version = "1.0" i18n = "global_settings_setting" [security] name = "Security" [security.password] name = "Passwords" [security.password.admin_strength] type = "select" choices.1 = "Require at least 8 chars" choices.2 = "ditto, but also require at least one digit, one lower and one upper char" choices.3 = "ditto, but also require at least one special char" choices.4 = "ditto, but also require at least 12 chars" default = "1" [security.password.user_strength] type = "select" choices.1 = "Require at least 8 chars" choices.2 = "ditto, but also require at least one digit, one lower and one upper char" choices.3 = "ditto, but also require at least one special char" choices.4 = "ditto, but also require at least 12 chars" default = "1" [security.password.passwordless_sudo] type = "boolean" # The actual value is dynamically computed by checking the sudoOption of cn=admins,ou=sudo default = false [security.ssh] name = "SSH" [security.ssh.ssh_compatibility] type = "select" choices.intermediate = "Intermediate (compatible with older softwares)" choices.modern = "Modern (recommended)" default = "modern" [security.ssh.ssh_port] type = "number" default = 22 [security.ssh.ssh_password_authentication] type = "boolean" default = true [security.nginx] name = "NGINX (web server)" [security.nginx.nginx_redirect_to_https] type = "boolean" default = true [security.nginx.nginx_compatibility] type = "select" choices.intermediate = "Intermediate (compatible with Firefox 27, Android 4.4.2, Chrome 31, Edge, IE 11, Opera 20, and Safari 9)" choices.modern = "Modern (compatible with Firefox 63, Android 10.0, Chrome 70, Edge 75, Opera 57, and Safari 12.1)" default = "intermediate" [security.postfix] name = "Postfix (SMTP email server)" [security.postfix.postfix_compatibility] type = "select" choices.intermediate = "Intermediate (allows TLS 1.2)" choices.modern = "Modern (TLS 1.3 only)" default = "intermediate" [security.webadmin] name = "Webadmin" [security.webadmin.webadmin_allowlist_enabled] type = "boolean" default = false [security.webadmin.webadmin_allowlist] type = "tags" visible = "webadmin_allowlist_enabled" optional = true default = "" [security.root_access] name = "Change root password" [security.root_access.root_access_explain] type = "alert" style = "info" icon = "info" [security.root_access.root_password] type = "password" optional = true default = "" [security.root_access.root_password_confirm] type = "password" optional = true default = "" [security.experimental] name = "Experimental" [security.experimental.security_experimental_enabled] type = "boolean" default = false [email] name = "Email" [email.pop3] name = "POP3" [email.pop3.pop3_enabled] type = "boolean" default = false [email.smtp] name = "SMTP" [email.smtp.smtp_allow_ipv6] type = "boolean" default = true [email.smtp.smtp_relay_enabled] type = "boolean" default = false [email.smtp.smtp_relay_host] type = "string" default = "" optional = true visible="smtp_relay_enabled" [email.smtp.smtp_relay_port] type = "number" default = 587 visible="smtp_relay_enabled" [email.smtp.smtp_relay_user] type = "string" default = "" optional = true visible="smtp_relay_enabled" [email.smtp.smtp_relay_password] type = "password" default = "" optional = true visible="smtp_relay_enabled" help = "" # This is empty string on purpose, otherwise the core automatically set the 'good_practice_admin_password' string here which is not relevant, because the admin is not actually "choosing" the password ... [misc] name = "Other" [misc.portal] name = "User portal" [misc.portal.ssowat_panel_overlay_enabled] type = "boolean" default = true [misc.portal.portal_theme] type = "select" # Choices are loaded dynamically in the python code default = "default" [misc.backup] name = "Backup" [misc.backup.backup_compress_tar_archives] type = "boolean" default = false [misc.network] name = "Network" [misc.network.dns_exposure] type = "select" choices.both = "Both" choices.ipv4 = "IPv4 Only" choices.ipv6 = "IPv6 Only" default = "both"