import os from datetime import timedelta ### Set the time after which the admin session expires # There are two sessions on pagure, login that holds for 31 days and # the session defined here after which an user has to re-login. # This session is used when accessing all administrative parts of pagure # (ie: changing a project's or a user's settings) ADMIN_SESSION_LIFETIME = timedelta(minutes=20) # Enable tickets and docs for all repos ENABLE_TICKETS = True ENABLE_DOCS = True # Enables / Disables private projects PRIVATE_PROJECTS = False ### Secret key for the Flask application SECRET_KEY='{{ pillar['profile']['pagure']['secret_key'] }}' ### url to the database server: #DB_URL = 'mysql://user:pass@host/db_name' #DB_URL = 'postgres://user:pass@host/db_name' DB_URL = 'postgres://{{ pillar['profile']['pagure']['database_user'] }}:{{ pillar['postgres']['users']['pagure']['password'] }}@{{ pillar['profile']['pagure']['database_host'] }}/pagure' ### Send FedMsg notifications of events in pagure FEDMSG_NOTIFICATIONS = False ### The FAS group in which the admin of pagure are #ADMIN_GROUP = ['sysadmin-main'] ### Hard-coded list of global admins PAGURE_ADMIN_USERS = ['hellcp', 'Pharaoh_Atem'] ### Enables sending email using SMTP credentials. EMAIL_SEND = True ### The email address to which the flask.log will send the errors (tracebacks) EMAIL_ERROR = 'root@localhost' ### SMTP settings SMTP_SERVER = 'localhost' SMTP_PORT = 25 SMTP_SSL = False #Specify both for enabling SMTP with auth SMTP_USERNAME = None SMTP_PASSWORD = None ### Information used to sent notifications FROM_EMAIL = 'pagure@opensuse.org' DOMAIN_EMAIL_NOTIFICATIONS = 'code.opensuse.org' SALT_EMAIL = '{{ pillar['profile']['pagure']['salt_email'] }}' ### Restrict outgoing emails to these domains: ## If set, adding emailaccounts that don't end with these domainnames ## will not be permitted. Mails to already existing emailaccounts ## that are not covered by this list will not get sent. # ALLOWED_EMAIL_DOMAINS = [ 'localhost.localdomain', 'example.com' ] ### Disallow remote pull requests ## If set, remote pull requests will be disabled and not available ## anymore as a selection in the PR dropdown menus DISABLE_REMOTE_PR = False ### Allow HTTP(S) pushes with local/token auth ALLOW_HTTP_PUSH = True ### The URL at which the project is available. APP_URL = 'https://code.opensuse.org/' ### The URL at which the documentation of projects will be available ## This should be in a different domain to avoid XSS issues since we want ## to allow raw html to be displayed (different domain, ie not a sub-domain). DOC_APP_URL = 'https://pages.opensuse.org' ### The URL to use to clone git repositories. GIT_URL_SSH = 'ssh://git@code.opensuse.org/' GIT_URL_GIT = 'https://code.opensuse.org/' ### Folder containing the pagure user SSH authorized keys SSH_FOLDER = os.path.join( '/srv', 'gitolite', '.ssh' ) ### Folder containing to the git repos GIT_FOLDER = os.path.join( '/srv', 'gitolite', 'repositories' ) REPOSPANNER_PSEUDO_FOLDER = os.path.join( '/srv', 'gitolite', 'pseudo' ) ### Folder containing the clones for the remote pull-requests REMOTE_GIT_FOLDER = os.path.join( '/srv', 'gitolite', 'remotes' ) ### Whether to enable scanning for viruses in attachments VIRUS_SCAN_ATTACHMENTS = False GIT_AUTH_BACKEND = "pagure" HTTP_REPO_ACCESS_GITOLITE = None SSH_KEYS_USERNAME_EXPECT = "git" SSH_COMMAND_NON_REPOSPANNER = ([ "/usr/bin/%(cmd)s", "/srv/gitolite/repositories/%(reponame)s", ], {"GL_USER": "%(username)s"}) # Arguments to add to the SSH keys, possible replacements: # %(username)s: username owning this key SSH_KEYS_OPTIONS = ( 'restrict,command="/usr/lib/pagure/aclchecker.py %(username)s"' ) ### Configuration file for gitolite GITOLITE_CONFIG = os.path.join( '/srv', 'gitolite', '.gitolite', 'conf', 'gitolite.conf' ) ### Home folder of the gitolite user ### Folder where to run gl-compile-conf from GITOLITE_HOME = '/srv/gitolite' ### Version of gitolite used: 2 or 3? GITOLITE_VERSION = 3 ### Folder containing all the public ssh keys for gitolite GITOLITE_KEYDIR = os.path.join(GITOLITE_HOME, '.gitolite', 'keydir') ### Path to the gitolite.rc file GL_RC = None ### Path to the /bin directory where the gitolite tools can be found GL_BINDIR = None # SSH Information ### The ssh certificates of the git server to be provided to the user ### /!\ format is important # SSH_KEYS = {'RSA': {'fingerprint': '', 'pubkey': ''}} # Optional configuration ### Number of items displayed per page # Used when listing items ITEM_PER_PAGE = 50 ### Maximum size of the uploaded content # Used to limit the size of file attached to a ticket for example MAX_CONTENT_LENGTH = 4 * 1024 * 1024 # 4 megabytes ### Lenght for short commits ids or file hex SHORT_LENGTH = 6 ### List of blacklisted project names that can conflicts for pagure's URLs ### or other BLACKLISTED_PROJECTS = [ 'static', 'pv', 'releases', 'new', 'api', 'settings', 'logout', 'login', 'users', 'groups', 'projects'] ### IP addresses allowed to access the internal endpoints ### These endpoints are used by the milter and are security sensitive, thus ### the IP filter IP_ALLOWED_INTERNAL = ['127.0.0.1', 'localhost', '::1'] ### EventSource/Web-Hook/Redis configuration # The eventsource integration is what allows pagure to refresh the content # on your page when someone else comments on the ticket (and this without # asking you to reload the page. # By default it is off, ie: EVENTSOURCE_SOURCE is None, to turn it on, specify # here what the URL of the eventsource server is, for example: # https://ev.pagure.io or https://pagure.io:8080 or whatever you are using # (Note: the urls sent to it start with a '/' so no need to add one yourself) EVENTSOURCE_SOURCE = 'https://ev.opensuse.org' # Port where the event source server is running (maybe be the same port # as the one specified in EVENTSOURCE_SOURCE or a different one if you # have something running in front of the server such as apache or stunnel). EVENTSOURCE_PORT = 8080 # If this port is specified, the event source server will run another server # at this port and will provide information about the number of active # connections running on the first (main) event source server #EV_STATS_PORT = 8888 # Web-hook can be turned on or off allowing using them for notifications, or # not. WEBHOOK = True ### Redis configuration # A redis server is required for both the Event-Source server or the web-hook # server. REDIS_HOST = '0.0.0.0' REDIS_PORT = 6379 REDIS_DB = 0 # Authentication related configuration option ### Switch the authentication method # Specify which authentication method to use. # Available options: `fas`, `openid`, `oidc`, `local` # Default: ``local``. PAGURE_AUTH = 'openid' FAS_OPENID_ENDPOINT = 'https://id.opensuse.org/openid' # When this is set to True, the session cookie will only be returned to the # server via ssl (https). If you connect to the server via plain http, the # cookie will not be sent. This prevents sniffing of the cookie contents. # This may be set to False when testing your application but should always # be set to True in production. # Default: ``True``. SESSION_COOKIE_SECURE = True # The name of the cookie used to store the session id. # Default: ``.pagure``. SESSION_COOKIE_NAME = 'pagure' # Boolean specifying whether to check the user's IP address when retrieving # its session. This make things more secure (thus is on by default) but # under certain setup it might not work (for example is there are proxies # in front of the application). CHECK_SESSION_IP = True # Used by SESSION_COOKIE_PATH APPLICATION_ROOT = '/' # Allow the backward compatiblity endpoints for the old URLs schema to # see the commits of a repo. This is only interesting if you pagure instance # was running since before version 1.3 and if you care about backward # compatibility in your URLs. OLD_VIEW_COMMIT_ENABLED = False # repoSpanner integration settings # https://repospanner.org/ # Whether to create new repositories on repoSpanner by default. # Either None or a region name. REPOSPANNER_NEW_REPO = None # Whether to allow admins to override region selection on creation. REPOSPANNER_NEW_REPO_ADMIN_OVERRIDE = False # Whether to create new forks on repoSpanner. # Either None (no repoSpanner), True (same as origin project) or a region name. REPOSPANNER_NEW_FORK = True # Whether to allow an admin to manually migrate an individual project. REPOSPANNER_ADMIN_MIGRATION = False # The repoSpanner regions to be used in this Pagure instance. # Example entry: # 'default': {'url': 'https://nodea.regiona.repospanner.local:8444', # 'repo_prefix': 'pagure/', # 'hook': None, # 'ca': '', # 'admin_cert': {'cert': '', # 'key': ''}, # 'push_cert': {'cert': '', # 'key': ''}} REPOSPANNER_REGIONS = {} # Path to the plugins configuration file that is used to load plugins. Please # look at files/plugins.cfg.sample for a configuration example. # PAGURE_PLUGINS_CONFIG = "/etc/pagure/plugins.cfg" THEME = 'chameleon'