add initial env vars files

assets/env-vars/activitylog-config-example.yaml

@@ -0,0 +1,65 @@
+# Autogenerated
+# Filename: activitylog-config-example.yaml
+
+tracing:
+  enabled: false
+  type: ""
+  endpoint: ""
+  collector: ""
+log:
+  level: ""
+  pretty: false
+  color: false
+  file: ""
+debug:
+  addr: 127.0.0.1:9197
+  token: ""
+  pprof: false
+  zpages: false
+events:
+  endpoint: 127.0.0.1:9233
+  cluster: opencloud-cluster
+  tls_insecure: false
+  tls_root_ca_certificate: ""
+  enable_tls: false
+  username: ""
+  password: ""
+store:
+  store: nats-js-kv
+  nodes:
+  - 127.0.0.1:9233
+  database: activitylog
+  table: ""
+  ttl: 0s
+  username: ""
+  password: ""
+reva_gateway: eu.opencloud.api.gateway
+grpc_client_tls: null
+http:
+  addr: 127.0.0.1:9195
+  root: /
+  cors:
+    allow_origins:
+    - '*'
+    allow_methods:
+    - GET
+    allow_headers:
+    - Authorization
+    - Origin
+    - Content-Type
+    - Accept
+    - X-Requested-With
+    - X-Request-Id
+    - Ocs-Apirequest
+    allow_credentials: true
+  tls:
+    enabled: false
+    cert: ""
+    key: ""
+token_manager:
+  jwt_secret: ""
+translation_path: ""
+default_language: en
+service_account:
+  service_account_id: ""
+  service_account_secret: ""

assets/env-vars/activitylog_configvars.md

@@ -0,0 +1,45 @@
+Environment variables for the **activitylog** service
+
+| Name | Introduction Version | Type | Description | Default Value |
+|---|---|---|---|---|
+|`OC_TRACING_ENABLED`<br/>`ACTIVITYLOG_TRACING_ENABLED`| 1.0.0 |bool|Activates tracing.|false|
+|`OC_TRACING_TYPE`<br/>`ACTIVITYLOG_TRACING_TYPE`| 1.0.0 |string|The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.||
+|`OC_TRACING_ENDPOINT`<br/>`ACTIVITYLOG_TRACING_ENDPOINT`| 1.0.0 |string|The endpoint of the tracing agent.||
+|`OC_TRACING_COLLECTOR`<br/>`ACTIVITYLOG_TRACING_COLLECTOR`| 1.0.0 |string|The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.||
+|`OC_LOG_LEVEL`<br/>`ACTIVITYLOG_LOG_LEVEL`| 1.0.0 |string|The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.||
+|`OC_LOG_PRETTY`<br/>`ACTIVITYLOG_LOG_PRETTY`| 1.0.0 |bool|Activates pretty log output.|false|
+|`OC_LOG_COLOR`<br/>`ACTIVITYLOG_LOG_COLOR`| 1.0.0 |bool|Activates colorized log output.|false|
+|`OC_LOG_FILE`<br/>`ACTIVITYLOG_LOG_FILE`| 1.0.0 |string|The path to the log file. Activates logging to this file if set.||
+|`ACTIVITYLOG_DEBUG_ADDR`| 1.0.0 |string|Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed.|127.0.0.1:9197|
+|`ACTIVITYLOG_DEBUG_TOKEN`| 1.0.0 |string|Token to secure the metrics endpoint.||
+|`ACTIVITYLOG_DEBUG_PPROF`| 1.0.0 |bool|Enables pprof, which can be used for profiling.|false|
+|`ACTIVITYLOG_DEBUG_ZPAGES`| 1.0.0 |bool|Enables zpages, which can be used for collecting and viewing in-memory traces.|false|
+|`OC_EVENTS_ENDPOINT`| 1.0.0 |string|The address of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture.|127.0.0.1:9233|
+|`OC_EVENTS_CLUSTER`| 1.0.0 |string|The clusterID of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture. Mandatory when using NATS as event system.|opencloud-cluster|
+|`OC_INSECURE`| 1.0.0 |bool|Whether to verify the server TLS certificates.|false|
+|`OC_EVENTS_TLS_ROOT_CA_CERTIFICATE`| 1.0.0 |string|The root CA certificate used to validate the server's TLS certificate. If provided NOTIFICATIONS_EVENTS_TLS_INSECURE will be seen as false.||
+|`OC_EVENTS_ENABLE_TLS`| 1.0.0 |bool|Enable TLS for the connection to the events broker. The events broker is the OpenCloud service which receives and delivers events between the services.|false|
+|`OC_EVENTS_AUTH_USERNAME`| 1.0.0 |string|The username to authenticate with the events broker. The events broker is the OpenCloud service which receives and delivers events between the services.||
+|`OC_EVENTS_AUTH_PASSWORD`| 1.0.0 |string|The password to authenticate with the events broker. The events broker is the OpenCloud service which receives and delivers events between the services.||
+|`OC_PERSISTENT_STORE`<br/>`ACTIVITYLOG_STORE`| 1.0.0 |string|The type of the store. Supported values are: 'memory', 'nats-js-kv', 'redis-sentinel', 'noop'. See the text description for details.|nats-js-kv|
+|`OC_PERSISTENT_STORE_NODES`<br/>`ACTIVITYLOG_STORE_NODES`| 1.0.0 |[]string|A list of nodes to access the configured store. This has no effect when 'memory' store is configured. Note that the behaviour how nodes are used is dependent on the library of the configured store. See the Environment Variable Types description for more details.|[127.0.0.1:9233]|
+|`ACTIVITYLOG_STORE_DATABASE`| 1.0.0 |string|The database name the configured store should use.|activitylog|
+|`ACTIVITYLOG_STORE_TABLE`| 1.0.0 |string|The database table the store should use.||
+|`OC_PERSISTENT_STORE_TTL`<br/>`ACTIVITYLOG_STORE_TTL`| 1.0.0 |Duration|Time to live for events in the store. See the Environment Variable Types description for more details.|0s|
+|`OC_PERSISTENT_STORE_AUTH_USERNAME`<br/>`ACTIVITYLOG_STORE_AUTH_USERNAME`| 1.0.0 |string|The username to authenticate with the store. Only applies when store type 'nats-js-kv' is configured.||
+|`OC_PERSISTENT_STORE_AUTH_PASSWORD`<br/>`ACTIVITYLOG_STORE_AUTH_PASSWORD`| 1.0.0 |string|The password to authenticate with the store. Only applies when store type 'nats-js-kv' is configured.||
+|`OC_REVA_GATEWAY`| 1.0.0 |string|CS3 gateway used to look up user metadata|eu.opencloud.api.gateway|
+|`ACTIVITYLOG_HTTP_ADDR`| 1.0.0 |string|The bind address of the HTTP service.|127.0.0.1:9195|
+|`ACTIVITYLOG_HTTP_ROOT`| 1.0.0 |string|Subdirectory that serves as the root for this HTTP service.|/|
+|`OC_CORS_ALLOW_ORIGINS`<br/>`ACTIVITYLOG_CORS_ALLOW_ORIGINS`| 1.0.0 |[]string|A list of allowed CORS origins. See following chapter for more details: *Access-Control-Allow-Origin* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin. See the Environment Variable Types description for more details.|[*]|
+|`OC_CORS_ALLOW_METHODS`<br/>`ACTIVITYLOG_CORS_ALLOW_METHODS`| 1.0.0 |[]string|A list of allowed CORS methods. See following chapter for more details: *Access-Control-Request-Method* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Method. See the Environment Variable Types description for more details.|[GET]|
+|`OC_CORS_ALLOW_HEADERS`<br/>`ACTIVITYLOG_CORS_ALLOW_HEADERS`| 1.0.0 |[]string|A list of allowed CORS headers. See following chapter for more details: *Access-Control-Request-Headers* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Headers. See the Environment Variable Types description for more details.|[Authorization Origin Content-Type Accept X-Requested-With X-Request-Id Ocs-Apirequest]|
+|`OC_CORS_ALLOW_CREDENTIALS`<br/>`ACTIVITYLOG_CORS_ALLOW_CREDENTIALS`| 1.0.0 |bool|Allow credentials for CORS.See following chapter for more details: *Access-Control-Allow-Credentials* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Credentials.|true|
+|`OC_HTTP_TLS_ENABLED`| 1.0.0 |bool|Activates TLS for the http based services using the server certifcate and key configured via OC_HTTP_TLS_CERTIFICATE and OC_HTTP_TLS_KEY. If OC_HTTP_TLS_CERTIFICATE is not set a temporary server certificate is generated - to be used with PROXY_INSECURE_BACKEND=true.|false|
+|`OC_HTTP_TLS_CERTIFICATE`| 1.0.0 |string|Path/File name of the TLS server certificate (in PEM format) for the http services.||
+|`OC_HTTP_TLS_KEY`| 1.0.0 |string|Path/File name for the TLS certificate key (in PEM format) for the server certificate to use for the http services.||
+|`OC_JWT_SECRET`<br/>`ACTIVITYLOG_JWT_SECRET`| 1.0.0 |string|The secret to mint and validate jwt tokens.||
+|`OC_TRANSLATION_PATH`<br/>`ACTIVITYLOG_TRANSLATION_PATH`| 1.0.0 |string|(optional) Set this to a path with custom translations to overwrite the builtin translations. Note that file and folder naming rules apply, see the documentation for more details.||
+|`OC_DEFAULT_LANGUAGE`| 1.0.0 |string|The default language used by services and the WebUI. If not defined, English will be used as default. See the documentation for more details.|en|
+|`OC_SERVICE_ACCOUNT_ID`<br/>`ACTIVITYLOG_SERVICE_ACCOUNT_ID`| 1.0.0 |string|The ID of the service account the service should use. See the 'auth-service' service description for more details.||
+|`OC_SERVICE_ACCOUNT_SECRET`<br/>`ACTIVITYLOG_SERVICE_ACCOUNT_SECRET`| 1.0.0 |string|The service account secret.||

assets/env-vars/antivirus-config-example.yaml

@@ -0,0 +1,40 @@
+# Autogenerated
+# Filename: antivirus-config-example.yaml
+
+file: ""
+log:
+  level: ""
+  pretty: false
+  color: false
+  file: ""
+debug:
+  addr: 127.0.0.1:9277
+  token: ""
+  pprof: false
+  zpages: false
+tracing:
+  enabled: false
+  type: ""
+  endpoint: ""
+  collector: ""
+infected-file-handling: delete
+events:
+  endpoint: 127.0.0.1:9233
+  cluster: opencloud-cluster
+  tls_insecure: false
+  tls_root_ca_certificate: ""
+  enable_tls: false
+  username: ""
+  password: ""
+workers: 10
+scanner:
+  type: clamav
+  clamav:
+    socket: /run/clamav/clamd.ctl
+    scan_timeout: 5m0s
+  icap:
+    scan_timeout: 5m0s
+    url: icap://127.0.0.1:1344
+    service: avscan
+max-scan-size: 100MB
+max-scan-size-mode: partial

assets/env-vars/antivirus_configvars.md

@@ -0,0 +1,34 @@
+Environment variables for the **antivirus** service
+
+| Name | Introduction Version | Type | Description | Default Value |
+|---|---|---|---|---|
+|`OC_LOG_LEVEL`<br/>`ANTIVIRUS_LOG_LEVEL`| 1.0.0 |string|The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.||
+|`OC_LOG_PRETTY`<br/>`ANTIVIRUS_LOG_PRETTY`| 1.0.0 |bool|Activates pretty log output.|false|
+|`OC_LOG_COLOR`<br/>`ANTIVIRUS_LOG_COLOR`| 1.0.0 |bool|Activates colorized log output.|false|
+|`OC_LOG_FILE`<br/>`ANTIVIRUS_LOG_FILE`| 1.0.0 |string|The path to the log file. Activates logging to this file if set.||
+|`ANTIVIRUS_DEBUG_ADDR`| 1.0.0 |string|Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed.|127.0.0.1:9277|
+|`ANTIVIRUS_DEBUG_TOKEN`| 1.0.0 |string|Token to secure the metrics endpoint.||
+|`ANTIVIRUS_DEBUG_PPROF`| 1.0.0 |bool|Enables pprof, which can be used for profiling.|false|
+|`ANTIVIRUS_DEBUG_ZPAGES`| 1.0.0 |bool|Enables zpages, which can be used for collecting and viewing in-memory traces.|false|
+|`OC_TRACING_ENABLED`<br/>`ANTIVIRUS_TRACING_ENABLED`| 1.0.0 |bool|Activates tracing.|false|
+|`OC_TRACING_TYPE`<br/>`ANTIVIRUS_TRACING_TYPE`| 1.0.0 |string|The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.||
+|`OC_TRACING_ENDPOINT`<br/>`ANTIVIRUS_TRACING_ENDPOINT`| 1.0.0 |string|The endpoint of the tracing agent.||
+|`OC_TRACING_COLLECTOR`<br/>`ANTIVIRUS_TRACING_COLLECTOR`| 1.0.0 |string|The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.||
+|`ANTIVIRUS_INFECTED_FILE_HANDLING`| 1.0.0 |string|Defines the behaviour when a virus has been found. Supported options are: 'delete', 'continue' and 'abort '. Delete will delete the file. Continue will mark the file as infected but continues further processing. Abort will keep the file in the uploads folder for further admin inspection and will not move it to its final destination.|delete|
+|`OC_EVENTS_ENDPOINT`<br/>`ANTIVIRUS_EVENTS_ENDPOINT`| 1.0.0 |string|The address of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture.|127.0.0.1:9233|
+|`OC_EVENTS_CLUSTER`<br/>`ANTIVIRUS_EVENTS_CLUSTER`| 1.0.0 |string|The clusterID of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture. Mandatory when using NATS as event system.|opencloud-cluster|
+|`OC_INSECURE`<br/>`ANTIVIRUS_EVENTS_TLS_INSECURE`| 1.0.0 |bool|Whether to verify the server TLS certificates.|false|
+|`OC_EVENTS_TLS_ROOT_CA_CERTIFICATE`<br/>`ANTIVIRUS_EVENTS_TLS_ROOT_CA_CERTIFICATE`| 1.0.0 |string|The root CA certificate used to validate the server's TLS certificate. If provided ANTIVIRUS_EVENTS_TLS_INSECURE will be seen as false.||
+|`OC_EVENTS_ENABLE_TLS`<br/>`ANTIVIRUS_EVENTS_ENABLE_TLS`| 1.0.0 |bool|Enable TLS for the connection to the events broker. The events broker is the OpenCloud service which receives and delivers events between the services.|false|
+|`OC_EVENTS_AUTH_USERNAME`<br/>`ANTIVIRUS_EVENTS_AUTH_USERNAME`| 1.0.0 |string|The username to authenticate with the events broker. The events broker is the OpenCloud service which receives and delivers events between the services.||
+|`OC_EVENTS_AUTH_PASSWORD`<br/>`ANTIVIRUS_EVENTS_AUTH_PASSWORD`| 1.0.0 |string|The password to authenticate with the events broker. The events broker is the OpenCloud service which receives and delivers events between the services.||
+|`ANTIVIRUS_WORKERS`| 1.0.0 |int|The number of concurrent go routines that fetch events from the event queue.|10|
+|`ANTIVIRUS_SCANNER_TYPE`| 1.0.0 |ScannerType|The antivirus scanner to use. Supported values are 'clamav' and 'icap'.|clamav|
+|`ANTIVIRUS_CLAMAV_SOCKET`| 1.0.0 |string|The socket clamav is running on. Note the default value is an example which needs adaption according your OS.|/run/clamav/clamd.ctl|
+|`ANTIVIRUS_CLAMAV_SCAN_TIMEOUT`| 2.1.0 |Duration|Scan timeout for the ClamAV client. Defaults to '5m' (5 minutes). See the Environment Variable Types description for more details.|5m0s|
+|`ANTIVIRUS_ICAP_SCAN_TIMEOUT`| 1.0.0 |Duration|Scan timeout for the ICAP client. Defaults to '5m' (5 minutes). See the Environment Variable Types description for more details.|5m0s|
+|`ANTIVIRUS_ICAP_URL`| 1.0.0 |string|URL of the ICAP server.|icap://127.0.0.1:1344|
+|`ANTIVIRUS_ICAP_SERVICE`| 1.0.0 |string|The name of the ICAP service.|avscan|
+|`ANTIVIRUS_MAX_SCAN_SIZE`| 1.0.0 |string|The maximum scan size the virus scanner can handle.0 means unlimited. Usable common abbreviations: [KB, KiB, MB, MiB, GB, GiB, TB, TiB, PB, PiB, EB, EiB], example: 2GB.|100MB|
+|`ANTIVIRUS_MAX_SCAN_SIZE_MODE`| 2.1.0 |MaxScanSizeMode|Defines the mode of handling files that exceed the maximum scan size. Supported options are: 'skip', which skips files that are bigger than the max scan size, and 'truncate' (default), which only uses the file up to the max size.|partial|
+|`ANTIVIRUS_DEBUG_SCAN_OUTCOME`| 1.0.0 |string|A predefined outcome for virus scanning, FOR DEBUG PURPOSES ONLY! (example values: 'found,infected')||

assets/env-vars/app-provider-config-example.yaml

@@ -0,0 +1,45 @@
+# Autogenerated
+# Filename: app-provider-config-example.yaml
+
+tracing:
+  enabled: false
+  type: ""
+  endpoint: ""
+  collector: ""
+log:
+  level: ""
+  pretty: false
+  color: false
+  file: ""
+debug:
+  addr: 127.0.0.1:9165
+  token: ""
+  pprof: false
+  zpages: false
+grpc:
+  addr: 127.0.0.1:9164
+  tls: null
+  protocol: tcp
+token_manager:
+  jwt_secret: ""
+reva:
+  address: eu.opencloud.api.gateway
+  tls:
+    mode: ""
+    cacert: ""
+external_addr: eu.opencloud.api.app-provider
+driver: ""
+drivers:
+  wopi:
+    app_api_key: ""
+    app_desktop_only: false
+    app_icon_uri: ""
+    app_internal_url: ""
+    app_name: ""
+    app_url: ""
+    app_disable_chat: false
+    insecure: false
+    wopi_server_iop_secret: ""
+    wopi_server_external_url: ""
+    wopi_folder_url_base_url: https://localhost:9200/
+    wopi_folder_url_path_template: /f/{{.ResourceID}}