seafile_ynh/conf/seahub_settings.py
2024-04-29 17:41:56 +02:00

399 lines
14 KiB
Python

# -*- coding: utf-8 -*-
SECRET_KEY = "{{ seahub_secret_key }}"
DATABASES = {
'default': {
'ENGINE': 'django.db.backends.mysql',
'NAME': 'seahubdb',
'USER': '{{ db_user }}',
'PASSWORD': '{{ db_pwd }}',
'HOST': '127.0.0.1',
'PORT': '3306',
'OPTIONS': {'charset': 'utf8mb4'},
}
}
CACHES = {
'default': {
'BACKEND': 'django_pylibmc.memcached.PyLibMCCache',
'LOCATION': '127.0.0.1:11211',
},
}
FILE_SERVER_ROOT = "https://{{ domain }}/seafhttp"
SERVE_STATIC = False
MEDIA_URL = "{{ path2 }}media/"
COMPRESS_URL = MEDIA_URL
STATIC_URL = MEDIA_URL + 'assets/'
LOGIN_URL = '{{ path2 }}accounts/login/'
#
# LDAP
#
ENABLE_LDAP = True
# The URL of LDAP server
LDAP_SERVER_URL = 'ldap://localhost:389'
# The root node of users who can log in to Seafile in the LDAP server
LDAP_BASE_DN = 'ou=users,dc=yunohost,dc=org'
# DN of the administrator used to query the LDAP server for information.
# For OpenLDAP, it maybe cn=admin,dc=example,dc=com
LDAP_ADMIN_DN = '' # Need to leave empty to work with anonymous authentication
# Password of LDAP_ADMIN_DN
LDAP_ADMIN_PASSWORD = '' # Need to leave empty to work with anonymous authentication
# Identify the source of the user, used in
# the table social_auth_usersocialauth, defaults to 'ldap'
LDAP_PROVIDER = 'ldap'
# User's attribute used to log in to Seafile.
# It should be a unique identifier for the user in LDAP server.
# Learn more about this id from the descriptions at begining of this section.
LDAP_LOGIN_ATTR = 'mail'
# LDAP user's contact_email attribute
LDAP_CONTACT_EMAIL_ATTR = 'mail'
# LDAP user's role attribute
LDAP_USER_ROLE_ATTR = ''
# For sync user's first name
LDAP_USER_FIRST_NAME_ATTR = 'givenName'
# For sync user's last name
LDAP_USER_LAST_NAME_ATTR = 'sn'
# Whether to reverse the user's first and last name
LDAP_USER_NAME_REVERSE = False
# Additional filter conditions, users who meet the filter conditions can log in, otherwise they cannot log in
LDAP_FILTER = 'permission=cn={{ app }}.main,ou=permission,dc=yunohost,dc=org'
#
# SSO
#
ENABLE_REMOTE_USER_AUTHENTICATION = True
REMOTE_USER_HEADER = 'HTTP_EMAIL'
REMOTE_USER_CREATE_UNKNOWN_USER = False
REMOTE_USER_PROTECTED_PATH = ['{{ path }}', '{{ path2 }}accounts/login', '{{ path2 }}sso']
#
# Security settings
#
# For security consideration, please set to match the host/domain of your site, e.g., ALLOWED_HOSTS = ['.example.com'].
# Please refer https://docs.djangoproject.com/en/dev/ref/settings/#allowed-hosts for details.
ALLOWED_HOSTS = ['{{ domain }}']
# Whether to use a secure cookie for the CSRF cookie
# https://docs.djangoproject.com/en/3.2/ref/settings/#csrf-cookie-secure
CSRF_COOKIE_SECURE = True
# The value of the SameSite flag on the CSRF cookie
# https://docs.djangoproject.com/en/3.2/ref/settings/#csrf-cookie-samesite
CSRF_COOKIE_SAMESITE = 'Strict'
# https://docs.djangoproject.com/en/3.2/ref/settings/#csrf-trusted-origins
CSRF_TRUSTED_ORIGINS = ['https://{{ domain }}']
#
# User options
#
# Enalbe or disalbe registration on web. Default is `False`.
# ENABLE_SIGNUP = False
# Activate or deactivate user when registration complete. Default is `True`.
# If set to `False`, new users need to be activated by admin in admin panel.
# ACTIVATE_AFTER_REGISTRATION = True
# Whether to send email when a system admin adding a new member. Default is `True`.
# SEND_EMAIL_ON_ADDING_SYSTEM_MEMBER = True
# Whether to send email when a system admin resetting a user's password. Default is `True`.
# SEND_EMAIL_ON_RESETTING_USER_PASSWD = True
# Send system admin notify email when user registration is complete. Default is `False`.
# NOTIFY_ADMIN_AFTER_REGISTRATION = False
# Remember days for login. Default is 7
# LOGIN_REMEMBER_DAYS = 7
# Attempt limit before showing a captcha when login.
# LOGIN_ATTEMPT_LIMIT = 3
# deactivate user account when login attempts exceed limit
# Since version 5.1.2 or pro 5.1.3
# FREEZE_USER_ON_LOGIN_FAILED = False
# Age of cookie, in seconds (default: 2 weeks).
# SESSION_COOKIE_AGE = 60 * 60 * 24 * 7 * 2
# Whether a user's session cookie expires when the Web browser is closed.
# SESSION_EXPIRE_AT_BROWSER_CLOSE = False
# Whether to save the session data on every request. Default is `False`
# SESSION_SAVE_EVERY_REQUEST = False
# Whether enable the feature "published library". Default is `False`
# Since 6.1.0 CE
ENABLE_WIKI = True
# In old version, if you use Single Sign On, the password is not saved in Seafile.
# Users can't use WebDAV because Seafile can't check whether the password is correct.
# Since version 6.3.8, you can enable this option to let user's to specific a password for WebDAV login.
# Users login via SSO can use this password to login in WebDAV.
# Enable the feature. pycryptodome should be installed first.
# sudo pip install pycryptodome==3.12.0
ENABLE_WEBDAV_SECRET = False
# Since version 7.0.9, you can force a full user to log in with a two factor authentication.
# The prerequisite is that the administrator should 'enable two factor authentication' in the 'System Admin -> Settings' page.
# Then you can add the following configuration information to the configuration file.
# ENABLE_FORCE_2FA_TO_ALL_USERS = False
#
# Library options
#
# if enable create encrypted library
# ENABLE_ENCRYPTED_LIBRARY = True
# version for encrypted library
# should only be `2` or `4`.
# version 3 is insecure (using AES128 encryption) so it's not recommended any more.
# ENCRYPTED_LIBRARY_VERSION = 2
# mininum length for password of encrypted library
# REPO_PASSWORD_MIN_LENGTH = 8
# force use password when generate a share/upload link (since version 8.0.9)
# SHARE_LINK_FORCE_USE_PASSWORD = False
# mininum length for password for share link (since version 4.4)
# SHARE_LINK_PASSWORD_MIN_LENGTH = 8
# LEVEL for the password of a share/upload link
# based on four types of input:
# num, upper letter, lower letter, other symbols
# '3' means password must have at least 3 types of the above. (since version 8.0.9)
# SHARE_LINK_PASSWORD_STRENGTH_LEVEL = 3
# Default expire days for share link (since version 6.3.8)
# Once this value is configured, the user can no longer generate an share link with no expiration time.
# If the expiration value is not set when the share link is generated, the value configured here will be used.
# SHARE_LINK_EXPIRE_DAYS_DEFAULT = 5
# minimum expire days for share link (since version 6.3.6)
# SHARE_LINK_EXPIRE_DAYS_MIN should be less than SHARE_LINK_EXPIRE_DAYS_DEFAULT (If the latter is set).
# SHARE_LINK_EXPIRE_DAYS_MIN = 3 # default is 0, no limit.
# maximum expire days for share link (since version 6.3.6)
# SHARE_LINK_EXPIRE_DAYS_MIN should be greater than SHARE_LINK_EXPIRE_DAYS_DEFAULT (If the latter is set).
# SHARE_LINK_EXPIRE_DAYS_MAX = 8 # default is 0, no limit.
# Default expire days for upload link (since version 7.1.6)
# Once this value is configured, the user can no longer generate an upload link with no expiration time.
# If the expiration value is not set when the upload link is generated, the value configured here will be used.
# UPLOAD_LINK_EXPIRE_DAYS_DEFAULT = 5
# minimum expire days for upload link (since version 7.1.6)
# UPLOAD_LINK_EXPIRE_DAYS_MIN should be less than UPLOAD_LINK_EXPIRE_DAYS_DEFAULT (If the latter is set).
# UPLOAD_LINK_EXPIRE_DAYS_MIN = 3 # default is 0, no limit.
# maximum expire days for upload link (since version 7.1.6)
# UPLOAD_LINK_EXPIRE_DAYS_MAX should be greater than UPLOAD_LINK_EXPIRE_DAYS_DEFAULT (If the latter is set).
# UPLOAD_LINK_EXPIRE_DAYS_MAX = 8 # default is 0, no limit.
# force user login when view file/folder share link (since version 6.3.6)
# SHARE_LINK_LOGIN_REQUIRED = False
# enable water mark when view(not edit) file in web browser (since version 6.3.6)
# ENABLE_WATERMARK = True
# Disable sync with any folder. Default is `False`
# NOTE: since version 4.2.4
# DISABLE_SYNC_WITH_ANY_FOLDER = False
# Enable or disable library history setting
# ENABLE_REPO_HISTORY_SETTING = True
# Enable or disable normal user to create organization libraries
# Since version 5.0.5
# ENABLE_USER_CREATE_ORG_REPO = True
# Enable or disable user share library to any group
# Since version 6.2.0
# ENABLE_SHARE_TO_ALL_GROUPS = True
# Enable or disable user to clean trash (default is True)
# Since version 6.3.6
# ENABLE_USER_CLEAN_TRASH = True
# Add a report abuse button on download links. (since version 7.1.0)
# Users can report abuse on the share link page, fill in the report type, contact information, and description.
# Default is false.
# ENABLE_SHARE_LINK_REPORT_ABUSE = False
#
# Online preview
#
# Whether to use pdf.js to view pdf files online. Default is `True`, you can turn it off.
# NOTE: since version 1.4.
# USE_PDFJS = True
# Online preview maximum file size, defaults to 30M.
# FILE_PREVIEW_MAX_SIZE = 30 * 1024 * 1024
# Extensions of previewed text files.
# NOTE: since version 6.1.1
# TEXT_PREVIEW_EXT = """ac, am, bat, c, cc, cmake, cpp, cs, css, diff, el, h, html,
# htm, java, js, json, less, make, org, php, pl, properties, py, rb,
# scala, script, sh, sql, txt, text, tex, vi, vim, xhtml, xml, log, csv,
# groovy, rst, patch, go"""
# Enable or disable thumbnails
# NOTE: since version 4.0.2
# ENABLE_THUMBNAIL = True
# Seafile only generates thumbnails for images smaller than the following size.
# Since version 6.3.8 pro, suport the psd online preview.
# THUMBNAIL_IMAGE_SIZE_LIMIT = 30 # MB
# Enable or disable thumbnail for video. ffmpeg and moviepy should be installed first.
# For details, please refer to https://manual.seafile.com/deploy/video_thumbnails.html
# NOTE: this option is deprecated in version 7.1
# ENABLE_VIDEO_THUMBNAIL = False
# Use the frame at 5 second as thumbnail
# NOTE: this option is deprecated in version 7.1
# THUMBNAIL_VIDEO_FRAME_TIME = 5
# Absolute filesystem path to the directory that will hold thumbnail files.
# THUMBNAIL_ROOT = '/haiwen/seahub-data/thumbnail/thumb/'
# Default size for picture preview. Enlarge this size can improve the preview quality.
# NOTE: since version 6.1.1
# THUMBNAIL_SIZE_FOR_ORIGINAL = 1024
#
# Other options
#
# This is outside URL for Seahub(Seafile Web).
# The domain part (i.e., www.example.com) will be used in generating share links and download/upload file via web.
# Note: Outside URL means "if you use Nginx, it should be the Nginx's address"
# Note: SERVICE_URL is moved to seahub_settings.py since 9.0.0
SERVICE_URL = "https://{{ domain }}{{ path }}"
# Disable settings via Web interface in system admin->settings
# Default is True
# Since 5.1.3
# ENABLE_SETTINGS_VIA_WEB = True
# Choices can be found here:
# http://en.wikipedia.org/wiki/List_of_tz_zones_by_name
# although not all choices may be available on all operating systems.
# If running in a Windows environment this must be set to the same as your
# system time zone.
TIME_ZONE = "{{ time_zone }}"
# Language code for this installation. All choices can be found here:
# http://www.i18nguy.com/unicode/language-identifiers.html
# Default language for sending emails.
LANGUAGE_CODE = '{{ language }}'
# Custom language code choice.
# LANGUAGES = ( )
# Set this to your website/company's name. This is contained in email notifications and welcome message when user login for the first time.
SITE_NAME = 'Seafile'
# Browser tab's title
SITE_TITLE = 'Private Seafile'
# If you don't want to run seahub website on your site's root path, set this option to your preferred path.
# e.g. setting it to '/seahub/' would run seahub on http://example.com/seahub/.
SITE_ROOT = "{{ path2 }}"
# Max number of files when user upload file/folder.
# Since version 6.0.4
# MAX_NUMBER_OF_FILES_FOR_FILEUPLOAD = 500
# Control the language that send email. Default to user's current language.
# Since version 6.1.1
# SHARE_LINK_EMAIL_LANGUAGE = ''
# Interval for browser requests unread notifications
# Since PRO 6.1.4 or CE 6.1.2
# UNREAD_NOTIFICATIONS_REQUEST_INTERVAL = 3 * 60 # seconds
# Get web api auth token on profile page.
# ENABLE_GET_AUTH_TOKEN_BY_SESSION = True
# Since 8.0.6 CE/PRO version.
# Url redirected to after user logout Seafile.
# Usually configured as Single Logout url.
LOGOUT_REDIRECT_URL = 'https://{{ domain }}/yunohost/sso/?action=logout'
# Enable system admin add T&C, all users need to accept terms before using. Defaults to `False`.
# Since version 6.0
# ENABLE_TERMS_AND_CONDITIONS = False
# Enable two factor authentication for accounts. Defaults to `False`.
# Since version 6.0
# ENABLE_TWO_FACTOR_AUTH = False
# Enable user select a template when he/she creates library.
# When user select a template, Seafile will create folders releated to the pattern automaticly.
# Since version 6.0
# LIBRARY_TEMPLATES = {
# 'Technology': ['/Develop/Python', '/Test'],
# 'Finance': ['/Current assets', '/Fixed assets/Computer']
# }
# Enable a user to change password in 'settings' page. Default to `True`
# Since version 6.2.11
# ENABLE_CHANGE_PASSWORD = True
# If show contact email when search user.
# ENABLE_SHOW_CONTACT_EMAIL_WHEN_SEARCH_USER = True
#
# Mail
#
EMAIL_USE_TLS = True
EMAIL_HOST = "{{ domain }}"
EMAIL_HOST_USER = "{{ app }}"
EMAIL_HOST_PASSWORD = "{{ mail_pwd }}"
EMAIL_PORT = "587"
REPLACE_FROM_EMAIL = True
ADD_REPLY_TO_HEADER = True
DEFAULT_FROM_EMAIL = "{{ app }}@{{ domain }}"
SERVER_EMAIL = "{{ app }}@{{ domain }}"
#
# RESTful API
#
# API throttling related settings. Enlarger the rates if you got 429 response code during API calls.
# REST_FRAMEWORK = {
# 'DEFAULT_THROTTLE_RATES': {
# 'ping': '600/minute',
# 'anon': '5/minute',
# 'user': '300/minute',
# },
# 'UNICODE_JSON': False,
# }
# Throtting whitelist used to disable throttle for certain IPs.
# e.g. REST_FRAMEWORK_THROTTING_WHITELIST = ['127.0.0.1', '192.168.1.1']
# Please make sure `REMOTE_ADDR` header is configured in Nginx conf according to https://manual.seafile.com/deploy/deploy_with_nginx.html.
# REST_FRAMEWORK_THROTTING_WHITELIST = []