Commit ce3d3945 authored by Nicolas Pernoud's avatar Nicolas Pernoud
Browse files

Enabled vault and updated cozy.yaml

parent df033cef
Pipeline #66 failed with stages
......@@ -43,13 +43,13 @@ admin:
secret_filename: cozy-admin-passphrase
# vault contains keyfiles informations
# See https://cozy.github.io/cozy-stack/cli/cozy-stack_config_gen-keys.html
# See https://docs.cozy.io/en/cozy-stack/cli/cozy-stack_config_gen-keys/
# to generate the keys
#vault:
vault:
# the path to the key used to encrypt credentials
# credentials_encryptor_key: /usr/local/cozy-stack/credentials/key.enc
credentials_encryptor_key: /etc/cozy/credentials-key.enc
# the path to the key used to decrypt credentials
# credentials_decryptor_key: /usr/local/cozy-stack/credentials/key.dec
credentials_decryptor_key: /etc/cozy/credentials-key.dec
# file system parameters
fs:
......@@ -59,16 +59,39 @@ fs:
# url: file://localhost/var/lib/cozy
# url: swift://openstack/?UserName={{ .Env.OS_USERNAME }}&Password={{ .Env.OS_PASSWORD }}&ProjectName={{ .Env.OS_PROJECT_NAME }}&UserDomainName={{ .Env.OS_USER_DOMAIN_NAME }}
# Swift FS can be used with advanced parameters to activate TLS properties.
# For using swift with https, you must use the "swift+https" scheme.
#
# root_ca: /ca-certificates.pem
# client_cert: /client_cert.pem
# client_key: /client_key
# pinned_key: 57c8ff33c9c0cfc3ef00e650a1cc910d7ee479a8bc509f6c9209a7c2a11399d6
# insecure_skip_validation: true
# couchdb parameters
couchdb:
# CouchDB URL - flags: --couchdb-url
url: http://db:5984/
# CouchDB advanced parameters to activate TLS properties:
#
# root_ca: /ca-certificates.pem
# client_cert: /client_cert.pem
# client_key: /client_key
# pinned_key: 57c8ff33c9c0cfc3ef00e650a1cc910d7ee479a8bc509f6c9209a7c2a11399d6
# insecure_skip_validation: true
# jobs parameters to configure the job system
jobs:
# path to the imagemagick convert binary
# imagemagick_convert_cmd: convert
# Specify whether the given list of jobs is a whitelist or blacklist. In case
# of a whitelist, all jobs are deactivated by default and only the listed one
# are activated.
#
# whitelist: false
# workers individual configrations.
#
# For each worker type it is possible to configure the following fields:
......@@ -80,12 +103,17 @@ jobs:
#
# List of available workers:
#
# - "konnector": launching konnectors
# - "push": sending push notifications
# - "sendmail": sending mails
# - "service": launching services
# - "thumbnail": creatings and deleting thumbnails for images
# - "unzip": unzipping tarball
# - "export": exporting data from a cozy instance
# - "konnector": launching konnectors
# - "push": sending push notifications
# - "sendmail": sending mails
# - "service": launching services
# - "thumbnail": creatings and deleting thumbnails for images
# - "share-replicate": for cozy to cozy sharing
# - "share-track": idem
# - "share-upload": idem
# - "unzip": unzipping tarball
# - "updates": run updates for installed applications
#
# When no configuration is given for a worker, a default configuration is
# used. When a false boolean value is given, the worker is deactivated.
......@@ -116,6 +144,9 @@ jobs:
# push: false
# sendmail: false
# Sets the default duration of jobs database documents to keep
defaultDurationToKeep: "2W" # Keep 2 weeks
# konnectors execution parameters for executing external processes.
konnectors:
cmd: ./scripts/konnector-node-run.sh # run connectors with node
......@@ -132,7 +163,7 @@ mail:
# mail smtp port - flags: --mail-port
port: 465
# mail smtp username - flags: --mail-username
username: {{.Env.COZY_MAIL_USER}}
username: {{.Env.COZY_MAIL_USERNAME}}
# mail smtp password - flags: --mail-password
password: {{.Env.COZY_MAIL_PASSWORD}}
# disable mail tls - flags: --mail-disable-tls
......@@ -177,6 +208,7 @@ redis:
konnectors: 5
realtime: 6
log: 7
rate_limiting: 8
# advanced parameters for advanced users
......@@ -191,13 +223,10 @@ redis:
# enables read only queries on slave nodes.
# read_only_slave: false
# Auto updates scheduler
auto_updates:
schedule: "@cron 0 0 0 * * *"
# Registries used for applications and konnectors
# registries:
# - https://apps-registry.cozy.io/
registries:
default:
- https://apps-registry.cozycloud.cc/
notifications:
# Activate development APIs (iOS only)
......@@ -219,9 +248,12 @@ csp_whitelist:
# style: https://whitelisted.domain.com/
# font: https://whitelisted.domain.com/
# It can useful to disable the CSP policy to debug and test things in local
# disable_csp: true
log:
# logger level (debug, info, warning, panic, fatal) - flags: --log-level
level: info
level: warning
# send logs to the local syslog - flags: --log-syslog
syslog: false
......@@ -254,3 +286,18 @@ contexts:
# konnectors slugs to exclude from cozy-collect
exclude_konnectors:
- a_konnector_slug
# If enabled, this option will skip permissions verification during
# webapp/konnectors installs & updates processes
permissions_skip_verification: false
# By default, only the store app can install and update applications. But,
# if this setting is enabled, it allows other applications with the right
# permission to install and update applications.
allow_install_via_a_permission: true
# Tells if the photo folder should be created or not during the instance
# creation
init_photos_folder: true
# Allows to override the default template "Cozy" title by your own title
templates_title: "My Personal Cloud"
# Use a different noreply mail for this context
noreply_address: noreply@cozy.beta
noreply_name: My Cozy Beta
#!/bin/bash
if [ ! -e /etc/cozy/cozy-admin-passphrase ]; then
./cozy config gen-keys /etc/cozy/credentials-key
./cozy config password /etc/cozy
else
echo "Admin passphrase already exists, skipping initialization"
......
......@@ -2,7 +2,7 @@ version: '3.0'
services:
db:
image: couchdb:2.3
image: couchdb:latest
volumes:
- ${DATABASE_DIRECTORY}:/opt/couchdb/data
- /etc/localtime:/etc/localtime:ro
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment