Migration commit; fresh start
This commit is contained in:
parent
17071806f1
commit
660f38fb76
|
@ -0,0 +1 @@
|
|||
.vagrant
|
2
LICENSE
2
LICENSE
|
@ -1,4 +1,4 @@
|
|||
MIT License Copyright (c) <year> <copyright holders>
|
||||
MIT License Copyright (c) 2021 "Stichting Disroot.org"
|
||||
|
||||
Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||
of this software and associated documentation files (the "Software"), to deal
|
||||
|
|
|
@ -0,0 +1,10 @@
|
|||
---
|
||||
|
||||
- hosts: lufi
|
||||
roles:
|
||||
- nginx
|
||||
- lufi
|
||||
- cron
|
||||
|
||||
vars_files:
|
||||
- ../defaults/main.yml
|
|
@ -0,0 +1,19 @@
|
|||
# Lufi - Ansible Role
|
||||
|
||||
This role deploys, configures and updates [Lufi](https://lufi.io) - end to end encrypted file upload service. The role is released under MIT Licence and we give no warranty for this piece of software. Currently supported OS - Debian.
|
||||
|
||||
You can deploy test instance using `Vagrantfile` attached to the role.
|
||||
|
||||
`vagrant up`
|
||||
`ansible-playbook -b Playbooks/lufi.yml`
|
||||
|
||||
Then you can access Lufi from your computer on http://192.168.33.4
|
||||
|
||||
## Playbook
|
||||
The playbook includes crontab role to deploy cleanup scripts for Lufi, which is also available in Ansible roles repos. It also includes Nginx.
|
||||
|
||||
## CHANGELOG
|
||||
- **02.02.2021** - Add possibily to choose which release version to install
|
||||
- **22.11.2020** - Make it ready for public release
|
||||
- Clean vars
|
||||
- improve readme file
|
|
@ -0,0 +1,20 @@
|
|||
# -*- mode: ruby -*-
|
||||
# vi: set ft=ruby :
|
||||
|
||||
# All Vagrant configuration is done below. The "2" in Vagrant.configure
|
||||
# configures the configuration version (we support older styles for
|
||||
# backwards compatibility). Please don't change it unless you know what
|
||||
# you're doing.
|
||||
Vagrant.configure("2") do |config|
|
||||
#config.ssh.insert_key = false
|
||||
config.vm.define "lufi" do |lufi|
|
||||
lufi.vm.box = "generic/debian10"
|
||||
lufi.vm.provider :libvirt do |libvirt|
|
||||
libvirt.memory = 256
|
||||
end
|
||||
lufi.vm.network "forwarded_port", guest: 80, host: 8884, host_ip: "192.168.33.4"
|
||||
lufi.vm.network "forwarded_port", guest: 443, host: 4444, host_ip: "192.168.33.4"
|
||||
lufi.vm.network "forwarded_port", guest: 8080, host: 8081, host_ip: "192.168.33.4"
|
||||
lufi.vm.network "private_network", ip: "192.168.33.4"
|
||||
end
|
||||
end
|
|
@ -0,0 +1,100 @@
|
|||
---
|
||||
|
||||
#LUFI DEFAULT VARIABLES
|
||||
lufi_version: '0.05.13'
|
||||
lufi_build_options: '--deployment --without=test --without=postgresql --without=mysql'
|
||||
lufi_username: 'lufi'
|
||||
lufi_uid: '1003'
|
||||
lufi_group: 'lufi'
|
||||
lufi_gid: '1003'
|
||||
lufi_app_dir: '/var/www/lufi'
|
||||
lufi_listen: 'http://localhost:8080'
|
||||
lufi_proxy: '1'
|
||||
lufi_contact: 'support[at]example.lan'
|
||||
lufi_report: 'support@example.lan'
|
||||
lufi_mail_sender: no-reply@example.lan
|
||||
lufi_instance_name: 'lufi'
|
||||
lufi_secrets: 'secret'
|
||||
lufi_theme: 'default'
|
||||
lufi_custom_themes:
|
||||
- name: '' #add name of the theme
|
||||
repo: '' #add git repository of the theme
|
||||
lufi_workers: '30'
|
||||
lufi_clients: '1'
|
||||
lufi_url_lenght: '8'
|
||||
lufi_provis_step: '5'
|
||||
lufi_provisioning: '100'
|
||||
lufi_token_lenght: '32'
|
||||
lufi_max_file_size: '1073741824'
|
||||
lufi_default_delay: '30'
|
||||
lufi_max_delay: '60'
|
||||
lufi_delay_for_size:
|
||||
- filesize: '10000000'
|
||||
delay: '60'
|
||||
description: 'between 10MB and 50MB => max is 60 days, less than 10MB => max is max_delay (see above)'
|
||||
|
||||
- filesize: '50000000'
|
||||
delay: '30'
|
||||
description: 'between 50MB ans 100MB => max is 30 days'
|
||||
|
||||
- filesize: '100000000'
|
||||
delay: '15'
|
||||
description: 'between 100MB and 1GB => max is 15 days'
|
||||
|
||||
- filesize: '1000000000'
|
||||
delay: '2'
|
||||
description: 'more than 1GB => max is 2 days'
|
||||
lufi_db_path: 'lufi.db'
|
||||
lufi_upload_dir: '/srv/lufi_files'
|
||||
lufi_keep_senders_ip: '1'
|
||||
lufi_total_size: '10*1024*1024*1024'
|
||||
lufi_when_dir_full: 'warn'
|
||||
lufi_delete_old_files: '65'
|
||||
lufi_mail_from: 'noreply@example.lan'
|
||||
lufi_mail_smtp_host: 'example.lan'
|
||||
lufi_mail_user: 'noreply@example.lan'
|
||||
lufi_mail_passwd: 'changeme'
|
||||
lufi_password_on_files: '1' # 0 is default
|
||||
lufi_apt_list:
|
||||
- carton
|
||||
- build-essential
|
||||
- libpq-dev
|
||||
- git
|
||||
- cpanminus
|
||||
lufi_dbtype: 'sqlite' ## postgresql or mysqldb
|
||||
#if you use mysql or postgres add those mysql_variables
|
||||
#lufi_dbname: 'lufi'
|
||||
#lufi_dbhost: 'localhost'
|
||||
#lufi_dbport: '5432' #or 3306 for mysql
|
||||
#lufi_dbuser: 'DBUSER'
|
||||
#lufi_dbpassword: 'changeme'
|
||||
#lufi_dbconections: '1'
|
||||
|
||||
#CRONJOBS
|
||||
cronjobs:
|
||||
- '00 5 * * * {{ lufi_username }} cd {{ lufi_app_dir }} && carton exec script/lufi cron cleanbdd --mode production'
|
||||
- '00 6 * * * {{ lufi_username }} cd {{ lufi_app_dir }} && carton exec script/lufi cron cleanfiles --mode production'
|
||||
#NGINX SETUP
|
||||
nginx_default_vhost_ssl: 'upload.example.lan'
|
||||
nginx_default_vhost: 'upload.example.lan'
|
||||
nginx_HSTS_policy: 'true'
|
||||
|
||||
#NGINX VHOST
|
||||
nginx_vhosts:
|
||||
|
||||
- name: 'upload.example.lan'
|
||||
template: 'lufi'
|
||||
upstream_proto: 'http'
|
||||
upstream_port: '8080'
|
||||
upstream_name: 'localhost'
|
||||
proto: 'http'
|
||||
listen: '80'
|
||||
use_error_log: 'true'
|
||||
nginx_error_log_level: 'warn'
|
||||
redirect_https: 'true'
|
||||
letsencrypt: 'false'
|
||||
secure_site: 'true'
|
||||
#header_sameorigin: 'true'
|
||||
nc_max_upload: '1024M'
|
||||
nginx_HSTS_policy: 'true'
|
||||
state: 'enable'
|
|
@ -0,0 +1,6 @@
|
|||
---
|
||||
|
||||
- name: restart lufi
|
||||
systemd:
|
||||
name: lufi
|
||||
state: restarted
|
|
@ -0,0 +1,18 @@
|
|||
---
|
||||
|
||||
- name: '[CONFIG] - Create files dir'
|
||||
file:
|
||||
path: '{{ lufi_upload_dir }}'
|
||||
state: directory
|
||||
owner: '{{ lufi_username }}'
|
||||
group: '{{ lufi_group }}'
|
||||
mode: '0700'
|
||||
|
||||
- name: '[CONFIG] - Deploy lufi config'
|
||||
template:
|
||||
src: 'var/www/lufi/lufi.conf.j2'
|
||||
dest: "{{ lufi_app_dir }}/lufi.conf"
|
||||
owner: "{{ lufi_username }}"
|
||||
group: "{{ lufi_group }}"
|
||||
mode: 0644
|
||||
notify: restart lufi
|
|
@ -0,0 +1,15 @@
|
|||
---
|
||||
|
||||
- name: "[THEME] - Get repo"
|
||||
git:
|
||||
repo: "{{ item.repo }}"
|
||||
dest: "{{ lufi_app_dir }}/themes/{{ item.name }}"
|
||||
with_items: "{{ lufi_custom_themes }}"
|
||||
|
||||
- name: "[THEME] - Change repo ownership"
|
||||
file:
|
||||
path: "{{ lufi_app_dir }}/themes"
|
||||
state: directory
|
||||
recurse: yes
|
||||
owner: "{{ lufi_username }}"
|
||||
group: "{{ lufi_group }}"
|
|
@ -0,0 +1,10 @@
|
|||
---
|
||||
|
||||
- name: '[GIT] - Deploy / Update lufi source'
|
||||
git:
|
||||
repo: 'https://framagit.org/fiat-tux/hat-softwares/lufi.git'
|
||||
dest: '{{ lufi_app_dir }}'
|
||||
force: 'yes'
|
||||
version: "{{ lufi_version }}"
|
||||
become: yes
|
||||
become_user: '{{ lufi_username }}'
|
|
@ -0,0 +1,18 @@
|
|||
---
|
||||
- name: '[CONFIG] - Deploy lufi config'
|
||||
template:
|
||||
src: 'var/www/lufi/lufi.conf.j2'
|
||||
dest: "{{ lufi_app_dir }}/lufi.conf"
|
||||
owner: "{{ lufi_username }}"
|
||||
group: "{{ lufi_group }}"
|
||||
mode: 0644
|
||||
notify: restart lufi
|
||||
|
||||
|
||||
- name: '[INSTALL] - Install / Update lufi'
|
||||
command: 'carton install {{ lufi_build_options }}'
|
||||
args:
|
||||
chdir: '{{ lufi_app_dir }}'
|
||||
become: yes
|
||||
become_user: '{{ lufi_username }}'
|
||||
notify: restart lufi
|
|
@ -0,0 +1,10 @@
|
|||
---
|
||||
|
||||
- name: '[APT] - Install dependencies'
|
||||
apt:
|
||||
name: '{{ lufi_apt_list }}'
|
||||
update_cache: yes
|
||||
|
||||
- name: '[INSTALL] - Install Carton'
|
||||
cpanm:
|
||||
name: Carton
|
|
@ -0,0 +1,26 @@
|
|||
---
|
||||
|
||||
- name: Install dependencies
|
||||
include: installdeps.yml
|
||||
|
||||
- name: Add user
|
||||
include: user.yml
|
||||
|
||||
- name: CLone / Update GIT
|
||||
include: git.yml
|
||||
|
||||
- name: Install the app
|
||||
include: installapp.yml
|
||||
|
||||
- include: custom_themes.yml
|
||||
when: lufi_custom_themes_item.name | length > 0 and lufi_custom_themes_item.repo | length > 0
|
||||
with_items:
|
||||
- "{{ lufi_custom_themes }}"
|
||||
loop_control:
|
||||
loop_var: lufi_custom_themes_item
|
||||
|
||||
- name: Configure app
|
||||
include: configure.yml
|
||||
|
||||
- name: Systemd
|
||||
include: systemd.yml
|
|
@ -0,0 +1,21 @@
|
|||
---
|
||||
|
||||
- name: '[SystemD] - Deploy Systemd config'
|
||||
template:
|
||||
src: 'etc/systemd/system/lufi.service.j2'
|
||||
dest: '/etc/systemd/system/lufi.service'
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0644
|
||||
register: lufi_systemd
|
||||
|
||||
- name: '[SystemD] - Enable systemd'
|
||||
systemd:
|
||||
name: lufi
|
||||
enabled: yes
|
||||
|
||||
- name: "[SYSTEMD] - Daemon-reload"
|
||||
systemd:
|
||||
daemon_reload: yes
|
||||
name: lufi
|
||||
when: lufi_systemd.changed
|
|
@ -0,0 +1,22 @@
|
|||
---
|
||||
|
||||
- name: '[User] - Add group'
|
||||
group:
|
||||
name: '{{ lufi_group }}'
|
||||
gid: '{{ lufi_gid }}'
|
||||
state: present
|
||||
|
||||
- name: '[User] - Add user lufi'
|
||||
user:
|
||||
name: '{{ lufi_username }}'
|
||||
uid: '{{ lufi_uid }}'
|
||||
shell: /bin/bash
|
||||
group: '{{ lufi_group }}'
|
||||
|
||||
- name: '[User] - Change ownership to lufi user'
|
||||
file:
|
||||
path: '{{ lufi_app_dir }}'
|
||||
owner: '{{ lufi_username }}'
|
||||
group: '{{ lufi_group }}'
|
||||
state: directory
|
||||
recurse: yes
|
|
@ -0,0 +1,21 @@
|
|||
[Unit]
|
||||
Description=File hosting service with encryption
|
||||
Documentation=https://git.framasoft.org/luc/lufi
|
||||
Requires=network.target
|
||||
After=network.target
|
||||
|
||||
[Service]
|
||||
Type=forking
|
||||
User={{ lufi_username }}
|
||||
RemainAfterExit=yes
|
||||
WorkingDirectory={{ lufi_app_dir }}
|
||||
PIDFile={{ lufi_app_dir }}/script/hypnotoad.pid
|
||||
ExecStart=/usr/bin/carton exec hypnotoad script/lufi
|
||||
ExecStop=/usr/bin/carton exec hypnotoad -s script/lufi
|
||||
ExecReload=/usr/bin/carton exec hypnotoad script/lufi
|
||||
Restart=always
|
||||
RestartSec=3
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
|
|
@ -0,0 +1,368 @@
|
|||
# vim:set sw=4 ts=4 sts=4 ft=perl expandtab:
|
||||
# {{ ansible_managed }}
|
||||
|
||||
{
|
||||
####################
|
||||
# Hypnotoad settings
|
||||
####################
|
||||
# see http://mojolicio.us/perldoc/Mojo/Server/Hypnotoad for a full list of settings
|
||||
hypnotoad => {
|
||||
# array of IP addresses and ports you want to listen to
|
||||
# you can specify a unix socket too, like 'http+unix://%2Ftmp%2Flufi.sock'
|
||||
listen => ['{{ lufi_listen }}'],
|
||||
# if you use Lufi behind a reverse proxy like Nginx, you want ro set proxy to 1
|
||||
# if you use Lufi directly, let it commented
|
||||
proxy => {{ lufi_proxy }},
|
||||
# Please read http://mojolicious.org/perldoc/Mojo/Server/Hypnotoad#workers
|
||||
# to adjust this to your server
|
||||
workers => {{ lufi_workers }},
|
||||
clients => {{ lufi_clients }},
|
||||
|
||||
},
|
||||
|
||||
# Put a way to contact you here and uncomment it
|
||||
# You can put some HTML in it
|
||||
# MANDATORY
|
||||
contact => '{{ lufi_contact }}',
|
||||
|
||||
# Put an URL or an email address to receive file reports and uncomment it
|
||||
# It's for make reporting illegal files easy for users
|
||||
# MANDATORY
|
||||
report => '{{ lufi_report }}',
|
||||
|
||||
|
||||
# Array of random strings used to encrypt cookies
|
||||
# optional, default is ['fdjsofjoihrei'], PLEASE, CHANGE IT
|
||||
secrets => ['{{ lufi_secrets }}'],
|
||||
|
||||
# Name of the instance, displayed next to the logo
|
||||
# optional, default is Lufi
|
||||
instance_name => '{{ lufi_instance_name }}',
|
||||
|
||||
# Choose a theme. See the available themes in `themes` directory
|
||||
# Optional, default is 'default'
|
||||
theme => '{{ lufi_theme }}',
|
||||
|
||||
# Length of the random URL
|
||||
# optional, default is 8
|
||||
length => {{ lufi_url_lenght }},
|
||||
|
||||
# How many URLs will be provisioned in a batch ?
|
||||
# optional, default is 5
|
||||
provis_step => {{ lufi_provis_step }},
|
||||
|
||||
# Max number of URLs to be provisioned
|
||||
# optional, default is 100
|
||||
provisioning => {{ lufi_provisioning }},
|
||||
|
||||
# Length of the modify/delete token
|
||||
# optional, default is 32
|
||||
token_length => {{ lufi_token_lenght }},
|
||||
|
||||
# Max file size, in octets
|
||||
# You can write it 100*1024*1024
|
||||
# optional, no default
|
||||
max_file_size => {{ lufi_max_file_size }},
|
||||
|
||||
# If you want to have piwik statistics, provide a piwik image tracker
|
||||
# Only the image tracker is allowed, no javascript
|
||||
# optional, no default
|
||||
#piwik_img => 'https://piwik.example.org/piwik.php?idsite=1&rec=1',
|
||||
|
||||
# Broadcast_message which will displayed on the index page
|
||||
# optional, no default
|
||||
#broadcast_message => 'Maintenance',
|
||||
|
||||
# Default time limit for files
|
||||
# Valid values are 0, 1, 7, 30 and 365
|
||||
# optional, default is 0 (no limit)
|
||||
default_delay => {{ lufi_default_delay }},
|
||||
|
||||
# Number of days after which the files will be deleted, even if they were uploaded with "no delay" (or value superior to max_delay)
|
||||
# A warning message will be displayed on homepage
|
||||
# optional, default is 0 (no limit)
|
||||
max_delay => {{ lufi_max_delay }},
|
||||
|
||||
# Size thresholds: if you want to define max delays for different sizes of file
|
||||
# The keys are size in Bytes, you can't have 10*1000*10000 as key
|
||||
# If a file is smaller than the smallest configured size, it will have a expiration delay of max_delay (see above)
|
||||
# optional, default is using max_delay (see above) for all sizes
|
||||
delay_for_size => {
|
||||
{% for item in lufi_delay_for_size %}
|
||||
{{ item.filesize }} => {{ item.delay }}, # {{ item.description }}
|
||||
{% endfor %}
|
||||
},
|
||||
# URL sub-directory in which you want Lufi to be accessible
|
||||
# example: you want to have Lufi under https://example.org/lufi/
|
||||
# => set prefix to '/lufi' or to '/lufi/', it doesn't matter
|
||||
# optional, defaut is /
|
||||
#prefix => '/',
|
||||
|
||||
# Array of authorized domains for API calls.
|
||||
# If you want to authorize everyone to use the API: ['*']
|
||||
# optional, no domains allowed by default
|
||||
#allowed_domains => ['http://1.example.com', 'http://2.example.com'],
|
||||
|
||||
# String of the URL to be redirected to when accessing /logout
|
||||
# optional, default is no redirection after logging out
|
||||
#logout_custom => 'https://sso.example.com/logout?redirect_uri=https%3A%2F%2Fexample.com',
|
||||
|
||||
# Define a path to the upload directory, where the uploaded files will be stored
|
||||
# You can define it relative to lufi directory or set an absolute path
|
||||
# Remember that it has to be in a directory writable by Lufi user
|
||||
# optional, default is 'files'
|
||||
upload_dir => '{{ lufi_upload_dir }}',
|
||||
|
||||
#!!!!!!!!!!!!!!!
|
||||
# EXPERIMENTAL !
|
||||
#!!!!!!!!!!!!!!!
|
||||
# You can store files on Swift object storage (https://en.wikipedia.org/wiki/OpenStack#Swift) instead of filesystem
|
||||
# Please read https://metacpan.org/pod/Net::OpenStack::Swift#SYNOPSIS to know how to configure this setting
|
||||
# IMPORTANT: add a `container` key in it, to let Lufi know which container to use. This is not a regular Net::OpenStack::Swift setting, but Lufi need it.
|
||||
# EXPERIMENTAL: if the upload or download of files are stucked, reload Lufi and create a cron task to reload Lufi once a day
|
||||
# You can copy Lufi files to Swift object storage by launching the command `carton exec script/lufi copyFilesToSwift` (can take a long time)
|
||||
# optional, no default
|
||||
#swift => {
|
||||
# auth_url => 'https://auth-endpoint-url/v2.0',
|
||||
# user => 'userid',
|
||||
# password => 'password',
|
||||
# tenant_name => 'project_id',
|
||||
# container => 'lufi'
|
||||
#},
|
||||
|
||||
# Allow to add a password on files, asked before allowing to download files
|
||||
# optional, default is 0
|
||||
allow_pwd_on_files => "{{ lufi_password_on_files }}",
|
||||
|
||||
# Force all files to be in "Burn after reading mode"
|
||||
# optional, default is 0
|
||||
#force_burn_after_reading => 0,
|
||||
|
||||
# If set, the files' URLs will always use this domain
|
||||
# optional, no default
|
||||
#fixed_domain => 'example.org',
|
||||
|
||||
# Abuse reasons
|
||||
# Set an integer in the abuse field of a file in the database and it will not be downloadable anymore
|
||||
# The reason will be displayed to the downloader, according to the reasons you will configure here.
|
||||
# optional, no default
|
||||
#abuse => {
|
||||
# 0 => 'Copyright infringment',
|
||||
# 1 => 'Illegal content',
|
||||
#},
|
||||
|
||||
###############
|
||||
# Mail settings
|
||||
###############
|
||||
|
||||
# Mail configuration
|
||||
# See https://metacpan.org/pod/Mojolicious::Plugin::Mail#EXAMPLES
|
||||
# optional, default to sendmail method with no arguments
|
||||
mail => {
|
||||
# # Valid values are 'sendmail' and 'smtp'
|
||||
from => '{{ lufi_mail_from }}',
|
||||
how => 'smtp',
|
||||
howargs => ['{{ lufi_mail_smtp_host }}',
|
||||
AuthUser => '{{ lufi_mail_user }}',
|
||||
AuthPass => '{{ lufi_mail_passwd }}',
|
||||
]
|
||||
},
|
||||
|
||||
# Email sender address
|
||||
# optional, default to no-reply@lufi.io
|
||||
mail_sender => '{{ lufi_mail_sender }}',
|
||||
|
||||
#############
|
||||
# DB settings
|
||||
#############
|
||||
|
||||
# Choose what database you want to use
|
||||
# Valid choices are sqlite, postgresql and mysql (all lowercase)
|
||||
# optional, default is sqlite
|
||||
dbtype => '{{ lufi_dbtype }}',
|
||||
|
||||
{% if lufi_dbtype == 'sqlite' %}
|
||||
# SQLite ONLY - only used if dbtype is set to sqlite
|
||||
# Define a path to the SQLite database
|
||||
# You can define it relative to lufi directory or set an absolute path
|
||||
# Remember that it has to be in a directory writable by Lufi user
|
||||
# optional, default is lufi.db
|
||||
|
||||
db_path => '{{ lufi_db_path }}',
|
||||
{% endif %}
|
||||
{% if lufi_dbtype == 'postgresql' %}
|
||||
# PostgreSQL ONLY - only used if dbtype is set to postgresql
|
||||
# These are the credentials to access the PostgreSQL database
|
||||
# mandatory if you choosed postgresql as dbtype
|
||||
pgdb => {
|
||||
database => '{{ lufi_dbname }}',
|
||||
host => '{{ lufi_dbhost }}',
|
||||
port => {{ lufi_dbport }},
|
||||
user => '{{ lufi_dbuser }}',
|
||||
pwd => '{{ lufi_dbpassword }}',
|
||||
# # https://mojolicious.org/perldoc/Mojo/Pg#max_connections
|
||||
# # optional, default is 1
|
||||
max_connections => {{ lufi_dbconections }},
|
||||
},
|
||||
{% endif %}
|
||||
{% if lufi_dbtype == 'mysqldb' %}
|
||||
# MySQL ONLY - only used if dbtype is set to mysql
|
||||
# These are the credentials to access the MySQL database
|
||||
# mandatory if you choosed mysql as dbtype
|
||||
mysqldb => {
|
||||
database => '{{ lufi_dbname }} ',
|
||||
host => '{{ lufi_dbhost }}',
|
||||
# optional, default is 3306
|
||||
port => {{ lufi_dbport }},
|
||||
user => '{{ lufi_dbuser }}',
|
||||
pwd => '{{ lufi_dbpassword }}',
|
||||
# https://metacpan.org/pod/Mojo::mysql#max_connections
|
||||
# optional, default is 5 (set to 0 to disable persistent connections)
|
||||
max_connections => {{ lufi_dbconections }},
|
||||
},
|
||||
{% endif %}
|
||||
|
||||
#############################################
|
||||
# LDAP settings (authentication and features)
|
||||
#############################################
|
||||
|
||||
# Set `ldap` if you want that only authenticated users can upload files
|
||||
# Please note that everybody can still download files
|
||||
# optional, no default
|
||||
#ldap => {
|
||||
# uri => 'ldaps://ldap.example.org', # server URI
|
||||
# user_tree => 'ou=users,dc=example,dc=org', # search base DN
|
||||
# bind_dn => 'uid=ldap_user,ou=users,dc=example,dc=org', # search bind DN
|
||||
# bind_pwd => 'secr3t', # search bind password
|
||||
# user_attr => 'uid', # user attribute (uid, mail, sAMAccountName, etc.)
|
||||
# user_filter => '(!(uid=ldap_user))', # user filter (to exclude some users, etc.)
|
||||
# # optional start_tls configuration. See https://metacpan.org/pod/distribution/perl-ldap/lib/Net/LDAP.pod#start_tls
|
||||
# # don't set or uncomment if you don't want to configure it
|
||||
# start_tls => {
|
||||
# verify => 'optional',
|
||||
# clientcert => '/etc/ssl/certs/ca-bundle.pem'
|
||||
# }
|
||||
#},
|
||||
|
||||
# If you've set ldap above, the session will last `session_duration` seconds before
|
||||
# the user needs to reauthenticate
|
||||
# optional, default is 3600
|
||||
#session_duration => 3600,
|
||||
|
||||
# If you use `ldap` for authentication, you can map some attributes from LDAP to be able to access them in Lufi
|
||||
# Those attributes will be accessible with:
|
||||
# $c->current_user->{lufi_attribute_name} in Lufi backend files (all that is in `lib` directory)
|
||||
# <%= $self->current_user->{lufi_attribute_name} %> in templates files (in `themes` directory)
|
||||
#
|
||||
# Define the attributes like this: `lufi_attribute_name => 'LDAP_attribute_name'`
|
||||
# Note that you can’t use `username` as a Lufi attribute name: this name is reserved and will contain the login of the user
|
||||
# optional, no default
|
||||
#ldap_map_attr => {
|
||||
# displayname => 'cn',
|
||||
# mail => 'mail'
|
||||
#},
|
||||
|
||||
# When using LDAP authentication, LDAP users can invite people (by mail) to use Lufi to send them files without
|
||||
# being authenticated.
|
||||
# This is where you configure the behavior of the invitations.
|
||||
# You may need to fetch some attributes from LDAP to use some invitations settings. See `ldap_map_attr` above.
|
||||
# optional, no default
|
||||
#invitations => {
|
||||
# # The name of the key set in `ldap_map_attr` (above) that corresponds to the mail of the LDAP user
|
||||
# # optional, default is `mail`
|
||||
# mail_attr => 'mail',
|
||||
# # The `From` header of invitation mail can be the mail of the LDAP user
|
||||
# # Be sure to have a mail system that will correctly send the mail from your users! (DKIM, SPF…)
|
||||
# # To enable this feature, set it to 1
|
||||
# # optional, disabled by default
|
||||
# send_invitation_with_ldap_user_mail => 1,
|
||||
# # The user is able to set an expiration delay for the invitation.
|
||||
# # This expiration delay can’t be more than this setting (in days).
|
||||
# # optional, default is 30 days
|
||||
# max_invitation_expiration_delay => 30,
|
||||
# # Once the guest has submitted his files, he has an additional period of time to submit forgotten files.
|
||||
# # You can set that additional period of time in minutes here.
|
||||
# # To disable that feature, set it to 0 or less
|
||||
# # optional, default is 10 minutes
|
||||
# max_additional_period => 10,
|
||||
# # Lufi follows privacy-by-design, so, by default, no files URLs (with the decode secret) are stored in database.
|
||||
# # However, the concern is different for this case. Storing files URLs makes users able to retrieve the guests’ sent files
|
||||
# # from their `invitations` page.
|
||||
# # Set to 1 to store guests’ files URLs in database
|
||||
# # optional, default is 0 (disabled)
|
||||
# save_files_url_in_db => 0,
|
||||
# # Users can resend the invitation to their guest. This does not extend the invitation’s expiration delay unless you
|
||||
# # set this option to 1.
|
||||
# # optional, default is 0 (disabled)
|
||||
# extend_invitation_expiration_on_resend => 0,
|
||||
#},
|
||||
|
||||
#########################
|
||||
# Htpasswd authentication
|
||||
#########################
|
||||
|
||||
# Set `htpasswd` if you want to use an htpasswd file instead of ldap
|
||||
# See 'man htpasswd' to know how to create such file
|
||||
#htpasswd => 'lufi.passwd',
|
||||
|
||||
#######################
|
||||
# HTTP Headers settings
|
||||
#######################
|
||||
|
||||
# Content-Security-Policy header that will be sent by Lufi
|
||||
# Set to '' to disable CSP header
|
||||
# https://content-security-policy.com/ provides a good documentation about CSP.
|
||||
# https://report-uri.com/home/generate provides a tool to generate a CSP header.
|
||||
# optional, default is "base-uri 'self'; connect-src 'self' ws://YOUR_HOST; default-src 'none'; font-src 'self'; form-action 'self'; frame-ancestors 'none'; img-src 'self' blob:; media-src blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'"
|
||||
#csp => "",
|
||||
|
||||
# X-Frame-Options header that will be sent by Lufi
|
||||
# Valid values are: 'DENY', 'SAMEORIGIN', 'ALLOW-FROM https://example.com/'
|
||||
# Set to '' to disable X-Frame-Options header
|
||||
# See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
|
||||
# Please note that this will add a "frame-ancestors" directive to the CSP header (see above) accordingly
|
||||
# to the chosen setting (See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors)
|
||||
# optional, default is 'DENY'
|
||||
#x_frame_options => 'DENY',
|
||||
|
||||
# X-Content-Type-Options that will be sent by Lufi
|
||||
# See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options
|
||||
# Set to '' to disable X-Content-Type-Options header
|
||||
# optional, default is 'nosniff'
|
||||
#x_content_type_options => 'nosniff',
|
||||
|
||||
# X-XSS-Protection that will be sent by Lufi
|
||||
# See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection
|
||||
# Set to '' to disable X-XSS-Protection header
|
||||
# optional, default is '1; mode=block'
|
||||
#x_xss_protection => '1; mode=block',
|
||||
|
||||
#########################
|
||||
# Lufi cron jobs settings
|
||||
#########################
|
||||
|
||||
# Expired files will be kept for 2 additional days after the expiration time has passed!
|
||||
# The reasoning behind this is to allow downloads to complete and avoid deleting them while
|
||||
# they are still being tranfered.
|
||||
|
||||
# Number of days senders' IP addresses are kept in database
|
||||
# After that delay, they will be deleted from database (used with script/lufi cron cleanbdd)
|
||||
# optional, default is 365
|
||||
keep_ip_during => {{ lufi_keep_senders_ip }},
|
||||
|
||||
# Max size of the files directory, in octets
|
||||
# Used by script/lufi cron watch to trigger an action
|
||||
# optional, no default
|
||||
max_total_size => {{ lufi_total_size }},
|
||||
|
||||
# Default action when files directory is over max_total_size (used with script/lufi cron watch)
|
||||
# Valid values are 'warn', 'stop-upload' and 'delete'
|
||||
# Please, see README.md
|
||||
# optional, default is 'warn'
|
||||
policy_when_full => '{{ lufi_when_dir_full }}',
|
||||
|
||||
# Files which are not viewed since delete_no_longer_viewed_files days will be deleted by the cron cleanfiles task
|
||||
# If delete_no_longer_viewed_files is not set, the no longer viewed files will NOT be deleted
|
||||
# optional, no default
|
||||
delete_no_longer_viewed_files => {{ lufi_delete_old_files }}
|
||||
};
|
Loading…
Reference in New Issue