Skip to content
Snippets Groups Projects
Commit 943ad4b9 authored by nimrod's avatar nimrod
Browse files

Commit of a lot of work. 

It's pretty much working. I didn't commit until I had GitLab CI running.
parent 547d5d18
No related branches found
No related tags found
No related merge requests found
Pipeline #57 passed
Stage: test
Stage: build
Stage: run
Show whitespace changes
Inline Side-by-side
Showing
with 1120 additions and 0 deletions
.env 0 → 100644
+ 1
0
View file @ 943ad4b9
COMPOSE_PROJECT_NAME=nextcloud
.gitlab-ci.yml 0 → 100644
+ 46
0
View file @ 943ad4b9
---
image: adarnimrod/ci-images:docker
stages:
- test
- build
- run
pre-commit:
stage: test
image: adarnimrod/ci-images:pre-commit
variables:
XDG_CACHE_HOME: "$CI_PROJECT_DIR/.cache"
# Disabled until https://github.com/pre-commit/pre-commit/issues/1387 is
# resolved.
SKIP: "hadolint,docker-compose"
script:
- pre-commit run --all-files
cache:
paths:
- .cache/
build:
stage: build
tags: ["host01.shore.co.il"]
variables:
COMPOSE_DOCKER_CLI_BUILD: "1"
DOCKER_BUILDKIT: "1"
script:
- docker-compose build --no-cache --pull
- docker-compose pull --quiet
run:
stage: run
tags: ["host01.shore.co.il"]
when: manual
script:
- docker-compose up --detach --remove-orphans
# yamllint disable rule:line-length
- |
for i in $(seq 12)
do
docker container inspect --format '{{ .State.Health.Status }}' $(docker-compose ps -q) | grep -v '^healthy$' || break
sleep 10
done
! docker container inspect --format '{{ .State.Health.Status }}' $(docker-compose ps -q) | grep -v '^healthy$'
.pre-commit-config.yaml 0 → 100644
+ 34
0
View file @ 943ad4b9
# vim:ff=unix ts=2 sw=2 ai expandtab
---
repos:
- repo: https://github.com/pre-commit/pre-commit-hooks
rev: v2.3.0
hooks:
- id: check-added-large-files
- id: check-merge-conflict
- id: detect-private-key
- id: trailing-whitespace
- repo: https://github.com/adrienverge/yamllint
rev: v1.17.0
hooks:
- id: yamllint
- repo: https://github.com/amperser/proselint/
rev: 0.10.2
hooks:
- id: proselint
types: [plain-text]
exclude: LICENSE
- repo: https://github.com/Yelp/detect-secrets
rev: v0.13.0
hooks:
- id: detect-secrets
- repo: https://git.shore.co.il/nimrod/docker-pre-commit.git/
rev: v0.3.0
hooks:
- id: docker-compose
- id: hadolint
- repo: https://git.shore.co.il/nimrod/shell-pre-commit.git/
rev: v0.6.0
hooks:
- id: shell-lint
- id: shellcheck
LICENSE.txt 0 → 100644
+ 21
0
View file @ 943ad4b9
MIT License
Copyright (c) 2020 Adar Nimrod
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.
README.md 0 → 100644
+ 19
0
View file @ 943ad4b9
# Nextcloud Docker setup
> A containerized Nextcloud setup.
## Requirements
- Docker
- Docker Compose
## License
This software is licensed under the MIT license (see `LICENSE.txt`).
## Author Information
Nimrod Adar, [contact me](mailto:nimrod@shore.co.il) or visit my [website](
https://www.shore.co.il/). Patches are welcome via [`git send-email`](
http://git-scm.com/book/en/v2/Git-Commands-Email). The repository is located
at: <https://www.shore.co.il/git/>.
crond/.dockerignore 0 → 100644
+ 2
0
View file @ 943ad4b9
*
!crontab
crond/Dockerfile 0 → 100644
+ 8
0
View file @ 943ad4b9
FROM docker:19.03 as docker
# hadolint ignore=DL3006
FROM adarnimrod/cron as supersonic
COPY --from=docker /usr/local/bin/docker /usr/local/bin/
COPY --chown=root:root crontab /crontab
# hadolint ignore=DL3002
USER root
crond/README.md 0 → 100644
+ 18
0
View file @ 943ad4b9
# crond
> Cron container image.
## Description
This image runs the background jobs for Nextcloud.
## License
This software is licensed under the MIT license (see `LICENSE.txt`).
## Author Information
Nimrod Adar, [contact me](mailto:nimrod@shore.co.il) or visit my [website](
https://www.shore.co.il/). Patches are welcome via [`git send-email`](
http://git-scm.com/book/en/v2/Git-Commands-Email). The repository is located
at: <https://www.shore.co.il/git/>.
crond/crontab 0 → 100644
+ 1
0
View file @ 943ad4b9
*/5 * * * * docker exec -u www-data nextcloud_nextcloud_1 php /var/www/html/cron.php
docker-compose.yml 0 → 100644
+ 107
0
View file @ 943ad4b9
---
version: '3.5'
services:
nextcloud:
depends_on:
- mysql
- redis
- crond
environment:
MAIL_FROM_ADDRESS: noreply@shore.co.il
MAIL_DOMAIN: shore.co.il
MYSQL_DATABASE: &mysql_database nextcloud
MYSQL_HOST: mysql
# yamllint disable-line rule:line-length
MYSQL_PASSWORD: &mysql_password ${MYSQL_PASSWORD:-foo} # pragma: allowlist secret
MYSQL_USER: &mysql_user nextcloud
NEXTCLOUD_ADMIN_USER: admin
NEXTCLOUD_ADMIN_PASSWORD: "${NEXTCLOUD_ADMIN_PASSWORD:-baz}"
NEXTCLOUD_TRUSTED_DOMAINS: '*.shore.co.il shore.co.il'
TRUSTED_PROXIES: '172.16.0.0/12 192.168.0.0/16'
OVERWRITEHOST: nextcloud.shore.co.il
OVERWRITEPROTOCOL: https
REDIS_HOST: redis
# yamllint disable-line rule:line-length
REDIS_HOST_PASSWORD: &redis_password "${REDIS_PASSWORD:-foo}" # pragma: allowlist secret
SMTP_HOST: smtp
healthcheck:
start_period: 2m
test:
- CMD-SHELL
- >-
curl
--fail
--user "$$NEXTCLOUD_ADMIN_USER:$$NEXTCLOUD_ADMIN_PASSWORD"
http://localhost/ocs/v2.php/apps/serverinfo/api/v1/info
|| exit 1
image: nextcloud:20-apache
restart: always
volumes:
- nextcloud:/var/www/html
- _run_slapd:/run/slapd
- _run_clamav:/run/clamav
mysql:
command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
environment:
MYSQL_DATABASE: *mysql_database
MYSQL_PASSWORD: *mysql_password # pragma: allowlist secret
# yamllint disable-line rule:line-length
MYSQL_ROOT_PASSWORD: &mysql_root_password ${MYSQL_ROOT_PASSWORD:-bar} # pragma: allowlist secret
MYSQL_USER: *mysql_user
healthcheck:
start_period: 1m
test:
- CMD-SHELL
- >-
mysql
--user "$$MYSQL_USER"
"--password=$$MYSQL_PASSWORD"
--execute 'SHOW DATABASES;'
|| exit 1
image: mariadb:10
restart: always
volumes:
- mysql:/var/lib/mysql
redis:
command:
- redis-server
- --requirepass
- *redis_password
# - --bind=127.0.0.1
# - --unixsocket=/run/redis/redis.sock
# - --unixsocketperm=777
healthcheck:
test:
- CMD-SHELL
- "{ echo PING | redis-cli; } || exit 1"
image: redis:6-alpine
restart: always
crond:
build:
context: crond/
restart: always
volumes:
- /run/docker.sock:/run/docker.sock
z-push:
build:
context: z-push
restart: always
volumes:
mysql:
nextcloud:
_run_clamav:
external: true
name: run_clamav
_run_slapd:
external: true
name: run_slapd
networks:
default:
name: shore
external: true
z-push/.dockerignore 0 → 100644
+ 3
0
View file @ 943ad4b9
*
!z-push/
!healthcheck
z-push/Dockerfile 0 → 100644
+ 41
0
View file @ 943ad4b9
FROM debian:buster-slim
# hadolint ignore=DL3008
RUN apt-get update && \
DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
apache2 \
ca-certificates \
curl \
libapache2-mod-php \
libcap2-bin \
php-cli \
wget \
z-push-backend-caldav \
z-push-backend-carddav \
z-push-backend-combined \
z-push-backend-imap \
&& \
setcap CAP_NET_BIND_SERVICE=+ep /usr/sbin/apache2 && \
install -d -m 750 -o root -g www-data /var/log/apache2 && \
install -d -m 755 -o www-data -g root /run/apache2 && \
a2enmod status && \
ln -sf /dev/stdout /var/log/apache2/access.log && \
ln -sf /dev/stderr /var/log/apache2/error.log && \
ln -sf /dev/stdout /var/log/apache2/other_vhosts_access.log && \
rm -rf /tmp/* /var/tmp/* /var/cache/apt/archives/* /var/lib/apt/lists/*
RUN ln -sf /dev/stdout /var/log/z-push/autodiscover.log && \
ln -sf /dev/stderr /var/log/z-push/autodiscover-error.log && \
ln -sf /dev/stdout /var/log/z-push/z-push.log && \
ln -sf /dev/stderr /var/log/z-push/z-push-error.log
RUN rm /var/log/z-push/*.log
COPY z-push/ /etc/z-push/
COPY --chown=root:root healthcheck /usr/local/bin/
ENV APACHE_RUN_DIR=/run/apache2 \
APACHE_LOG_DIR=/var/log/apache2 \
APACHE_RUN_USER=www-data \
APACHE_RUN_GROUP=www-data \
APACHE_PID_FILE=/run/apache2/apache2.pid
EXPOSE 80
USER "www-data"
WORKDIR /var/www
CMD [ "apache2", "-DFOREGROUND" ]
HEALTHCHECK CMD /usr/local/bin/healthcheck
z-push/README.md 0 → 100644
+ 14
0
View file @ 943ad4b9
# Z-Push
> Dockerized Z-Push for use with NextCloud.
## License
This software is licensed under the MIT license (see `LICENSE.txt`).
## Author Information
Nimrod Adar, [contact me](mailto:nimrod@shore.co.il) or visit my [website](
https://www.shore.co.il/). Patches are welcome via [`git send-email`](
http://git-scm.com/book/en/v2/Git-Commands-Email). The repository is located
at: <https://www.shore.co.il/git/>.
z-push/healthcheck 0 → 100755
+ 5
0
View file @ 943ad4b9
#!/bin/sh
set -eu
code="$(curl --user-agent "Docker Healthcheck" --output /dev/null --silent --write-out '%{http_code}' http://localhost/AutoDiscover/AutoDiscover.xml)"
[ "$code" -eq '401' ] || exit 1
z-push/z-push/autodiscover.conf.php 0 → 100644
+ 110
0
View file @ 943ad4b9
<?php
/***********************************************
* File : config.php
* Project : Z-Push
* Descr : Autodiscover configuration file
*
* Created : 30.07.2014
*
* Copyright 2007 - 2016 Zarafa Deutschland GmbH
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License, version 3,
* as published by the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
* Consult LICENSE file for details
************************************************/
/**********************************************************************************
* Default settings
*/
// Replace zpush.example.com with your z-push's host name and uncomment the line below.
// define('ZPUSH_HOST', 'zpush.example.com');
// Defines the default time zone, change e.g. to "Europe/London" if necessary
define('TIMEZONE', '');
// Defines the base path on the server
define('BASE_PATH', dirname($_SERVER['SCRIPT_FILENAME']). '/');
/*
* Whether to use the complete email address as a login name
* (e.g. user@company.com) or the username only (user).
* Possible values:
* false - use the username only (default).
* true - use the complete email address.
*/
define('USE_FULLEMAIL_FOR_LOGIN', false);
/*
* AutoDiscover requires the username to match either the email address
* or the local part of the email address.
* This is not always possible as the username might have a different
* schema than email address. Configure this parameter to match your
* username settings.
* @see https://wiki.z-hub.io/display/ZP/Configuring+Z-Push+Autodiscover#ConfiguringZ-PushAutodiscover-Configuration
* @see https://jira.z-hub.io/browse/ZP-1209
*
* Possible values:
* AUTODISCOVER_LOGIN_EMAIL - uses the email address as provided when setting up the account
* AUTODISCOVER_LOGIN_NO_DOT - removes the '.' from email address:
* email: first.last@domain.com -> resulting username: firstlast
* AUTODISCOVER_LOGIN_F_NO_DOT_LAST - cuts the first part before '.' after the first letter and
* removes the '.' from email address:
* email: first.last@domain.com -> resulting username: flast
* AUTODISCOVER_LOGIN_F_DOT_LAST - cuts the part before '.' after the first letter and
* leaves the part after '.' as is:
* email: first.last@domain.com -> resulting username: f.last
*/
define('AUTODISCOVER_LOGIN_TYPE', AUTODISCOVER_LOGIN_EMAIL);
/**********************************************************************************
* Logging settings
* Possible LOGLEVEL and LOGUSERLEVEL values are:
* LOGLEVEL_OFF - no logging
* LOGLEVEL_FATAL - log only critical errors
* LOGLEVEL_ERROR - logs events which might require corrective actions
* LOGLEVEL_WARN - might lead to an error or require corrective actions in the future
* LOGLEVEL_INFO - usually completed actions
* LOGLEVEL_DEBUG - debugging information, typically only meaningful to developers
* LOGLEVEL_WBXML - also prints the WBXML sent to/from the device
* LOGLEVEL_DEVICEID - also prints the device id for every log entry
* LOGLEVEL_WBXMLSTACK - also prints the contents of WBXML stack
*
* The verbosity increases from top to bottom. More verbose levels include less verbose
* ones, e.g. setting to LOGLEVEL_DEBUG will also output LOGLEVEL_FATAL, LOGLEVEL_ERROR,
* LOGLEVEL_WARN and LOGLEVEL_INFO level entries.
*/
define('LOGBACKEND', 'filelog');
define('LOGFILEDIR', '/var/log/z-push/');
define('LOGFILE', LOGFILEDIR . 'autodiscover.log');
define('LOGERRORFILE', LOGFILEDIR . 'autodiscover-error.log');
define('LOGLEVEL', LOGLEVEL_INFO);
define('LOGUSERLEVEL', LOGLEVEL);
$specialLogUsers = array();
// Syslog settings
// false will log to local syslog, otherwise put the remote syslog IP here
define('LOG_SYSLOG_HOST', false);
// Syslog port
define('LOG_SYSLOG_PORT', 514);
// Program showed in the syslog. Useful if you have more than one instance login to the same syslog
define('LOG_SYSLOG_PROGRAM', 'z-push-autodiscover');
// Syslog facility - use LOG_USER when running on Windows
define('LOG_SYSLOG_FACILITY', LOG_LOCAL0);
/**********************************************************************************
* Backend settings
*/
// the backend data provider
define('BACKEND_PROVIDER', '');
z-push/z-push/caldav.conf.php 0 → 100644
+ 56
0
View file @ 943ad4b9
<?php
/***********************************************
* File : config.php
* Project : Z-Push
* Descr : CalDAV backend configuration file
*
* Created : 27.11.2012
*
* Copyright 2012 - 2014 Jean-Louis Dupond
*
* Jean-Louis Dupond released this code as AGPLv3 here: https://github.com/dupondje/PHP-Push-2/issues/93
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License, version 3,
* as published by the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
* Consult LICENSE file for details
************************************************/
// ************************
// BackendCalDAV settings
// ************************
// Server protocol: http or https
define('CALDAV_PROTOCOL', 'http');
// Server name
define('CALDAV_SERVER', 'nextcloud');
// Server port
define('CALDAV_PORT', '80');
// Path
define('CALDAV_PATH', '/remote.php/dav/calendars/%u/');
// Default CalDAV folder (calendar folder/principal). This will be marked as the default calendar in the mobile
define('CALDAV_PERSONAL', 'PRINCIPAL');
// If the CalDAV server supports the sync-collection operation
// DAViCal, SOGo and SabreDav support it
// SabreDav version must be at least 1.9.0, otherwise set this to false
// Setting this to false will work with most servers, but it will be slower
define('CALDAV_SUPPORTS_SYNC', false);
// Maximum period to sync.
// Some servers don't support more than 10 years so you will need to change this
define('CALDAV_MAX_SYNC_PERIOD', 2147483647);
z-push/z-push/carddav.conf.php 0 → 100644
+ 91
0
View file @ 943ad4b9
<?php
/***********************************************
* File : config.php
* Project : Z-Push
* Descr : CardDAV backend configuration file
*
* Created : 16.03.2013
*
* Copyright 2013 - 2016 Francisco Miguel Biete
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License, version 3,
* as published by the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
* Consult LICENSE file for details
************************************************/
// ************************
// BackendCardDAV settings
// ************************
// Server protocol: http or https
define('CARDDAV_PROTOCOL', 'http');
// Server name
define('CARDDAV_SERVER', 'nextcloud');
// Server port
define('CARDDAV_PORT', '80');
// Server path to the addressbook, or the principal with the addressbooks
// If your user has more than 1 addressbook point it to the principal.
// Example: user test@domain.com will have 2 addressbooks
// http://localhost/caldav.php/test@domain.com/addresses/personal
// http://localhost/caldav.php/test@domain.com/addresses/work
// You set the CARDDAV_PATH to '/caldav.php/%u/addresses/' and personal and work will be autodiscovered
// %u: replaced with the username
// %d: replaced with the domain
// Add the trailing /
define('CARDDAV_PATH', '/remote.php/dav/addressbooks/users/%u/');
// Server path to the default addressbook
// Mobile device will create new contacts here. It must be under CARDDAV_PATH
// %u: replaced with the username
// %d: replaced with the domain
// Add the trailing /
define('CARDDAV_DEFAULT_PATH', '/remote.php/dav/addressbooks/users/%u/contacts/');
// Server path to the GAL addressbook. This addressbook is readonly and searchable by the user, but it will NOT be synced.
// If you don't want GAL, comment it
// %u: replaced with the username
// %d: replaced with the domain
// Add the trailing /
// define('CARDDAV_GAL_PATH', '/caldav.php/%d/GAL/');
// Minimal length for the search pattern to do the real search.
// define('CARDDAV_GAL_MIN_LENGTH', 5);
// Addressbook display name, the name showed in the mobile device
// %u: replaced with the username
// %d: replaced with the domain
define('CARDDAV_CONTACTS_FOLDER_NAME', 'All contacts');
// If the CardDAV server supports the sync-collection operation
// DAViCal and SabreDav support it, but Owncloud, SOGo don't
// SabreDav version must be at least 1.9.0, otherwise set this to false
// Setting this to false will work with most servers, but it will be slower: 1 petition for the href of vcards, and 1 petition for each vcard
define('CARDDAV_SUPPORTS_SYNC', false);
// If the CardDAV server supports the FN attribute for searches
// DAViCal supports it, but SabreDav, Owncloud and SOGo don't
// Setting this to true will search by FN. If false will search by sn, givenName and email
// It's safe to leave it as false
define('CARDDAV_SUPPORTS_FN_SEARCH', false);
// If your carddav server needs to use file extension to recover a vcard.
// Davical needs it
// SOGo official demo online needs it, but some SOGo installation don't need it, so test it
define('CARDDAV_URL_VCARD_EXTENSION', '.vcf');
z-push/z-push/combined.conf.php 0 → 100644
+ 84
0
View file @ 943ad4b9
<?php
/***********************************************
* File : backend/combined/config.php
* Project : Z-Push
* Descr : configuration file for the
* combined backend.
*
* Created : 29.11.2010
*
* Copyright 2007 - 2016 Zarafa Deutschland GmbH
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License, version 3,
* as published by the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
* Consult LICENSE file for details
************************************************/
class BackendCombinedConfig {
// *************************
// BackendCombined settings
// *************************
/**
* Returns the configuration of the combined backend
*
* @access public
* @return array
*
*/
public static function GetBackendCombinedConfig() {
//use a function for it because php does not allow
//assigning variables to the class members (expecting T_STRING)
return array(
//the order in which the backends are loaded.
//login only succeeds if all backend return true on login
//sending mail: the mail is sent with first backend that is able to send the mail
'backends' => array(
'i' => array(
'name' => 'BackendIMAP',
),
// 'd' => array(
// 'name' => 'BackendCardDAV',
// ),
'c' => array(
'name' => 'BackendCalDAV',
),
),
'delimiter' => '/',
//force one type of folder to one backend
//it must match one of the above defined backends
'folderbackend' => array(
SYNC_FOLDER_TYPE_INBOX => 'i',
SYNC_FOLDER_TYPE_DRAFTS => 'i',
SYNC_FOLDER_TYPE_WASTEBASKET => 'i',
SYNC_FOLDER_TYPE_SENTMAIL => 'i',
SYNC_FOLDER_TYPE_OUTBOX => 'i',
SYNC_FOLDER_TYPE_TASK => 'c',
SYNC_FOLDER_TYPE_APPOINTMENT => 'c',
// SYNC_FOLDER_TYPE_CONTACT => 'd',
SYNC_FOLDER_TYPE_NOTE => 'c',
SYNC_FOLDER_TYPE_JOURNAL => 'c',
SYNC_FOLDER_TYPE_OTHER => 'i',
SYNC_FOLDER_TYPE_USER_MAIL => 'i',
SYNC_FOLDER_TYPE_USER_APPOINTMENT => 'c',
// SYNC_FOLDER_TYPE_USER_CONTACT => 'd',
SYNC_FOLDER_TYPE_USER_TASK => 'c',
SYNC_FOLDER_TYPE_USER_JOURNAL => 'c',
SYNC_FOLDER_TYPE_USER_NOTE => 'c',
SYNC_FOLDER_TYPE_UNKNOWN => 'i',
),
//creating a new folder in the root folder should create a folder in one backend
'rootcreatefolderbackend' => 'i',
);
}
}
z-push/z-push/imap.conf.php 0 → 100644
+ 225
0
View file @ 943ad4b9
<?php
/***********************************************
* File : config.php
* Project : Z-Push
* Descr : IMAP backend configuration file
*
* Created : 27.11.2012
*
* Copyright 2007 - 2016 Zarafa Deutschland GmbH
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License, version 3,
* as published by the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
* Consult LICENSE file for details
************************************************/
// ************************
// BackendIMAP settings
// ************************
// Defines the server to which we want to connect
define('IMAP_SERVER', 'imap.shore.co.il');
// connecting to default port (143)
define('IMAP_PORT', 993);
// best cross-platform compatibility (see http://php.net/imap_open for options)
define('IMAP_OPTIONS', '/ssl/norsh');
// Mark messages as read when moving to Trash.
// BE AWARE that you will lose the unread flag, but some mail clients do this so the Trash folder doesn't get boldened
define('IMAP_AUTOSEEN_ON_DELETE', false);
// IMPORTANT: BASIC IMAP FOLDERS [ask your mail admin]
// We can have diferent cases (case insensitive):
// 1.
// inbox
// sent
// drafts
// trash
// 2.
// inbox
// common.sent
// common.drafts
// common.trash
// 3.
// common.inbox
// common.sent
// common.drafts
// common.trash
// 4.
// common
// common.sent
// common.drafts
// common.trash
//
// gmail is a special case, where the default folders are under the [gmail] prefix and the folders defined by the user are under INBOX.
// This configuration seems to work:
// define('IMAP_FOLDER_PREFIX', '');
// define('IMAP_FOLDER_PREFIX_IN_INBOX', false);
// define('IMAP_FOLDER_INBOX', 'INBOX');
// define('IMAP_FOLDER_SENT', '[Gmail]/Sent');
// define('IMAP_FOLDER_DRAFT', '[Gmail]/Drafts');
// define('IMAP_FOLDER_TRASH', '[Gmail]/Trash');
// define('IMAP_FOLDER_SPAM', '[Gmail]/Spam');
// define('IMAP_FOLDER_ARCHIVE', '[Gmail]/All Mail');
// Since I know you won't configure this, I will raise an error unless you do.
// When configured set this to true to remove the error
define('IMAP_FOLDER_CONFIGURED', true);
// Folder prefix is the common part in your names (3, 4)
define('IMAP_FOLDER_PREFIX', '');
// Inbox will have the preffix preppend (3 & 4 to true)
define('IMAP_FOLDER_PREFIX_IN_INBOX', false);
// Inbox folder name (case doesn't matter) - (empty in 4)
define('IMAP_FOLDER_INBOX', 'INBOX');
// Sent folder name (case doesn't matter)
define('IMAP_FOLDER_SENT', 'SENT');
// Draft folder name (case doesn't matter)
define('IMAP_FOLDER_DRAFT', 'DRAFTS');
// Trash folder name (case doesn't matter)
define('IMAP_FOLDER_TRASH', 'TRASH');
// Spam folder name (case doesn't matter). Only showed as special by iOS devices
define('IMAP_FOLDER_SPAM', 'SPAM');
// Archive folder name (case doesn't matter). Only showed as special by iOS devices
define('IMAP_FOLDER_ARCHIVE', 'ARCHIVE');
// forward messages inline (default true - inlined)
define('IMAP_INLINE_FORWARD', true);
// list of folders we want to exclude from sync. Names, or part of it, separated by |
// example: dovecot.sieve|archive|spam
define('IMAP_EXCLUDED_FOLDERS', '');
// overwrite the "from" header with some value
// options:
// '' - do nothing, use the From header
// 'username' - the username will be set (usefull if your login is equal to your emailaddress)
// 'domain' - the value of the "domain" field is used
// 'sql' - the username will be the result of a sql query. REMEMBER TO INSTALL PHP-PDO AND PHP-DATABASE
// 'ldap' - the username will be the result of a ldap query. REMEMBER TO INSTALL PHP-LDAP!!
// '@mydomain.com' - the username is used and the given string will be appended
define('IMAP_DEFAULTFROM', '');
// DSN: formatted PDO connection string
// mysql:host=xxx;port=xxx;dbname=xxx
// USER: username to DB
// PASSWORD: password to DB
// OPTIONS: array with options needed
// QUERY: query to execute
// FIELDS: columns in the query
// FROM: string that will be the from, replacing the column names with the values
define('IMAP_FROM_SQL_DSN', '');
define('IMAP_FROM_SQL_USER', '');
define('IMAP_FROM_SQL_PASSWORD', '');
define('IMAP_FROM_SQL_OPTIONS', serialize(array(PDO::ATTR_PERSISTENT => true)));
define('IMAP_FROM_SQL_QUERY', "select first_name, last_name, mail_address from users where mail_address = '#username@#domain'");
define('IMAP_FROM_SQL_FIELDS', serialize(array('first_name', 'last_name', 'mail_address')));
define('IMAP_FROM_SQL_EMAIL', '#mail_address');
define('IMAP_FROM_SQL_FROM', '#first_name #last_name <#mail_address>');
define('IMAP_FROM_SQL_FULLNAME', '#first_name #last_name');
// SERVER: ldap server
// SERVER_PORT: ldap port
// USER: dn to use for connecting
// PASSWORD: password
// QUERY: query to execute
// FIELDS: columns in the query
// FROM: string that will be the from, replacing the field names with the values
define('IMAP_FROM_LDAP_SERVER', 'localhost');
define('IMAP_FROM_LDAP_SERVER_PORT', '389');
define('IMAP_FROM_LDAP_USER', 'cn=zpush,ou=servers,dc=zpush,dc=org');
define('IMAP_FROM_LDAP_PASSWORD', 'password');
define('IMAP_FROM_LDAP_BASE', 'dc=zpush,dc=org');
define('IMAP_FROM_LDAP_QUERY', '(mail=#username@#domain)');
define('IMAP_FROM_LDAP_FIELDS', serialize(array('givenname', 'sn', 'mail')));
define('IMAP_FROM_LDAP_EMAIL', '#mail');
define('IMAP_FROM_LDAP_FROM', '#givenname #sn <#mail>');
define('IMAP_FROM_LDAP_FULLNAME', '#givenname #sn');
// Method used for sending mail
// mail => mail() php function
// sendmail => sendmail executable
// smtp => direct connection against SMTP
define('IMAP_SMTP_METHOD', 'mail');
global $imap_smtp_params;
// SMTP Parameters
// mail : no params
$imap_smtp_params = array(
'host' => 'smtp.shore.co.il',
'port' => 587,
'auth' => true,
'username' => 'imap_username',
'password' => 'imap_password',
'localhost' => 'z-push'
);
// sendmail
//$imap_smtp_params = array('sendmail_path' => '/usr/bin/sendmail', 'sendmail_args' => '-i');
// smtp
// "host" - The server to connect. Default is localhost.
// "port" - The port to connect. Default is 25.
// "auth" - Whether or not to use SMTP authentication. Default is FALSE.
// "username" - The username to use for SMTP authentication. "imap_username" for using the same username as the imap server
// "password" - The password to use for SMTP authentication. "imap_password" for using the same password as the imap server
// "localhost" - The value to give when sending EHLO or HELO. Default is localhost
// "timeout" - The SMTP connection timeout. Default is NULL (no timeout).
// "verp" - Whether to use VERP or not. Default is FALSE.
// "debug" - Whether to enable SMTP debug mode or not. Default is FALSE.
// "persist" - Indicates whether or not the SMTP connection should persist over multiple calls to the send() method.
// "pipelining" - Indicates whether or not the SMTP commands pipelining should be used.
// "verify_peer" - Require verification of SSL certificate used. Default is TRUE.
// "verify_peer_name" - Require verification of peer name. Default is TRUE.
// "allow_self_signed" - Allow self-signed certificates. Requires verify_peer. Default is FALSE.
//$imap_smtp_params = array('host' => 'localhost', 'port' => 25, 'auth' => false);
// If you want to use SSL with port 25 or port 465 you must preppend "ssl://" before the hostname or IP of your SMTP server
// IMPORTANT: To use SSL you must use PHP 5.1 or later, install openssl libs and use ssl:// within the host variable
// IMPORTANT: To use SSL with PHP 5.6 you should set verify_peer, verify_peer_name and allow_self_signed
//$imap_smtp_params = array('host' => 'ssl://localhost', 'port' => 465, 'auth' => true, 'username' => 'imap_username', 'password' => 'imap_password');
// If you want to use STARTTLS when the server is supporting it, you just need to enable authentication on a non SSL host variable.
//$imap_smtp_params = array('host' => 'localhost', 'port' => 587, 'auth' => true, 'username' => 'imap_username', 'password' => 'imap_password');
// If you are using IMAP_SMTP_METHOD = mail or sendmail and your sent messages are not correctly displayed you can change this to "\n".
// BUT, it doesn't comply with RFC 2822 and will break if using smtp method
define('MAIL_MIMEPART_CRLF', "\r\n");
// A file containing file mime types->extension mappings.
// SELINUX users: make sure the file has a security context accesible by your apache/php-fpm process
define('SYSTEM_MIME_TYPES_MAPPING', '/etc/mime.types');
// Use BackendCalDAV for Meetings. You cannot hope to get that functionality working without a caldav backend.
define('IMAP_MEETING_USE_CALDAV', false);
// If your IMAP server allows authenticating via GSSAPI, php-imap will not fall back properly to other authentication
// methods and you will be unable to log in. Uncomment the following line to disable that authentication method.
// Multiple methods can be specified as a comma-separated string.
// define('IMAP_DISABLE_AUTHENTICATOR', 'GSSAPI');
z-push/z-push/policies.ini 0 → 100644
+ 234
0
View file @ 943ad4b9
;;;;;;;;;;;;;;;;;;;;;;;;
; About policies.ini ;
;;;;;;;;;;;;;;;;;;;;;;;;
; Z-Push policies' file holds the configuration to be applied
; during the provisioning of a mobile device.
; Check Z-Push wiki page regarding the provisioning policies:
; https://wiki.z-hub.io/x/eYAa
; For more information see the ActiveSync documentation at:
; https://msdn.microsoft.com/en-us/library/dd299443.aspx
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
; The default ActiveSync policy. Do not change its name.
[default]
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
; Policies for ActiveSync version 12.0 and higher
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
; Specifies if a device requires a password to unlock it.
; 0 - Password not required.
; 1 - Password is required.
devpwenabled = 0
; Specifies if a device requires an alphanumeric password to unlock it.
; 0 - Alphanumeric password not required.
; 1 - Alphanumeric password required.
alphanumpwreq = 0
; Deprecated. Specifies if the device encrypts the content of the storage card.
; 0 - Storage card encryption not enabled.
; 1 - Storage card encryption enabled.
devencenabled = 0
; Specifies if the server supports storing a recovery password which could be
; sent by the client using the Settings command.
; This policy is currently not supported by Z-Push.
; 0 - Password recovery not enabled on the server.
; 1 - Password recovery enabled on the server.
; pwrecoveryenabled = 0
; Deprecated.
docbrowseenabled =
; Specifies if email attachments are enabled for download.
; 0 - Attachments not allowed for download.
; 1 - Attachments allowed for download.
attenabled = 1
; Specifies the minimum client password length to unlock it.
; The mindevpwlenngth can be empty or have a value between 1 and 16.
; If the value is empty or 1, there is no minimum length for the device password.
mindevpwlenngth = 4
; The maximum number of seconds of inactivity before the device locks itself.
; If this value is greater than or equal to 9999, the client interprets it as unlimited.
maxinacttimedevlock = 900
; The maximum number of failed password attempts to unlock the device.
; The client SHOULD perform a local wipe or enter a timed lock out mode if the maximum
; number of failed password attempts is reached.
; The maxdevpwfailedattempts can be empty or have a value between 4 and 16.
; If the value is empty, the client interprets this as no maximum number of
; failed password attempts has been set by the security policy.
maxdevpwfailedattempts = 8
; The maximum attachment size in bytes as determined by security policy.
maxattsize = ''
; Specifies if the device allows simple passwords. A simple password contains
; repeated ("0000") or sequential ("xyz") characters only.
allowsimpledevpw = 1
; The maximum number of days until a password expires.
; Empty or 0 devpwexpiration value indicates that the password will not expire.
devpwexpiration = 0
; The minimum number of previously used passwords stored to prevent reuse by the device.
; 0 - Do not store previously used passwords.
; >0 - Store the minimum number of previously used passwords.
devpwhistory = 0
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
; Policies for ActiveSync version 12.1 and higher
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
; The device allows to use a storage card.
; 0 - SD card not allowed.
; 1 - SD card allowed.
allowstoragecard = 1
; The device allows to use the built-in camera.
; 0 - Usage of the built-in camera not allowed.
; 1 - Usage of built-in the camera allowed.
allowcam = 1
; Specifies if the client uses encryption.
; 0 - Encryption not required.
; 1 - Encryption required.
reqdevenc = 0
; Specifies if the device allows unsigned applications to execute.
; 0 - Unsigned applications not allowed to execute.
; 1 - Unsigned applications allowed to execute.
allowunsignedapps = 1
; The required complexity level of the device password.
; Valid values for mindevcomplexchars are between 1 and 4. The value specifies
; the number of character groups to be contained in the password.
; The character groups are:
; - Lower case alphabetical characters
; - Upper case alphabetical characters
; - Numbers
; - Non-alphanumeric characters
; For example, if the value of mindevcomplexchars is 2, a password may contain
; lower case and upper case characters. A password with numbers and non-alphanumeric
; characters would be also valid.
mindevcomplexchars = 3
; The device allows the use of Wi-Fi connections.
; 0 - The use of Wi-Fi connections not allowed.
; 1 - The use of Wi-Fi connections allowed.
allowwifi = 1
; The device allows the use of SMS or text messaging.
; 0 - SMS or text messaging not allowed.
; 1 - SMS or text messaging allowed.
allowtextmessaging = 1
; The device allows access to POP or IMAP email.
; 0 - POP or IMAP email access not allowed.
; 1 - POP or IMAP email access allowed.
allowpopimapemail = 1
; The use of Bluetooth on the device.
; 0 - Disable Bluetooth.
; 1 - Disable Bluetooth, but allow the configuration of hands-free profiles.
; 2 - Allow Bluetooth.
allowbluetooth = 2
; The device allows the use of IrDA (infrared) connections.
; 0 - Disable IrDA.
; 1 - Allow IrDA.
allowirda = 1
; The device requires manual synchronization when the device is roaming.
; 0 - Do not require manual sync; allow direct push when roaming.
; 1 - Require manual sync when roaming.
reqmansyncroam = 0
; The maximum number of calendar days that can be synchronized.
; 0 - All days
; 4 - 2 weeks
; 5 - 1 month
; 6 - 3 months
; 7 - 6 months
maxcalagefilter = 0
; Specifies if the client uses HTML-formatted email.
; 0 - HTML-formatted email not allowed.
; 1 - HTML-formatted email allowed.
allowhtmlemail = 1
; The email age limit for synchronization.
; 0 - Sync all
; 1 - 1 day
; 2 - 3 days
; 3 - 1 week
; 4 - 2 weeks
; 5 - 1 month
maxemailagefilter = 0
; The maximum truncation size for plain text–formatted email.
; -1 - No truncation.
; 0 - Truncate only the header.
; >0 - Truncate the email body to the specified size.
maxemailbodytruncsize = -1
; The maximum truncation size for HTML-formatted email.
; -1 - No truncation.
; 0 - Truncate only the header.
; >0 - Truncate the email body to the specified size.
maxemailhtmlbodytruncsize = -1
; Specifies if the client sends signed S/MIME messages.
; 0 - Signed S/MIME messages not required.
; 1 - Signed S/MIME messages required.
reqsignedsmimemessages = 0
; Specifies if the client sends encrypted email messages.
; 0 - Encrypted email messages not required.
; 1 - Email messages required to be encrypted.
reqencsmimemessages = 0
; The algorithm used to sign S/MIME messages.
; 0 - Use SHA1.
; 1 - Use MD5.
reqsignedsmimealgorithm = 0
; The algorithm used to encrypt S/MIME messages.
; 0 - TripleDES algorithm
; 1 - DES algorithm
; 2 - RC2128bit
; 3 - RC264bit
; 4 - RC240bit
reqencsmimealgorithm = 0
; Controls negotiation of the encryption algorithm.
; 0 - Do not negotiate.
; 1 - Negotiate a strong algorithm.
; 2 - Negotiate any algorithm.
allowsmimeencalgneg = 2
; Specifies if the client can use soft certificates to sign outgoing messages.
; 0 - Soft certificates are not allowed.
; 1 - Soft certificates are allowed.
allowsmimesoftcerts = 1
; Specifies if the device allows the use of a web browser.
; 0 - Do not allow the use of a web browser.
; 1 - Allow the use of a web browser.
allowbrowser = 1
; Specifies if the device allows the user to configure a personal email account.
; 0 - Do not allow the user to configure a personal email account.
; 1 - Allow the user to configure a personal email account.
allowconsumeremail = 1
; Specifies if the device allows the use of Internet Sharing.
; 0 - Do not allow the use of Internet Sharing.
; 1 - Allow the use of Internet Sharing.
allowinternetsharing = 1
\ No newline at end of file
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment