
|
||||
# Allow reading and writing all calendars and address books that are direct
|
||||
# children of any principal collection
|
||||
#[calendars]
|
||||
#user: .+
|
||||
#collection: [^/]+/[^/]+
|
||||
#permissions: rw
|
||||
|
||||
|
||||
# Example: Allow user "admin" to read everything
|
||||
#[admin-read-all]
|
||||
#user: admin
|
||||
#collection: .*
|
||||
#permissions: Rr
|
||||
|
||||
|
||||
# Example: Allow everybody (including unauthenticated users) to read
|
||||
# the collection "public"
|
||||
|
||||
# Allow reading collection "public" for authenticated users
|
||||
#[public-principal]
|
||||
#user: .+
|
||||
#collection: public
|
||||
#permissions: R
|
||||
|
||||
# Allow reading all calendars and address books that are direct children of
|
||||
# the collection "public" for authenticated users
|
||||
#[public-calendars]
|
||||
#user: .+
|
||||
#collection: public/[^/]+
|
||||
#permissions: r
|
||||
|
||||
# Allow access to public calendars and address books via HTTP GET for everyone
|
||||
#[public-calendars-restricted]
|
||||
#user: .*
|
||||
#collection: public/[^/]+
|
||||
#permissions: i
|
||||
|
||||
# Example: Grant users of the form user@domain.tld read access to the
|
||||
# collection "domain.tld"
|
||||
|
||||
# Allow reading the domain collection
|
||||
#[read-domain-principal]
|
||||
#user: .+@([^@]+)
|
||||
#collection: {0}
|
||||
#permissions: R
|
||||
|
||||
# Allow reading all calendars and address books that are direct children of
|
||||
# the domain collection
|
||||
#[read-domain-calendars]
|
||||
#user: .+@([^@]+)
|
||||
#collection: {0}/[^/]+
|
||||
#permissions: r
|
||||
|
||||
|
||||
|
||||
# User can read the root of all collection. And discovers your collection.
|
||||
[user-read-root-collection]
|
||||
|
@ -17,51 +121,5 @@ permission: r
|
|||
# Give read and write access to owners
|
||||
[owner-read-write]
|
||||
user: .+
|
||||
collection: ^%(login)s|^%(login)s/.*
|
||||
collection: ^{user}|^{user}/.*
|
||||
permission: rw
|
||||
|
||||
|
||||
|
||||
### EXAMPLES:
|
||||
|
||||
## Allow authenticated user to read all collections
|
||||
# [allow-everyone-read]
|
||||
# user: .+
|
||||
# collection: .*
|
||||
# permission: r
|
||||
|
||||
## This means all users starting with "admin" may read any collection
|
||||
# [admin]
|
||||
# user: ^admin.*$
|
||||
# collection: .*
|
||||
# permission: r
|
||||
|
||||
## A little more complex: give read access to users from a domain for all
|
||||
# collections of all the users (ie. user@domain.tld can read domain/\*).
|
||||
# [domain-wide-access]
|
||||
# user: ^.+@(.+)\..+$
|
||||
# collection: ^{0}/.+$
|
||||
# permission: r
|
||||
|
||||
## This means all users may read and write any collection starting with public.
|
||||
# [public]
|
||||
# user: .*
|
||||
# collection: ^public(/.+)?$
|
||||
# permission: rw
|
||||
|
||||
## Partage public en lecture seule d'un agenda
|
||||
# [public for readonly]
|
||||
# user: .*
|
||||
# collection: ^utilisateur/nom_calendrier.ics$
|
||||
# permission: r
|
||||
|
||||
## Partage public en lecture/écriture d'un agenda
|
||||
# [public for read/write]
|
||||
# user: .*
|
||||
# collection: ^utilisateur/nom_calendrier.ics$
|
||||
# permission: rw
|
||||
|
||||
# [user1 can read and write user2/shared2]
|
||||
# user: ^user1$
|
||||
# collection: ^user2/shared2.ics$
|
||||
# permission: rw
|
||||
|
|
Loading…
Reference in a new issue