73 lines
2.5 KiB
YAML
73 lines
2.5 KiB
YAML
# not actually YAML but lets pretend:
|
|
# -*- mode: yaml -*-
|
|
# vim: ft=yaml:
|
|
|
|
|
|
# example config for how copyparty can be used with an identity
|
|
# provider, replacing the built-in authentication/authorization
|
|
# mechanism, and instead expecting the reverse-proxy to provide
|
|
# the requester's username (and possibly a group-name, for
|
|
# optional group-based access control)
|
|
#
|
|
# the filesystem-path `/w` is used as the storage location
|
|
# because that is the data-volume in the docker containers,
|
|
# because a deployment like this (with an IdP) is more commonly
|
|
# seen in containerized environments -- but this is not required
|
|
|
|
|
|
[global]
|
|
e2dsa # enable file indexing and filesystem scanning
|
|
e2ts # enable multimedia indexing
|
|
ansi # enable colors in log messages
|
|
|
|
# enable IdP support by expecting username/groupname in
|
|
# http-headers provided by the reverse-proxy; header "X-IdP-User"
|
|
# will contain the username, "X-IdP-Group" the groupname
|
|
idp-h-usr: x-idp-user
|
|
idp-h-grp: x-idp-group
|
|
|
|
|
|
[/] # create a volume at "/" (the webroot), which will
|
|
/w # share /w (the docker data volume, which is mapped to /srv/pub on the host in docker-compose.yml)
|
|
accs:
|
|
rw: * # everyone gets read-access, but
|
|
rwmda: @su # the group "su" gets read-write-move-delete-admin
|
|
|
|
|
|
[/u/${u}] # each user gets their own home-folder at /u/username
|
|
/w/u/${u} # which will be "u/username" in the docker data volume
|
|
accs:
|
|
r: * # read-access for anyone, and
|
|
rwmda: ${u}, @su # read-write-move-delete-admin for that username + the "su" group
|
|
|
|
|
|
[/u/${u}/priv] # each user also gets a private area at /u/username/priv
|
|
/w/u/${u}/priv # stored at DATAVOLUME/u/username/priv
|
|
accs:
|
|
rwmda: ${u}, @su # read-write-move-delete-admin for that username + the "su" group
|
|
|
|
|
|
[/lounge/${g}] # each group gets their own shared volume
|
|
/w/lounge/${g} # stored at DATAVOLUME/lounge/groupname
|
|
accs:
|
|
r: * # read-access for anyone, and
|
|
rwmda: @${g}, @su # read-write-move-delete-admin for that group + the "su" group
|
|
|
|
|
|
[/lounge/${g}/priv] # and a private area for each group too
|
|
/w/lounge/${g}/priv # stored at DATAVOLUME/lounge/groupname/priv
|
|
accs:
|
|
rwmda: @${g}, @su # read-write-move-delete-admin for that group + the "su" group
|
|
|
|
|
|
# and create some strategic volumes to prevent anyone from gaining
|
|
# unintended access to priv folders if the users/groups db is lost
|
|
[/u]
|
|
/w/u
|
|
accs:
|
|
rwmda: @su
|
|
[/lounge]
|
|
/w/lounge
|
|
accs:
|
|
rwmda: @su
|