From 08e92ca3b8ee6c38c3e19126378e51b46cf63b16 Mon Sep 17 00:00:00 2001
From: Elizabeth Hunt <me@liz.coffee>
Date: Mon, 11 Aug 2025 18:39:55 -0700
Subject: Oauth proxy and monitoring init

---
 .../bin/templates/volumes/conf/copyparty.conf      | 34 ++++++++++++++++++++++
 .../roles/bin/templates/volumes/data/.gitkeep      |  0
 .../roles/bin/templates/volumes/share/.gitkeep     |  0
 3 files changed, 34 insertions(+)
 create mode 100644 playbooks/roles/bin/templates/volumes/conf/copyparty.conf
 delete mode 100644 playbooks/roles/bin/templates/volumes/data/.gitkeep
 create mode 100644 playbooks/roles/bin/templates/volumes/share/.gitkeep

(limited to 'playbooks/roles/bin/templates/volumes')

diff --git a/playbooks/roles/bin/templates/volumes/conf/copyparty.conf b/playbooks/roles/bin/templates/volumes/conf/copyparty.conf
new file mode 100644
index 0000000..eaea0a6
--- /dev/null
+++ b/playbooks/roles/bin/templates/volumes/conf/copyparty.conf
@@ -0,0 +1,34 @@
+[global]
+  e2dsa  # enable file indexing and filesystem scanning
+  e2ts   # enable multimedia indexing
+  ansi   # enable colors in log messages
+  #q      # disable logging for more performance
+
+  # if we are confident that we got the docker-network config correct
+  # (meaning copyparty is only accessible through traefik, and
+  #  traefik makes sure that all requests go through authelia),
+  # then accept X-Forwarded-For and IdP headers from any private IP:
+  xff-src: lan
+
+  idp-h-usr: x-auth-request-user
+  idp-h-grp: x-auth-request-groups
+  idp-h-key: x-auth-request-{{ oauth_proxy_super_secret_header }}
+
+[/]      # create a volume at "/" (the webroot), which will
+  /w
+  accs:
+    rw: *       # everyone gets read-access, but
+    rwmda: @{{ admins }}  # the group "su" gets read-write-move-delete-admin
+
+
+[/u/${u}]    # each user gets their own home-folder at /u/username
+  /w/u/${u}  # which will be "u/username" in the docker data volume
+  accs:
+    r: *              # read-access for anyone, and
+    rwmda: ${u}, @{{ admins }}  # read-write-move-delete-admin for that username + the "su" group
+
+
+[/u/${u}/priv]    # each user also gets a private area at /u/username/priv
+  /w/u/${u}/priv  # stored at DATAVOLUME/u/username/priv
+  accs:
+    rwmda: ${u}, @{{ admins }}  # read-write-move-delete-admin for that username + the "su" group
diff --git a/playbooks/roles/bin/templates/volumes/data/.gitkeep b/playbooks/roles/bin/templates/volumes/data/.gitkeep
deleted file mode 100644
index e69de29..0000000
diff --git a/playbooks/roles/bin/templates/volumes/share/.gitkeep b/playbooks/roles/bin/templates/volumes/share/.gitkeep
new file mode 100644
index 0000000..e69de29
-- 
cgit v1.2.3-70-g09d2