seafile_ynh/conf/seahub_settings.py

# -*- coding: utf-8 -*-

SECRET_KEY = "{{ seahub_secret_key }}"

DATABASES = {
    'default': {
        'ENGINE': 'django.db.backends.mysql',
        'NAME': 'seahubdb',
        'USER': '{{ db_user }}',
        'PASSWORD': '{{ db_pwd }}',
        'HOST': '127.0.0.1',
        'PORT': '3306',
        'OPTIONS': {'charset': 'utf8mb4'},
    }
}

CACHES = {
    'default': {
        'BACKEND': 'django_pylibmc.memcached.PyLibMCCache',
        'LOCATION': '127.0.0.1:11211',
    },
}

FILE_SERVER_ROOT = "https://{{ domain }}/seafhttp"
SERVE_STATIC = False
MEDIA_URL = "{{ path2 }}media/"
COMPRESS_URL = MEDIA_URL
STATIC_URL = MEDIA_URL + 'assets/'
LOGIN_URL = '{{ path2 }}accounts/login/'

#
# LDAP
#

ENABLE_LDAP = True
# The URL of LDAP server
LDAP_SERVER_URL = 'ldap://localhost:389'

# The root node of users who can log in to Seafile in the LDAP server
LDAP_BASE_DN = 'ou=users,dc=yunohost,dc=org'

# DN of the administrator used to query the LDAP server for information.
# For OpenLDAP, it maybe cn=admin,dc=example,dc=com
LDAP_ADMIN_DN = '' # Need to leave empty to work with anonymous authentication

# Password of LDAP_ADMIN_DN
LDAP_ADMIN_PASSWORD = '' # Need to leave empty to work with anonymous authentication

# Identify the source of the user, used in
# the table social_auth_usersocialauth, defaults to 'ldap'
LDAP_PROVIDER = 'ldap'

# User's attribute used to log in to Seafile.
# It should be a unique identifier for the user in LDAP server.
# Learn more about this id from the descriptions at begining of this section.
LDAP_LOGIN_ATTR = 'mail'

# LDAP user's contact_email attribute
LDAP_CONTACT_EMAIL_ATTR = 'mail'

# LDAP user's role attribute
LDAP_USER_ROLE_ATTR = ''

# For sync user's first name
LDAP_USER_FIRST_NAME_ATTR = 'givenName'

# For sync user's last name
LDAP_USER_LAST_NAME_ATTR = 'sn'

# Whether to reverse the user's first and last name
LDAP_USER_NAME_REVERSE = False

# Additional filter conditions, users who meet the filter conditions can log in, otherwise they cannot log in
LDAP_FILTER = 'permission=cn={{ app }}.main,ou=permission,dc=yunohost,dc=org'

#
# SSO
#

ENABLE_REMOTE_USER_AUTHENTICATION = True
REMOTE_USER_HEADER = 'HTTP_EMAIL'
REMOTE_USER_CREATE_UNKNOWN_USER = False
REMOTE_USER_PROTECTED_PATH = ['{{ path }}', '{{ path2 }}accounts/login', '{{ path2 }}sso']

#
# Security settings
#

# For security consideration, please set to match the host/domain of your site, e.g., ALLOWED_HOSTS = ['.example.com'].
# Please refer https://docs.djangoproject.com/en/dev/ref/settings/#allowed-hosts for details.
ALLOWED_HOSTS = ['{{ domain }}']

# Whether to use a secure cookie for the CSRF cookie
# https://docs.djangoproject.com/en/3.2/ref/settings/#csrf-cookie-secure
CSRF_COOKIE_SECURE = True

# The value of the SameSite flag on the CSRF cookie
# https://docs.djangoproject.com/en/3.2/ref/settings/#csrf-cookie-samesite
CSRF_COOKIE_SAMESITE = 'Strict'

# https://docs.djangoproject.com/en/3.2/ref/settings/#csrf-trusted-origins
CSRF_TRUSTED_ORIGINS = ['https://{{ domain }}']

#
# User options
#

# Enalbe or disalbe registration on web. Default is `False`.
# ENABLE_SIGNUP = False

# Activate or deactivate user when registration complete. Default is `True`.
# If set to `False`, new users need to be activated by admin in admin panel.
# ACTIVATE_AFTER_REGISTRATION = True

# Whether to send email when a system admin adding a new member. Default is `True`.
# SEND_EMAIL_ON_ADDING_SYSTEM_MEMBER = True

# Whether to send email when a system admin resetting a user's password. Default is `True`.
# SEND_EMAIL_ON_RESETTING_USER_PASSWD = True

# Send system admin notify email when user registration is complete. Default is `False`.
# NOTIFY_ADMIN_AFTER_REGISTRATION = False

# Remember days for login. Default is 7
# LOGIN_REMEMBER_DAYS = 7

# Attempt limit before showing a captcha when login.
# LOGIN_ATTEMPT_LIMIT = 3

# deactivate user account when login attempts exceed limit
# Since version 5.1.2 or pro 5.1.3
# FREEZE_USER_ON_LOGIN_FAILED = False

# Age of cookie, in seconds (default: 2 weeks).
# SESSION_COOKIE_AGE = 60 * 60 * 24 * 7 * 2

# Whether a user's session cookie expires when the Web browser is closed.
# SESSION_EXPIRE_AT_BROWSER_CLOSE = False

# Whether to save the session data on every request. Default is `False`
# SESSION_SAVE_EVERY_REQUEST = False

# Whether enable the feature "published library". Default is `False`
# Since 6.1.0 CE
ENABLE_WIKI = True

# In old version, if you use Single Sign On, the password is not saved in Seafile.
# Users can't use WebDAV because Seafile can't check whether the password is correct.
# Since version 6.3.8, you can enable this option to let user's to specific a password for WebDAV login.
# Users login via SSO can use this password to login in WebDAV.
# Enable the feature. pycryptodome should be installed first.
# sudo pip install pycryptodome==3.12.0
ENABLE_WEBDAV_SECRET = False

# Since version 7.0.9, you can force a full user to log in with a two factor authentication.
# The prerequisite is that the administrator should 'enable two factor authentication' in the 'System Admin -> Settings' page.
# Then you can add the following configuration information to the configuration file.
# ENABLE_FORCE_2FA_TO_ALL_USERS = False

#
# Library options
#

# if enable create encrypted library
# ENABLE_ENCRYPTED_LIBRARY = True

# version for encrypted library
# should only be `2` or `4`.
# version 3 is insecure (using AES128 encryption) so it's not recommended any more.
# ENCRYPTED_LIBRARY_VERSION = 2

# mininum length for password of encrypted library
# REPO_PASSWORD_MIN_LENGTH = 8

# force use password when generate a share/upload link (since version 8.0.9)
# SHARE_LINK_FORCE_USE_PASSWORD = False

# mininum length for password for share link (since version 4.4)
# SHARE_LINK_PASSWORD_MIN_LENGTH = 8

# LEVEL for the password of a share/upload link
# based on four types of input:
# num, upper letter, lower letter, other symbols
# '3' means password must have at least 3 types of the above. (since version 8.0.9)
# SHARE_LINK_PASSWORD_STRENGTH_LEVEL = 3

# Default expire days for share link (since version 6.3.8)
# Once this value is configured, the user can no longer generate an share link with no expiration time.
# If the expiration value is not set when the share link is generated, the value configured here will be used.
# SHARE_LINK_EXPIRE_DAYS_DEFAULT = 5

# minimum expire days for share link (since version 6.3.6)
# SHARE_LINK_EXPIRE_DAYS_MIN should be less than SHARE_LINK_EXPIRE_DAYS_DEFAULT (If the latter is set).
# SHARE_LINK_EXPIRE_DAYS_MIN = 3 # default is 0, no limit.

# maximum expire days for share link (since version 6.3.6)
# SHARE_LINK_EXPIRE_DAYS_MIN should be greater than SHARE_LINK_EXPIRE_DAYS_DEFAULT (If the latter is set).
# SHARE_LINK_EXPIRE_DAYS_MAX = 8 # default is 0, no limit.

# Default expire days for upload link (since version 7.1.6)
# Once this value is configured, the user can no longer generate an upload link with no expiration time.
# If the expiration value is not set when the upload link is generated, the value configured here will be used.
# UPLOAD_LINK_EXPIRE_DAYS_DEFAULT = 5

# minimum expire days for upload link (since version 7.1.6)
# UPLOAD_LINK_EXPIRE_DAYS_MIN should be less than UPLOAD_LINK_EXPIRE_DAYS_DEFAULT (If the latter is set).
# UPLOAD_LINK_EXPIRE_DAYS_MIN = 3 # default is 0, no limit.

# maximum expire days for upload link (since version 7.1.6)
# UPLOAD_LINK_EXPIRE_DAYS_MAX should be greater than UPLOAD_LINK_EXPIRE_DAYS_DEFAULT (If the latter is set).
# UPLOAD_LINK_EXPIRE_DAYS_MAX = 8 # default is 0, no limit.

# force user login when view file/folder share link (since version 6.3.6)
# SHARE_LINK_LOGIN_REQUIRED = False

# enable water mark when view(not edit) file in web browser (since version 6.3.6)
# ENABLE_WATERMARK = True

# Disable sync with any folder. Default is `False`
# NOTE: since version 4.2.4
# DISABLE_SYNC_WITH_ANY_FOLDER = False

# Enable or disable library history setting
# ENABLE_REPO_HISTORY_SETTING = True

# Enable or disable normal user to create organization libraries
# Since version 5.0.5
# ENABLE_USER_CREATE_ORG_REPO = True

# Enable or disable user share library to any group
# Since version 6.2.0
# ENABLE_SHARE_TO_ALL_GROUPS = True

# Enable or disable user to clean trash (default is True)
# Since version 6.3.6
# ENABLE_USER_CLEAN_TRASH = True

# Add a report abuse button on download links. (since version 7.1.0)
# Users can report abuse on the share link page, fill in the report type, contact information, and description.
# Default is false.
# ENABLE_SHARE_LINK_REPORT_ABUSE = False

#
# Online preview
#

# Whether to use pdf.js to view pdf files online. Default is `True`,  you can turn it off.
# NOTE: since version 1.4.
# USE_PDFJS = True

# Online preview maximum file size, defaults to 30M.
# FILE_PREVIEW_MAX_SIZE = 30 * 1024 * 1024

# Extensions of previewed text files.
# NOTE: since version 6.1.1
# TEXT_PREVIEW_EXT = """ac, am, bat, c, cc, cmake, cpp, cs, css, diff, el, h, html,
# htm, java, js, json, less, make, org, php, pl, properties, py, rb,
# scala, script, sh, sql, txt, text, tex, vi, vim, xhtml, xml, log, csv,
# groovy, rst, patch, go"""

# Enable or disable thumbnails
# NOTE: since version 4.0.2
# ENABLE_THUMBNAIL = True

# Seafile only generates thumbnails for images smaller than the following size.
# Since version 6.3.8 pro, suport the psd online preview.
# THUMBNAIL_IMAGE_SIZE_LIMIT = 30 # MB

# Enable or disable thumbnail for video. ffmpeg and moviepy should be installed first.
# For details, please refer to https://manual.seafile.com/deploy/video_thumbnails.html
# NOTE: this option is deprecated in version 7.1
# ENABLE_VIDEO_THUMBNAIL = False

# Use the frame at 5 second as thumbnail
# NOTE: this option is deprecated in version 7.1
# THUMBNAIL_VIDEO_FRAME_TIME = 5

# Absolute filesystem path to the directory that will hold thumbnail files.
# THUMBNAIL_ROOT = '/haiwen/seahub-data/thumbnail/thumb/'

# Default size for picture preview. Enlarge this size can improve the preview quality.
# NOTE: since version 6.1.1
# THUMBNAIL_SIZE_FOR_ORIGINAL = 1024

#
# Other options
#

# This is outside URL for Seahub(Seafile Web).
# The domain part (i.e., www.example.com) will be used in generating share links and download/upload file via web.
# Note: Outside URL means "if you use Nginx, it should be the Nginx's address"
# Note: SERVICE_URL is moved to seahub_settings.py since 9.0.0
SERVICE_URL =  "https://{{ domain }}{{ path }}"

# Disable settings via Web interface in system admin->settings
# Default is True
# Since 5.1.3
# ENABLE_SETTINGS_VIA_WEB = True

# Choices can be found here:
# http://en.wikipedia.org/wiki/List_of_tz_zones_by_name
# although not all choices may be available on all operating systems.
# If running in a Windows environment this must be set to the same as your
# system time zone.
TIME_ZONE = "{{ time_zone }}"

# Language code for this installation. All choices can be found here:
# http://www.i18nguy.com/unicode/language-identifiers.html
# Default language for sending emails.
LANGUAGE_CODE = '{{ language }}'

# Custom language code choice.
# LANGUAGES = ( )

# Set this to your website/company's name. This is contained in email notifications and welcome message when user login for the first time.
SITE_NAME = 'Seafile'

# Browser tab's title
SITE_TITLE = 'Private Seafile'

# If you don't want to run seahub website on your site's root path, set this option to your preferred path.
# e.g. setting it to '/seahub/' would run seahub on http://example.com/seahub/.
SITE_ROOT = "{{ path2 }}"

# Max number of files when user upload file/folder.
# Since version 6.0.4
# MAX_NUMBER_OF_FILES_FOR_FILEUPLOAD = 500

# Control the language that send email. Default to user's current language.
# Since version 6.1.1
# SHARE_LINK_EMAIL_LANGUAGE = ''

# Interval for browser requests unread notifications
# Since PRO 6.1.4 or CE 6.1.2
# UNREAD_NOTIFICATIONS_REQUEST_INTERVAL = 3 * 60 # seconds

# Get web api auth token on profile page.
# ENABLE_GET_AUTH_TOKEN_BY_SESSION = True

# Since 8.0.6 CE/PRO version.
# Url redirected to after user logout Seafile.
# Usually configured as Single Logout url.
LOGOUT_REDIRECT_URL = 'https://{{ domain }}/yunohost/sso/?action=logout'

# Enable system admin add T&C, all users need to accept terms before using. Defaults to `False`.
# Since version 6.0
# ENABLE_TERMS_AND_CONDITIONS = False

# Enable two factor authentication for accounts. Defaults to `False`.
# Since version 6.0
# ENABLE_TWO_FACTOR_AUTH = False

# Enable user select a template when he/she creates library.
# When user select a template, Seafile will create folders releated to the pattern automaticly.
# Since version 6.0
# LIBRARY_TEMPLATES = {
#     'Technology': ['/Develop/Python', '/Test'],
#     'Finance': ['/Current assets', '/Fixed assets/Computer']
# }

# Enable a user to change password in 'settings' page. Default to `True`
# Since version 6.2.11
# ENABLE_CHANGE_PASSWORD = True

# If show contact email when search user.
# ENABLE_SHOW_CONTACT_EMAIL_WHEN_SEARCH_USER = True

#
# Mail
#

EMAIL_USE_TLS = True
EMAIL_HOST = "{{ domain }}"
EMAIL_HOST_USER = "{{ app }}"
EMAIL_HOST_PASSWORD = "{{ mail_pwd }}"
EMAIL_PORT = "587"
REPLACE_FROM_EMAIL = True
ADD_REPLY_TO_HEADER = True
DEFAULT_FROM_EMAIL = "{{ app }}@{{ domain }}"
SERVER_EMAIL = "{{ app }}@{{ domain }}"

#
# RESTful API
#

# API throttling related settings. Enlarger the rates if you got 429 response code during API calls.
# REST_FRAMEWORK = {
#     'DEFAULT_THROTTLE_RATES': {
#         'ping': '600/minute',
#         'anon': '5/minute',
#         'user': '300/minute',
#     },
#     'UNICODE_JSON': False,
# }

# Throtting whitelist used to disable throttle for certain IPs.
# e.g. REST_FRAMEWORK_THROTTING_WHITELIST = ['127.0.0.1', '192.168.1.1']
# Please make sure `REMOTE_ADDR` header is configured in Nginx conf according to https://manual.seafile.com/deploy/deploy_with_nginx.html.
# REST_FRAMEWORK_THROTTING_WHITELIST = []