mirror of
https://github.com/YunoHost/yunohost.git
synced 2024-09-03 20:06:10 +02:00
839672d28f
The current template use if/else/endif which introduce spurious empty lines. As the setting value is "yes" or "no", as expected by the configuration file, the value is directly use. All uses of passwordauthentication are addressed. This adds the one used for the sftp group. Finally, the global configuration sets the yes and no values to "yes" and "no" respectively.
173 lines
4.9 KiB
TOML
173 lines
4.9 KiB
TOML
version = "1.0"
|
|
i18n = "global_settings_setting"
|
|
|
|
[security]
|
|
name = "Security"
|
|
[security.password]
|
|
name = "Passwords"
|
|
|
|
[security.password.admin_strength]
|
|
type = "select"
|
|
choices.1 = "Require at least 8 chars"
|
|
choices.2 = "ditto, but also require at least one digit, one lower and one upper char"
|
|
choices.3 = "ditto, but also require at least one special char"
|
|
choices.4 = "ditto, but also require at least 12 chars"
|
|
default = "1"
|
|
|
|
[security.password.user_strength]
|
|
type = "select"
|
|
choices.1 = "Require at least 8 chars"
|
|
choices.2 = "ditto, but also require at least one digit, one lower and one upper char"
|
|
choices.3 = "ditto, but also require at least one special char"
|
|
choices.4 = "ditto, but also require at least 12 chars"
|
|
default = "1"
|
|
|
|
[security.password.passwordless_sudo]
|
|
type = "boolean"
|
|
# The actual value is dynamically computed by checking the sudoOption of cn=admins,ou=sudo
|
|
default = false
|
|
|
|
[security.ssh]
|
|
name = "SSH"
|
|
[security.ssh.ssh_compatibility]
|
|
type = "select"
|
|
choices.intermediate = "Intermediate (compatible with older softwares)"
|
|
choices.modern = "Modern (recommended)"
|
|
default = "modern"
|
|
|
|
[security.ssh.ssh_port]
|
|
type = "number"
|
|
default = 22
|
|
|
|
[security.ssh.ssh_password_authentication]
|
|
type = "boolean"
|
|
default = true
|
|
yes = "yes"
|
|
no = "no"
|
|
|
|
[security.nginx]
|
|
name = "NGINX (web server)"
|
|
[security.nginx.nginx_redirect_to_https]
|
|
type = "boolean"
|
|
default = true
|
|
|
|
[security.nginx.nginx_compatibility]
|
|
type = "select"
|
|
choices.intermediate = "Intermediate (compatible with Firefox 27, Android 4.4.2, Chrome 31, Edge, IE 11, Opera 20, and Safari 9)"
|
|
choices.modern = "Modern (compatible with Firefox 63, Android 10.0, Chrome 70, Edge 75, Opera 57, and Safari 12.1)"
|
|
default = "intermediate"
|
|
|
|
[security.postfix]
|
|
name = "Postfix (SMTP email server)"
|
|
[security.postfix.postfix_compatibility]
|
|
type = "select"
|
|
choices.intermediate = "Intermediate (allows TLS 1.2)"
|
|
choices.modern = "Modern (TLS 1.3 only)"
|
|
default = "intermediate"
|
|
|
|
[security.webadmin]
|
|
name = "Webadmin"
|
|
[security.webadmin.webadmin_allowlist_enabled]
|
|
type = "boolean"
|
|
default = false
|
|
|
|
[security.webadmin.webadmin_allowlist]
|
|
type = "tags"
|
|
visible = "webadmin_allowlist_enabled"
|
|
optional = true
|
|
default = ""
|
|
|
|
[security.root_access]
|
|
name = "Change root password"
|
|
|
|
[security.root_access.root_access_explain]
|
|
type = "alert"
|
|
style = "info"
|
|
icon = "info"
|
|
|
|
[security.root_access.root_password]
|
|
type = "password"
|
|
optional = true
|
|
default = ""
|
|
|
|
[security.root_access.root_password_confirm]
|
|
type = "password"
|
|
optional = true
|
|
default = ""
|
|
|
|
[security.experimental]
|
|
name = "Experimental"
|
|
[security.experimental.security_experimental_enabled]
|
|
type = "boolean"
|
|
default = false
|
|
|
|
|
|
[email]
|
|
name = "Email"
|
|
[email.pop3]
|
|
name = "POP3"
|
|
[email.pop3.pop3_enabled]
|
|
type = "boolean"
|
|
default = false
|
|
|
|
[email.smtp]
|
|
name = "SMTP"
|
|
[email.smtp.smtp_allow_ipv6]
|
|
type = "boolean"
|
|
default = true
|
|
|
|
[email.smtp.smtp_relay_enabled]
|
|
type = "boolean"
|
|
default = false
|
|
|
|
[email.smtp.smtp_relay_host]
|
|
type = "string"
|
|
default = ""
|
|
optional = true
|
|
visible="smtp_relay_enabled"
|
|
|
|
[email.smtp.smtp_relay_port]
|
|
type = "number"
|
|
default = 587
|
|
visible="smtp_relay_enabled"
|
|
|
|
[email.smtp.smtp_relay_user]
|
|
type = "string"
|
|
default = ""
|
|
optional = true
|
|
visible="smtp_relay_enabled"
|
|
|
|
[email.smtp.smtp_relay_password]
|
|
type = "password"
|
|
default = ""
|
|
optional = true
|
|
visible="smtp_relay_enabled"
|
|
help = "" # This is empty string on purpose, otherwise the core automatically set the 'good_practice_admin_password' string here which is not relevant, because the admin is not actually "choosing" the password ...
|
|
|
|
[misc]
|
|
name = "Other"
|
|
[misc.portal]
|
|
name = "User portal"
|
|
[misc.portal.ssowat_panel_overlay_enabled]
|
|
type = "boolean"
|
|
default = true
|
|
|
|
[misc.portal.portal_theme]
|
|
type = "select"
|
|
# Choices are loaded dynamically in the python code
|
|
default = "default"
|
|
|
|
[misc.backup]
|
|
name = "Backup"
|
|
[misc.backup.backup_compress_tar_archives]
|
|
type = "boolean"
|
|
default = false
|
|
|
|
[misc.network]
|
|
name = "Network"
|
|
[misc.network.dns_exposure]
|
|
type = "select"
|
|
choices.both = "Both"
|
|
choices.ipv4 = "IPv4 Only"
|
|
choices.ipv6 = "IPv6 Only"
|
|
default = "both"
|