2011-05-07 12:52:54 +02:00
# -*- mode: conf -*-
# vim:ft=cfg
2010-08-04 01:27:40 +02:00
# Config file for Radicale - A simple calendar server
2010-08-04 00:08:08 +02:00
#
2013-08-27 10:55:30 +02:00
# Place it into /etc/radicale/config (global)
2010-08-04 00:08:08 +02:00
# or ~/.config/radicale/config (user)
#
# The current values are the default ones
2011-05-07 12:52:54 +02:00
2010-08-04 00:08:08 +02:00
[server]
2014-10-22 14:33:29 +02:00
2011-04-02 21:45:45 +02:00
# CalDAV server hostnames separated by a comma
2011-04-02 21:49:48 +02:00
# IPv4 syntax: address:port
# IPv6 syntax: [address]:port
2024-03-14 05:55:12 +01:00
# Hostname syntax (using "getaddrinfo" to resolve to IPv4/IPv6 adress(es)): hostname:port
# For example: 0.0.0.0:9999, [::]:9999, localhost:9999
2020-02-19 09:49:56 +01:00
#hosts = localhost:5232
2014-10-22 14:33:29 +02:00
2016-06-10 14:36:44 +02:00
# Max parallel connections
2018-08-28 16:19:48 +02:00
#max_connections = 8
2016-06-10 14:36:44 +02:00
2016-06-10 14:34:52 +02:00
# Max size of request body (bytes)
2018-04-29 21:20:23 +02:00
#max_content_length = 100000000
2016-06-10 14:34:52 +02:00
2016-06-10 14:33:25 +02:00
# Socket timeout (seconds)
2018-04-29 21:20:23 +02:00
#timeout = 30
2016-06-10 14:33:25 +02:00
2010-08-04 00:08:08 +02:00
# SSL flag, enable HTTPS protocol
2014-10-22 14:33:29 +02:00
#ssl = False
2011-04-25 16:47:42 +02:00
# SSL certificate path
2017-03-04 14:06:09 +01:00
#certificate = /etc/ssl/radicale.cert.pem
2014-10-22 14:33:29 +02:00
2011-04-25 16:47:42 +02:00
# SSL private key
2017-03-04 14:06:09 +01:00
#key = /etc/ssl/radicale.key.pem
2014-10-22 14:33:29 +02:00
2017-06-02 12:41:03 +02:00
# CA certificate for validating clients. This can be used to secure
# TCP traffic between Radicale and a reverse proxy
#certificate_authority =
2024-11-13 22:19:44 +01:00
# SSL protocol, secure configuration: ALL -SSLv3 -TLSv1 -TLSv1.1
#protocol = (default)
# SSL ciphersuite, secure configuration: DHE:ECDHE:-NULL:-SHA (see also "man openssl-ciphers")
#ciphersuite = (default)
2025-03-02 09:02:37 +01:00
# script name to strip from URI if called by reverse proxy
#script_name = (default taken from HTTP_X_SCRIPT_NAME or SCRIPT_NAME)
2011-10-03 00:31:15 +02:00
2010-08-04 00:08:08 +02:00
[encoding]
2014-10-22 14:33:29 +02:00
2010-08-04 00:08:08 +02:00
# Encoding for responding requests
2014-10-22 14:33:29 +02:00
#request = utf-8
2012-01-25 14:53:46 +01:00
# Encoding for storing local collections
2014-10-22 14:33:29 +02:00
#stock = utf-8
2010-08-04 00:08:08 +02:00
2012-08-08 18:29:09 +02:00
[auth]
2014-10-22 14:33:29 +02:00
2012-08-08 18:29:09 +02:00
# Authentication method
2025-02-22 17:51:06 +01:00
# Value: none | htpasswd | remote_user | http_x_remote_user | dovecot | ldap | oauth2 | pam | denyall
2025-03-15 14:34:51 +01:00
#type = denyall
2022-02-22 11:35:46 +01:00
2024-12-31 16:13:05 +01:00
# Cache logins for until expiration time
2024-12-30 08:16:45 +01:00
#cache_logins = false
# Expiration time for caching successful logins in seconds
2024-12-31 16:13:05 +01:00
#cache_successful_logins_expiry = 15
## Expiration time of caching failed logins in seconds
#cache_failed_logins_expiry = 90
2024-12-30 08:16:45 +01:00
2025-03-25 07:11:36 +01:00
# Ignore modifyTimestamp and createTimestamp attributes. Required e.g. for Authentik LDAP server
#ldap_ignore_attribute_create_modify_timestamp = false
2025-03-23 18:10:27 +01:00
2022-02-22 11:35:46 +01:00
# URI to the LDAP server
2024-08-26 11:21:53 +02:00
#ldap_uri = ldap://localhost
2022-02-22 11:35:46 +01:00
2024-09-21 18:37:04 +02:00
# The base DN where the user accounts have to be searched
2024-08-26 11:21:53 +02:00
#ldap_base = ##BASE_DN##
2022-02-22 11:35:46 +01:00
# The reader DN of the LDAP server
2024-08-26 11:21:53 +02:00
#ldap_reader_dn = CN=ldapreader,CN=Users,##BASE_DN##
2022-02-22 11:35:46 +01:00
# Password of the reader DN
2024-08-26 11:21:53 +02:00
#ldap_secret = ldapreader-secret
2022-02-22 11:35:46 +01:00
2024-07-30 00:22:07 -07:00
# Path of the file containing password of the reader DN
#ldap_secret_file = /run/secrets/ldap_password
2024-09-21 18:37:04 +02:00
# The filter to find the DN of the user. This filter must contain a python-style placeholder for the login
2024-09-23 10:19:50 +02:00
#ldap_filter = (&(objectClass=person)(uid={0}))
2024-12-29 08:05:42 +01:00
# the attribute holding the value to be used as username after authentication
#ldap_user_attribute = cn
2025-05-31 14:20:55 +02:00
# The attribute in user entry to read the group memberships from.
#ldap_groups_attribute =
# The attribute in group entries to read the group members from.
#ldap_group_members_attribute =
# The base dn to find the groups. Necessary only if ldap_group_members_attribute is defined and different from ldap_base.
#ldap_groups_base =
# Additional filter to find the groups when ldap_group_members_attribute is defined. The following filter will be built (&{ldap_groups_filter}({ldap_group_members_attribute}={user_dn})
#ldap_groups_filter =
2024-09-23 10:19:50 +02:00
# Use ssl on the ldap connection
2025-04-21 21:26:58 +02:00
# Soon to be deprecated, use ldap_security instead
2024-09-23 10:19:50 +02:00
#ldap_use_ssl = False
2025-04-21 21:26:58 +02:00
# the encryption mode to be used: tls, starttls, default is none
#ldap_security = none
2025-04-19 17:02:45 +02:00
2025-04-21 21:26:58 +02:00
# The certificate verification mode. Works for ssl and starttls. NONE, OPTIONAL, default is REQUIRED
2024-09-23 10:19:50 +02:00
#ldap_ssl_verify_mode = REQUIRED
# The path to the CA file in pem format which is used to certificate the server certificate
#ldap_ssl_ca_file =
2011-10-03 00:31:15 +02:00
2025-01-14 08:57:35 +01:00
# Connection type for dovecot authentication (AF_UNIX|AF_INET|AF_INET6)
# Note: credentials are transmitted in cleartext
#dovecot_connection_type = AF_UNIX
# The path to the Dovecot client authentication socket (eg. /run/dovecot/auth-client on Fedora). Radicale must have read / write access to the socket.
#dovecot_socket = /var/run/dovecot/auth-client
# Host of via network exposed dovecot socket
#dovecot_host = localhost
# Port of via network exposed dovecot socket
#dovecot_port = 12345
2025-01-16 06:01:01 +01:00
# IMAP server hostname
# Syntax: address | address:port | [address]:port | imap.server.tld
#imap_host = localhost
# Secure the IMAP connection
# Value: tls | starttls | none
#imap_security = tls
2025-02-02 09:01:40 +01:00
# OAuth2 token endpoint URL
#oauth2_token_endpoint = <URL>
2025-02-22 17:49:13 +01:00
# PAM service
#pam_serivce = radicale
# PAM group user should be member of
#pam_group_membership =
2011-04-25 16:47:42 +02:00
# Htpasswd filename
2014-10-22 14:33:29 +02:00
#htpasswd_filename = /etc/radicale/users
2011-04-25 16:47:42 +02:00
# Htpasswd encryption method
2025-04-30 06:24:17 +02:00
# Value: plain | bcrypt | md5 | sha256 | sha512 | argon2 | autodetect
2024-03-06 22:42:37 +01:00
# bcrypt requires the installation of 'bcrypt' module.
2025-04-30 06:24:17 +02:00
# argon2 requires the installation of 'argon2-cffi' module.
2024-09-01 17:19:53 +02:00
#htpasswd_encryption = autodetect
2011-10-03 00:31:15 +02:00
2025-01-01 16:31:31 +01:00
# Enable caching of htpasswd file based on size and mtime_ns
#htpasswd_cache = False
2017-05-23 03:11:41 +02:00
# Incorrect authentication delay (seconds)
#delay = 1
2018-08-16 08:00:01 +02:00
# Message displayed in the client when a password is needed
#realm = Radicale - Password Required
2024-06-08 21:50:00 +02:00
# Convert username to lowercase, must be true for case-insensitive auth providers
2024-04-17 18:31:51 +03:00
#lc_username = False
2024-07-18 06:50:29 +02:00
# Strip domain name from username
#strip_domain = False
2013-09-13 17:21:50 +02:00
2024-10-12 07:34:23 +02:00
2012-08-08 18:29:09 +02:00
[rights]
2014-10-22 14:33:29 +02:00
2013-12-25 03:13:56 +04:00
# Rights backend
2024-11-24 17:57:47 +01:00
# Value: authenticated | owner_only | owner_write | from_file
2017-03-04 14:06:09 +01:00
#type = owner_only
2012-08-08 18:29:09 +02:00
2013-08-14 10:50:59 +02:00
# File for rights management from_file
2024-08-26 11:21:53 +02:00
#file = /etc/radicale/rights
2012-08-11 00:56:45 +02:00
2024-03-09 06:43:39 +01:00
# Permit delete of a collection (global)
#permit_delete_collection = True
2024-09-29 18:15:42 +02:00
# Permit overwrite of a collection (global)
2024-09-30 21:43:50 +02:00
#permit_overwrite_collection = True
2012-08-08 18:29:09 +02:00
2025-05-05 15:20:38 -05:00
# URL Decode the given username (when URL-encoded by the client - useful for iOS devices when using email address)
# urldecode_username = False
2024-10-12 07:34:23 +02:00
2010-08-04 00:08:08 +02:00
[storage]
2014-10-22 14:33:29 +02:00
2012-01-12 02:18:06 +01:00
# Storage backend
2021-12-08 21:41:12 +01:00
# Value: multifilesystem | multifilesystem_nolock
2017-03-08 15:50:24 +01:00
#type = multifilesystem
2012-01-12 02:18:06 +01:00
2012-01-25 14:53:46 +01:00
# Folder for storing local collections, created if not present
2017-03-08 15:50:24 +01:00
#filesystem_folder = /var/lib/radicale/collections
2012-01-12 02:18:06 +01:00
2024-12-10 08:23:32 +01:00
# Folder for storing cache of local collections, created if not present
# Note: only used in case of use_cache_subfolder_* options are active
# Note: can be used on multi-instance setup to cache files on local node (see below)
2024-12-10 08:52:51 +01:00
#filesystem_cache_folder = (filesystem_folder)
2024-12-10 08:23:32 +01:00
# Use subfolder 'collection-cache' for 'item' cache file structure instead of inside collection folder
# Note: can be used on multi-instance setup to cache 'item' on local node
2024-12-03 21:31:28 +01:00
#use_cache_subfolder_for_item = False
2024-12-10 08:23:32 +01:00
# Use subfolder 'collection-cache' for 'history' cache file structure instead of inside collection folder
# Note: use only on single-instance setup, will break consistency with client in multi-instance setup
#use_cache_subfolder_for_history = False
# Use subfolder 'collection-cache' for 'sync-token' cache file structure instead of inside collection folder
# Note: use only on single-instance setup, will break consistency with client in multi-instance setup
#use_cache_subfolder_for_synctoken = False
2024-12-15 11:40:02 +01:00
# Use last modifiction time (nanoseconds) and size (bytes) for 'item' cache instead of SHA256 (improves speed)
# Note: check used filesystem mtime precision before enabling
2024-12-15 12:20:24 +01:00
# Note: conversion is done on access, bulk conversion can be done offline using storage verification option: radicale --verify-storage
2024-12-18 19:40:32 +01:00
#use_mtime_and_size_for_item_cache = False
2024-12-15 11:40:02 +01:00
2024-12-10 08:23:32 +01:00
# Use configured umask for folder creation (not applicable for OS Windows)
# Useful value: 0077 | 0027 | 0007 | 0022
#folder_umask = (system default, usual 0022)
2017-06-02 12:44:39 +02:00
# Delete sync token that are older (seconds)
#max_sync_token_age = 2592000
2024-06-09 13:57:32 +02:00
# Skip broken item instead of triggering an exception
2024-06-18 17:42:49 +02:00
#skip_broken_item = True
2024-06-09 13:57:32 +02:00
2024-11-24 16:39:40 +01:00
# Command that is run after changes to storage, default is emtpy
2024-11-24 16:29:48 +01:00
# Supported placeholders:
2025-03-27 08:32:23 +01:00
# %(user)s: logged-in user
# %(cwd)s : current working directory
# %(path)s: full path of item
2024-11-24 16:29:48 +01:00
# Command will be executed with base directory defined in filesystem_folder
# For "git" check DOCUMENTATION.md for bootstrap instructions
2025-03-27 08:32:23 +01:00
# Example(test): echo \"user=%(user)s path=%(path)s cwd=%(cwd)s\"
# Example(git): git add -A && (git diff --cached --quiet || git commit -m "Changes by \"%(user)s\"")
2016-10-12 14:30:18 +02:00
#hook =
2016-06-11 10:34:18 +02:00
2024-04-22 12:23:24 +03:00
# Create predefined user collections
#
# json format:
#
# {
# "def-addressbook": {
# "D:displayname": "Personal Address Book",
# "tag": "VADDRESSBOOK"
# },
# "def-calendar": {
# "C:supported-calendar-component-set": "VEVENT,VJOURNAL,VTODO",
# "D:displayname": "Personal Calendar",
# "tag": "VCALENDAR"
# }
# }
#
#predefined_collections =
2011-10-03 00:31:15 +02:00
2017-05-31 13:18:40 +02:00
[web]
# Web interface backend
2017-05-31 13:18:42 +02:00
# Value: none | internal
#type = internal
2017-05-31 13:18:40 +02:00
2011-04-10 18:17:06 +02:00
[logging]
2014-10-22 14:33:29 +02:00
2018-08-16 08:00:02 +02:00
# Threshold for the logger
# Value: debug | info | warning | error | critical
2024-03-22 07:14:59 +01:00
#level = info
2016-10-12 14:30:18 +02:00
2016-06-11 12:53:58 +02:00
# Don't include passwords in logs
#mask_passwords = True
2024-05-29 06:07:36 +02:00
# Log bad PUT request content
#bad_put_request_content = False
2024-06-09 13:42:08 +02:00
# Log backtrace on level=debug
2024-06-18 17:43:35 +02:00
#backtrace_on_debug = False
2024-06-09 13:42:08 +02:00
2024-06-11 13:23:03 +02:00
# Log request header on level=debug
2024-06-18 17:43:35 +02:00
#request_header_on_debug = False
2024-06-11 13:23:03 +02:00
# Log request content on level=debug
2024-06-18 17:43:35 +02:00
#request_content_on_debug = False
2024-06-11 13:23:03 +02:00
# Log response content on level=debug
2024-06-18 17:43:35 +02:00
#response_content_on_debug = False
2024-06-11 13:23:03 +02:00
2024-08-28 08:59:32 +02:00
# Log rights rule which doesn't match on level=debug
#rights_rule_doesnt_match_on_debug = False
2013-05-13 18:15:08 +02:00
2024-12-15 12:21:39 +01:00
# Log storage cache actions on level=debug
#storage_cache_actions_on_debug = False
2024-10-12 07:34:23 +02:00
2014-10-22 14:33:29 +02:00
[headers]
2013-05-13 18:15:08 +02:00
# Additional HTTP headers
#Access-Control-Allow-Origin = *
2020-08-17 02:47:55 +02:00
2024-10-12 07:34:23 +02:00
2020-08-17 02:47:55 +02:00
[hook]
2023-02-10 22:52:49 +01:00
# Hook types
# Value: none | rabbitmq
#type = none
#rabbitmq_endpoint =
2024-03-02 13:38:42 +01:00
#rabbitmq_topic =
2024-06-09 14:45:32 +02:00
#rabbitmq_queue_type = classic
2024-08-16 14:57:30 -06:00
2024-10-12 07:34:23 +02:00
2024-08-16 14:57:30 -06:00
[reporting]
# When returning a free-busy report, limit the number of returned
# occurences per event to prevent DOS attacks.
2024-08-25 14:11:48 +02:00
#max_freebusy_occurrence = 10000
