mirror of
https://github.com/YunoHost/yunohost.git
synced 2024-09-03 20:06:10 +02:00
global settings: various fixes
This commit is contained in:
parent
fded695b45
commit
ed865dd3c0
5 changed files with 36 additions and 42 deletions
|
@ -369,6 +369,7 @@
|
|||
"firewall_rules_cmd_failed": "Some firewall rule commands have failed. More info in log.",
|
||||
"global_settings_reset_success": "Reset global settings",
|
||||
"global_settings_setting_admin_strength": "Admin password strength",
|
||||
"global_settings_setting_admin_strength_help": "These requirements are only enforced when defining the password",
|
||||
"global_settings_setting_backup_compress_tar_archives": "Compress backups",
|
||||
"global_settings_setting_backup_compress_tar_archives_help": "When creating new backups, compress the archives (.tar.gz) instead of uncompressed archives (.tar). N.B. : enabling this option means create lighter backup archives, but the initial backup procedure will be significantly longer and heavy on CPU.",
|
||||
"global_settings_setting_nginx_compatibility": "NGINX Compatibility",
|
||||
|
@ -392,12 +393,13 @@
|
|||
"global_settings_setting_ssh_allow_deprecated_dsa_hostkey": "Allow DSA hostkey",
|
||||
"global_settings_setting_ssh_allow_deprecated_dsa_hostkey_help": "Allow the use of (deprecated) DSA hostkey for the SSH daemon configuration",
|
||||
"global_settings_setting_ssh_compatibility": "SSH Compatibility",
|
||||
"global_settings_setting_ssh_compatibility_help": "Compatibility vs. security tradeoff for the SSH server. Affects the ciphers (and other security-related aspects)",
|
||||
"global_settings_setting_ssh_compatibility_help": "Compatibility vs. security tradeoff for the SSH server. Affects the ciphers (and other security-related aspects). See https://infosec.mozilla.org/guidelines/openssh for more info.",
|
||||
"global_settings_setting_ssh_password_authentication": "Password authentication",
|
||||
"global_settings_setting_ssh_password_authentication_help": "Allow password authentication for SSH",
|
||||
"global_settings_setting_ssh_port": "SSH port",
|
||||
"global_settings_setting_ssowat_panel_overlay_enabled": "SSOwat panel overlay",
|
||||
"global_settings_setting_user_strength": "User password strength",
|
||||
"global_settings_setting_user_strength_help": "These requirements are only enforced when defining the password",
|
||||
"global_settings_setting_webadmin_allowlist": "Webadmin IP allowlist",
|
||||
"global_settings_setting_webadmin_allowlist_help": "IP adresses allowed to access the webadmin.",
|
||||
"global_settings_setting_webadmin_allowlist_enabled": "Enable Webadmin IP allowlist",
|
||||
|
|
|
@ -150,7 +150,7 @@ def find_expected_string_keys():
|
|||
# Global settings
|
||||
global_config = toml.load(open(ROOT + "share/config_global.toml"))
|
||||
# Boring hard-coding because there's no simple other way idk
|
||||
settings_without_help_key = ["admin_strength", "smtp_relay_host", "smtp_relay_password", "smtp_relay_port", "smtp_relay_user", "ssh_port", "ssowat_panel_overlay_enabled", "user_strength"]
|
||||
settings_without_help_key = ["smtp_relay_host", "smtp_relay_password", "smtp_relay_port", "smtp_relay_user", "ssh_port", "ssowat_panel_overlay_enabled"]
|
||||
|
||||
for panel in global_config.values():
|
||||
if not isinstance(panel, dict):
|
||||
|
|
|
@ -5,20 +5,30 @@ i18n = "global_settings_setting"
|
|||
name = "Security"
|
||||
[security.password]
|
||||
name = "Passwords"
|
||||
|
||||
[security.password.admin_strength]
|
||||
type = "number"
|
||||
type = "select"
|
||||
choices.1 = "Require at least 8 chars"
|
||||
choices.2 = "ditto, but also require at least one digit, one lower and one upper char"
|
||||
choices.3 = "ditto, but also require at least one special char"
|
||||
choices.4 = "ditto, but also require at least 12 chars"
|
||||
default = 1
|
||||
|
||||
[security.password.user_strength]
|
||||
type = "number"
|
||||
type = "select"
|
||||
choices.1 = "Require at least 8 chars"
|
||||
choices.2 = "ditto, but also require at least one digit, one lower and one upper char"
|
||||
choices.3 = "ditto, but also require at least one special char"
|
||||
choices.4 = "ditto, but also require at least 12 chars"
|
||||
default = 1
|
||||
|
||||
|
||||
[security.ssh]
|
||||
name = "SSH"
|
||||
[security.ssh.ssh_compatibility]
|
||||
type = "select"
|
||||
choices.intermediate = "Intermediate (compatible with older softwares)"
|
||||
choices.modern = "Modern (recommended)"
|
||||
default = "modern"
|
||||
choices = ["intermediate", "modern"]
|
||||
|
||||
[security.ssh.ssh_port]
|
||||
type = "number"
|
||||
|
@ -26,43 +36,37 @@ name = "Security"
|
|||
|
||||
[security.ssh.ssh_password_authentication]
|
||||
type = "boolean"
|
||||
yes = "True"
|
||||
no = "False"
|
||||
default = "False"
|
||||
default = true
|
||||
|
||||
[security.ssh.ssh_allow_deprecated_dsa_hostkey]
|
||||
type = "boolean"
|
||||
yes = "True"
|
||||
no = "False"
|
||||
default = "False"
|
||||
default = false
|
||||
|
||||
[security.nginx]
|
||||
name = "NGINX"
|
||||
[security.nginx.nginx_redirect_to_https]
|
||||
type = "boolean"
|
||||
yes = "True"
|
||||
no = "False"
|
||||
default = "True"
|
||||
default = true
|
||||
|
||||
[security.nginx.nginx_compatibility]
|
||||
type = "select"
|
||||
choices.intermediate = "Intermediate (compatible with Firefox 27, Android 4.4.2, Chrome 31, Edge, IE 11, Opera 20, and Safari 9)"
|
||||
choices.modern = "Modern (compatible with Firefox 63, Android 10.0, Chrome 70, Edge 75, Opera 57, and Safari 12.1)"
|
||||
default = "intermediate"
|
||||
choices = ["intermediate", "modern"]
|
||||
|
||||
[security.postfix]
|
||||
name = "Postfix"
|
||||
[security.postfix.postfix_compatibility]
|
||||
type = "select"
|
||||
choices.intermediate = "Intermediate (allows TLS 1.2)"
|
||||
choices.modern = "Modern (TLS 1.3 only)"
|
||||
default = "intermediate"
|
||||
choices = ["intermediate", "modern"]
|
||||
|
||||
[security.webadmin]
|
||||
name = "Webadmin"
|
||||
[security.webadmin.webadmin_allowlist_enabled]
|
||||
type = "boolean"
|
||||
yes = "True"
|
||||
no = "False"
|
||||
default = "False"
|
||||
default = false
|
||||
|
||||
[security.webadmin.webadmin_allowlist]
|
||||
type = "tags"
|
||||
|
@ -74,9 +78,7 @@ name = "Security"
|
|||
name = "Experimental"
|
||||
[security.experimental.security_experimental_enabled]
|
||||
type = "boolean"
|
||||
yes = "True"
|
||||
no = "False"
|
||||
default = "False"
|
||||
default = false
|
||||
|
||||
|
||||
[email]
|
||||
|
@ -85,23 +87,17 @@ name = "Email"
|
|||
name = "POP3"
|
||||
[email.pop3.pop3_enabled]
|
||||
type = "boolean"
|
||||
yes = "True"
|
||||
no = "False"
|
||||
default = "False"
|
||||
default = false
|
||||
|
||||
[email.smtp]
|
||||
name = "SMTP"
|
||||
[email.smtp.smtp_allow_ipv6]
|
||||
type = "boolean"
|
||||
yes = "True"
|
||||
no = "False"
|
||||
default = "True"
|
||||
default = true
|
||||
|
||||
[email.smtp.smtp_relay_enabled]
|
||||
type = "boolean"
|
||||
yes = "True"
|
||||
no = "False"
|
||||
default = "False"
|
||||
default = false
|
||||
|
||||
[email.smtp.smtp_relay_host]
|
||||
type = "string"
|
||||
|
@ -132,14 +128,10 @@ name = "Other"
|
|||
name = "SSOwat"
|
||||
[misc.ssowat.ssowat_panel_overlay_enabled]
|
||||
type = "boolean"
|
||||
yes = "True"
|
||||
no = "False"
|
||||
default = "True"
|
||||
default = true
|
||||
|
||||
[misc.backup]
|
||||
name = "Backup"
|
||||
[misc.backup.backup_compress_tar_archives]
|
||||
type = "boolean"
|
||||
yes = "True"
|
||||
no = "False"
|
||||
default = "False"
|
||||
default = false
|
||||
|
|
|
@ -29,12 +29,12 @@ class MyMigration(Migration):
|
|||
raise YunohostError(f"Can't open setting file : {e}", raw_msg=True)
|
||||
|
||||
settings = {
|
||||
translate_legacy_settings_to_configpanel_settings(k): v["value"]
|
||||
translate_legacy_settings_to_configpanel_settings(k).split('.')[-1]: v["value"]
|
||||
for k, v in old_settings.items()
|
||||
}
|
||||
|
||||
if settings.get("email.smtp.smtp_relay_host") != "":
|
||||
settings["email.smtp.smtp_relay_enabled"] = "True"
|
||||
if settings.get("smtp_relay_host"):
|
||||
settings["smtp_relay_enabled"] = True
|
||||
|
||||
# Here we don't use settings_set() from settings.py to prevent
|
||||
# Questions to be asked when one run the migration from CLI.
|
||||
|
|
|
@ -86,7 +86,7 @@ class PasswordValidator:
|
|||
# use as a script by ssowat.
|
||||
# (or at least that's my understanding -- Alex)
|
||||
settings = yaml.load(open("/etc/yunohost/settings.yml", "r"))
|
||||
setting_key = "security.password." + profile + "_strength"
|
||||
setting_key = profile + "_strength"
|
||||
self.validation_strength = int(settings[setting_key])
|
||||
except Exception:
|
||||
# Fallback to default value if we can't fetch settings for some reason
|
||||
|
|
Loading…
Add table
Reference in a new issue