73 lines
		
	
	
		
			2.5 KiB
		
	
	
	
		
			YAML
		
	
	
	
	
	
			
		
		
	
	
			73 lines
		
	
	
		
			2.5 KiB
		
	
	
	
		
			YAML
		
	
	
	
	
	
| # not actually YAML but lets pretend:
 | |
| # -*- mode: yaml -*-
 | |
| # vim: ft=yaml:
 | |
| 
 | |
| 
 | |
| # example config for how copyparty can be used with an identity
 | |
| # provider, replacing the built-in authentication/authorization
 | |
| # mechanism, and instead expecting the reverse-proxy to provide
 | |
| # the requester's username (and possibly a group-name, for
 | |
| # optional group-based access control)
 | |
| #
 | |
| # the filesystem-path `/w` is used as the storage location
 | |
| # because that is the data-volume in the docker containers,
 | |
| # because a deployment like this (with an IdP) is more commonly
 | |
| # seen in containerized environments -- but this is not required
 | |
| 
 | |
| 
 | |
| [global]
 | |
|   e2dsa  # enable file indexing and filesystem scanning
 | |
|   e2ts   # enable multimedia indexing
 | |
|   ansi   # enable colors in log messages
 | |
| 
 | |
|   # enable IdP support by expecting username/groupname in
 | |
|   # http-headers provided by the reverse-proxy; header "X-IdP-User"
 | |
|   # will contain the username, "X-IdP-Group" the groupname
 | |
|   idp-h-usr: x-idp-user
 | |
|   idp-h-grp: x-idp-group
 | |
| 
 | |
| 
 | |
| [/]      # create a volume at "/" (the webroot), which will
 | |
|   /w     # share /w (the docker data volume, which is mapped to /srv/pub on the host in docker-compose.yml)
 | |
|   accs:
 | |
|     rw: *       # everyone gets read-access, but
 | |
|     rwmda: @su  # the group "su" gets read-write-move-delete-admin
 | |
| 
 | |
| 
 | |
| [/u/${u}]    # each user gets their own home-folder at /u/username
 | |
|   /w/u/${u}  # which will be "u/username" in the docker data volume
 | |
|   accs:
 | |
|     r: *              # read-access for anyone, and
 | |
|     rwmda: ${u}, @su  # read-write-move-delete-admin for that username + the "su" group
 | |
| 
 | |
| 
 | |
| [/u/${u}/priv]    # each user also gets a private area at /u/username/priv
 | |
|   /w/u/${u}/priv  # stored at DATAVOLUME/u/username/priv
 | |
|   accs:
 | |
|     rwmda: ${u}, @su  # read-write-move-delete-admin for that username + the "su" group
 | |
| 
 | |
| 
 | |
| [/lounge/${g}]    # each group gets their own shared volume
 | |
|   /w/lounge/${g}  # stored at DATAVOLUME/lounge/groupname
 | |
|   accs:
 | |
|     r: *               # read-access for anyone, and
 | |
|     rwmda: @${g}, @su  # read-write-move-delete-admin for that group + the "su" group
 | |
| 
 | |
| 
 | |
| [/lounge/${g}/priv]    # and a private area for each group too
 | |
|   /w/lounge/${g}/priv  # stored at DATAVOLUME/lounge/groupname/priv
 | |
|   accs:
 | |
|     rwmda: @${g}, @su  # read-write-move-delete-admin for that group + the "su" group
 | |
| 
 | |
| 
 | |
| # and create some strategic volumes to prevent anyone from gaining
 | |
| # unintended access to priv folders if the users/groups db is lost
 | |
| [/u]
 | |
|   /w/u
 | |
|   accs:
 | |
|     rwmda: @su
 | |
| [/lounge]
 | |
|   /w/lounge
 | |
|   accs:
 | |
|     rwmda: @su
 | 
