<pre style='margin:0'>
Frank Schima (mf2k) pushed a commit to branch master
in repository macports-ports.
</pre>
<p><a href="https://github.com/macports/macports-ports/commit/a7e4fd090cfa6da16ef5ed86a72bcf556789812b">https://github.com/macports/macports-ports/commit/a7e4fd090cfa6da16ef5ed86a72bcf556789812b</a></p>
<pre style="white-space: pre; background: #F8F8F8">The following commit(s) were added to refs/heads/master by this push:
<span style='display:block; white-space:pre;color:#404040;'> new a7e4fd0 calendar-contacts-server: Submission of Apple Calendar and Contacts Server configuration
</span>a7e4fd0 is described below
<span style='display:block; white-space:pre;color:#808000;'>commit a7e4fd090cfa6da16ef5ed86a72bcf556789812b
</span>Author: Steven Thomas Smith <s.t.smith@ieee.org>
AuthorDate: Tue Aug 6 21:25:18 2019 -0400
<span style='display:block; white-space:pre;color:#404040;'> calendar-contacts-server: Submission of Apple Calendar and Contacts Server configuration
</span><span style='display:block; white-space:pre;color:#404040;'>
</span><span style='display:block; white-space:pre;color:#404040;'> * Port of Apple's ccs-calendarserver
</span><span style='display:block; white-space:pre;color:#404040;'> * Configuration independent of Server.app's Calendar and Contacts Server
</span><span style='display:block; white-space:pre;color:#404040;'> * Standards-compliant server implementing the CalDAV and CardDAV protocols
</span><span style='display:block; white-space:pre;color:#404040;'> * iMIP capability via port:mail-server
</span>---
net/calendar-contacts-server/Portfile | 635 +++++++++++++++++++++
.../files/calendarserver.plist | 627 ++++++++++++++++++++
net/calendar-contacts-server/files/default.html | 8 +
net/calendar-contacts-server/files/nginx.conf | 108 ++++
4 files changed, 1378 insertions(+)
<span style='display:block; white-space:pre;color:#808080;'>diff --git a/net/calendar-contacts-server/Portfile b/net/calendar-contacts-server/Portfile
</span>new file mode 100644
<span style='display:block; white-space:pre;color:#808080;'>index 0000000..d4b4bfb
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>--- /dev/null
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>+++ b/net/calendar-contacts-server/Portfile
</span><span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -0,0 +1,635 @@
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# -*- coding: utf-8; mode: tcl; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- vim:fenc=utf-8:ft=tcl:et:sw=4:ts=4:sts=4
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+PortSystem 1.0
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+PortGroup github 1.0
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+PortGroup active_variants 1.1
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+github.setup apple ccs-calendarserver 50894b7
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+name calendar-contacts-server
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# version from https://github.com/apple/ccs-calendarserver/blob/master/setup.py
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# with date of git commit appended
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+version 9.3.20190916
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+revision 0
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+categories net mail
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+platforms darwin
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+supported_archs noarch
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+maintainers {ieee.org:s.t.smith @essandess} openmaintainer
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+license Apache-2
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+description Apple Calendar and Contacts Server configuration
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+long_description ${description}. \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ccs-calendarserver is a standards-compliant server implementing\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ the CalDAV and CardDAV protocols, including iMIP and APNS. It\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ provides a shared location on the network allowing multiple users\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ to store and edit calendaring and contact information. This port\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ provides a basic, working, easily modifiable configuration,\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ previously used in macOS Server.app, and an nginx reverse proxy\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ to handle modern crypto and isolate the backend server.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+homepage https://www.calendarserver.org
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+checksums rmd160 fd77e68c4cf6dceb543ce8cff47c5f6c23429ed6 \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ sha256 c97384bb26cec6a764eba3c8cd590c63e912c93f85e8fd5ce3945e6e11065dae \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ size 3714315
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# use these to specify python versions, python2 required
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+set python2_version 2.7
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+set python2_version_nickname \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ [join [lrange [split ${python2_version} .] 0 1] {}]
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# use these to specify PostgreSQL versions, postgresql9 required
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+set postgresql9_version 9.6
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+set postgresql9_version_nickname \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ [join [lrange [split ${postgresql9_version} .] 0 1] {}]
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+depends_lib-append port:cyrus-sasl2 \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ port:libffi \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ port:mail-server \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ port:memcached \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ port:nginx \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ port:openssl \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ port:postgresql${postgresql9_version_nickname}-server \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ port:python${python2_version_nickname} \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ port:py${python2_version_nickname}-pip \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ port:py${python2_version_nickname}-pyobjc-cocoa
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+depends_run-append port:pip_select \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ port:postgresql_select
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+set calendarserverUser calendarserver
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+add_users ${calendarserverUser} \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ group=_calendar \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ home=${prefix}/var/${calendarserverUser}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+set ccsname ${github.project}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+set calendarserverdir ${prefix}/var/${calendarserverUser}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+set calendarserverpackage \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${calendarserverdir}/Library/CalendarServer/${ccsname}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# random 4-word-based passphrase
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+proc correct_horse_battery_staple {} {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # ignore errors from sf-pwgen if the password is shorter than requested
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ return \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ [join [exec sh -c "sf-pwgen \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ --algorithm memorable --count 2 --length 16 \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ 2>/dev/null || true"] -]
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# destroot approach without destroot capability in ccs-calendarserver:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# * There does not appear to be a straighforward way to DESTDIR ccs-calendarserver
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# * Neither does creating symlinks in ${prefix} work with ./bin/package
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# * Reason: virtualenv uses actual destroot path, not symlinks, in *.pyc *.so
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# * Therefore, package in post-activate, and delete necessary directories
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# for each install or upgrade
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# * Keep personal data **outside** of ${prefix}, but provide symlinks
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+post-extract {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # Use postgresql96
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # ccs-calendarserver's postgres code points to `PSQL = "../postgresql/_root/bin/psql"`
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # https://github.com/apple/ccs-calendarserver/blob/master/calendarserver/tools/checkdatabaseschema.py
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ reinplace "s|\"../postgresql/_root/bin/psql\"|\"${prefix}/lib/postgresql${postgresql9_version_nickname}/bin/psql\"|g" \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${worksrcpath}/calendarserver/tools/checkdatabaseschema.py
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+use_configure no
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+pre-build {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # pre-build source copy
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ xinstall -d \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${destroot}${prefix}/src/${ccsname} \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${workpath}/bin
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ copy ${worksrcpath} \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${destroot}${prefix}/src/${ccsname}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # MacPorts python2 pip
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ln -s ${prefix}/bin/pip-${python2_version} \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${workpath}/bin/pip
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# package/install calendarserver binaries
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# see https://github.com/apple/ccs-calendarserver/issues/540#issuecomment-519596004
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+build.cmd bin/develop
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+build.target
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+build.env "USE_OPENSSL=1" \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "PATH=${workpath}/bin:$env(PATH)" \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "CPPFLAGS=${configure.cppflags}" \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "LDFLAGS=${configure.ldflags}"
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+destroot {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # configuration design: MacPorts file and/or directory templates installed
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # to *.macports, then edited with local network settings, then in
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # post-activate copied to actual configuration files if such don't exist
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ xinstall -o ${calendarserverUser} -d \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${destroot}${calendarserverpackage}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ destroot.keepdirs-append \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${destroot}${calendarserverdir} \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${destroot}${calendarserverdir}/Library/CalendarServer \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${destroot}${calendarserverpackage}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ foreach d {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ Library/CalendarServer/Config
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ Library/CalendarServer/Config/Certificates
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ Library/CalendarServer/etc
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ Library/CalendarServer/etc/nginx_root
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ Library/CalendarServer/logs
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ Library/CalendarServer/memcached
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ Library/CalendarServer/postgresql
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ Library/CalendarServer/run
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ } {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ xinstall -m 0750 -o ${calendarserverUser} -g _calendar -d \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${destroot}${calendarserverdir}/${d}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ destroot.keepdirs-append \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${destroot}${calendarserverdir}/${d}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ file attributes \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${destroot}${calendarserverdir}/Library/CalendarServer/etc/nginx_root \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ -permissions 0755
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # calendarserver runtime sockets
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ foreach d {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ caldavd
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ caldavd_requests
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ } {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ xinstall -m 0770 -o ${calendarserverUser} -g _calendar -d \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${destroot}${calendarserverdir}/Library/CalendarServer/run/${d}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ destroot.keepdirs-append \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${destroot}${calendarserverdir}/Library/CalendarServer/run/${d}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # symlink to personal data outside of ${prefix}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ln -s /private/var/${calendarserverUser}/Library/CalendarServer/Data \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${destroot}${calendarserverdir}/Library/CalendarServer/Data
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ set dot_profile_fd \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ [open ${destroot}${calendarserverdir}/.profile w 0644]
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ puts ${dot_profile_fd} \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "source \"${calendarserverpackage}/environment.sh\""
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ close ${dot_profile_fd}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # calenderserver configuration
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ xinstall -m 0600 -o ${calendarserverUser} -g _calendar \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${filespath}/calendarserver.plist \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${destroot}${calendarserverdir}/Library/CalendarServer/Config/calendarserver.plist.macports
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # nginx reverse proxy
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ xinstall -m 0640 -o ${calendarserverUser} -g _calendar \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${filespath}/nginx.conf \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${destroot}${calendarserverdir}/Library/CalendarServer/etc/nginx.conf.macports
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ xinstall -m 0644 -o ${calendarserverUser} -g _calendar \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${filespath}/default.html \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${destroot}${calendarserverdir}/Library/CalendarServer/etc/nginx_root
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # ccs-calendarserver's postgres code points to `PSQL = "../postgresql/_root/bin/psql"`
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # https://github.com/apple/ccs-calendarserver/blob/master/calendarserver/tools/checkdatabaseschema.py
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ln -s ${prefix} \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${destroot}${calendarserverdir}/Library/CalendarServer/postgresql/_root
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # https://github.com/apple/ccs-calendarserver/blob/master/conf/caldavd-test-s2s.plist
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ln -s ${prefix} \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${destroot}${calendarserverdir}/Library/CalendarServer/memcached/_root
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Network configuration
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# hard-coded examples
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+set host host
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+set domain example
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+set tld com
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+set fullhost ${host}.${domain}.${tld}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+set domaintld ${domain}.${tld}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+set tls_certificate_name \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${fullhost}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+startupitem.create yes
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+startupitems \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ name calendarserver \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ executable \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${calendarserverpackage}/bin/caldavd
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# use defaults, edit launch daemon plists in post-activate below
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# executable ${prefix}/sbin/nginx -g "daemon off;" -p ${calendarserverdir}/Library/CalendarServer/logs -c ${calendarserverdir}/Library/CalendarServer/etc/nginx.conf
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# pidfile auto ${calendarserverdir}/Library/CalendarServer/logs/nginx.pid
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+startupitems-append \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ name calendarserver_proxy \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ executable ${prefix}/sbin/nginx \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ pidfile auto
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+variant initialize_always \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ description {Always initialize all configuration files. Intended\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ for development and troubleshooting only. Working deployments\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ must disable this variant to prevent configuration files\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ being overwritten at the next upgrade. Existing configuration\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ files are not overwritten by default.} {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ui_warn \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+\tAll configuration files will be initialized because
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+\tthe variant +initialize_always is set. Please disable
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+\tthis variant for working deployments.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+"
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+post-activate {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # personal data outside of ${prefix}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ if { ![file exists \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ /private/var/calendarserver/Library/CalendarServer] } {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ xinstall -o ${calendarserverUser} -g _calendar -d \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ /private/var/calendarserver/Library/CalendarServer
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ if { ![file exists \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ /private/var/calendarserver/Library/CalendarServer/Data] } {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ xinstall -m 0700 -o ${calendarserverUser} -g _calendar -d \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ /private/var/calendarserver/Library/CalendarServer/Data
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # package/install calendarserver binaries
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ system -W ${worksrcpath} \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "sh <<PACKAGE_CALENDARSERVER
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # Don't use SecureTransport, prefer MacPorts Python binaries and libraries
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ export USE_OPENSSL=1
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ export CPPFLAGS='${configure.cppflags}'
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ export C_INCLUDE_PATH='${prefix}/include'
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ export LDFLAGS='${configure.ldflags}'
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ export PATH='${workpath}/bin:${prefix}/bin:/usr/bin:/bin:/usr/sbin:/sbin:$env(PATH)'
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ./bin/package \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${calendarserverpackage}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+PACKAGE_CALENDARSERVER
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+"
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # use network settings for installed example configuration
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ set fullhost [exec /bin/hostname -f]
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ set domaintld [join [lrange [split ${fullhost} .] 1 end] .]
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # TLS certificate name from postfix
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ set tls_certificate_name_postfix \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ [exec sh -c "egrep -m 1 \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ -e \"^\[\[:space:\]\]*smtp_tls_CAfile\[\[:space:\]\]*=\[\[:space:\]\]*\" \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${prefix}/etc/postfix/main.cf || true"]
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ if { ${tls_certificate_name_postfix} ne "" } {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ set tls_certificate_name_postfix \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ [strsed ${tls_certificate_name_postfix} \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "s|^\[\[:space:\]\]*smtp_tls_CAfile\[\[:space:\]\]*=\[\[:space:\]\]*${prefix}/etc/certificates/||"]
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ set tls_certificate_name_postfix \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ [strsed ${tls_certificate_name_postfix} \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ {s|\.chain\.pem[[:space:]]*$||}]
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ if { ${tls_certificate_name_postfix} ne "" } {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ set tls_certificate_name ${tls_certificate_name_postfix}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ui_msg "Configuring Calendar and Contacts Server with:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ fullhost : ${fullhost}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ domain.tld : ${domaintld}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ tls_certificate_name : ${tls_certificate_name}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+"
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # Add the necessary keychain item for Calendarserver
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ proc calendarserver_keychain_item {fullhost} {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ return [string trim [exec /bin/sh -c \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "RV=\"\" ; \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ /usr/bin/security find-generic-password \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ -a calendarserver@${fullhost} \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ -s org.calendarserver \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ /Library/Keychains/System.keychain \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ 1>/dev/null 2>&1 \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ && RV=org.calendarserver || /usr/bin/true ; \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ echo \"\${RV}\""]]
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ if { [calendarserver_keychain_item ${fullhost}] eq "" } {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ set calendarserver_password \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ [correct_horse_battery_staple]
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ system "/usr/bin/security add-generic-password \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ -a calendarserver@${fullhost} \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ -s org.calendarserver \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ -T /usr/bin/security \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ -w \"${calendarserver_password}\" \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ -A /Library/Keychains/System.keychain"
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # delete command:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # sudo /usr/bin/security delete-generic-password -a calendarserver@${fullhost} -s org.calendarserver /Library/Keychains/System.keychain
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ if { [calendarserver_keychain_item ${fullhost}] eq "" } {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ui_warn \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "Keychain item org.calendarserver for ${ccsname} failed to be created."
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ proc install_initial_configuration {f_or_d} {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ if { [variant_isset "initialize_always"]
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ && [file exists ${f_or_d}]
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ } {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ delete ${f_or_d}.previous
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ move \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${f_or_d} \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${f_or_d}.previous
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ if { [variant_isset "initialize_always"]
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ || ![file exists ${f_or_d}]
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ } {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ if { [file isfile ${f_or_d}.macports] } {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ xinstall -m 0644 \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${f_or_d}.macports \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${f_or_d}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ } elseif { [file isdirectory ${f_or_d}.macports] } {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ xinstall -d ${f_or_d}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ foreach f [glob -nocomplain ${f_or_d}.macports/*] {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ xinstall -m 0644 ${f} \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${f_or_d}/[file tail ${f}]
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # calenderserver configuration and nginx reverse proxy
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ foreach f_or_d {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ Config/calendarserver.plist
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ etc/nginx.conf
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ } {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ install_initial_configuration \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${calendarserverdir}/Library/CalendarServer/${f_or_d}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # configure all template files with local settings
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ foreach d_or_f {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ Config
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ etc
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ } {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ fs-traverse f ${calendarserverdir}/Library/CalendarServer/${d_or_f} {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ if { [file isfile ${f}]
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ && ![string match "*.macports" ${f}]
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ && [string match "text/*" \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ [lindex [exec /usr/bin/file --mime-type ${f}] end]]
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ } then {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ foreach cmd [list \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "s|@PREFIX@|${prefix}|g" \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "s|@host@.@domain@.@tld@|${fullhost}|g" \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "s|@domain@.@tld@|${domaintld}|g" \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "s|@CALENDARSERVERUSER@|${calendarserverUser}|g" \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "s|@CALENDARSERVERDIR@|${calendarserverdir}|g" \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "s|@TLS_CERTIFICATE_NAME@|${tls_certificate_name}|g" \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "s|@POSTGRESQL9_VERSION_NICKNAME@|${postgresql9_version_nickname}|g" \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ] {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ reinplace -q ${cmd} ${f}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # Add launchd.plist keys to MacPorts launchdaemons
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # org.macports.calendarserver
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ system -W \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${prefix}/etc/${startupitem.location}/org.macports.calendarserver \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "/usr/bin/plutil -insert EnvironmentVariables -xml \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ \"<dict> \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>PYTHON</key> \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <string>${calendarserverpackage}/bin/python</string> \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>PATH</key> \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <string>${calendarserverpackage}/bin:${calendarserverpackage}/virtualenv/bin:${prefix}/bin:${prefix}/sbin:/usr/bin:/usr/sbin:/bin:/sbin</string> \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ </dict>\" \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ org.macports.calendarserver.plist"
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ system -W \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${prefix}/etc/${startupitem.location}/org.macports.calendarserver \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "/usr/bin/plutil -insert UserName -string ${calendarserverUser} \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ org.macports.calendarserver.plist"
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ system -W \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${prefix}/etc/${startupitem.location}/org.macports.calendarserver \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "/usr/bin/plutil -insert GroupName -string _calendar \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ org.macports.calendarserver.plist"
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ system -W \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${prefix}/etc/${startupitem.location}/org.macports.calendarserver \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "/usr/bin/plutil -insert InitGroups -bool YES \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ org.macports.calendarserver.plist"
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ system -W \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${prefix}/etc/${startupitem.location}/org.macports.calendarserver \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "/usr/bin/plutil -insert AbandonProcessGroup -bool YES \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ org.macports.calendarserver.plist"
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ system -W \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${prefix}/etc/${startupitem.location}/org.macports.calendarserver \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "/usr/bin/plutil -insert ThrottleInterval -integer 60 \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ org.macports.calendarserver.plist"
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ system -W \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${prefix}/etc/${startupitem.location}/org.macports.calendarserver \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "/usr/bin/plutil -insert HardResourceLimits -xml \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ \"<dict> \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>NumberOfFiles</key> \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <integer>12000</integer> \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ </dict>\" \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ org.macports.calendarserver.plist"
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ system -W \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${prefix}/etc/${startupitem.location}/org.macports.calendarserver \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "/usr/bin/plutil -insert SoftResourceLimits -xml \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ \"<dict> \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>NumberOfFiles</key> \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <integer>12000</integer> \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ </dict>\" \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ org.macports.calendarserver.plist"
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ system -W \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${prefix}/etc/${startupitem.location}/org.macports.calendarserver \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "/usr/bin/plutil -insert PreventsSleep -bool YES \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ org.macports.calendarserver.plist"
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ system -W \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${prefix}/etc/${startupitem.location}/org.macports.calendarserver \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "/usr/bin/plutil -insert StandardOutPath -string \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${calendarserverdir}/Library/CalendarServer/logs/launchd.log \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ org.macports.calendarserver.plist"
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ system -W \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${prefix}/etc/${startupitem.location}/org.macports.calendarserver \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "/usr/bin/plutil -insert StandardErrorPath -string \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${calendarserverdir}/Library/CalendarServer/logs/launchd.log \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ org.macports.calendarserver.plist"
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ reinplace \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "s|<string>${calendarserverpackage}/bin/caldavd</string>$|&\\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+\t\t<!--\\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+\t\t<string>-u</string> <string>calendarserver</string>\\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+\t\t<string>-g</string> <string>_calendar</string>\\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+\t\t -->\\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+\t\t<string>-X</string>\\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+\t\t<string>-R</string>\\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+\t\t<string>kqueue</string>\\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+\t\t<!-- DEFAULT_CONFIG_FILE is hard-coded in ccs-calendarserver/twistedcaldav/stdconfig.py -->\\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+\t\t<string>-f</string>\\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+\t\t<string>${calendarserverdir}/Library/CalendarServer/Config/calendarserver.plist</string>|" \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${prefix}/etc/${startupitem.location}/org.macports.calendarserver/org.macports.calendarserver.plist
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # org.macports.calendarserver_proxy
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ reinplace \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "s|<string>${prefix}/sbin/nginx</string>$|&\\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+\t<string>-g</string>\\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+\t<string>daemon off;</string>\\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+\t<string>-p</string>\\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+\t<string>${calendarserverdir}/Library/CalendarServer/logs</string>\\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+\t<string>-c</string>\\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+\t<string>${calendarserverdir}/Library/CalendarServer/etc/nginx.conf</string>|" \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${prefix}/etc/${startupitem.location}/org.macports.calendarserver_proxy/org.macports.calendarserver_proxy.plist
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ reinplace \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "s|<string>${prefix}/var/run/calendarserver_proxy.pid</string>$|<string>${calendarserverdir}/Library/CalendarServer/run/nginx.pid</string>|" \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${prefix}/etc/${startupitem.location}/org.macports.calendarserver_proxy/org.macports.calendarserver_proxy.plist
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # TLS PFS
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ if { ![file exists \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${calendarserverdir}/Library/CalendarServer/etc/dhparam.pem] } {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # create a shorter, faster DH parameter file for the default installation
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ system -W ${calendarserverdir}/Library/CalendarServer/etc \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "openssl dhparam -out dhparam.pem 2048"
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ fs-traverse f_or_d \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${calendarserverdir} {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ if { [file type ${f_or_d}] ne "link" } {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ file attributes ${f_or_d} \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ -owner ${calendarserverUser} -group _calendar
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# ${calendarserverpackage} is not managed by destroot because the upstream
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# does not provide this capability; therefore, delete after deactivation
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# saving the previous install in .previous
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+post-deactivate {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ if { [file exists ${calendarserverpackage}] } {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ delete ${calendarserverpackage}.previous
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ move ${calendarserverpackage} ${calendarserverpackage}.previous
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ delete ${calendarserverpackage}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+notes "Apple Calendar and Contacts Server is a standards-compliant\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+server implementing the CalDAV and CardDAV protocols. Full\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+deployment requires a working mail server, DNS configuration on both the\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+LAN and the internet, including SPF and DKIM records, trusted TLS\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+certificates, port forwarding, possibly a mail relay, and more.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+Users must reconfigure this installation for their own system, network,\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+and security model specifics by editing all necessary files and checking\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+file permissions. A subset of these settings are visible in the files:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ port contents calendar-contacts-server
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ port file calendar-contacts-server
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+These are the locations and network settings for the default configuration:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ Calender and Contacts Server:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${prefix}/var/calendarserver/Library/CalendarServer/Config/calendarserver.plist
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ nginx Reverse Proxy:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${prefix}/var/calendarserver/Library/CalendarServer/etc/nginx.conf
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ports: 8008, 8443, 8800, 8843
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ Personal data (note, outside ${prefix}):
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ /var/calendarserver/Library/CalendarServer/Data
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+A working Calendar and Contacts Server will allow local account\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+authentication at these web pages (ports 8008 and 8800 are\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+unencrypted):
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ http://${fullhost}:8008
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ https://${fullhost}:8443
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ http://${fullhost}:8800
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ https://${fullhost}:8843
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+Known issues:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ * All local accounts have access to calendarserver's password using
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ security find-generic-password -a calendarserver@${fullhost} -g
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ This is a hack to provide twistedcaldav authentication access. See:\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ https://github.com/apple/ccs-calendarserver/blob/master/twistedcaldav/util.py\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ An alternate approach must be used if non-trusted local accounts\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ exist on the Calendar and Contacts Server.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ * The CalendarServer service does not reliably start after reboot,
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ presumably due to an issue with launchd. A workaround
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ after rebooting is to issue the commands:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ sudo port unload calendar-contacts-server ; sleep 5 ; \\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ sudo port load calendar-contacts-server
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ * The package ccs-calendarserver is written in Python 2.7, which will\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ reach the end of its life on January 1st, 2020. A future version of\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ pip will drop support for Python 2.7."
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+if { [variant_isset "initialize_always"] } {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ if {[exists notes]} {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # leave a blank line after the existing notes
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ notes-append ""
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ notes-append \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "The variant +initialize_always is set, which initializes\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ all configuration files. Please disable this variant for\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ working deployments."
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+variant apns \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ description "Use Apple Push Notification Service (APNS)" {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ if {[exists notes]} {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # leave a blank line after the existing notes
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ notes-append ""
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ notes-append \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "Calendar and Contacts Server may be configured to use\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ Apple Push Notification Service (APNS) with these steps:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ 1. Acquire APNS Mail certificates from a (virtual) macOS\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ High Sierra 10.13 and Server.app version 5.6. Export\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ the certificates from the Keychain into the files\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ com.apple.servermgrd.apns.calendar.p12 and\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ com.apple.servermgrd.apns.contact.p12. *Note*: APNS Mail\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ certificate creation is deprecated on Server.app version 5.7\+.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ 2. Convert the APNS Mail certificates to cert, key, and chain PEM files:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # apns:com.apple.calendar
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ openssl pkcs12 -in com.apple.servermgrd.apns.calendar.p12 \\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ -clcerts -nokeys | sed '/BEGIN CERTIFICATE/,\$!d' \\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ > com.apple.calendar.cert.pem
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ sudo install -m 0644 -o ${calendarserverUser} -g _calendar \\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ com.apple.calendar.cert.pem \\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${calendarserverdir}/Library/CalendarServer/Config/Certificates
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ openssl pkcs12 -in com.apple.servermgrd.apns.calendar.p12 \\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ -nodes -nocerts | sed '/BEGIN PRIVATE KEY/,\$!d' \\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ > com.apple.calendarserver.key.pem.decrypted
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ sudo security add-generic-password -a apns:com.apple.calendar \\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ -s 'MacPorts Calendar and Contacts Server' \\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ -T /usr/bin/security \\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ -w \$(openssl rand -base64 24) \\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ -U /Library/Keychains/System.keychain
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # encrypt the key with passphrase in this keychain account
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ openssl rsa -aes256 -in com.apple.calendar.key.pem.decrypted \\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ -out com.apple.calendar.key.pem
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ sudo install -m 0644 -o ${calendarserverUser} -g _calendar \\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ com.apple.calendar.key.pem \\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${calendarserverdir}/Library/CalendarServer/Config/Certificates
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ curl -LO https://www.apple.com/certificateauthority/AppleAAI2CA.cer
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ openssl x509 -inform der -in AppleAAI2CA.cer \\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ -out AppleAAI2CA.cert.pem
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ curl -LO https://www.apple.com/appleca/AppleIncRootCertificate.cer
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ openssl x509 -inform der -in AppleIncRootCertificate.cer \\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ -out AppleIncRootCertificate.cert.pem
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ cat com.apple.calendar.cert.pem \\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ AppleAAI2CA.cert.pem \\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ AppleIncRootCertificate.cert.pem \\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ > com.apple.calendar.chain.pem
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ openssl verify -CAfile com.apple.calendar.chain.pem \\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ com.apple.contact.cert.pem
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ sudo install -m 0644 -o ${calendarserverUser} -g _calendar \\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ com.apple.calendar.chain.pem \\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${calendarserverdir}/Library/CalendarServer/Config/Certificates
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ Repeat these steps for apns:com.apple.contact.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ 3. Configure calendarserver for APNS by uncommenting this block in\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ the file ${calendarserverdir}/Library/CalendarServer/Config/calendarserver.plist:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>Notifications</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <dict>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>Services</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <dict>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>APNS</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <dict>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>Enabled</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <true/>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ </dict>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ </dict>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ </dict>"
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+default_variants +apns
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+livecheck.type none
</span><span style='display:block; white-space:pre;color:#808080;'>diff --git a/net/calendar-contacts-server/files/calendarserver.plist b/net/calendar-contacts-server/files/calendarserver.plist
</span>new file mode 100644
<span style='display:block; white-space:pre;color:#808080;'>index 0000000..85e410e
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>--- /dev/null
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>+++ b/net/calendar-contacts-server/files/calendarserver.plist
</span><span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -0,0 +1,627 @@
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+<?xml version="1.0" encoding="UTF-8"?>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+<plist version="1.0">
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <dict>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <!-- See https://github.com/apple/ccs-calendarserver/blob/master/twistedcaldav/stdconfig.py -->
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <!--
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ Public network address information
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ This is the server's public network address, which is provided to
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ clients in URLs and the like. It may or may not be the network
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ address that the server is listening to directly, though it is by
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ default. For example, it may be the address of a load balancer or
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ proxy which forwards connections to the server.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ -->
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <!-- Network host name [empty = system host name] -->
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>ServerHostName</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <string>@host@.@domain@.@tld@</string> <!-- The hostname clients use when connecting -->
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <!-- Enable Calendars -->
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>EnableCalDAV</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <true/>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <!-- Enable AddressBooks -->
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>EnableCardDAV</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <true/>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <!-- Socket Files -->
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>SocketFiles</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <dict>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>Enabled</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <true/>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>Owner</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <string>@CALENDARSERVERUSER@</string>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>Group</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <string>_calendar</string>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ </dict>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>SocketRoot</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <string>@CALENDARSERVERDIR@/Library/CalendarServer/run/caldavd_requests</string>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <!-- HTTP port [0 = disable HTTP] -->
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>HTTPPort</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <integer>8008</integer>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <!-- SSL port the front end proxy is listening on -->
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>SSLPort</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <integer>8443</integer>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <!-- Disable listening on SSL port(s), the proxy will handle it -->
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <!-- This is set on macOS Server v5.7 -->
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <!--
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>EnableSSL</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <true/>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ -->
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <!-- We're behind a proxy -->
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>BehindTLSProxy</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <true/>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <!-- Redirect non-SSL ports to an SSL port (if configured for SSL) -->
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <!--
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>RedirectHTTPToHTTPS</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <true/>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ -->
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <!--
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ Network address configuration information
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ This configures the actual network address that the server binds to.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ -->
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <!-- List of IP addresses to bind to [empty = all] -->
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>BindAddresses</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <array>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ </array>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <!-- List of port numbers to bind to for HTTP [empty = same as "Port"] -->
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>BindHTTPPorts</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <array>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <!--
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <integer>8008</integer>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <integer>8800</integer>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ -->
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ </array>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <!-- List of port numbers to bind to for SSL [empty = same as "SSLPort"] -->
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>BindSSLPorts</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <array>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <!--
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <integer>8443</integer>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <integer>8843</integer>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ -->
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ </array>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <!--
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ Data Store
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ -->
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <!-- Server root -->
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>ServerRoot</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <string>@CALENDARSERVERDIR@/Library/CalendarServer</string>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <!-- Database connection:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ Possible values: empty, meaning 'spawn postgres yourself', or
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ 'postgres' or 'oracle', meaning 'connect to a postgres or Oracle
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ database as specified by the 'DSN' configuration key.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ Reference:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ https://github.com/apple/ccs-calendarserver/blob/master/twistedcaldav/stdconfig.py
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ https://github.com/apple/ccs-calendarserver/blob/master/doc/Admin/MultiServerDeployment.rst#database-connectivity -->
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>DBType</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <string></string>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <!-- Use this if
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ @CALENDARSERVERDIR@/Library/CalendarServer/Config/LaunchDaemons/org.calendarserver.postgres96.plist
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ is used
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <string>postgres</string>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ -->
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <!-- No features - when macOS supports postgres 9.5 and up change
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ this to include 'skip-locked'. -->
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>DBFeatures</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <array>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <string>skip-locked</string>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ </array>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <!-- Launch PostgreSQL Server -->
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>Postgres</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <dict>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>Ctl</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <string>@PREFIX@/lib/postgresql@POSTGRESQL9_VERSION_NICKNAME@/bin/pg_ctl</string>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>Options</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <array>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <!-- <string>-c log_statement=all</string> -->
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <string>-c log_lock_waits=TRUE</string>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <string>-c deadlock_timeout=10</string>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <string>-c log_line_prefix='%m [%p] '</string>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ </array>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>ExtraConnections</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <integer>20</integer>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>ClusterName</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <string>cluster.pg</string>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>LogFile</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <string>pg_ctl.log</string>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>SocketDirectory</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <string>@CALENDARSERVERDIR@/Library/CalendarServer/run/caldavd/PostgresSocket</string>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>SocketName</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <string></string>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>LogRotation</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <true/>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <!-- If the DBType is '', and we're spawning postgres ourselves,
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ where is the initdb tool to create its database cluster with? -->
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>Init</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <string>@PREFIX@/lib/postgresql@POSTGRESQL9_VERSION_NICKNAME@/bin/initdb</string>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ </dict>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <!-- Data root -->
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>DataRoot</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <string>Data</string>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <!-- Database root -->
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>DatabaseRoot</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <string>Database</string>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <!-- Document root -->
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>DocumentRoot</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <string>Documents</string>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <!-- Configuration root -->
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>ConfigRoot</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <string>Config</string>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <!-- Run root -->
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>RunRoot</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <string>@CALENDARSERVERDIR@/Library/CalendarServer/run/caldavd</string>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <!-- Don't exit if the DB needs an upgrade. -->
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>FailIfUpgradeNeeded</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <false/>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <!-- Child aliases -->
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>Aliases</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <array>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <!--
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <dict>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>url</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <string>/foo</string>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>path</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <string>/path/to/foo</string>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ </dict>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ -->
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ </array>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <!--
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ Quotas and limits
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ -->
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <!-- User quota (in bytes) [0 = no quota] applies to attachments only -->
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>UserQuota</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <integer>104857600</integer> <!-- 100Mb -->
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <!-- Maximum size for a single attachment (in bytes) [0 = no limit] -->
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>MaximumAttachmentSize</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <integer>10485760</integer> <!-- 10Mb -->
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <!-- Maximum number of calendars/address books allowed in a home -->
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <!-- 0 for no limit -->
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>MaxCollectionsPerHome</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <integer>50</integer>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <!-- Maximum number of resources in a calendar/address book -->
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <!-- 0 for no limit -->
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>MaxResourcesPerCollection</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <integer>10000</integer>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <!-- Maximum resource size (in bytes) -->
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>MaxResourceSize</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <integer>1048576</integer> <!-- 1Mb -->
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <!-- Maximum number of unique attendees per entire event -->
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <!-- 0 for no limit -->
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>MaxAttendeesPerInstance</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <integer>100</integer>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <!-- Maximum number of instances allowed during expansion -->
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <!-- 0 for no limit -->
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>MaxAllowedInstances</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <integer>3000</integer>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <!--
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ Directory service
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ A directory service provides information about principals (eg.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ users, groups, locations and resources) to the server.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ A variety of directory services are available for use.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ -->
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <!-- Open Directory Service (Mac OS X) -->
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>DirectoryService</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <dict>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>type</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <string>opendirectory</string>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>params</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <dict>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>node</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <string>/Search</string>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>recordTypes</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <array>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <string>users</string>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <string>groups</string>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ </array>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ </dict>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ </dict>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <!-- XML File Augment Service -->
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>AugmentService</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <dict>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>type</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <string>xml</string>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>params</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <dict>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>xmlFiles</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <array>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <string>augments.xml</string>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ </array>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ </dict>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ </dict>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>DirectoryFilterStartsWith</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <true/>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>DirectoryProxy</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <dict>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>Enabled</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <true/>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ </dict>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <!--
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ Special principals
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ These principals are granted special access and/or perform
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ special roles on the server.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ -->
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <!-- Principals with "DAV:all" access (relative URLs) -->
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>AdminPrincipals</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <array>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <!-- <string>/principals/__uids__/AEB68DD7-D2B8-4D4D-A574-2A4533DF36A4/</string> -->
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ </array>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <!-- Principals with "DAV:read" access (relative URLs) -->
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>ReadPrincipals</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <array>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <!-- <string>/principals/__uids__/983C8238-FB6B-4D92-9242-89C0A39E5F81/</string> -->
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ </array>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <!-- Create "proxy access" principals -->
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>EnableProxyPrincipals</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <true/>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <!--
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ Permissions
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ -->
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <!-- Anonymous read access for root resource -->
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>EnableAnonymousReadRoot</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <false/>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <!-- Anonymous read access for resource hierarchy -->
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>EnableAnonymousReadNav</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <false/>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <!-- Enables directory listings for principals -->
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>EnablePrincipalListings</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <false/>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <!-- Render calendar collections as a monolithic iCalendar object -->
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>EnableMonolithicCalendars</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <true/>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <!--
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ Authentication
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ -->
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>Authentication</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <dict>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <!-- Clear text; best avoided -->
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>Basic</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <dict>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>Enabled</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <true/>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>AllowedOverWireUnencrypted</key> <!-- advertised over non SSL? -->
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <false/>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ </dict>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <!-- Digest challenge/response -->
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>Digest</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <dict>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>Enabled</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <true/>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>AllowedOverWireUnencrypted</key> <!-- advertised over non SSL? -->
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <true/>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>Algorithm</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <string>md5</string>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>Qop</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <string></string>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ </dict>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <!-- Kerberos/SPNEGO -->
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>Kerberos</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <dict>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>Enabled</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <true/>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>AllowedOverWireUnencrypted</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <true/>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>ServicePrincipal</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <string></string>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ </dict>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <!-- Wikiserver authentication (Mac OS X) -->
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <!--
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>Wiki</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <dict>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>Enabled</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <true/>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ </dict>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ -->
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ </dict>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <!--
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ Logging
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ -->
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <!-- Log root -->
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>LogRoot</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <string>logs</string>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <!-- Apache-style access log -->
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>AccessLogFile</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <string>access.log</string>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>RotateAccessLog</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <true/>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <!-- Server activity log -->
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>ErrorLogFile</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <string>error.log</string>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <!-- Log levels -->
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>DefaultLogLevel</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <string>info</string> <!-- debug, info, warn, error -->
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <!-- Server process ID file -->
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>PIDFile</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <string>caldavd.pid</string>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <!--
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ SSL/TLS
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ -->
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <!-- Keychain identity to use instead of cert files -->
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>SSLKeychainIdentity</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <string>@host@.@domain@.@tld@</string>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <!--
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ Process management
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ -->
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <!--
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>UserName</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <string>calendarservice</string>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>GroupName</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <string>_calendar</string>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ -->
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>ProcessType</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <string>Combined</string>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>MultiProcess</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <dict>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>ProcessCount</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <integer>0</integer> <!-- 0 = automatic -->
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ </dict>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <!--
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ Notifications
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ -->
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <!--
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>Notifications</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <dict>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>Services</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <dict>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>APNS</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <dict>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>Enabled</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <true/>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ </dict>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ </dict>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ </dict>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ -->
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <!--
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ Server-to-server protocol
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ -->
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>Scheduling</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <dict>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <!-- CalDAV protocol options -->
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>CalDAV</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <dict>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>EmailDomain</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <string>@domain@.@tld@</string>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>HTTPDomain</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <string>@domain@.@tld@</string>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <!-- Regex patterns to match local calendar user addresses -->
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>AddressPatterns</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <array>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <string>mailto:.*@@domain@.@tld@</string>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ </array>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ </dict>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>iMIP</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <dict>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>Enabled</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <true/>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>Receiving</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <dict>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>Port</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <integer>993</integer>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>Server</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <string>@host@.@domain@.@tld@</string>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>Type</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <string>imap</string>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>UseSSL</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <true/>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>Username</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <string>@CALENDARSERVERUSER@</string>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ </dict>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>Sending</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <dict>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>Address</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <string>@CALENDARSERVERUSER@@@domain@.@tld@</string> <!-- Address email will be sent from -->
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>Port</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <integer>587</integer>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>Server</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <string>@host@.@domain@.@tld@</string>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>UseSSL</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <true/>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>Username</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <string>@CALENDARSERVERUSER@</string>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ </dict>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <!-- Regex patterns to match iMIP-able calendar user addresses -->
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>AddressPatterns</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <array>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <string>mailto:.*</string>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ </array>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ </dict>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ </dict>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <!--
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ Free-busy URL protocol
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ -->
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>FreeBusyURL</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <dict>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>Enabled</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <true/>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>TimePeriod</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <integer>14</integer>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>AnonymousAccess</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <false/>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ </dict>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <!--
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ Non-standard CalDAV extensions
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ -->
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <!-- Calendar Drop Box -->
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>EnableDropBox</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <false/>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <!-- Calendar Managed Attachments -->
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>EnableManagedAttachments</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <true/>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <!-- Private Events -->
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>EnablePrivateEvents</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <true/>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <!-- Timezone Service -->
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>EnableTimezoneService</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <true/>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <!-- Standard Timezone Service -->
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>TimezoneService</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <dict>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>Enabled</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <false/>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ </dict>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <!-- Shared Calendars & Address Books -->
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>Sharing</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <dict>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>Enabled</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <true/>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ </dict>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <!--
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ Miscellaneous items
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ -->
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <!-- Service ACLs (Mac OS X)
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ If enabled, will honor macOS Server ACLs to control access -->
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>EnableSACLs</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <false/>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <!-- Web-based administration -->
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>EnableWebAdmin</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <true/>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <!-- On OS X use wiki authentication dialogs for webcal -->
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>WebCalendarAuthPath</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <string>/auth</string>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <!-- Directory searching -->
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>DirectoryAddressBook</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <dict>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>Enabled</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <true/>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>type</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <string>opendirectory</string>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>params</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <dict>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>queryUserRecords</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <false/>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>queryPeopleRecords</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <false/>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ </dict>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ </dict>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>EnableSearchAddressBook</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <true/>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <!-- Automatic purging of data for principals no longer in the directory
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ -->
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>AutomaticPurging</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <dict>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>Enabled</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <true/>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ </dict>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <!-- Alert-posting program
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ -->
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <!--
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>AlertPostingProgram</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <string>/Applications/Server.app/Contents/ServerRoot/Library/CalendarServer/Setup/CalendarServerAlert</string>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ -->
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <!-- Includes of other plists
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ -->
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <!--
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>Includes</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <array>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <string>/Library/Server/Preferences/Calendar.plist</string>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <string>caldavd-system.plist</string>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <string>caldavd-user.plist</string>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ </array>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>WritableConfigFile</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <string>caldavd-system.plist</string>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ -->
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ </dict>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+</plist>
</span><span style='display:block; white-space:pre;color:#808080;'>diff --git a/net/calendar-contacts-server/files/default.html b/net/calendar-contacts-server/files/default.html
</span>new file mode 100644
<span style='display:block; white-space:pre;color:#808080;'>index 0000000..54352a8
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>--- /dev/null
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>+++ b/net/calendar-contacts-server/files/default.html
</span><span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -0,0 +1,8 @@
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+<!DOCTYPE html>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+<html>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+<head>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <meta charset='utf-8'>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+</head>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+<body>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+</body>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+</html>
</span><span style='display:block; white-space:pre;color:#808080;'>diff --git a/net/calendar-contacts-server/files/nginx.conf b/net/calendar-contacts-server/files/nginx.conf
</span>new file mode 100644
<span style='display:block; white-space:pre;color:#808080;'>index 0000000..076fde5
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>--- /dev/null
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>+++ b/net/calendar-contacts-server/files/nginx.conf
</span><span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -0,0 +1,108 @@
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# nginx reverse proxy for CalendarServer
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# run command:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# sudo nginx -g "daemon off;" -p @CALENDARSERVERDIR@/Library/CalendarServer/logs -c @CALENDARSERVERDIR@/Library/CalendarServer/etc/nginx.conf
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+user @CALENDARSERVERUSER@ _calendar;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+worker_processes auto;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+error_log ../logs/nginx_error.log;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#error_log ../logs/error.log notice;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#error_log ../logs/error.log info;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+pid ../run/nginx.pid;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+events {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ worker_connections 1024;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+http {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ include @PREFIX@/etc/nginx/mime.types;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ default_type application/octet-stream;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ server_tokens off;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ #log_format main '$remote_addr - $remote_user [$time_local] "$request" '
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # '$status $body_bytes_sent "$http_referer" '
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # '"$http_user_agent" "$http_x_forwarded_for"';
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ access_log ../logs/nginx_access.log;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ client_max_body_size 20M;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ upstream caldavd_secured {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ server unix:@CALENDARSERVERDIR@/Library/CalendarServer/run/caldavd_requests/secured.sock;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ upstream caldavd_unsecured {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ server unix:@CALENDARSERVERDIR@/Library/CalendarServer/run/caldavd_requests/unsecured.sock;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # Reverse proxy for CalendarServer
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ server {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ root nginx_root; # empty except for (unused) default.html
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # TLS
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ listen @host@.@domain@.@tld@:8443 ssl; # calDAV
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ listen @host@.@domain@.@tld@:8843 ssl; # cardDAV
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ server_name @host@.@domain@.@tld@;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # ssl_certificate must contain the cert:intermed[:root CA] chain
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ssl_certificate @PREFIX@/etc/certificates/@TLS_CERTIFICATE_NAME@.chain.pem;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ssl_certificate_key @PREFIX@/etc/certificates/private/@TLS_CERTIFICATE_NAME@.key.pem.decrypted;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # use modern crypto
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # https://wiki.mozilla.org/Security/Server_Side_TLS
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # https://cipherli.st
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ssl_protocols TLSv1.2 TLSv1.3;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ssl_prefer_server_ciphers on;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ssl_dhparam dhparam.pem;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ssl_ecdh_curve secp384r1;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ssl_session_timeout 10m;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ssl_session_cache shared:SSL:10m;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ssl_session_tickets off;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # nginx: [warn] "ssl_stapling" ignored, no OCSP responder URL in the certificate
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # ssl_stapling on;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # ssl_stapling_verify on;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ location / {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ proxy_pass http://caldavd_secured;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # proxy_pass https://localhost:8443;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # caldav issues "Bad Request 404" without turning off "Connection: close" header and setting HTTP/1.1
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ proxy_set_header Connection "";
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ proxy_http_version 1.1;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # proxy_set_header Host $host;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # the proxy is a unix socket
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ proxy_ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ proxy_ssl_ciphers HIGH:!aNULL:!MD5;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # proxy_ssl_certificate @CALENDARSERVERDIR@/Source/github/apple/ccs-calendarserver.build/twistedcaldav/test/data/cert.pem;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # proxy_ssl_certificate_key @CALENDARSERVERDIR@/Source/github/apple/ccs-calendarserver.build/twistedcaldav/test/data/server.pem;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # proxy_ssl_trusted_certificate @CALENDARSERVERDIR@/Source/github/apple/ccs-calendarserver.build/twistedcaldav/test/data/cert.pem;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ proxy_ssl_server_name on;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # proxy_ssl_verify on;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # turn this off for expired test certificate
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ proxy_ssl_verify off;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ proxy_ssl_verify_depth 2;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ proxy_ssl_session_reuse on;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ server {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ root nginx_root; # empty except for (unused) default.html
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # HTTP
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ listen @host@.@domain@.@tld@:8008; # calDAV
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ listen @host@.@domain@.@tld@:8800; # cardDAV
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ server_name @host@.@domain@.@tld@;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # quick alternate test
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # ncat -vlk 8800 -c 'ncat -U /path/to/unix_socket.sock'
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ location / {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ proxy_pass http://caldavd_unsecured;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # proxy_pass http://localhost:8008;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # caldav issues "Bad Request 404" without turning off "Connection: close" header and setting HTTP/1.1
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ proxy_set_header Connection "";
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ proxy_http_version 1.1;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # proxy_set_header Host $host;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+}
</span></pre><pre style='margin:0'>
</pre>