update to 1.6.1 (#13)

Reviewed-on: #13
Reviewed-by: muppeth <muppeth@no-reply@disroot.org>
Co-authored-by: meaz <meaz@disroot.org>
Co-committed-by: meaz <meaz@disroot.org>

defaults/main.yml

@@ -1,7 +1,7 @@
 ---
 
 #PRIVATE BIN VARIABLES
-privatebin_version: '1.6.0'
+privatebin_version: '1.6.1'
 privatebin_app_dir: '/var/www/privatebin'
 privatebin_user: 'www-data'
 privatebin_group: 'www-data'

templates/cfg/conf.php.j2

@@ -7,8 +7,9 @@
 ; (optional) set a project name to be displayed on the website
 name = "{{ privatebin_name }}"
 
-; The full URL, with the domain name and directories that point to the PrivateBin files
-; This URL is essential to allow Opengraph images to be displayed on social networks
+; The full URL, with the domain name and directories that point to the
+; PrivateBin files, including an ending slash (/). This URL is essential to
+; allow Opengraph images to be displayed on social networks.
 ; basepath = ""
 
 ; enable or disable the discussion feature, defaults to true
@@ -40,6 +41,7 @@ sizelimit = {{ privatebin_sizelimit }}
 template = "{{ privatebin_theme }}"
 
 ; (optional) info text to display
+; use single, instead of double quotes for HTML attributes
 info = "{{ privatebin_info }}"
 
 ; (optional) notice to display
@@ -54,9 +56,9 @@ languageselection = {{ privatebin_language_selection }}
 ; if this is set and language selection is disabled, this will be the only language
 languagedefault = "{{ privatebin_defaultlang }}"
 
-; (optional) URL shortener address to offer after a new paste is created
-; it is suggested to only use this with self-hosted shorteners as this will leak
-; the pastes encryption key
+; (optional) URL shortener address to offer after a new paste is created.
+; It is suggested to only use this with self-hosted shorteners as this will leak
+; the pastes encryption key.
 ; urlshortener = "https://shortener.example.com/api?link="
 
 ; (optional) Let users create a QR code for sharing the paste URL with one click.
@@ -67,12 +69,12 @@ qrcode = {{ privatebin_qrcode }}
 ; It works both when a new paste is created and when you view a paste.
 email = {{ privatebin_email }} 
 
-
 ; (optional) IP based icons are a weak mechanism to detect if a comment was from
-; a different user when the same username was used in a comment. It might be
-; used to get the IP of a non anonymous comment poster if the server salt is
-; leaked and a SHA256 HMAC rainbow table is generated for all (relevant) IPs.
-; Can be set to one these values: none / vizhash / identicon (default).
+; a different user when the same username was used in a comment. It might get
+; used to get the IP of a comment poster if the server salt is leaked and a
+; SHA512 HMAC rainbow table is generated for all (relevant) IPs.
+; Can be set to one these values:
+; "none" / "identicon" (default) / "jdenticon" / "vizhash".
 icon = {{ privatebin_ip_icon }}
 
 ; Content Security Policy headers allow a website to restrict what sources are
@@ -141,13 +143,22 @@ markdown = "Markdown"
 ; Set this to 0 to disable rate limiting.
 limit = {{ privatebin_ratelimit }}
 
+; (optional) Set IPs addresses (v4 or v6) or subnets (CIDR) which are exempted
+; from the rate-limit. Invalid IPs will be ignored. If multiple values are to
+; be exempted, the list needs to be comma separated. Leave unset to disable
+; exemptions.
+; exempted = "1.2.3.4,10.10.10/24"
+
+; (optional) If you want only some source IP addresses (v4 or v6) or subnets
+; (CIDR) to be allowed to create pastes, set these here. Invalid IPs will be
+; ignored. If multiple values are to be exempted, the list needs to be comma
+; separated. Leave unset to allow anyone to create pastes.
+; creators = "1.2.3.4,10.10.10/24"
+
 ; (optional) if your website runs behind a reverse proxy or load balancer,
 ; set the HTTP header containing the visitors IP address, i.e. X_FORWARDED_FOR
 header = "{{ privatebin_header }}"
 
-; directory to store the traffic limits in
-dir = PATH "{{ privatebin_data_dir }}"
-
 [purge]
 ; minimum time limit between two purgings of expired pastes, it is only
 ; triggered when pastes are created
@@ -159,7 +170,11 @@ limit = {{ privatebin_purge_limit }}
 ; site
 batchsize = {{ privatebin_purge_batchsize }}
 
-; directory to store the purge limit in
+[model]
+; name of data model class to load and directory for storage
+; the default model "Filesystem" stores everything in the filesystem
+class = Filesystem
+[model_options]
 dir = PATH "{{ privatebin_data_dir }}"
 
 ;[model]
@@ -168,13 +183,7 @@ dir = PATH "{{ privatebin_data_dir }}"
 ;[model_options]
 ;bucket = "my-private-bin"
 ;prefix = "pastes"
-
-[model]
-; name of data model class to load and directory for storage
-; the default model "Filesystem" stores everything in the filesystem
-class = Filesystem
-[model_options]
-dir = PATH "{{ privatebin_data_dir }}"
+;uniformacl = false
 
 ;[model]
 ; example of DB configuration for MySQL
@@ -194,3 +203,65 @@ dir = PATH "{{ privatebin_data_dir }}"
 ;usr = null
 ;pwd = null
 ;opt[12] = true	; PDO::ATTR_PERSISTENT
+
+;[model]
+; example of DB configuration for PostgreSQL
+;class = Database
+;[model_options]
+;dsn = "pgsql:host=localhost;dbname=privatebin"
+;tbl = "privatebin_"     ; table prefix
+;usr = "privatebin"
+;pwd = "Z3r0P4ss"
+;opt[12] = true    ; PDO::ATTR_PERSISTENT
+
+;[model]
+; example of S3 configuration for Rados gateway / CEPH
+;class = S3Storage
+;[model_options]
+;region = ""
+;version = "2006-03-01"
+;endpoint = "https://s3.my-ceph.invalid"
+;use_path_style_endpoint = true
+;bucket = "my-bucket"
+;accesskey = "my-rados-user"
+;secretkey = "my-rados-pass"
+
+;[model]
+; example of S3 configuration for AWS
+;class = S3Storage
+;[model_options]
+;region = "eu-central-1"
+;version = "latest"
+;bucket = "my-bucket"
+;accesskey = "access key id"
+;secretkey = "secret access key"
+
+;[model]
+; example of S3 configuration for AWS using its SDK default credential provider chain
+; if relying on environment variables, the AWS SDK will look for the following:
+; - AWS_ACCESS_KEY_ID
+; - AWS_SECRET_ACCESS_KEY
+; - AWS_SESSION_TOKEN (if needed)
+; for more details, see https://docs.aws.amazon.com/sdk-for-php/v3/developer-guide/guide_credentials.html#default-credential-chain 
+;class = S3Storage
+;[model_options]
+;region = "eu-central-1"
+;version = "latest"
+;bucket = "my-bucket"
+
+[yourls]
+; When using YOURLS as a "urlshortener" config item:
+; - By default, "urlshortener" will point to the YOURLS API URL, with or without
+;   credentials, and will be visible in public on the PrivateBin web page.
+;   Only use this if you allow short URL creation without credentials.
+; - Alternatively, using the parameters in this section ("signature" and
+;   "apiurl"), "urlshortener" needs to point to the base URL of your PrivateBin
+;   instance with "shortenviayourls?link=" appended. For example:
+;   urlshortener = "${basepath}shortenviayourls?link="
+;   This URL will in turn call YOURLS on the server side, using the URL from
+;   "apiurl" and the "access signature" from the "signature" parameters below.
+
+; (optional) the "signature" (access key) issued by YOURLS for the using account
+; signature = ""
+; (optional) the URL of the YOURLS API, called to shorten a PrivateBin URL
+; apiurl = "https://yourls.example.com/yourls-api.php"