Blob Blame History Raw
import os
from datetime import timedelta

### Set the time after which the admin session expires
# There are two sessions on pagure, login that holds for 31 days and
# the session defined here after which an user has to re-login.
# This session is used when accessing all administrative parts of pagure
# (ie: changing a project's or a user's settings)
ADMIN_SESSION_LIFETIME = timedelta(minutes=20)

# Enable tickets and docs for all repos
ENABLE_TICKETS = True
ENABLE_DOCS = True

# Enables / Disables private projects
PRIVATE_PROJECTS = False

### Secret key for the Flask application
SECRET_KEY='{{ pillar['profile']['pagure']['secret_key'] }}'

### url to the database server:
#DB_URL = 'mysql://user:pass@host/db_name'
#DB_URL = 'postgres://user:pass@host/db_name'
DB_URL = 'postgres://{{ pillar['profile']['pagure']['database_user'] }}:{{ pillar['postgres']['users']['pagure']['password'] }}@{{ pillar['profile']['pagure']['database_host'] }}/pagure'

### Send FedMsg notifications of events in pagure
FEDMSG_NOTIFICATIONS = False

### The FAS group in which the admin of pagure are
#ADMIN_GROUP = ['sysadmin-main']

# The publicly visible admin email address
ADMIN_EMAIL = 'admin@opensuse.org'

### Hard-coded list of global admins
PAGURE_ADMIN_USERS = ['hellcp', 'Pharaoh_Atem']

### Enables sending email using SMTP credentials.
EMAIL_SEND = True

### The email address to which the flask.log will send the errors (tracebacks)
EMAIL_ERROR = 'root@localhost'

### SMTP settings
SMTP_SERVER = 'localhost'
SMTP_PORT = 25
SMTP_SSL = False

#Specify both for enabling SMTP with auth
SMTP_USERNAME = None
SMTP_PASSWORD = None

### Information used to sent notifications
FROM_EMAIL = 'pagure@opensuse.org'
DOMAIN_EMAIL_NOTIFICATIONS = 'code.opensuse.org'
SALT_EMAIL = '{{ pillar['profile']['pagure']['salt_email'] }}'

### Restrict outgoing emails to these domains:
## If set, adding emailaccounts that don't end with these domainnames
## will not be permitted. Mails to already existing emailaccounts
## that are not covered by this list will not get sent.
# ALLOWED_EMAIL_DOMAINS = [ 'localhost.localdomain', 'example.com' ]

### Disallow remote pull requests
## If set, remote pull requests will be disabled and not available
## anymore as a selection in the PR dropdown menus
DISABLE_REMOTE_PR = False

### Allow HTTP(S) pushes with local/token auth
ALLOW_HTTP_PUSH = True

### The URL at which the project is available.
APP_URL = 'https://code.opensuse.org/'
### The URL at which the documentation of projects will be available
## This should be in a different domain to avoid XSS issues since we want
## to allow raw html to be displayed (different domain, ie not a sub-domain).
DOC_APP_URL = 'https://pages.opensuse.org'

### The URL to use to clone git repositories.
GIT_URL_SSH = 'ssh://git@code.opensuse.org/'
GIT_URL_GIT = 'https://code.opensuse.org/'


### Folder containing the pagure user SSH authorized keys
SSH_FOLDER = os.path.join(
    '/srv',
    'gitolite',
    '.ssh'
)

### Folder containing to the git repos
GIT_FOLDER = os.path.join(
    '/srv',
    'gitolite',
    'repositories'
)

REPOSPANNER_PSEUDO_FOLDER = os.path.join(
    '/srv',
    'gitolite',
    'pseudo'
)

### Folder containing the clones for the remote pull-requests
REMOTE_GIT_FOLDER = os.path.join(
    '/srv',
    'gitolite',
    'remotes'
)

### Whether to enable scanning for viruses in attachments
VIRUS_SCAN_ATTACHMENTS = False

GIT_AUTH_BACKEND = "pagure"

HTTP_REPO_ACCESS_GITOLITE = None

SSH_KEYS_USERNAME_EXPECT = "git"

SSH_COMMAND_NON_REPOSPANNER = ([
    "/usr/bin/%(cmd)s",
    "/srv/gitolite/repositories/%(reponame)s",
], {"GL_USER": "%(username)s"})

# Arguments to add to the SSH keys, possible replacements:
# %(username)s: username owning this key
SSH_KEYS_OPTIONS = (
    'restrict,command="/usr/lib/pagure/aclchecker.py %(username)s"'
)

### Configuration file for gitolite
GITOLITE_CONFIG = os.path.join(
    '/srv',
    'gitolite',
    '.gitolite',
    'conf',
    'gitolite.conf'
)


### Home folder of the gitolite user
### Folder where to run gl-compile-conf from
GITOLITE_HOME = '/srv/gitolite'

### Version of gitolite used: 2 or 3?
GITOLITE_VERSION = 3

### Folder containing all the public ssh keys for gitolite
GITOLITE_KEYDIR = os.path.join(GITOLITE_HOME, '.gitolite', 'keydir')

### Path to the gitolite.rc file
GL_RC = None

### Path to the /bin directory where the gitolite tools can be found
GL_BINDIR = None


# SSH Information

### The ssh certificates of the git server to be provided to the user
### /!\ format is important
SSH_KEYS = {
    'RSA': {
        'fingerprint': '3072 5d:dc:89:7f:bf:02:5b:e9:ec:9d:5d:bc:ad:7e:5c:5e   (RSA)',
        'pubkey': 'code.opensuse.org,195.135.221.140,2001:67c:2178:8:0:0:0:16 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDXCk+ToHsNvFMO1b0FrO4wiWLPtmNNiXkupXf2hjPGWSexe1FjjjLp2/zjQb8a8srzaF5AFGUX9cOFGRpXa0j53h/q91nNcUVpaiy0I3cCXQbLwVeiPBPmDYjpTbAl0cHYfVQvF8W++VU9SABUfe+yq/OADFKCYVMjYV8gTvtFFpqbIh6YGLELZ/SwHid9HgspA9TSS6jPjDuP89xkCb14m52P47a9h5n9wEHfdOvqcV3MJd2wprJAUM9Ulz+EXydHPh8cNE1wZu5H78yKAQgAHCeMqWy/6FNmp/dU6OJ/ARfkMCXDQwrJd0fm31Zer5bcVkZdALcGOeggL7d2P7+FC7cCkPa5aeU1kpNCMoOXcR5/zra9ssaskHUXwTRODOMlK3YpJON0vx5/NLr6SrN4EQv3dBJS1qrDEpqhxZCqMk1jY1i4ixGDyIEO0ESEI/J57SqhWOvGUNRpweWg/JNKRfdJ6gF7KJsjfOyDQzdyCBZiMu61roKXsG0/FPqPEHE=',
        'SHA256': 'SHA256:1Y2KdDQqRvkv+CGKU4+m4qpkZps0s/qFB5i7FndsBDA',
    }
}



# Optional configuration

### Number of items displayed per page
# Used when listing items
ITEM_PER_PAGE = 50

### Maximum size of the uploaded content
# Used to limit the size of file attached to a ticket for example
MAX_CONTENT_LENGTH = 4 * 1024 * 1024  # 4 megabytes

### Lenght for short commits ids or file hex
SHORT_LENGTH = 6

### List of blacklisted project names that can conflicts for pagure's URLs
### or other
BLACKLISTED_PROJECTS = [
    'static', 'pv', 'releases', 'new', 'api', 'settings',
    'logout', 'login', 'users', 'groups', 'projects']

### IP addresses allowed to access the internal endpoints
### These endpoints are used by the milter and are security sensitive, thus
### the IP filter
IP_ALLOWED_INTERNAL = ['127.0.0.1', 'localhost', '::1', '']

### EventSource/Web-Hook/Redis configuration
# The eventsource integration is what allows pagure to refresh the content
# on your page when someone else comments on the ticket (and this without
# asking you to reload the page.
# By default it is off, ie: EVENTSOURCE_SOURCE is None, to turn it on, specify
# here what the URL of the eventsource server is, for example:
# https://ev.pagure.io or https://pagure.io:8080 or whatever you are using
# (Note: the urls sent to it start with a '/' so no need to add one yourself)
EVENTSOURCE_SOURCE = 'https://ev.opensuse.org'
# Port where the event source server is running (maybe be the same port
# as the one specified in EVENTSOURCE_SOURCE or a different one if you
# have something running in front of the server such as apache or stunnel).
EVENTSOURCE_PORT = 8080
# If this port is specified, the event source server will run another server
# at this port and will provide information about the number of active
# connections running on the first (main) event source server
#EV_STATS_PORT = 8888
# Web-hook can be turned on or off allowing using them for notifications, or
# not.
WEBHOOK = True

### Redis configuration
# A redis server is required for both the Event-Source server or the web-hook
# server.
REDIS_HOST = '0.0.0.0'
REDIS_PORT = 6379
REDIS_DB = 0

# Authentication related configuration option

### Switch the authentication method
# Specify which authentication method to use.
# Available options: `fas`, `openid`, `oidc`, `local`
# Default: ``local``.
PAGURE_AUTH = 'openid'

FAS_OPENID_ENDPOINT = 'https://www.opensuse.org/openid/'

# When this is set to True, the session cookie will only be returned to the
# server via ssl (https). If you connect to the server via plain http, the
# cookie will not be sent. This prevents sniffing of the cookie contents.
# This may be set to False when testing your application but should always
# be set to True in production.
# Default: ``True``.
SESSION_COOKIE_SECURE = True

# The name of the cookie used to store the session id.
# Default: ``.pagure``.
SESSION_COOKIE_NAME = 'pagure'

# Boolean specifying whether to check the user's IP address when retrieving
# its session. This make things more secure (thus is on by default) but
# under certain setup it might not work (for example is there are proxies
# in front of the application).
CHECK_SESSION_IP = True

# Used by SESSION_COOKIE_PATH
APPLICATION_ROOT = '/'

# Allow the backward compatiblity endpoints for the old URLs schema to
# see the commits of a repo. This is only interesting if you pagure instance
# was running since before version 1.3 and if you care about backward
# compatibility in your URLs.
OLD_VIEW_COMMIT_ENABLED = False

# repoSpanner integration settings
# https://repospanner.org/
# Whether to create new repositories on repoSpanner by default.
# Either None or a region name.
REPOSPANNER_NEW_REPO = None
# Whether to allow admins to override region selection on creation.
REPOSPANNER_NEW_REPO_ADMIN_OVERRIDE = False
# Whether to create new forks on repoSpanner.
# Either None (no repoSpanner), True (same as origin project) or a region name.
REPOSPANNER_NEW_FORK = True
# Whether to allow an admin to manually migrate an individual project.
REPOSPANNER_ADMIN_MIGRATION = False
# The repoSpanner regions to be used in this Pagure instance.
# Example entry:
# 'default': {'url': 'https://nodea.regiona.repospanner.local:8444',
#             'repo_prefix': 'pagure/',
#             'hook': None,
#             'ca': '',
#             'admin_cert': {'cert': '',
#                            'key': ''},
#             'push_cert': {'cert': '',
#                           'key': ''}}
REPOSPANNER_REGIONS = {}

# Path to the plugins configuration file that is used to load plugins. Please
# look at files/plugins.cfg.sample for a configuration example.
# PAGURE_PLUGINS_CONFIG = "/etc/pagure/plugins.cfg"

THEME = 'chameleon'