digitalwm · September 10, 2024 10:42
diff --git a/gistfile1.txt b/gistfile1.txt
 sharry.restserver {

  # This is the base URL this application is deployed to. This is used
  # to create absolute URLs and to configure the cookie.
  #
  # Note: Currently deploying behind a path is not supported. The URL
  # should not end in a slash.
  base-url = "http://localhost:9090"


  # Where the server binds to.
  bind {
    address = "localhost"
    port = 9090
  }

  file-download {
    # For open range requests, use this amount of data when
    # responding.
    download-chunk-size = "4M"
  }

  # Configures logging
  logging {
    # The format for the log messages. Can be one of:
    # Json, Logfmt, Fancy or Plain
    format = "Fancy"

    # The minimum level to log. From lowest to highest:
    # Trace, Debug, Info, Warn, Error
    minimum-level = "Warn"

    # Override the log level of specific loggers
    levels = {
      "sharry" = "Info"
      "org.flywaydb" = "Info"
      "binny" = "Info"
      "org.http4s" = "Info"
    }
  }

  # The alias-member feature allows to add users to an alias page to
  # automatically make all shares that were uploaded through the
  # corresponding alias available to all members. This allows to
  # search for other users via a http call. If this feature is
  # disabled, the rest call to search other users is disabled and the
  # form element is removed from the ui.
  alias-member-enabled = true

  webapp {
    # This is shown in the top right corner of the web application
    app-name = "Sharry"

    # The icon next to the app-name. Needs to be an URL to an image.
    app-icon = ""

    # The icon next to the app-name when dark mode is enabled.
    app-icon-dark = ""

    # The login and register pages display a logo image, by default
    # the Sharry logo. This can be changed here. It needs to be an URL
    # to an image.
    app-logo = ""

    # The login and register pages display a logo image. This is the
    # one used when dark mode is enabled.
    app-logo-dark = ""

    # This is markdown that is inserted as the footer on each page in
    # the ui. If left empty, a link to the project is rendered.
    app-footer = ""

    # Whether to display the footer on each page in the ui. Set it to
    # false to hide it.
    app-footer-visible = true

    # Chunk size used for one request. The server will re-chunk the
    # stream into smaller chunks. But the client can transfer more in
    # one requests, resulting in faster uploads.
    #
    # You might need to adjust this value depending on your setup. A
    # higher value usually means faster uploads (if the up-link is
    # good enough). It is set rather low by default, because it is a
    # safer default.
    chunk-size = "10M"

    # Number of milliseconds the client should wait before doing a new
    # upload attempt after something failed. The length of the array
    # denotes the number of retries.
    retry-delays = [0, 3000, 6000, 12000, 24000, 48000]

    # The login page can display a welcome message that is readable by
    # everyone. The text is processed as markdown.
    welcome-message = ""

    # The ISO-3166-1 code of the default language to use. If a invalid
    # code is given (or one where no language is available), it falls
    # back to "gb".
    default-language = "gb"

    # The interval a new authentication token is retrieved. This must
    # be at least 30s lower than `backend.auth.session-valid'.
    auth-renewal = "4 minutes"

    # The initial page to go to after logging in. It can be one of the
    # following: home, uploads, share
    initial-page = "home"

    # The value for the validity that is preselected. Only values that
    # are available in the dropdown are possible to specifiy.
    default-validity = 7 days

    # The inital ui theme to use. Can be either 'light' or 'dark'.
    initial-theme = "light"

    # When only OAuth (or only Proxy Auth) is configured and only a
    # single provider, then the weapp automatically redirects to its
    # authentication page skipping the sharry login page. This will
    # also disable the logout button, since sharry is not in charge
    # anyways.
    oauth-auto-redirect = true

    # A custom html snippet that is rendered into the html head
    # section of the main template. If the value is empty, a default
    # section is used for inserting a favicon configuration.
    #
    # The value is first tried to resolve to a file in the local file
    # system. If that is successful, it its content is being inserted
    # as utf8 characters. Otherwise the value given here is rendered
    # as is into the template!
    custom-head = ""
  }

  backend {

    # Authentication is flexible to let Sharry be integrated in other
    # environments.
    auth {

      # The secret for this server that is used to sign the authenicator
      # tokens. You can use base64 or hex strings (prefix with b64: and
      # hex:, respectively)
      server-secret = "hex:caffee"

      # How long an authentication token is valid. The web application
      # will get a new one periodically.
      session-valid = "8 minutes"

      #### Login Modules
      ##
      ## The following settings configure how users are authenticated.
      ## There are several ways possible. The simplest is to
      ## authenticate agains the internal database. But often there is
      ## already a user management component and sharry can be
      ## configured to authenticated against other services.

      # A fixed login module simply checks the username and password
      # agains the information provided here. This only applies if the
      # user matches, otherwise the next login module is tried.
      fixed {
        enabled = false
        user = "admin"
        password = "admin"
        order = 10
      }

      # The http authentication module sends the username and password
      # via a HTTP request and uses the response to indicate success or
      # failure.
      #
      # If the method is POST, the `body' is sent with the request and
      # the `content-type' is used.
      http {
        enabled = false
        url = "http://localhost:1234/auth?user={{user}}&password={{pass}}"
        method = "POST"
        body = ""
        content-type = ""
        order = 20
      }

      # Use HTTP Basic authentication. An Authorization header using
      # the Basic scheme is created and the request is send to the
      # given url. The response body will be ignored, only the status
      # is inspected.
      http-basic {
        enabled = false
        url = "http://somehost:2345/path"
        method = "GET"
        order = 30
      }

      # The command authentication module runs an external command
      # giving it the username and password. The return code indicates
      # success or failure.
      command {
        enabled = false
        program = [
          "/path/to/someprogram"
          "{{user}}"
          "{{pass}}"
        ]
        # the return code to consider successful verification
        success = 0
        order = 40
      }

      # The internal authentication module checks against the internal
      # database.
      internal {
        enabled = true
        order = 50
      }

      # Uses OAuth2 "Code-Flow" for authentication against a
      # configured provider.
      #
      # A provider (like Github, Google, or Microsoft for example) must be
      # configured correctly for this to work. Each element in the array
      # results into a button on the login page.
      #
      # Examples for Github, Google and Microsoft (Azure AD) are provided
      # below. You need to setup an “application” to obtain a client_secret
      # and client_id.
      #
      # Details:
      # - enabled: allows to toggle it on or off
      # - id: a unique id that is part of the url
      # - name: a name that is displayed inside the button on the
      #   login screen
      # - icon: a fontawesome icon name for the button
      # - authorize-url: the url of the provider where the user can
      #   login and grant the permission to retrieve the user name
      # - token-url: the url used to obtain a bearer token using the
      #   response from the authentication above. The response from
      #   the provider must be json or url-form-encdode.
      # - user-url: the url to finalyy retrieve user information –
      #   only JSON responses are supported.
      # - user-id-key: the name of the field in the json response
      #   denoting the user name
      # - user-email-key: the name of the field in the json response
      #   that denotes the users email.
      oauth = {
        "github" = {
          enabled = false
          name = "Github"
          icon = "fab fa-github"
          scope = ""
          authorize-url = "https://github.com/login/oauth/authorize"
          token-url = "https://github.com/login/oauth/access_token"
          user-url = "https://api.github.com/user"
          user-id-key = "login"
          client-id = "<your client id>"
          client-secret = "<your client secret>"
        },
        "google" = {
          enabled = false
          name = "Google"
          icon = "fab fa-google"
          scope = ""
          authorize-url = "https://accounts.google.com/o/oauth2/v2/auth?scope=https://www.googleapis.com/auth/userinfo.profile"
          token-url = "https://oauth2.googleapis.com/token"
          user-url = "https://www.googleapis.com/oauth2/v1/userinfo?alt=json"
          user-id-key = "name"
          client-id = "<your client id>"
          client-secret = "<your client secret>"
        },
        "aad" = {
          enabled = false
          name = "Azure AD"
          icon = "fab fa-microsoft"
          scope = "openid"
          authorize-url = "https://login.microsoftonline.com/<your tenant ID>/oauth2/v2.0/authorize"
          token-url = "https://login.microsoftonline.com/<your tenant ID>/oauth2/v2.0/token"
          user-url = "https://graph.microsoft.com/oidc/userinfo"
          user-id-key = "email"
          user-email-key = "email"
          client-id = "<your client id>"
          client-secret = "<your client secret>"
        }
      }

      # Allows to inspect the request headers for finding already
      # authorized user name/email. If enabled and during login the
      # request contains these headers, they will be used to
      # automatically create accounts.
      proxy {
        enabled = false
        user-header = "X-Valid-User"
        email-header = "X-User-Email"
      }
    }

    # The database connection.
    #
    # By default a H2 file-based database is configured. You can
    # provide a postgresql or mariadb connection here. When using H2
    # use the PostgreSQL compatibility mode.
    jdbc {
      url = "jdbc:h2://"${java.io.tmpdir}"/sharry-demo.db;MODE=PostgreSQL;DATABASE_TO_LOWER=TRUE"
      user = "sa"
      password = ""
    }

    # How files are stored.
    files {
      # The id of an enabled store from the `stores` array that should
      # be used.
      default-store = "database"

      # A list of possible file stores. Each entry must have a unique
      # id. The `type` is one of: default-database, filesystem, s3.
      #
      # All stores with enabled=false are
      # removed from the list. The `default-store` must be enabled.
      stores = {
        database =
          { enabled = true
            type = "default-database"
          }

        filesystem =
          { enabled = false
            type = "file-system"
            directory = "/some/directory"
            clean-empty-dirs = true
          }

        minio =
          { enabled = false
            type = "s3"
            endpoint = "http://localhost:9000"
            access-key = "username"
            secret-key = "password"
            bucket = "sharry"
          }
      }

      # Allows to copy files from one store to the other *before* sharry
      # will be available. It is recommended to set the `enabled` flag to
      # false afterwards and restart sharry.
      #
      # Files are only copied, they are *not* removed from the source
      # store.
      copy-files = {
        enable = false

        # A key in the `backend.files` config identifying the store to
        # copy from.
        source = "database"

        # A key in the `backend.files` config identifying the store to
        # copy the files to.
        target = "minio"

        # How many files to copy in parallel.
        parallel = 2
      }
    }

    # Checksums of uploaded files are computed in the background.
    compute-checksum = {
      # Setting this to false disables computation of checksums completely.
      enable = true

      # How many ids to queue at most. If full, uploading blocks until
      # elemnts are taken off the queue
      capacity = 5000

      # How many checksums to compute in parallel, must be > 0. If 1,
      # they are computed sequentially.
      parallel = 0

      # If true, the `parallel` option above is ignored and it will be
      # set to the number of available cores - 1 (using 1 for single
      # core machines).
      use-default = true
    }

    # Configuration for registering new users at the local database.
    # Accounts registered here are checked via the `internal'
    # authentication plugin as described above.
    signup {

      # The mode defines if new users can signup or not. It can have
      # three values:
      #
      # - open: every new user can sign up
      # - invite: new users can sign up only if they provide a correct
      #   invitation key. Invitation keys can be generated by an admin.
      # - closed: signing up is disabled.
      mode = "open"

      # If mode == 'invite', this is the period an invitation token is
      # considered valid.
      invite-time = "14 days"

      # A password that is required when generating invitation keys.
      # This is more to protect against accidentally creating
      # invitation keys. Generating such keys is only permitted to
      # admin users.
      invite-password = "generate-invite"
    }


    share {
      # When storing binary data use chunks of this size.
      chunk-size = "512K"

      # Maximum size of a share.
      max-size = "1.5G"

      # Maximum validity for uploads
      max-validity = 365 days

      # Allows additional database checks to be translated into some
      # meaningful message to the user.
      #
      # This config is used when inspecting database error messages.
      # If the error message from the database contains the defined
      # `native` part, then the server returns a 422 with the error
      # messages given here as `message`.
      #
      # See issue https://github.com/eikek/sharry/issues/255 – the
      # example is a virus check via a postgresql extension "snakeoil".
      database-domain-checks = {
        # Example: This message originates from postgres with an
        # enabled snakeoil extension. This extension allows to virus
        # check byte arrays. It must be setup such that the `bytea`
        # type of the filechunk table is changed to the type
        # `safe_bytea`:
        #
        # CREATE EXTENSION pg_snakeoil;
        # CREATE DOMAIN public.safe_bytea as bytea CHECK (not so_is_infected(value));
        # ALTER TABLE public.filechunk ALTER COLUMN chunkdata TYPE safe_bytea;
        snakeoil = {
          enabled = false
          native = "domain safe_bytea violates check constraint"
          message = "The uploaded file contains a virus!"
        }
      }
    }

    cleanup {
      # Whether to enable the cleanup job that periodically
      # cleans up published, expired shares and expired invites
      enabled = true

      # The interval for the cleanup job
      interval = 14 days

      # Time of published shares past expiration to get collected by cleanup job
      invalid-age = 7 days
    }

    mail {

      # Enable/Disable the mail feature.
      #
      # If it is disabled, the server will not send mails, including
      # notifications.
      #
      # If enabled, explicit SMTP settings must be provided.
      enabled = false

      # The SMTP settings that are used to sent mails with.
      smtp {
        # Host and port of the SMTP server
        host = "localhost"
        port = 25

        # User credentials to authenticate at the server. If the user
        # is empty, mails are sent without authentication.
        user = ""
        password = ""

        # One of: none, starttls, ssl
        ssl-type = "starttls"

        # In case of self-signed certificates or other problems like
        # that, checking certificates can be disabled.
        check-certificates = true

        # Timeout for mail commands.
        timeout = "10 seconds"

        # The default mail address used for the `From' field.
        #
        # If left empty, the e-mail address of the current user is used.
        default-from = ""

        # When creating mails, the List-Id header is set to this value.
        #
        # This helps identifying these mails in muas. If it is empty,
        # the header is not set.
        list-id = "Sharry"
      }

      templates = {
        download = {
          subject = "Download ready."
          body = """Hello,

 there are some files for you to download. Visit this link:

 {{{url}}}

 {{#password}}
 The required password will be sent by other means.
 {{/password}}


 Greetings,
 {{user}} via Sharry
 """
        }

        alias = {
          subject = "Link for Upload"
          body = """Hello,

 please use the following link to sent files to me:

 {{{url}}}

 Greetings,
 {{user}} via Sharry
 """
        }

        upload-notify = {
          subject = "[Sharry] Files arrived"
          body = """Hello {{user}},

 there have been files uploaded for you via the alias '{{aliasName}}'.
 View it here:

 {{{url}}}

 Greetings,
 Sharry
 """
        }
      }
    }
  }
 }
	sharry.restserver {

	# This is the base URL this application is deployed to. This is used
	# to create absolute URLs and to configure the cookie.
	#
	# Note: Currently deploying behind a path is not supported. The URL
	# should not end in a slash.
	base-url = "http://localhost:9090"


	# Where the server binds to.
	bind {
	address = "localhost"
	port = 9090
	}

	file-download {
	# For open range requests, use this amount of data when
	# responding.
	download-chunk-size = "4M"
	}

	# Configures logging
	logging {
	# The format for the log messages. Can be one of:
	# Json, Logfmt, Fancy or Plain
	format = "Fancy"

	# The minimum level to log. From lowest to highest:
	# Trace, Debug, Info, Warn, Error
	minimum-level = "Warn"

	# Override the log level of specific loggers
	levels = {
	"sharry" = "Info"
	"org.flywaydb" = "Info"
	"binny" = "Info"
	"org.http4s" = "Info"
	}
	}

	# The alias-member feature allows to add users to an alias page to
	# automatically make all shares that were uploaded through the
	# corresponding alias available to all members. This allows to
	# search for other users via a http call. If this feature is
	# disabled, the rest call to search other users is disabled and the
	# form element is removed from the ui.
	alias-member-enabled = true

	webapp {
	# This is shown in the top right corner of the web application
	app-name = "Sharry"

	# The icon next to the app-name. Needs to be an URL to an image.
	app-icon = ""

	# The icon next to the app-name when dark mode is enabled.
	app-icon-dark = ""

	# The login and register pages display a logo image, by default
	# the Sharry logo. This can be changed here. It needs to be an URL
	# to an image.
	app-logo = ""

	# The login and register pages display a logo image. This is the
	# one used when dark mode is enabled.
	app-logo-dark = ""

	# This is markdown that is inserted as the footer on each page in
	# the ui. If left empty, a link to the project is rendered.
	app-footer = ""

	# Whether to display the footer on each page in the ui. Set it to
	# false to hide it.
	app-footer-visible = true

	# Chunk size used for one request. The server will re-chunk the
	# stream into smaller chunks. But the client can transfer more in
	# one requests, resulting in faster uploads.
	#
	# You might need to adjust this value depending on your setup. A
	# higher value usually means faster uploads (if the up-link is
	# good enough). It is set rather low by default, because it is a
	# safer default.
	chunk-size = "10M"

	# Number of milliseconds the client should wait before doing a new
	# upload attempt after something failed. The length of the array
	# denotes the number of retries.
	retry-delays = [0, 3000, 6000, 12000, 24000, 48000]

	# The login page can display a welcome message that is readable by
	# everyone. The text is processed as markdown.
	welcome-message = ""

	# The ISO-3166-1 code of the default language to use. If a invalid
	# code is given (or one where no language is available), it falls
	# back to "gb".
	default-language = "gb"

	# The interval a new authentication token is retrieved. This must
	# be at least 30s lower than `backend.auth.session-valid'.
	auth-renewal = "4 minutes"

	# The initial page to go to after logging in. It can be one of the
	# following: home, uploads, share
	initial-page = "home"

	# The value for the validity that is preselected. Only values that
	# are available in the dropdown are possible to specifiy.
	default-validity = 7 days

	# The inital ui theme to use. Can be either 'light' or 'dark'.
	initial-theme = "light"

	# When only OAuth (or only Proxy Auth) is configured and only a
	# single provider, then the weapp automatically redirects to its
	# authentication page skipping the sharry login page. This will
	# also disable the logout button, since sharry is not in charge
	# anyways.
	oauth-auto-redirect = true

	# A custom html snippet that is rendered into the html head
	# section of the main template. If the value is empty, a default
	# section is used for inserting a favicon configuration.
	#
	# The value is first tried to resolve to a file in the local file
	# system. If that is successful, it its content is being inserted
	# as utf8 characters. Otherwise the value given here is rendered
	# as is into the template!
	custom-head = ""
	}

	backend {

	# Authentication is flexible to let Sharry be integrated in other
	# environments.
	auth {

	# The secret for this server that is used to sign the authenicator
	# tokens. You can use base64 or hex strings (prefix with b64: and
	# hex:, respectively)
	server-secret = "hex:caffee"

	# How long an authentication token is valid. The web application
	# will get a new one periodically.
	session-valid = "8 minutes"

	#### Login Modules
	##
	## The following settings configure how users are authenticated.
	## There are several ways possible. The simplest is to
	## authenticate agains the internal database. But often there is
	## already a user management component and sharry can be
	## configured to authenticated against other services.

	# A fixed login module simply checks the username and password
	# agains the information provided here. This only applies if the
	# user matches, otherwise the next login module is tried.
	fixed {
	enabled = false
	user = "admin"
	password = "admin"
	order = 10
	}

	# The http authentication module sends the username and password
	# via a HTTP request and uses the response to indicate success or
	# failure.
	#
	# If the method is POST, the `body' is sent with the request and
	# the `content-type' is used.
	http {
	enabled = false
	url = "http://localhost:1234/auth?user={{user}}&password={{pass}}"
	method = "POST"
	body = ""
	content-type = ""
	order = 20
	}

	# Use HTTP Basic authentication. An Authorization header using
	# the Basic scheme is created and the request is send to the
	# given url. The response body will be ignored, only the status
	# is inspected.
	http-basic {
	enabled = false
	url = "http://somehost:2345/path"
	method = "GET"
	order = 30
	}

	# The command authentication module runs an external command
	# giving it the username and password. The return code indicates
	# success or failure.
	command {
	enabled = false
	program = [
	"/path/to/someprogram"
	"{{user}}"
	"{{pass}}"
	]
	# the return code to consider successful verification
	success = 0
	order = 40
	}

	# The internal authentication module checks against the internal
	# database.
	internal {
	enabled = true
	order = 50
	}

	# Uses OAuth2 "Code-Flow" for authentication against a
	# configured provider.
	#
	# A provider (like Github, Google, or Microsoft for example) must be
	# configured correctly for this to work. Each element in the array
	# results into a button on the login page.
	#
	# Examples for Github, Google and Microsoft (Azure AD) are provided
	# below. You need to setup an “application” to obtain a client_secret
	# and client_id.
	#
	# Details:
	# - enabled: allows to toggle it on or off
	# - id: a unique id that is part of the url
	# - name: a name that is displayed inside the button on the
	# login screen
	# - icon: a fontawesome icon name for the button
	# - authorize-url: the url of the provider where the user can
	# login and grant the permission to retrieve the user name
	# - token-url: the url used to obtain a bearer token using the
	# response from the authentication above. The response from
	# the provider must be json or url-form-encdode.
	# - user-url: the url to finalyy retrieve user information –
	# only JSON responses are supported.
	# - user-id-key: the name of the field in the json response
	# denoting the user name
	# - user-email-key: the name of the field in the json response
	# that denotes the users email.
	oauth = {
	"github" = {
	enabled = false
	name = "Github"
	icon = "fab fa-github"
	scope = ""
	authorize-url = "https://github.com/login/oauth/authorize"
	token-url = "https://github.com/login/oauth/access_token"
	user-url = "https://api.github.com/user"
	user-id-key = "login"
	client-id = "<your client id>"
	client-secret = "<your client secret>"
	},
	"google" = {
	enabled = false
	name = "Google"
	icon = "fab fa-google"
	scope = ""
	authorize-url = "https://accounts.google.com/o/oauth2/v2/auth?scope=https://www.googleapis.com/auth/userinfo.profile"
	token-url = "https://oauth2.googleapis.com/token"
	user-url = "https://www.googleapis.com/oauth2/v1/userinfo?alt=json"
	user-id-key = "name"
	client-id = "<your client id>"
	client-secret = "<your client secret>"
	},
	"aad" = {
	enabled = false
	name = "Azure AD"
	icon = "fab fa-microsoft"
	scope = "openid"
	authorize-url = "https://login.microsoftonline.com/<your tenant ID>/oauth2/v2.0/authorize"
	token-url = "https://login.microsoftonline.com/<your tenant ID>/oauth2/v2.0/token"
	user-url = "https://graph.microsoft.com/oidc/userinfo"
	user-id-key = "email"
	user-email-key = "email"
	client-id = "<your client id>"
	client-secret = "<your client secret>"
	}
	}

	# Allows to inspect the request headers for finding already
	# authorized user name/email. If enabled and during login the
	# request contains these headers, they will be used to
	# automatically create accounts.
	proxy {
	enabled = false
	user-header = "X-Valid-User"
	email-header = "X-User-Email"
	}
	}

	# The database connection.
	#
	# By default a H2 file-based database is configured. You can
	# provide a postgresql or mariadb connection here. When using H2
	# use the PostgreSQL compatibility mode.
	jdbc {
	url = "jdbc:h2://"${java.io.tmpdir}"/sharry-demo.db;MODE=PostgreSQL;DATABASE_TO_LOWER=TRUE"
	user = "sa"
	password = ""
	}

	# How files are stored.
	files {
	# The id of an enabled store from the `stores` array that should
	# be used.
	default-store = "database"

	# A list of possible file stores. Each entry must have a unique
	# id. The `type` is one of: default-database, filesystem, s3.
	#
	# All stores with enabled=false are
	# removed from the list. The `default-store` must be enabled.
	stores = {
	database =
	{ enabled = true
	type = "default-database"
	}

	filesystem =
	{ enabled = false
	type = "file-system"
	directory = "/some/directory"
	clean-empty-dirs = true
	}

	minio =
	{ enabled = false
	type = "s3"
	endpoint = "http://localhost:9000"
	access-key = "username"
	secret-key = "password"
	bucket = "sharry"
	}
	}

	# Allows to copy files from one store to the other before sharry
	# will be available. It is recommended to set the `enabled` flag to
	# false afterwards and restart sharry.
	#
	# Files are only copied, they are not removed from the source
	# store.
	copy-files = {
	enable = false

	# A key in the `backend.files` config identifying the store to
	# copy from.
	source = "database"

	# A key in the `backend.files` config identifying the store to
	# copy the files to.
	target = "minio"

	# How many files to copy in parallel.
	parallel = 2
	}
	}

	# Checksums of uploaded files are computed in the background.
	compute-checksum = {
	# Setting this to false disables computation of checksums completely.
	enable = true

	# How many ids to queue at most. If full, uploading blocks until
	# elemnts are taken off the queue
	capacity = 5000

	# How many checksums to compute in parallel, must be > 0. If 1,
	# they are computed sequentially.
	parallel = 0

	# If true, the `parallel` option above is ignored and it will be
	# set to the number of available cores - 1 (using 1 for single
	# core machines).
	use-default = true
	}

	# Configuration for registering new users at the local database.
	# Accounts registered here are checked via the `internal'
	# authentication plugin as described above.
	signup {

	# The mode defines if new users can signup or not. It can have
	# three values:
	#
	# - open: every new user can sign up
	# - invite: new users can sign up only if they provide a correct
	# invitation key. Invitation keys can be generated by an admin.
	# - closed: signing up is disabled.
	mode = "open"

	# If mode == 'invite', this is the period an invitation token is
	# considered valid.
	invite-time = "14 days"

	# A password that is required when generating invitation keys.
	# This is more to protect against accidentally creating
	# invitation keys. Generating such keys is only permitted to
	# admin users.
	invite-password = "generate-invite"
	}


	share {
	# When storing binary data use chunks of this size.
	chunk-size = "512K"

	# Maximum size of a share.
	max-size = "1.5G"

	# Maximum validity for uploads
	max-validity = 365 days

	# Allows additional database checks to be translated into some
	# meaningful message to the user.
	#
	# This config is used when inspecting database error messages.
	# If the error message from the database contains the defined
	# `native` part, then the server returns a 422 with the error
	# messages given here as `message`.
	#
	# See issue https://github.com/eikek/sharry/issues/255 – the
	# example is a virus check via a postgresql extension "snakeoil".
	database-domain-checks = {
	# Example: This message originates from postgres with an
	# enabled snakeoil extension. This extension allows to virus
	# check byte arrays. It must be setup such that the `bytea`
	# type of the filechunk table is changed to the type
	# `safe_bytea`:
	#
	# CREATE EXTENSION pg_snakeoil;
	# CREATE DOMAIN public.safe_bytea as bytea CHECK (not so_is_infected(value));
	# ALTER TABLE public.filechunk ALTER COLUMN chunkdata TYPE safe_bytea;
	snakeoil = {
	enabled = false
	native = "domain safe_bytea violates check constraint"
	message = "The uploaded file contains a virus!"
	}
	}
	}

	cleanup {
	# Whether to enable the cleanup job that periodically
	# cleans up published, expired shares and expired invites
	enabled = true

	# The interval for the cleanup job
	interval = 14 days

	# Time of published shares past expiration to get collected by cleanup job
	invalid-age = 7 days
	}

	mail {

	# Enable/Disable the mail feature.
	#
	# If it is disabled, the server will not send mails, including
	# notifications.
	#
	# If enabled, explicit SMTP settings must be provided.
	enabled = false

	# The SMTP settings that are used to sent mails with.
	smtp {
	# Host and port of the SMTP server
	host = "localhost"
	port = 25

	# User credentials to authenticate at the server. If the user
	# is empty, mails are sent without authentication.
	user = ""
	password = ""

	# One of: none, starttls, ssl
	ssl-type = "starttls"

	# In case of self-signed certificates or other problems like
	# that, checking certificates can be disabled.
	check-certificates = true

	# Timeout for mail commands.
	timeout = "10 seconds"

	# The default mail address used for the `From' field.
	#
	# If left empty, the e-mail address of the current user is used.
	default-from = ""

	# When creating mails, the List-Id header is set to this value.
	#
	# This helps identifying these mails in muas. If it is empty,
	# the header is not set.
	list-id = "Sharry"
	}

	templates = {
	download = {
	subject = "Download ready."
	body = """Hello,

	there are some files for you to download. Visit this link:

	{{{url}}}

	{{#password}}
	The required password will be sent by other means.
	{{/password}}


	Greetings,
	{{user}} via Sharry
	"""
	}

	alias = {
	subject = "Link for Upload"
	body = """Hello,

	please use the following link to sent files to me:

	{{{url}}}

	Greetings,
	{{user}} via Sharry
	"""
	}

	upload-notify = {
	subject = "[Sharry] Files arrived"
	body = """Hello {{user}},

	there have been files uploaded for you via the alias '{{aliasName}}'.
	View it here:

	{{{url}}}

	Greetings,
	Sharry
	"""
	}
	}
	}
	}
	}