diff --git a/.gitignore b/.gitignore index 1b9cac0..15bfb44 100644 --- a/.gitignore +++ b/.gitignore @@ -14,7 +14,7 @@ db/ data-files/ # Config -bewcloud.config.ts + # Radicale files data-radicale/ diff --git a/bewcloud.config.ts b/bewcloud.config.ts new file mode 100644 index 0000000..e7eb110 --- /dev/null +++ b/bewcloud.config.ts @@ -0,0 +1,46 @@ +import { Config, PartialDeep } from './lib/types.ts'; + +/** Check the Config type for all the possible options and instructions. */ +const config: PartialDeep = { + auth: { + baseUrl: 'https://bew.bendtstudio.com', // The base URL of the application you use to access the app, i.e. "http://localhost:8000" or "https://cloud.example.com" (note authentication won't work without https:// except for localhost; SSO redirect, if enabled, will be this + /oidc/callback, so "https://cloud.example.com/oidc/callback") + allowSignups: true, // If true, anyone can sign up for an account. Note that it's always possible to sign up for the first user, and they will be an admin + enableEmailVerification: false, // If true, email verification will be required for signups (using SMTP settings below) + enableForeverSignup: true, // If true, all signups become active for 100 years + enableMultiFactor: false, // If true, users can enable multi-factor authentication (TOTP, Passkeys, or Email if the SMTP settings below are set) + // allowedCookieDomains: ['example.com', 'example.net'], // Can be set to allow more than the baseUrl's domain for session cookies + // skipCookieDomainSecurity: true, // If true, the cookie domain will not be strictly set and checked against. This skipping slightly reduces security, but is usually necessary for reverse proxies like Cloudflare Tunnel + // enableSingleSignOn: false, // If true, single sign-on will be enabled + // singleSignOnUrl: '', // The Discovery URL (AKA Issuer) of the identity/single sign-on provider + // singleSignOnEmailAttribute: 'email', // The attribute to prefer as email of the identity/single sign-on provider + // singleSignOnScopes: ['openid', 'email'], // The scopes to request from the identity/single sign-on provider + }, + // files: { + // rootPath: 'data-files', + // allowPublicSharing: false, // If true, public file sharing will be allowed (still requires a user to enable sharing for a given file or directory) + // allowDirectoryDownloads: false, // If true, directories can be downloaded as zip files + // }, + // core: { + // enabledApps: ['news', 'notes', 'photos', 'expenses', 'contacts', 'calendar'], // dashboard and files cannot be disabled + // }, + // visuals: { + // title: 'My own cloud', + // description: 'This is my own cloud!', + // helpEmail: '', + // }, + // email: { + // from: 'help@bewcloud.com', + // host: 'localhost', + // port: 465, + // }, + // contacts: { + // enableCardDavServer: true, + // cardDavUrl: 'http://radicale:5232', + // }, + // calendar: { + // enableCalDavServer: true, + // calDavUrl: 'http://radicale:5232', + // }, +}; + +export default config; diff --git a/docker-compose.yml b/docker-compose.yml index d20ea2c..b9caace 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -12,47 +12,47 @@ services: - ./data-files:/app/data-files - ./bewcloud.config.ts:/app/bewcloud.config.ts -# postgresql: -# image: postgres:17 -# environment: -# - POSTGRES_USER=postgres -# - POSTGRES_PASSWORD=df7c6935a6ff -# - POSTGRES_DB=bewcloud -# restart: always -# volumes: -# - bewcloud-db:/var/lib/postgresql/data -# # NOTE: uncomment below only if you need to connect to the database from outside the container -# # ports: -# # - 127.0.0.1:5432:5432 -# ulimits: -# memlock: -# soft: -1 -# hard: -1 -# mem_limit: '256m' + postgresql: + image: postgres:17 + environment: + - POSTGRES_USER=postgres + - POSTGRES_PASSWORD=df7c6935a6ff + - POSTGRES_DB=bewcloud + restart: always + volumes: + - bewcloud-db:/var/lib/postgresql/data + # NOTE: uncomment below only if you need to connect to the database from outside the container + # ports: + # - 127.0.0.1:5432:5432 + ulimits: + memlock: + soft: -1 + hard: -1 + mem_limit: '256m' -# # NOTE: If you don't want to use the CardDav/CalDav servers, you can comment/remove this service. -# radicale: -# image: tomsquest/docker-radicale:3.5.7.0 -# # NOTE: uncomment below only if you need to connect to the CardDav/CalDav servers from outside the container -# # ports: -# # - 127.0.0.1:5232:5232 -# init: true -# read_only: true -# security_opt: -# - no-new-privileges:true -# cap_drop: -# - ALL -# cap_add: -# - SETUID -# - SETGID -# - CHOWN -# - KILL -# restart: always -# volumes: -# - ./data-radicale:/data -# - ./radicale-config:/config:ro -# mem_limit: '256m' + # NOTE: If you don't want to use the CardDav/CalDav servers, you can comment/remove this service. + radicale: + image: tomsquest/docker-radicale:3.5.7.0 + # NOTE: uncomment below only if you need to connect to the CardDav/CalDav servers from outside the container + # ports: + # - 127.0.0.1:5232:5232 + init: true + read_only: true + security_opt: + - no-new-privileges:true + cap_drop: + - ALL + cap_add: + - SETUID + - SETGID + - CHOWN + - KILL + restart: always + volumes: + - ./data-radicale:/data + - ./radicale-config:/config:ro + mem_limit: '256m' -# volumes: -# bewcloud-db: -# driver: local +volumes: + bewcloud-db: + driver: local