Initial QSfera import
This commit is contained in:
@@ -0,0 +1,63 @@
|
||||
{
|
||||
"clientId": "КуСфераAndroid",
|
||||
"name": "КуСфера Android App",
|
||||
"surrogateAuthRequired": false,
|
||||
"enabled": true,
|
||||
"alwaysDisplayInConsole": false,
|
||||
"clientAuthenticatorType": "client-secret",
|
||||
"redirectUris": [
|
||||
"oc://android.qsfera.eu"
|
||||
],
|
||||
"webOrigins": [],
|
||||
"notBefore": 0,
|
||||
"bearerOnly": false,
|
||||
"consentRequired": false,
|
||||
"standardFlowEnabled": true,
|
||||
"implicitFlowEnabled": false,
|
||||
"directAccessGrantsEnabled": true,
|
||||
"serviceAccountsEnabled": false,
|
||||
"publicClient": true,
|
||||
"frontchannelLogout": false,
|
||||
"protocol": "openid-connect",
|
||||
"attributes": {
|
||||
"saml.assertion.signature": "false",
|
||||
"saml.force.post.binding": "false",
|
||||
"saml.multivalued.roles": "false",
|
||||
"saml.encrypt": "false",
|
||||
"post.logout.redirect.uris": "oc://android.qsfera.eu",
|
||||
"backchannel.logout.revoke.offline.tokens": "false",
|
||||
"saml.server.signature": "false",
|
||||
"saml.server.signature.keyinfo.ext": "false",
|
||||
"exclude.session.state.from.auth.response": "false",
|
||||
"backchannel.logout.session.required": "true",
|
||||
"client_credentials.use_refresh_token": "false",
|
||||
"saml_force_name_id_format": "false",
|
||||
"saml.client.signature": "false",
|
||||
"tls.client.certificate.bound.access.tokens": "false",
|
||||
"saml.authnstatement": "false",
|
||||
"display.on.consent.screen": "false",
|
||||
"saml.onetimeuse.condition": "false"
|
||||
},
|
||||
"authenticationFlowBindingOverrides": {},
|
||||
"fullScopeAllowed": true,
|
||||
"nodeReRegistrationTimeout": -1,
|
||||
"defaultClientScopes": [
|
||||
"web-origins",
|
||||
"profile",
|
||||
"roles",
|
||||
"groups",
|
||||
"basic",
|
||||
"email"
|
||||
],
|
||||
"optionalClientScopes": [
|
||||
"address",
|
||||
"phone",
|
||||
"offline_access",
|
||||
"microprofile-jwt"
|
||||
],
|
||||
"access": {
|
||||
"view": true,
|
||||
"configure": true,
|
||||
"manage": true
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,64 @@
|
||||
{
|
||||
"clientId": "КуСфераDesktop",
|
||||
"name": "КуСфера Desktop Client",
|
||||
"surrogateAuthRequired": false,
|
||||
"enabled": true,
|
||||
"alwaysDisplayInConsole": false,
|
||||
"clientAuthenticatorType": "client-secret",
|
||||
"redirectUris": [
|
||||
"http://127.0.0.1",
|
||||
"http://localhost"
|
||||
],
|
||||
"webOrigins": [],
|
||||
"notBefore": 0,
|
||||
"bearerOnly": false,
|
||||
"consentRequired": false,
|
||||
"standardFlowEnabled": true,
|
||||
"implicitFlowEnabled": false,
|
||||
"directAccessGrantsEnabled": true,
|
||||
"serviceAccountsEnabled": false,
|
||||
"publicClient": true,
|
||||
"frontchannelLogout": false,
|
||||
"protocol": "openid-connect",
|
||||
"attributes": {
|
||||
"saml.assertion.signature": "false",
|
||||
"saml.force.post.binding": "false",
|
||||
"saml.multivalued.roles": "false",
|
||||
"saml.encrypt": "false",
|
||||
"post.logout.redirect.uris": "+",
|
||||
"backchannel.logout.revoke.offline.tokens": "false",
|
||||
"saml.server.signature": "false",
|
||||
"saml.server.signature.keyinfo.ext": "false",
|
||||
"exclude.session.state.from.auth.response": "false",
|
||||
"backchannel.logout.session.required": "true",
|
||||
"client_credentials.use_refresh_token": "false",
|
||||
"saml_force_name_id_format": "false",
|
||||
"saml.client.signature": "false",
|
||||
"tls.client.certificate.bound.access.tokens": "false",
|
||||
"saml.authnstatement": "false",
|
||||
"display.on.consent.screen": "false",
|
||||
"saml.onetimeuse.condition": "false"
|
||||
},
|
||||
"authenticationFlowBindingOverrides": {},
|
||||
"fullScopeAllowed": true,
|
||||
"nodeReRegistrationTimeout": -1,
|
||||
"defaultClientScopes": [
|
||||
"web-origins",
|
||||
"profile",
|
||||
"roles",
|
||||
"groups",
|
||||
"basic",
|
||||
"email"
|
||||
],
|
||||
"optionalClientScopes": [
|
||||
"address",
|
||||
"phone",
|
||||
"offline_access",
|
||||
"microprofile-jwt"
|
||||
],
|
||||
"access": {
|
||||
"view": true,
|
||||
"configure": true,
|
||||
"manage": true
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,63 @@
|
||||
{
|
||||
"clientId": "КуСфераIOS",
|
||||
"name": "КуСфера iOS App",
|
||||
"surrogateAuthRequired": false,
|
||||
"enabled": true,
|
||||
"alwaysDisplayInConsole": false,
|
||||
"clientAuthenticatorType": "client-secret",
|
||||
"redirectUris": [
|
||||
"oc://ios.qsfera.eu"
|
||||
],
|
||||
"webOrigins": [],
|
||||
"notBefore": 0,
|
||||
"bearerOnly": false,
|
||||
"consentRequired": false,
|
||||
"standardFlowEnabled": true,
|
||||
"implicitFlowEnabled": false,
|
||||
"directAccessGrantsEnabled": true,
|
||||
"serviceAccountsEnabled": false,
|
||||
"publicClient": true,
|
||||
"frontchannelLogout": false,
|
||||
"protocol": "openid-connect",
|
||||
"attributes": {
|
||||
"saml.assertion.signature": "false",
|
||||
"saml.force.post.binding": "false",
|
||||
"saml.multivalued.roles": "false",
|
||||
"saml.encrypt": "false",
|
||||
"post.logout.redirect.uris": "oc://ios.qsfera.eu",
|
||||
"backchannel.logout.revoke.offline.tokens": "false",
|
||||
"saml.server.signature": "false",
|
||||
"saml.server.signature.keyinfo.ext": "false",
|
||||
"exclude.session.state.from.auth.response": "false",
|
||||
"backchannel.logout.session.required": "true",
|
||||
"client_credentials.use_refresh_token": "false",
|
||||
"saml_force_name_id_format": "false",
|
||||
"saml.client.signature": "false",
|
||||
"tls.client.certificate.bound.access.tokens": "false",
|
||||
"saml.authnstatement": "false",
|
||||
"display.on.consent.screen": "false",
|
||||
"saml.onetimeuse.condition": "false"
|
||||
},
|
||||
"authenticationFlowBindingOverrides": {},
|
||||
"fullScopeAllowed": true,
|
||||
"nodeReRegistrationTimeout": -1,
|
||||
"defaultClientScopes": [
|
||||
"web-origins",
|
||||
"profile",
|
||||
"roles",
|
||||
"groups",
|
||||
"basic",
|
||||
"email"
|
||||
],
|
||||
"optionalClientScopes": [
|
||||
"address",
|
||||
"phone",
|
||||
"offline_access",
|
||||
"microprofile-jwt"
|
||||
],
|
||||
"access": {
|
||||
"view": true,
|
||||
"configure": true,
|
||||
"manage": true
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,66 @@
|
||||
{
|
||||
"clientId": "Cyberduck",
|
||||
"name": "Cyberduck",
|
||||
"description": "File transfer utility client",
|
||||
"surrogateAuthRequired": false,
|
||||
"enabled": true,
|
||||
"alwaysDisplayInConsole": false,
|
||||
"clientAuthenticatorType": "client-secret",
|
||||
"redirectUris": [
|
||||
"x-cyberduck-action:oauth",
|
||||
"x-mountainduck-action:oauth"
|
||||
],
|
||||
"webOrigins": [],
|
||||
"notBefore": 0,
|
||||
"bearerOnly": false,
|
||||
"consentRequired": false,
|
||||
"standardFlowEnabled": true,
|
||||
"implicitFlowEnabled": false,
|
||||
"directAccessGrantsEnabled": true,
|
||||
"serviceAccountsEnabled": false,
|
||||
"publicClient": true,
|
||||
"frontchannelLogout": false,
|
||||
"protocol": "openid-connect",
|
||||
"attributes": {
|
||||
"saml.assertion.signature": "false",
|
||||
"saml.force.post.binding": "false",
|
||||
"saml.multivalued.roles": "false",
|
||||
"saml.encrypt": "false",
|
||||
"oauth2.device.authorization.grant.enabled": "false",
|
||||
"backchannel.logout.revoke.offline.tokens": "false",
|
||||
"saml.server.signature": "false",
|
||||
"saml.server.signature.keyinfo.ext": "false",
|
||||
"exclude.session.state.from.auth.response": "false",
|
||||
"oidc.ciba.grant.enabled": "false",
|
||||
"backchannel.logout.session.required": "true",
|
||||
"client_credentials.use_refresh_token": "false",
|
||||
"saml_force_name_id_format": "false",
|
||||
"saml.client.signature": "false",
|
||||
"tls.client.certificate.bound.access.tokens": "false",
|
||||
"saml.authnstatement": "false",
|
||||
"display.on.consent.screen": "false",
|
||||
"saml.onetimeuse.condition": "false"
|
||||
},
|
||||
"authenticationFlowBindingOverrides": {},
|
||||
"fullScopeAllowed": true,
|
||||
"nodeReRegistrationTimeout": -1,
|
||||
"defaultClientScopes": [
|
||||
"web-origins",
|
||||
"profile",
|
||||
"roles",
|
||||
"groups",
|
||||
"basic",
|
||||
"email"
|
||||
],
|
||||
"optionalClientScopes": [
|
||||
"address",
|
||||
"phone",
|
||||
"offline_access",
|
||||
"microprofile-jwt"
|
||||
],
|
||||
"access": {
|
||||
"view": true,
|
||||
"configure": true,
|
||||
"manage": true
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,74 @@
|
||||
{
|
||||
"clientId": "web",
|
||||
"name": "КуСфера Web App",
|
||||
"description": "",
|
||||
"rootUrl": "{{OC_URL}}",
|
||||
"adminUrl": "{{OC_URL}}",
|
||||
"baseUrl": "",
|
||||
"surrogateAuthRequired": false,
|
||||
"enabled": true,
|
||||
"alwaysDisplayInConsole": false,
|
||||
"clientAuthenticatorType": "client-secret",
|
||||
"redirectUris": [
|
||||
"{{OC_URL}}/",
|
||||
"{{OC_URL}}/oidc-callback.html",
|
||||
"{{OC_URL}}/oidc-silent-redirect.html"
|
||||
],
|
||||
"webOrigins": [
|
||||
"{{OC_URL}}"
|
||||
],
|
||||
"notBefore": 0,
|
||||
"bearerOnly": false,
|
||||
"consentRequired": false,
|
||||
"standardFlowEnabled": true,
|
||||
"implicitFlowEnabled": false,
|
||||
"directAccessGrantsEnabled": true,
|
||||
"serviceAccountsEnabled": false,
|
||||
"publicClient": true,
|
||||
"frontchannelLogout": false,
|
||||
"protocol": "openid-connect",
|
||||
"attributes": {
|
||||
"saml.assertion.signature": "false",
|
||||
"saml.force.post.binding": "false",
|
||||
"saml.multivalued.roles": "false",
|
||||
"saml.encrypt": "false",
|
||||
"post.logout.redirect.uris": "+",
|
||||
"oauth2.device.authorization.grant.enabled": "false",
|
||||
"backchannel.logout.revoke.offline.tokens": "false",
|
||||
"saml.server.signature": "false",
|
||||
"saml.server.signature.keyinfo.ext": "false",
|
||||
"exclude.session.state.from.auth.response": "false",
|
||||
"oidc.ciba.grant.enabled": "false",
|
||||
"backchannel.logout.url": "{{OC_URL}}/backchannel_logout",
|
||||
"backchannel.logout.session.required": "true",
|
||||
"client_credentials.use_refresh_token": "false",
|
||||
"saml_force_name_id_format": "false",
|
||||
"saml.client.signature": "false",
|
||||
"tls.client.certificate.bound.access.tokens": "false",
|
||||
"saml.authnstatement": "false",
|
||||
"display.on.consent.screen": "false",
|
||||
"saml.onetimeuse.condition": "false"
|
||||
},
|
||||
"authenticationFlowBindingOverrides": {},
|
||||
"fullScopeAllowed": true,
|
||||
"nodeReRegistrationTimeout": -1,
|
||||
"defaultClientScopes": [
|
||||
"web-origins",
|
||||
"profile",
|
||||
"roles",
|
||||
"groups",
|
||||
"basic",
|
||||
"email"
|
||||
],
|
||||
"optionalClientScopes": [
|
||||
"address",
|
||||
"phone",
|
||||
"offline_access",
|
||||
"microprofile-jwt"
|
||||
],
|
||||
"access": {
|
||||
"view": true,
|
||||
"configure": true,
|
||||
"manage": true
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,8 @@
|
||||
#!/bin/bash
|
||||
printenv
|
||||
# replace qsfera domain and LDAP password in keycloak realm import
|
||||
mkdir /opt/keycloak/data/import
|
||||
sed -e "s/cloud.qsfera.test/${OC_DOMAIN}/g" -e "s/ldap-admin-password/${LDAP_ADMIN_PASSWORD:-admin}/g" /opt/keycloak/data/import-dist/qsfera-realm.json > /opt/keycloak/data/import/qsfera-realm.json
|
||||
|
||||
# run original docker-entrypoint
|
||||
/opt/keycloak/bin/kc.sh "$@"
|
||||
+2265
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
@@ -0,0 +1,9 @@
|
||||
#!/bin/bash
|
||||
printenv
|
||||
|
||||
if [ ! -f /opt/bitnami/openldap/share/openldap.key ]
|
||||
then
|
||||
openssl req -x509 -newkey rsa:4096 -keyout /opt/bitnami/openldap/share/openldap.key -out /opt/bitnami/openldap/share/openldap.crt -sha256 -days 365 -batch -nodes
|
||||
fi
|
||||
# run original docker-entrypoint
|
||||
/opt/bitnami/scripts/openldap/entrypoint.sh "$@"
|
||||
@@ -0,0 +1,24 @@
|
||||
dn: dc=qsfera,dc=eu
|
||||
objectClass: organization
|
||||
objectClass: dcObject
|
||||
dc: qsfera
|
||||
o: qsfera
|
||||
|
||||
dn: ou=users,dc=qsfera,dc=eu
|
||||
objectClass: organizationalUnit
|
||||
ou: users
|
||||
|
||||
dn: cn=admin,dc=qsfera,dc=eu
|
||||
objectClass: inetOrgPerson
|
||||
objectClass: person
|
||||
cn: admin
|
||||
sn: admin
|
||||
uid: ldapadmin
|
||||
|
||||
dn: ou=groups,dc=qsfera,dc=eu
|
||||
objectClass: organizationalUnit
|
||||
ou: groups
|
||||
|
||||
dn: ou=custom,ou=groups,dc=qsfera,dc=eu
|
||||
objectClass: organizationalUnit
|
||||
ou: custom
|
||||
@@ -0,0 +1,84 @@
|
||||
# Start dn with uid (user identifier / login), not cn (Firstname + Surname)
|
||||
dn: uid=alan,ou=users,dc=qsfera,dc=eu
|
||||
objectClass: inetOrgPerson
|
||||
objectClass: organizationalPerson
|
||||
objectClass: person
|
||||
objectClass: top
|
||||
uid: alan
|
||||
givenName: Alan
|
||||
sn: Turing
|
||||
cn: alan
|
||||
displayName: Alan Turing
|
||||
description: An English mathematician, computer scientist, logician, cryptanalyst, philosopher and theoretical biologist. He was highly influential in the development of theoretical computer science, providing a formalisation of the concepts of algorithm and computation with the Turing machine.
|
||||
mail: alan@example.org
|
||||
userPassword:: e1NTSEF9Y2ZMdVlqMTBDUFpLWE44VC9mQ0FzYnFHQmtyZExJeGg=
|
||||
|
||||
dn: uid=lynn,ou=users,dc=qsfera,dc=eu
|
||||
objectClass: inetOrgPerson
|
||||
objectClass: organizationalPerson
|
||||
objectClass: person
|
||||
objectClass: top
|
||||
uid: lynn
|
||||
givenName: Lynn
|
||||
sn: Conway
|
||||
cn: lynn
|
||||
displayName: Lynn Conway
|
||||
description: An American computer scientist, electrical engineer, and transgender activist.
|
||||
mail: lynn@example.org
|
||||
userPassword:: e1NTSEF9Y2ZMdVlqMTBDUFpLWE44VC9mQ0FzYnFHQmtyZExJeGg=
|
||||
|
||||
dn: uid=mary,ou=users,dc=qsfera,dc=eu
|
||||
objectClass: inetOrgPerson
|
||||
objectClass: organizationalPerson
|
||||
objectClass: person
|
||||
objectClass: top
|
||||
uid: mary
|
||||
givenName: Mary
|
||||
sn: Kenneth Keller
|
||||
cn: mary
|
||||
displayName: Mary Kenneth Keller
|
||||
description: Mary Kenneth Keller of the Sisters of Charity of the Blessed Virgin Mary was a pioneer in computer science.
|
||||
mail: mary@example.org
|
||||
userPassword:: e1NTSEF9Y2ZMdVlqMTBDUFpLWE44VC9mQ0FzYnFHQmtyZExJeGg=
|
||||
|
||||
dn: uid=margaret,ou=users,dc=qsfera,dc=eu
|
||||
objectClass: inetOrgPerson
|
||||
objectClass: organizationalPerson
|
||||
objectClass: person
|
||||
objectClass: top
|
||||
uid: margaret
|
||||
givenName: Margaret
|
||||
sn: Hamilton
|
||||
cn: margaret
|
||||
displayName: Margaret Hamilton
|
||||
description: A director of the Software Engineering Division of the MIT Instrumentation Laboratory, which developed on-board flight software for NASA's Apollo program.
|
||||
mail: margaret@example.org
|
||||
userPassword:: e1NTSEF9Y2ZMdVlqMTBDUFpLWE44VC9mQ0FzYnFHQmtyZExJeGg=
|
||||
|
||||
dn: uid=dennis,ou=users,dc=qsfera,dc=eu
|
||||
objectClass: inetOrgPerson
|
||||
objectClass: organizationalPerson
|
||||
objectClass: person
|
||||
objectClass: top
|
||||
uid: dennis
|
||||
givenName: Dennis
|
||||
sn: Ritchie
|
||||
cn: dennis
|
||||
displayName: Dennis Ritchie
|
||||
description: American computer scientist. He created the C programming language and the Unix operating system and B language with long-time colleague Ken Thompson.
|
||||
mail: dennis@example.org
|
||||
userPassword:: e1NTSEF9Y2ZMdVlqMTBDUFpLWE44VC9mQ0FzYnFHQmtyZExJeGg=
|
||||
|
||||
dn: uid=admin,ou=users,dc=qsfera,dc=eu
|
||||
objectClass: inetOrgPerson
|
||||
objectClass: organizationalPerson
|
||||
objectClass: person
|
||||
objectClass: top
|
||||
uid: admin
|
||||
givenName: Admin
|
||||
sn: Admin
|
||||
cn: admin
|
||||
displayName: Admin
|
||||
description: An admin for this КуСфера instance.
|
||||
mail: admin@example.org
|
||||
userPassword:: e1NTSEF9UWhmaFB3dERydTUydURoWFFObDRMbzVIckI3TkI5Nmo==
|
||||
@@ -0,0 +1,70 @@
|
||||
dn: cn=users,ou=groups,dc=qsfera,dc=eu
|
||||
objectClass: groupOfNames
|
||||
objectClass: top
|
||||
cn: users
|
||||
description: Users
|
||||
member: uid=alan,ou=users,dc=qsfera,dc=eu
|
||||
member: uid=mary,ou=users,dc=qsfera,dc=eu
|
||||
member: uid=margaret,ou=users,dc=qsfera,dc=eu
|
||||
member: uid=dennis,ou=users,dc=qsfera,dc=eu
|
||||
member: uid=lynn,ou=users,dc=qsfera,dc=eu
|
||||
member: uid=admin,ou=users,dc=qsfera,dc=eu
|
||||
|
||||
dn: cn=chess-lovers,ou=groups,dc=qsfera,dc=eu
|
||||
objectClass: groupOfNames
|
||||
objectClass: top
|
||||
cn: chess-lovers
|
||||
description: Chess lovers
|
||||
member: uid=alan,ou=users,dc=qsfera,dc=eu
|
||||
|
||||
dn: cn=machine-lovers,ou=groups,dc=qsfera,dc=eu
|
||||
objectClass: groupOfNames
|
||||
objectClass: top
|
||||
cn: machine-lovers
|
||||
description: Machine Lovers
|
||||
member: uid=alan,ou=users,dc=qsfera,dc=eu
|
||||
|
||||
dn: cn=bible-readers,ou=groups,dc=qsfera,dc=eu
|
||||
objectClass: groupOfNames
|
||||
objectClass: top
|
||||
cn: bible-readers
|
||||
description: Bible readers
|
||||
member: uid=mary,ou=users,dc=qsfera,dc=eu
|
||||
|
||||
dn: cn=apollos,ou=groups,dc=qsfera,dc=eu
|
||||
objectClass: groupOfNames
|
||||
objectClass: top
|
||||
cn: apollos
|
||||
description: Contributors to the Appollo mission
|
||||
member: uid=margaret,ou=users,dc=qsfera,dc=eu
|
||||
|
||||
dn: cn=unix-lovers,ou=groups,dc=qsfera,dc=eu
|
||||
objectClass: groupOfNames
|
||||
objectClass: top
|
||||
cn: unix-lovers
|
||||
description: Unix lovers
|
||||
member: uid=dennis,ou=users,dc=qsfera,dc=eu
|
||||
|
||||
dn: cn=basic-haters,ou=groups,dc=qsfera,dc=eu
|
||||
objectClass: groupOfNames
|
||||
objectClass: top
|
||||
cn: basic-haters
|
||||
description: Haters of the Basic programming language
|
||||
member: uid=dennis,ou=users,dc=qsfera,dc=eu
|
||||
|
||||
dn: cn=vlsi-lovers,ou=groups,dc=qsfera,dc=eu
|
||||
objectClass: groupOfNames
|
||||
objectClass: top
|
||||
cn: vlsi-lovers
|
||||
description: Lovers of VLSI microchip design
|
||||
member: uid=lynn,ou=users,dc=qsfera,dc=eu
|
||||
|
||||
dn: cn=programmers,ou=groups,dc=qsfera,dc=eu
|
||||
objectClass: groupOfNames
|
||||
objectClass: top
|
||||
cn: programmers
|
||||
description: Computer Programmers
|
||||
member: uid=alan,ou=users,dc=qsfera,dc=eu
|
||||
member: uid=margaret,ou=users,dc=qsfera,dc=eu
|
||||
member: uid=dennis,ou=users,dc=qsfera,dc=eu
|
||||
member: uid=lynn,ou=users,dc=qsfera,dc=eu
|
||||
@@ -0,0 +1,65 @@
|
||||
app_registry:
|
||||
mimetypes:
|
||||
- mime_type: application/pdf
|
||||
extension: pdf
|
||||
name: PDF
|
||||
description: PDF document
|
||||
icon: ''
|
||||
default_app: ''
|
||||
allow_creation: false
|
||||
- mime_type: application/vnd.oasis.opendocument.text
|
||||
extension: odt
|
||||
name: OpenDocument
|
||||
description: OpenDocument text document
|
||||
icon: ''
|
||||
default_app: CollaboraOnline
|
||||
allow_creation: true
|
||||
- mime_type: application/vnd.oasis.opendocument.spreadsheet
|
||||
extension: ods
|
||||
name: OpenSpreadsheet
|
||||
description: OpenDocument spreadsheet document
|
||||
icon: ''
|
||||
default_app: CollaboraOnline
|
||||
allow_creation: true
|
||||
- mime_type: application/vnd.oasis.opendocument.presentation
|
||||
extension: odp
|
||||
name: OpenPresentation
|
||||
description: OpenDocument presentation document
|
||||
icon: ''
|
||||
default_app: CollaboraOnline
|
||||
allow_creation: true
|
||||
- mime_type: application/vnd.openxmlformats-officedocument.wordprocessingml.document
|
||||
extension: docx
|
||||
name: Microsoft Word
|
||||
description: Microsoft Word document
|
||||
icon: ''
|
||||
default_app: CollaboraOnline
|
||||
allow_creation: true
|
||||
- mime_type: application/vnd.openxmlformats-officedocument.wordprocessingml.form
|
||||
extension: docxf
|
||||
name: Form Document
|
||||
description: Form Document
|
||||
icon: ''
|
||||
default_app: CollaboraOnline
|
||||
allow_creation: true
|
||||
- mime_type: application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
|
||||
extension: xlsx
|
||||
name: Microsoft Excel
|
||||
description: Microsoft Excel document
|
||||
icon: ''
|
||||
default_app: CollaboraOnline
|
||||
allow_creation: true
|
||||
- mime_type: application/vnd.openxmlformats-officedocument.presentationml.presentation
|
||||
extension: pptx
|
||||
name: Microsoft PowerPoint
|
||||
description: Microsoft PowerPoint document
|
||||
icon: ''
|
||||
default_app: CollaboraOnline
|
||||
allow_creation: true
|
||||
- mime_type: application/vnd.jupyter
|
||||
extension: ipynb
|
||||
name: Jupyter Notebook
|
||||
description: Jupyter Notebook
|
||||
icon: ''
|
||||
default_app: ''
|
||||
allow_creation: true
|
||||
@@ -0,0 +1,17 @@
|
||||
importer:
|
||||
config:
|
||||
companionUrl: https://${COMPANION_DOMAIN|companion.qsfera.test}
|
||||
supportedClouds:
|
||||
- WebdavPublicLink
|
||||
#- OneDrive # needs a client id and secret
|
||||
#- GoogleDrive # needs a client id and secret and an addition to the DNS zone
|
||||
external-sites:
|
||||
config:
|
||||
sites:
|
||||
# For settings see: https://github.com/opencloud-eu/web-extensions/tree/main/packages/web-app-external-sites
|
||||
- name: Documentation
|
||||
url: "https://docs.qsfera.eu"
|
||||
target: embedded
|
||||
color: "#E2BAFF"
|
||||
icon: cloud
|
||||
priority: 50
|
||||
@@ -0,0 +1,5 @@
|
||||
password
|
||||
12345678
|
||||
123
|
||||
КуСфера
|
||||
КуСфера-1
|
||||
@@ -0,0 +1,44 @@
|
||||
directives:
|
||||
child-src:
|
||||
- '''self'''
|
||||
connect-src:
|
||||
- '''self'''
|
||||
- 'blob:'
|
||||
- 'https://${COMPANION_DOMAIN|companion.qsfera.test}/'
|
||||
- 'wss://${COMPANION_DOMAIN|companion.qsfera.test}/'
|
||||
- 'https://raw.githubusercontent.com/qsfera-eu/awesome-apps/'
|
||||
- 'https://${KEYCLOAK_DOMAIN|keycloak.qsfera.test}/'
|
||||
default-src:
|
||||
- '''none'''
|
||||
font-src:
|
||||
- '''self'''
|
||||
frame-ancestors:
|
||||
- '''self'''
|
||||
frame-src:
|
||||
- '''self'''
|
||||
- 'blob:'
|
||||
- 'https://embed.diagrams.net/'
|
||||
# In contrary to bash and docker the default is given after the | character
|
||||
- 'https://${COLLABORA_DOMAIN|collabora.qsfera.test}/'
|
||||
# This is needed for the external-sites web extension when embedding sites
|
||||
- 'https://docs.qsfera.eu'
|
||||
img-src:
|
||||
- '''self'''
|
||||
- 'data:'
|
||||
- 'blob:'
|
||||
- 'https://raw.githubusercontent.com/qsfera-eu/awesome-apps/'
|
||||
# In contrary to bash and docker the default is given after the | character
|
||||
- 'https://${COLLABORA_DOMAIN|collabora.qsfera.test}/'
|
||||
manifest-src:
|
||||
- '''self'''
|
||||
media-src:
|
||||
- '''self'''
|
||||
object-src:
|
||||
- '''self'''
|
||||
- 'blob:'
|
||||
script-src:
|
||||
- '''self'''
|
||||
- '''unsafe-inline'''
|
||||
style-src:
|
||||
- '''self'''
|
||||
- '''unsafe-inline'''
|
||||
@@ -0,0 +1,40 @@
|
||||
# This adds four additional routes to the proxy. Forwarding
|
||||
# request on '/carddav/', '/caldav/' and the respective '/.well-knwown'
|
||||
# endpoints to the radicale container and setting the required headers.
|
||||
additional_policies:
|
||||
- name: default
|
||||
routes:
|
||||
- endpoint: /caldav/
|
||||
backend: http://radicale:5232
|
||||
remote_user_header: X-Remote-User
|
||||
skip_x_access_token: true
|
||||
additional_headers:
|
||||
- X-Script-Name: /caldav
|
||||
- endpoint: /.well-known/caldav
|
||||
backend: http://radicale:5232
|
||||
remote_user_header: X-Remote-User
|
||||
skip_x_access_token: true
|
||||
additional_headers:
|
||||
- X-Script-Name: /caldav
|
||||
- endpoint: /carddav/
|
||||
backend: http://radicale:5232
|
||||
remote_user_header: X-Remote-User
|
||||
skip_x_access_token: true
|
||||
additional_headers:
|
||||
- X-Script-Name: /carddav
|
||||
- endpoint: /.well-known/carddav
|
||||
backend: http://radicale:5232
|
||||
remote_user_header: X-Remote-User
|
||||
skip_x_access_token: true
|
||||
additional_headers:
|
||||
- X-Script-Name: /carddav
|
||||
# To enable the radicale web UI add this rule.
|
||||
# "unprotected" is True because the Web UI itself ask for
|
||||
# the password.
|
||||
# Also set "type" to "internal" in the config/radicale/config
|
||||
# - endpoint: /caldav/.web/
|
||||
# backend: http://radicale:5232/
|
||||
# unprotected: true
|
||||
# skip_x_access_token: true
|
||||
# additional_headers:
|
||||
# - X-Script-Name: /caldav
|
||||
@@ -0,0 +1,325 @@
|
||||
# -*- mode: conf -*-
|
||||
# vim:ft=cfg
|
||||
|
||||
# Config file for Radicale - A simple calendar server
|
||||
#
|
||||
# Place it into /etc/radicale/config (global)
|
||||
# or ~/.config/radicale/config (user)
|
||||
#
|
||||
# The current values are the default ones
|
||||
|
||||
|
||||
[server]
|
||||
|
||||
# CalDAV server hostnames separated by a comma
|
||||
# IPv4 syntax: address:port
|
||||
# IPv6 syntax: [address]:port
|
||||
# Hostname syntax (using "getaddrinfo" to resolve to IPv4/IPv6 adress(es)): hostname:port
|
||||
# For example: 0.0.0.0:9999, [::]:9999, localhost:9999
|
||||
hosts = 0.0.0.0:5232
|
||||
|
||||
# Max parallel connections
|
||||
#max_connections = 8
|
||||
|
||||
# Max size of request body (bytes)
|
||||
#max_content_length = 100000000
|
||||
|
||||
# Socket timeout (seconds)
|
||||
#timeout = 30
|
||||
|
||||
# SSL flag, enable HTTPS protocol
|
||||
#ssl = False
|
||||
|
||||
# SSL certificate path
|
||||
#certificate = /etc/ssl/radicale.cert.pem
|
||||
|
||||
# SSL private key
|
||||
#key = /etc/ssl/radicale.key.pem
|
||||
|
||||
# CA certificate for validating clients. This can be used to secure
|
||||
# TCP traffic between Radicale and a reverse proxy
|
||||
#certificate_authority =
|
||||
|
||||
# SSL protocol, secure configuration: ALL -SSLv3 -TLSv1 -TLSv1.1
|
||||
#protocol = (default)
|
||||
|
||||
# SSL ciphersuite, secure configuration: DHE:ECDHE:-NULL:-SHA (see also "man openssl-ciphers")
|
||||
#ciphersuite = (default)
|
||||
|
||||
# script name to strip from URI if called by reverse proxy
|
||||
#script_name = (default taken from HTTP_X_SCRIPT_NAME or SCRIPT_NAME)
|
||||
|
||||
|
||||
[encoding]
|
||||
|
||||
# Encoding for responding requests
|
||||
#request = utf-8
|
||||
|
||||
# Encoding for storing local collections
|
||||
#stock = utf-8
|
||||
|
||||
|
||||
[auth]
|
||||
|
||||
# Authentication method
|
||||
# Value: none | htpasswd | remote_user | http_x_remote_user | dovecot | ldap | oauth2 | pam | denyall
|
||||
type = http_x_remote_user
|
||||
|
||||
# Cache logins for until expiration time
|
||||
#cache_logins = false
|
||||
|
||||
# Expiration time for caching successful logins in seconds
|
||||
#cache_successful_logins_expiry = 15
|
||||
|
||||
## Expiration time of caching failed logins in seconds
|
||||
#cache_failed_logins_expiry = 90
|
||||
|
||||
# Ignore modifyTimestamp and createTimestamp attributes. Required e.g. for Authentik LDAP server
|
||||
#ldap_ignore_attribute_create_modify_timestamp = false
|
||||
|
||||
# URI to the LDAP server
|
||||
#ldap_uri = ldap://localhost
|
||||
|
||||
# The base DN where the user accounts have to be searched
|
||||
#ldap_base = ##BASE_DN##
|
||||
|
||||
# The reader DN of the LDAP server
|
||||
#ldap_reader_dn = CN=ldapreader,CN=Users,##BASE_DN##
|
||||
|
||||
# Password of the reader DN
|
||||
#ldap_secret = ldapreader-secret
|
||||
|
||||
# Path of the file containing password of the reader DN
|
||||
#ldap_secret_file = /run/secrets/ldap_password
|
||||
|
||||
# the attribute to read the group memberships from in the user's LDAP entry (default: not set)
|
||||
#ldap_groups_attribute = memberOf
|
||||
|
||||
# The filter to find the DN of the user. This filter must contain a python-style placeholder for the login
|
||||
#ldap_filter = (&(objectClass=person)(uid={0}))
|
||||
|
||||
# the attribute holding the value to be used as username after authentication
|
||||
#ldap_user_attribute = cn
|
||||
|
||||
# Use ssl on the ldap connection
|
||||
# Soon to be deprecated, use ldap_security instead
|
||||
#ldap_use_ssl = False
|
||||
|
||||
# the encryption mode to be used: tls, starttls, default is none
|
||||
#ldap_security = none
|
||||
|
||||
# The certificate verification mode. Works for ssl and starttls. NONE, OPTIONAL, default is REQUIRED
|
||||
#ldap_ssl_verify_mode = REQUIRED
|
||||
|
||||
# The path to the CA file in pem format which is used to certificate the server certificate
|
||||
#ldap_ssl_ca_file =
|
||||
|
||||
# Connection type for dovecot authentication (AF_UNIX|AF_INET|AF_INET6)
|
||||
# Note: credentials are transmitted in cleartext
|
||||
#dovecot_connection_type = AF_UNIX
|
||||
|
||||
# The path to the Dovecot client authentication socket (eg. /run/dovecot/auth-client on Fedora). Radicale must have read / write access to the socket.
|
||||
#dovecot_socket = /var/run/dovecot/auth-client
|
||||
|
||||
# Host of via network exposed dovecot socket
|
||||
#dovecot_host = localhost
|
||||
|
||||
# Port of via network exposed dovecot socket
|
||||
#dovecot_port = 12345
|
||||
|
||||
# IMAP server hostname
|
||||
# Syntax: address | address:port | [address]:port | imap.server.tld
|
||||
#imap_host = localhost
|
||||
|
||||
# Secure the IMAP connection
|
||||
# Value: tls | starttls | none
|
||||
#imap_security = tls
|
||||
|
||||
# OAuth2 token endpoint URL
|
||||
#oauth2_token_endpoint = <URL>
|
||||
|
||||
# PAM service
|
||||
#pam_serivce = radicale
|
||||
|
||||
# PAM group user should be member of
|
||||
#pam_group_membership =
|
||||
|
||||
# Htpasswd filename
|
||||
#htpasswd_filename = /etc/radicale/users
|
||||
|
||||
# Htpasswd encryption method
|
||||
# Value: plain | bcrypt | md5 | sha256 | sha512 | autodetect
|
||||
# bcrypt requires the installation of 'bcrypt' module.
|
||||
#htpasswd_encryption = autodetect
|
||||
|
||||
# Enable caching of htpasswd file based on size and mtime_ns
|
||||
#htpasswd_cache = False
|
||||
|
||||
# Incorrect authentication delay (seconds)
|
||||
#delay = 1
|
||||
|
||||
# Message displayed in the client when a password is needed
|
||||
#realm = Radicale - Password Required
|
||||
|
||||
# Convert username to lowercase, must be true for case-insensitive auth providers
|
||||
#lc_username = False
|
||||
|
||||
# Strip domain name from username
|
||||
#strip_domain = False
|
||||
|
||||
|
||||
[rights]
|
||||
|
||||
# Rights backend
|
||||
# Value: authenticated | owner_only | owner_write | from_file
|
||||
#type = owner_only
|
||||
|
||||
# File for rights management from_file
|
||||
#file = /etc/radicale/rights
|
||||
|
||||
# Permit delete of a collection (global)
|
||||
#permit_delete_collection = True
|
||||
|
||||
# Permit overwrite of a collection (global)
|
||||
#permit_overwrite_collection = True
|
||||
|
||||
|
||||
[storage]
|
||||
|
||||
# Storage backend
|
||||
# Value: multifilesystem | multifilesystem_nolock
|
||||
#type = multifilesystem
|
||||
|
||||
# Folder for storing local collections, created if not present
|
||||
#filesystem_folder = /var/lib/radicale/collections
|
||||
|
||||
# Folder for storing cache of local collections, created if not present
|
||||
# Note: only used in case of use_cache_subfolder_* options are active
|
||||
# Note: can be used on multi-instance setup to cache files on local node (see below)
|
||||
#filesystem_cache_folder = (filesystem_folder)
|
||||
|
||||
# Use subfolder 'collection-cache' for 'item' cache file structure instead of inside collection folder
|
||||
# Note: can be used on multi-instance setup to cache 'item' on local node
|
||||
#use_cache_subfolder_for_item = False
|
||||
|
||||
# Use subfolder 'collection-cache' for 'history' cache file structure instead of inside collection folder
|
||||
# Note: use only on single-instance setup, will break consistency with client in multi-instance setup
|
||||
#use_cache_subfolder_for_history = False
|
||||
|
||||
# Use subfolder 'collection-cache' for 'sync-token' cache file structure instead of inside collection folder
|
||||
# Note: use only on single-instance setup, will break consistency with client in multi-instance setup
|
||||
#use_cache_subfolder_for_synctoken = False
|
||||
|
||||
# Use last modifiction time (nanoseconds) and size (bytes) for 'item' cache instead of SHA256 (improves speed)
|
||||
# Note: check used filesystem mtime precision before enabling
|
||||
# Note: conversion is done on access, bulk conversion can be done offline using storage verification option: radicale --verify-storage
|
||||
#use_mtime_and_size_for_item_cache = False
|
||||
|
||||
# Use configured umask for folder creation (not applicable for OS Windows)
|
||||
# Useful value: 0077 | 0027 | 0007 | 0022
|
||||
#folder_umask = (system default, usual 0022)
|
||||
|
||||
# Delete sync token that are older (seconds)
|
||||
#max_sync_token_age = 2592000
|
||||
|
||||
# Skip broken item instead of triggering an exception
|
||||
#skip_broken_item = True
|
||||
|
||||
# Command that is run after changes to storage, default is emtpy
|
||||
# Supported placeholders:
|
||||
# %(user)s: logged-in user
|
||||
# %(cwd)s : current working directory
|
||||
# %(path)s: full path of item
|
||||
# Command will be executed with base directory defined in filesystem_folder
|
||||
# For "git" check DOCUMENTATION.md for bootstrap instructions
|
||||
# Example(test): echo \"user=%(user)s path=%(path)s cwd=%(cwd)s\"
|
||||
# Example(git): git add -A && (git diff --cached --quiet || git commit -m "Changes by \"%(user)s\"")
|
||||
#hook =
|
||||
|
||||
# Create predefined user collections
|
||||
#
|
||||
# json format:
|
||||
#
|
||||
# {
|
||||
# "def-addressbook": {
|
||||
# "D:displayname": "Personal Address Book",
|
||||
# "tag": "VADDRESSBOOK"
|
||||
# },
|
||||
# "def-calendar": {
|
||||
# "C:supported-calendar-component-set": "VEVENT,VJOURNAL,VTODO",
|
||||
# "D:displayname": "Personal Calendar",
|
||||
# "tag": "VCALENDAR"
|
||||
# }
|
||||
# }
|
||||
#
|
||||
predefined_collections = {
|
||||
"def-addressbook": {
|
||||
"D:displayname": "Personal Address Book",
|
||||
"tag": "VADDRESSBOOK"
|
||||
},
|
||||
"def-calendar": {
|
||||
"C:supported-calendar-component-set": "VEVENT,VJOURNAL,VTODO",
|
||||
"D:displayname": "Personal Calendar",
|
||||
"tag": "VCALENDAR"
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
[web]
|
||||
|
||||
# Web interface backend
|
||||
# Value: none | internal
|
||||
type = none
|
||||
|
||||
|
||||
[logging]
|
||||
|
||||
# Threshold for the logger
|
||||
# Value: debug | info | warning | error | critical
|
||||
#level = info
|
||||
|
||||
# Don't include passwords in logs
|
||||
#mask_passwords = True
|
||||
|
||||
# Log bad PUT request content
|
||||
#bad_put_request_content = False
|
||||
|
||||
# Log backtrace on level=debug
|
||||
#backtrace_on_debug = False
|
||||
|
||||
# Log request header on level=debug
|
||||
#request_header_on_debug = False
|
||||
|
||||
# Log request content on level=debug
|
||||
#request_content_on_debug = False
|
||||
|
||||
# Log response content on level=debug
|
||||
#response_content_on_debug = False
|
||||
|
||||
# Log rights rule which doesn't match on level=debug
|
||||
#rights_rule_doesnt_match_on_debug = False
|
||||
|
||||
# Log storage cache actions on level=debug
|
||||
#storage_cache_actions_on_debug = False
|
||||
|
||||
[headers]
|
||||
|
||||
# Additional HTTP headers
|
||||
#Access-Control-Allow-Origin = *
|
||||
|
||||
|
||||
[hook]
|
||||
|
||||
# Hook types
|
||||
# Value: none | rabbitmq
|
||||
#type = none
|
||||
#rabbitmq_endpoint =
|
||||
#rabbitmq_topic =
|
||||
#rabbitmq_queue_type = classic
|
||||
|
||||
|
||||
[reporting]
|
||||
|
||||
# When returning a free-busy report, limit the number of returned
|
||||
# occurences per event to prevent DOS attacks.
|
||||
#max_freebusy_occurrence = 10000
|
||||
Reference in New Issue
Block a user