[global]
  e2dsa  # enable file indexing and filesystem scanning
  e2ts   # enable multimedia indexing
  ansi   # enable colors in log messages
  #q      # disable logging for more performance

  # if we are confident that we got the docker-network config correct
  # (meaning copyparty is only accessible through traefik, and
  #  traefik makes sure that all requests go through authelia),
  # then accept X-Forwarded-For and IdP headers from any private IP:
  xff-src: lan

  idp-h-usr: x-auth-request-user
  idp-h-grp: x-auth-request-groups
  idp-h-key: x-auth-request-{{ oauth_proxy_super_secret_header }}

[/]      # create a volume at "/" (the webroot), which will
  /w
  accs:
    rw: *       # everyone gets read-access, but
    rwmda: @{{ admins }}  # the group "su" gets read-write-move-delete-admin


[/u/${u}]    # each user gets their own home-folder at /u/username
  /w/u/${u}  # which will be "u/username" in the docker data volume
  accs:
    r: *              # read-access for anyone, and
    rwmda: ${u}, @{{ admins }}  # read-write-move-delete-admin for that username + the "su" group


[/u/${u}/priv]    # each user also gets a private area at /u/username/priv
  /w/u/${u}/priv  # stored at DATAVOLUME/u/username/priv
  accs:
    rwmda: ${u}, @{{ admins }}  # read-write-move-delete-admin for that username + the "su" group