|
Pierre-Yves Chibon |
33b534 |
# -*- coding: utf-8 -*-
|
|
Pierre-Yves Chibon |
2088eb |
|
|
Pierre-Yves Chibon |
2088eb |
"""
|
|
Pierre-Yves Chibon |
771fcc |
(c) 2014-2015 - Copyright Red Hat Inc
|
|
Pierre-Yves Chibon |
2088eb |
|
|
Pierre-Yves Chibon |
2088eb |
Authors:
|
|
Pierre-Yves Chibon |
2088eb |
Pierre-Yves Chibon <pingou@pingoured.fr></pingou@pingoured.fr>
|
|
Pierre-Yves Chibon |
2088eb |
|
|
Pierre-Yves Chibon |
2088eb |
"""
|
|
Pierre-Yves Chibon |
2088eb |
|
|
Pierre-Yves Chibon |
67d1cc |
from __future__ import unicode_literals, absolute_import
|
|
Aurélien Bompard |
dcf6f6 |
|
|
Pierre-Yves Chibon |
2088eb |
import os
|
|
Pierre-Yves Chibon |
ee7375 |
from datetime import timedelta
|
|
Pierre-Yves Chibon |
ee7375 |
|
|
Pierre-Yves Chibon |
24747e |
from pagure.mail_logging import ContextInjector, MSG_FORMAT
|
|
Pierre-Yves Chibon |
24747e |
|
|
Pierre-Yves Chibon |
ee7375 |
|
|
Pierre-Yves Chibon |
f774a5 |
# Set the time after which the admin session expires
|
|
Pierre-Yves Chibon |
0c3df9 |
ADMIN_SESSION_LIFETIME = timedelta(minutes=20)
|
|
Pierre-Yves Chibon |
2088eb |
|
|
Pierre-Yves Chibon |
43b199 |
# secret key used to generate unique csrf token
|
|
Pierre-Yves Chibon |
8645c3 |
SECRET_KEY = str("<insert here="" key="" own="" your="">")</insert>
|
|
Pierre-Yves Chibon |
2088eb |
|
|
Pierre-Yves Chibon |
2088eb |
# url to the database server:
|
|
Pierre-Yves Chibon |
9c2953 |
DB_URL = "sqlite:////var/tmp/pagure_dev.sqlite"
|
|
Pierre-Yves Chibon |
2088eb |
|
|
Pierre-Yves Chibon |
bc0554 |
# Name the instance, used in the welcome screen upon first login (not
|
|
Pierre-Yves Chibon |
bc0554 |
# working with `local` auth)
|
|
Pierre-Yves Chibon |
9c2953 |
INSTANCE_NAME = "Pagure"
|
|
Pierre-Yves Chibon |
bc0554 |
|
|
Mary Kate Fain |
a16918 |
# Provide an email to contact an instance Administrator
|
|
Mary Kate Fain |
a16918 |
ADMIN_EMAIL = "root@localhost.localdomain"
|
|
Mary Kate Fain |
a16918 |
|
|
Ralph Bean |
5a2117 |
# url to datagrepper (optional):
|
|
Pierre-Yves Chibon |
9ea97e |
# DATAGREPPER_URL = 'https://apps.fedoraproject.org/datagrepper'
|
|
Pierre-Yves Chibon |
9ea97e |
# DATAGREPPER_CATEGORY = 'pagure'
|
|
Ralph Bean |
5a2117 |
|
|
Neal Gompa |
f3525c |
# Send FedMsg notifications of events in pagure
|
|
Neal Gompa |
f3525c |
FEDMSG_NOTIFICATIONS = False
|
|
Neal Gompa |
f3525c |
|
|
Pierre-Yves Chibon |
fe5017 |
# The FAS group in which the admin of pagure are
|
|
Pierre-Yves Chibon |
9c2953 |
ADMIN_GROUP = "sysadmin-main"
|
|
Pierre-Yves Chibon |
2088eb |
|
|
Pierre-Yves Chibon |
85ca6c |
# Hard-code a list of users that are global admins
|
|
Pierre-Yves Chibon |
85ca6c |
PAGURE_ADMIN_USERS = []
|
|
Pierre-Yves Chibon |
85ca6c |
|
|
Patrick Uiterwijk |
10e9b1 |
# Whether or not to send emails
|
|
Ryan Lerch |
048028 |
EMAIL_SEND = False
|
|
Patrick Uiterwijk |
10e9b1 |
|
|
Pierre-Yves Chibon |
2088eb |
# The email address to which the flask.log will send the errors (tracebacks)
|
|
Pierre-Yves Chibon |
9c2953 |
EMAIL_ERROR = "root@localhost.localdomain"
|
|
Pierre-Yves Chibon |
2088eb |
|
|
Pierre-Yves Chibon |
2088eb |
# The URL at which the project is available.
|
|
Pierre-Yves Chibon |
9c2953 |
APP_URL = "http://localhost.localdomain/"
|
|
Pierre-Yves Chibon |
36e0be |
|
|
Pierre-Yves Chibon |
cd1ee9 |
# Enables / Disables tickets for project for the entire pagure instance
|
|
Pierre-Yves Chibon |
a4bd4d |
ENABLE_TICKETS = True
|
|
Pierre-Yves Chibon |
cd1ee9 |
|
|
Slavek Kabrda |
adea20 |
# Enables / Disables docs for project for the entire pagure instance
|
|
Slavek Kabrda |
adea20 |
ENABLE_DOCS = True
|
|
Slavek Kabrda |
adea20 |
|
|
Pierre-Yves Chibon |
8c1d55 |
# Enables / Disables creating projects on this pagure instance
|
|
Pierre-Yves Chibon |
8c1d55 |
ENABLE_NEW_PROJECTS = True
|
|
Pierre-Yves Chibon |
8c1d55 |
|
|
Pierre-Yves Chibon |
86d0e0 |
# Enables / Disables deleting projects on this pagure instance
|
|
Pierre-Yves Chibon |
86d0e0 |
ENABLE_DEL_PROJECTS = True
|
|
Pierre-Yves Chibon |
86d0e0 |
|
|
Pierre-Yves Chibon |
fd7da8 |
# Enables / Disables giving projects on this pagure instance
|
|
Pierre-Yves Chibon |
fd7da8 |
ENABLE_GIVE_PROJECTS = True
|
|
Pierre-Yves Chibon |
fd7da8 |
|
|
Pierre-Yves Chibon |
7be364 |
# Enables / Disables managing access to the repos
|
|
Pierre-Yves Chibon |
7be364 |
ENABLE_USER_MNGT = True
|
|
Pierre-Yves Chibon |
7be364 |
|
|
Pierre-Yves Chibon |
b10e8c |
# Enables / Disables managing groups via the UI
|
|
Pierre-Yves Chibon |
b10e8c |
ENABLE_GROUP_MNGT = True
|
|
Pierre-Yves Chibon |
b10e8c |
|
|
Farhaan Bukhsh |
6ee1b8 |
# Enables / Disables private projects
|
|
Neal Gompa |
3c09f6 |
PRIVATE_PROJECTS = True
|
|
Farhaan Bukhsh |
6ee1b8 |
|
|
Pierre-Yves Chibon |
1ee8ed |
# Enable / Disable deleting branches in the UI
|
|
Pierre-Yves Chibon |
1ee8ed |
ALLOW_DELETE_BRANCH = True
|
|
Pierre-Yves Chibon |
1ee8ed |
|
|
Patrick Uiterwijk |
ac10ea |
# Allow admins to ignore existing repos when creating a new project
|
|
Patrick Uiterwijk |
ac10ea |
ALLOW_ADMIN_IGNORE_EXISTING_REPOS = False
|
|
Patrick Uiterwijk |
ac10ea |
|
|
Patrick Uiterwijk |
9638fb |
# List of users that can ignore existing repos when creating a new project
|
|
Patrick Uiterwijk |
9638fb |
USERS_IGNORE_EXISTING_REPOS = []
|
|
Patrick Uiterwijk |
9638fb |
|
|
Pierre-Yves Chibon |
91c9c0 |
# Enable / Disable having pagure manage the user's ssh keys
|
|
Pierre-Yves Chibon |
91c9c0 |
LOCAL_SSH_KEY = True
|
|
Pierre-Yves Chibon |
91c9c0 |
|
|
Pierre-Yves Chibon |
39f1dc |
# Enable / Disable deploy keys
|
|
Pierre-Yves Chibon |
39f1dc |
DEPLOY_KEY = True
|
|
Pierre-Yves Chibon |
39f1dc |
|
|
Slavek Kabrda |
07edc0 |
# Set to True if default target branch for all PRs in UI
|
|
Slavek Kabrda |
07edc0 |
# should be the branch that is longest substring of the branch
|
|
Slavek Kabrda |
07edc0 |
# that the PR is to be created from
|
|
Slavek Kabrda |
07edc0 |
PR_TARGET_MATCHING_BRANCH = False
|
|
Slavek Kabrda |
07edc0 |
|
|
Pierre-Yves Chibon |
ea9349 |
# Enables / Disables showing all the projects by default on the front page
|
|
Pierre-Yves Chibon |
9c2953 |
SHOW_PROJECTS_INDEX = ["repos", "myrepos", "myforks"]
|
|
Pierre-Yves Chibon |
ea9349 |
|
|
Pierre-Yves Chibon |
36e0be |
# The URL to use to clone the git repositories.
|
|
Pierre-Yves Chibon |
9c2953 |
GIT_URL_SSH = "ssh://git@localhost.localdomain/"
|
|
Pierre-Yves Chibon |
9c2953 |
GIT_URL_GIT = "git://localhost.localdomain/"
|
|
Pierre-Yves Chibon |
0aaef7 |
|
|
Slavek Kabrda |
9e14c8 |
# Set to True if git ssh URLs should be displayed even if user
|
|
Slavek Kabrda |
9e14c8 |
# doesn't have SSH key uploaded
|
|
Slavek Kabrda |
9e14c8 |
ALWAYS_RENDER_SSH_CLONE_URL = False
|
|
Slavek Kabrda |
9e14c8 |
|
|
Pierre-Yves Chibon |
de46b5 |
# Default queue names for the different services
|
|
Pierre-Yves Chibon |
9c2953 |
WEBHOOK_CELERY_QUEUE = "pagure_webhook"
|
|
Pierre-Yves Chibon |
9c2953 |
LOGCOM_CELERY_QUEUE = "pagure_logcom"
|
|
Pierre-Yves Chibon |
9c2953 |
LOADJSON_CELERY_QUEUE = "pagure_loadjson"
|
|
Pierre-Yves Chibon |
9c2953 |
CI_CELERY_QUEUE = "pagure_ci"
|
|
Pierre-Yves Chibon |
9c2953 |
MIRRORING_QUEUE = "pagure_mirror"
|
|
Pierre-Yves Chibon |
2088eb |
|
|
Pierre-Yves Chibon |
2088eb |
# Number of items displayed per page
|
|
Pierre-Yves Chibon |
b5df3d |
ITEM_PER_PAGE = 48
|
|
Pierre-Yves Chibon |
2088eb |
|
|
Pierre-Yves Chibon |
998367 |
# Maximum size of the uploaded content
|
|
Pierre-Yves Chibon |
998367 |
MAX_CONTENT_LENGTH = 4 * 1024 * 1024 # 4 megabytes
|
|
Pierre-Yves Chibon |
998367 |
|
|
Pierre-Yves Chibon |
77273a |
# IP addresses allowed to access the internal endpoints
|
|
Pierre-Yves Chibon |
9c2953 |
IP_ALLOWED_INTERNAL = ["127.0.0.1", "localhost", "::1"]
|
|
Pierre-Yves Chibon |
77273a |
|
|
Patrick Uiterwijk |
539a72 |
# Worker configuration
|
|
Patrick Uiterwijk |
539a72 |
CELERY_CONFIG = {}
|
|
Patrick Uiterwijk |
539a72 |
|
|
Pierre-Yves Chibon |
09fb7e |
# Redis configuration
|
|
Pierre-Yves Chibon |
8b17aa |
EVENTSOURCE_SOURCE = None
|
|
Pierre-Yves Chibon |
4687de |
WEBHOOK = False
|
|
Pierre-Yves Chibon |
9c2953 |
REDIS_HOST = "0.0.0.0"
|
|
Pierre-Yves Chibon |
09fb7e |
REDIS_PORT = 6379
|
|
Pierre-Yves Chibon |
f9140c |
REDIS_DB = 0
|
|
Pierre-Yves Chibon |
8d3302 |
EVENTSOURCE_PORT = 8080
|
|
Pierre-Yves Chibon |
09fb7e |
|
|
Karsten Hopp |
9f48c1 |
# Disallow remote pull requests
|
|
Karsten Hopp |
9f48c1 |
DISABLE_REMOTE_PR = False
|
|
Karsten Hopp |
9f48c1 |
|
|
Pierre-Yves Chibon |
893d4f |
# Folder where to place the ssh keys for the mirroring feature
|
|
Pierre-Yves Chibon |
9c2953 |
MIRROR_SSHKEYS_FOLDER = "/var/lib/pagure/sshkeys/"
|
|
Pierre-Yves Chibon |
893d4f |
|
|
Pierre-Yves Chibon |
2088eb |
# Folder containing to the git repos
|
|
Slavek Kabrda |
adea20 |
# Note that this must be exactly the same as GL_REPO_BASE in gitolite.rc
|
|
Pierre-Yves Chibon |
2088eb |
GIT_FOLDER = os.path.join(
|
|
Pierre-Yves Chibon |
9c2953 |
os.path.abspath(os.path.dirname(__file__)), "..", "lcl", "repos"
|
|
Pierre-Yves Chibon |
2088eb |
)
|
|
Pierre-Yves Chibon |
2088eb |
|
|
Pierre-Yves Chibon |
036a55 |
# Folder containing the clones for the remote pull-requests
|
|
Pierre-Yves Chibon |
036a55 |
REMOTE_GIT_FOLDER = os.path.join(
|
|
Pierre-Yves Chibon |
9c2953 |
os.path.abspath(os.path.dirname(__file__)), "..", "lcl", "remotes"
|
|
Pierre-Yves Chibon |
036a55 |
)
|
|
Pierre-Yves Chibon |
036a55 |
|
|
Patrick Uiterwijk |
cbb4a3 |
# Folder containing attachments
|
|
Patrick Uiterwijk |
cbb4a3 |
ATTACHMENTS_FOLDER = os.path.join(
|
|
Pierre-Yves Chibon |
9c2953 |
os.path.abspath(os.path.dirname(__file__)), "..", "lcl", "attachments"
|
|
Patrick Uiterwijk |
cbb4a3 |
)
|
|
Patrick Uiterwijk |
cbb4a3 |
|
|
Patrick Uiterwijk |
3f97f6 |
# Folder for repoSpanner pseudo repos
|
|
Patrick Uiterwijk |
3f97f6 |
REPOSPANNER_PSEUDO_FOLDER = os.path.join(
|
|
Patrick Uiterwijk |
3f97f6 |
os.path.abspath(os.path.dirname(__file__)), "..", "lcl", "pseudo"
|
|
Patrick Uiterwijk |
3f97f6 |
)
|
|
Patrick Uiterwijk |
3f97f6 |
|
|
Pierre-Yves Chibon |
d1f0d2 |
# Whether to enable scanning for viruses in attachments
|
|
Patrick Uiterwijk |
78afb3 |
VIRUS_SCAN_ATTACHMENTS = False
|
|
Pierre-Yves Chibon |
036a55 |
|
|
Pierre-Yves Chibon |
12ec09 |
# Configuration file for gitolite
|
|
Pierre-Yves Chibon |
12ec09 |
GITOLITE_CONFIG = os.path.join(
|
|
Pierre-Yves Chibon |
9c2953 |
os.path.abspath(os.path.dirname(__file__)), "..", "lcl", "gitolite.conf"
|
|
Pierre-Yves Chibon |
12ec09 |
)
|
|
Pierre-Yves Chibon |
fba7ed |
|
|
Pierre-Yves Chibon |
d3c7b2 |
# Configuration keys to specify where the upload folder is and what is its
|
|
Pierre-Yves Chibon |
d3c7b2 |
# name
|
|
Pierre-Yves Chibon |
7b7b83 |
UPLOAD_FOLDER_PATH = os.path.join(
|
|
Pierre-Yves Chibon |
9c2953 |
os.path.abspath(os.path.dirname(__file__)), "..", "lcl", "releases"
|
|
Pierre-Yves Chibon |
7b7b83 |
)
|
|
Pierre-Yves Chibon |
7b7b83 |
|
|
Pierre-Yves Chibon |
d3c7b2 |
|
|
Pierre-Yves Chibon |
fba7ed |
# Home folder of the gitolite user -- Folder where to run gl-compile-conf from
|
|
Pierre-Yves Chibon |
fba7ed |
GITOLITE_HOME = None
|
|
Pierre-Yves Chibon |
fba7ed |
|
|
Pierre-Yves Chibon |
66faf5 |
# Version of gitolite used: 2 or 3?
|
|
Pierre-Yves Chibon |
d4a7e7 |
GITOLITE_VERSION = 3
|
|
Pierre-Yves Chibon |
66faf5 |
|
|
Pierre-Yves Chibon |
c19c0d |
# Folder containing all the public ssh keys for gitolite
|
|
Pierre-Yves Chibon |
c19c0d |
GITOLITE_KEYDIR = None
|
|
Pierre-Yves Chibon |
c19c0d |
|
|
Patrick Uiterwijk |
ad0b72 |
# Backend for git auth decisions
|
|
Patrick Uiterwijk |
ad0b72 |
# This may be either a static helper (like gitolite based) or dynamic.
|
|
Patrick Uiterwijk |
ad0b72 |
GIT_AUTH_BACKEND = "gitolite3"
|
|
Patrick Uiterwijk |
ad0b72 |
|
|
Patrick Uiterwijk |
ad0b72 |
# Legacy option name for GIT_AUTH_BACKEND, retained for backwards compatibility
|
|
Patrick Uiterwijk |
ad0b72 |
# This option overrides GIT_AUTH_BACKEND
|
|
Patrick Uiterwijk |
ad0b72 |
# GITOLITE_BACKEND = "gitolite3"
|
|
Pierre-Yves Chibon |
145998 |
|
|
Slavek Kabrda |
6197ad |
# Whether or not this installation of Pagure should use `gitolite compile-1`
|
|
Slavek Kabrda |
6197ad |
# to improve speed of some gitolite operations. See documentation for more
|
|
Slavek Kabrda |
6197ad |
# info about how to set this up.
|
|
Slavek Kabrda |
6197ad |
GITOLITE_HAS_COMPILE_1 = False
|
|
Slavek Kabrda |
6197ad |
|
|
Pierre-Yves Chibon |
fba7ed |
# Path to the gitolite.rc file
|
|
Pierre-Yves Chibon |
fba7ed |
GL_RC = None
|
|
Pierre-Yves Chibon |
fba7ed |
# Path to the /bin directory where the gitolite tools can be found
|
|
Pierre-Yves Chibon |
fba7ed |
GL_BINDIR = None
|
|
Pierre-Yves Chibon |
c46e42 |
|
|
Pierre-Yves Chibon |
c46e42 |
|
|
Slavek Kabrda |
de8507 |
# Whether or not to run "git gc --auto" after every change to a project
|
|
Slavek Kabrda |
de8507 |
# This will only run for projects not on repospanner and will use
|
|
Slavek Kabrda |
de8507 |
# default git config values
|
|
Slavek Kabrda |
de8507 |
# See https://git-scm.com/docs/git-gc#git-gc---auto for more details
|
|
Slavek Kabrda |
de8507 |
GIT_GARBAGE_COLLECT = False
|
|
Slavek Kabrda |
de8507 |
|
|
Slavek Kabrda |
de8507 |
|
|
Pierre-Yves Chibon |
9ea97e |
# SMTP settings
|
|
Pierre-Yves Chibon |
9c2953 |
SMTP_SERVER = "localhost"
|
|
vanzhiganov |
8c310f |
SMTP_PORT = 25
|
|
vanzhiganov |
8c310f |
SMTP_SSL = False
|
|
Vivek Anand |
2bb937 |
|
|
Vivek Anand |
2bb937 |
# Specify both for enabling SMTP auth
|
|
vanzhiganov |
8c310f |
SMTP_USERNAME = None
|
|
vanzhiganov |
8c310f |
SMTP_PASSWORD = None
|
|
Pierre-Yves Chibon |
2fc797 |
|
|
Vivek Anand |
2bb937 |
|
|
Pierre-Yves Chibon |
2fc797 |
# Email used to sent emails
|
|
Pierre-Yves Chibon |
9c2953 |
FROM_EMAIL = "pagure@localhost.localdomain"
|
|
vanzhiganov |
8c310f |
|
|
Pierre-Yves Chibon |
9c2953 |
DOMAIN_EMAIL_NOTIFICATIONS = "localhost.localdomain"
|
|
Pierre-Yves Chibon |
9c2953 |
SALT_EMAIL = "<secret be="" changed="" key="" to="">"</secret>
|
|
Pierre-Yves Chibon |
6c1b1f |
|
|
Neal Gompa |
8bcba6 |
# Specify which authentication method to use.
|
|
ymdatta |
3df0e0 |
# Refer to
|
|
ymdatta |
3df0e0 |
# https://docs.pagure.org/pagure/configuration.html?highlight=authentication#pagure-auth
|
|
ymdatta |
3df0e0 |
# for information regarding authentication providers.
|
|
ymdatta |
3df0e0 |
|
|
Neal Gompa |
8bcba6 |
# Available options: `fas`, `openid`, `oidc`, `local`
|
|
Neal Gompa |
8bcba6 |
# Default: ``local``.
|
|
Pierre-Yves Chibon |
9c2953 |
PAGURE_AUTH = "local"
|
|
Pierre-Yves Chibon |
6c1b1f |
|
|
Slavek Kabrda |
46f8d5 |
# If PAGURE_AUTH is set to 'oidc', the following variables must be set:
|
|
Slavek Kabrda |
46f8d5 |
# The path to JSON file with client secrets (provided by your IdP)
|
|
Slavek Kabrda |
46f8d5 |
# OIDC_CLIENT_SECRETS = 'client_secrets.json'
|
|
Slavek Kabrda |
79a36e |
# When this is set to True, the cookie with OpenID Connect Token will only
|
|
Slavek Kabrda |
79a36e |
# be returned to the server via ssl (https). If you connect to the server
|
|
Slavek Kabrda |
79a36e |
# via plain http, the cookie will not be sent. This prevents sniffing
|
|
Slavek Kabrda |
79a36e |
# of the cookie contents. This may be set to False when testing your
|
|
Slavek Kabrda |
79a36e |
# application but should always be set to True in production.
|
|
Slavek Kabrda |
46f8d5 |
# OIDC_ID_TOKEN_COOKIE_SECURE = False
|
|
Slavek Kabrda |
79a36e |
# OIDC_SCOPES = ['openid', 'email', 'profile']
|
|
Slavek Kabrda |
79a36e |
# These specify names of expected keys provided as userinfo by IdP.
|
|
Slavek Kabrda |
79a36e |
# They may vary across different IdPs
|
|
Slavek Kabrda |
79a36e |
# OIDC_PAGURE_EMAIL = 'email'
|
|
Slavek Kabrda |
79a36e |
# OIDC_PAGURE_FULLNAME = 'name'
|
|
Slavek Kabrda |
79a36e |
# OIDC_PAGURE_USERNAME = 'preferred_username'
|
|
Slavek Kabrda |
79a36e |
# OIDC_PAGURE_SSH_KEY = 'ssh_key'
|
|
Slavek Kabrda |
79a36e |
# OIDC_PAGURE_GROUPS = 'groups'
|
|
Slavek Kabrda |
79a36e |
# This specifies fallback for getting username assuming OIDC_PAGURE_USERNAME
|
|
Slavek Kabrda |
79a36e |
# is empty - can be `email` (to use the part before `@`) or `sub`
|
|
Slavek Kabrda |
79a36e |
# (IdP-specific user id, can be a nickname, email or a numeric ID
|
|
Slavek Kabrda |
79a36e |
# depending on IdP).
|
|
Slavek Kabrda |
79a36e |
# OIDC_PAGURE_USERNAME_FALLBACK = 'email'
|
|
Pierre-Yves Chibon |
824441 |
#
|
|
Pierre-Yves Chibon |
824441 |
# More settings for OIDC are available from flask-oidc at:
|
|
Pierre-Yves Chibon |
824441 |
# http://flask-oidc.readthedocs.io/en/latest/#settings-reference
|
|
Slavek Kabrda |
46f8d5 |
|
|
Pierre-Yves Chibon |
6c1b1f |
# When this is set to True, the session cookie will only be returned to the
|
|
Pierre-Yves Chibon |
6c1b1f |
# server via ssl (https). If you connect to the server via plain http, the
|
|
Pierre-Yves Chibon |
6c1b1f |
# cookie will not be sent. This prevents sniffing of the cookie contents.
|
|
Pierre-Yves Chibon |
6c1b1f |
# This may be set to False when testing your application but should always
|
|
Pierre-Yves Chibon |
6c1b1f |
# be set to True in production.
|
|
Pierre-Yves Chibon |
6c1b1f |
# Default: ``True``.
|
|
Pierre-Yves Chibon |
771fcc |
SESSION_COOKIE_SECURE = False
|
|
Pierre-Yves Chibon |
9c2953 |
SESSION_COOKIE_NAME = "pagure"
|
|
Pierre-Yves Chibon |
6c1b1f |
|
|
Abhijeet Kasurde |
a6221b |
# Boolean specifying whether to check the user's IP address when retrieving
|
|
Pierre-Yves Chibon |
6c1b1f |
# its session. This make things more secure (thus is on by default) but
|
|
Pierre-Yves Chibon |
6c1b1f |
# under certain setup it might not work (for example is there are proxies
|
|
Pierre-Yves Chibon |
6c1b1f |
# in front of the application).
|
|
Pierre-Yves Chibon |
6c1b1f |
CHECK_SESSION_IP = True
|
|
Johan Cwiklinski |
b930cf |
|
|
Johan Cwiklinski |
b930cf |
# Lenght for short commits ids or file hex
|
|
Johan Cwiklinski |
b930cf |
SHORT_LENGTH = 6
|
|
Pierre-Yves Chibon |
05bf52 |
|
|
Pierre-Yves Chibon |
fec88c |
# Used by SESSION_COOKIE_PATH
|
|
Pierre-Yves Chibon |
9c2953 |
APPLICATION_ROOT = "/"
|
|
Pierre-Yves Chibon |
29f5ac |
|
|
Pierre-Yves Chibon |
29f5ac |
# List of blacklisted project names
|
|
Pierre-Yves Chibon |
06d19f |
BLACKLISTED_PROJECTS = [
|
|
Pierre-Yves Chibon |
9c2953 |
"static",
|
|
Pierre-Yves Chibon |
9c2953 |
"pv",
|
|
Pierre-Yves Chibon |
9c2953 |
"releases",
|
|
Pierre-Yves Chibon |
9c2953 |
"new",
|
|
Pierre-Yves Chibon |
9c2953 |
"api",
|
|
Pierre-Yves Chibon |
9c2953 |
"settings",
|
|
Pierre-Yves Chibon |
9c2953 |
"search",
|
|
Pierre-Yves Chibon |
9c2953 |
"fork",
|
|
Pierre-Yves Chibon |
9c2953 |
"logout",
|
|
Pierre-Yves Chibon |
9c2953 |
"login",
|
|
Pierre-Yves Chibon |
9c2953 |
"user",
|
|
Pierre-Yves Chibon |
9c2953 |
"users",
|
|
Pierre-Yves Chibon |
9c2953 |
"groups",
|
|
Pierre-Yves Chibon |
9c2953 |
"projects",
|
|
Pierre-Yves Chibon |
9c2953 |
"ssh_info",
|
|
Pierre-Yves Chibon |
9c2953 |
"issues",
|
|
Pierre-Yves Chibon |
9c2953 |
"pull-requests",
|
|
Pierre-Yves Chibon |
9c2953 |
"commits",
|
|
Pierre-Yves Chibon |
9c2953 |
"tree",
|
|
Pierre-Yves Chibon |
9c2953 |
"forks",
|
|
Pierre-Yves Chibon |
9c2953 |
"admin",
|
|
Pierre-Yves Chibon |
9c2953 |
"c",
|
|
Pierre-Yves Chibon |
9c2953 |
"wait",
|
|
Ryan Lerch |
020705 |
"dashboard",
|
|
Pierre-Yves Chibon |
9c2953 |
"docs/*, tickets/*, requests/*",
|
|
Pierre-Yves Chibon |
e0be7e |
]
|
|
Pierre-Yves Chibon |
adc5dd |
|
|
Pierre-Yves Chibon |
cf78d3 |
# List of prefix allowed in project names
|
|
Pierre-Yves Chibon |
cf78d3 |
ALLOWED_PREFIX = []
|
|
Pierre-Yves Chibon |
cf78d3 |
|
|
Pierre-Yves Chibon |
ca10fd |
# List of blacklisted group names
|
|
Pierre-Yves Chibon |
9c2953 |
BLACKLISTED_GROUPS = ["forks", "group"]
|
|
Pierre-Yves Chibon |
ca10fd |
|
|
Pierre-Yves Chibon |
ca10fd |
|
|
Pierre-Yves Chibon |
adc5dd |
ACLS = {
|
|
Pierre-Yves Chibon |
9c2953 |
"create_branch": "Create a git branch on a project",
|
|
Pierre-Yves Chibon |
9c2953 |
"create_project": "Create a new project",
|
|
Pierre-Yves Chibon |
9c2953 |
"commit_flag": "Flag a commit",
|
|
Pierre-Yves Chibon |
9c2953 |
"fork_project": "Fork a project",
|
|
Pierre-Yves Chibon |
9c2953 |
"generate_acls_project": "Generate the Gitolite ACLs on a project",
|
|
Slavek Kabrda |
984d0f |
"internal_access": "Access Pagure's internal APIs",
|
|
Pierre-Yves Chibon |
9c2953 |
"issue_assign": "Assign issue to someone",
|
|
Pierre-Yves Chibon |
9c2953 |
"issue_change_status": "Change the status of a ticket",
|
|
Pierre-Yves Chibon |
9c2953 |
"issue_comment": "Comment on a ticket",
|
|
Pierre-Yves Chibon |
9c2953 |
"issue_create": "Create a new ticket",
|
|
Pierre-Yves Chibon |
9c2953 |
"issue_subscribe": "Subscribe the user with this token to an issue",
|
|
Pierre-Yves Chibon |
9c2953 |
"issue_update": "Update an issue, status, comments, custom fields...",
|
|
Pierre-Yves Chibon |
9c2953 |
"issue_update_custom_fields": "Update the custom fields of an issue",
|
|
Pierre-Yves Chibon |
9c2953 |
"issue_update_milestone": "Update the milestone of an issue",
|
|
Pierre-Yves Chibon |
9c2953 |
"modify_project": "Modify an existing project",
|
|
Pierre-Yves Chibon |
9c2953 |
"pull_request_create": "Open a new pull-request",
|
|
Pierre-Yves Chibon |
9c2953 |
"pull_request_close": "Close a pull-request",
|
|
Pierre-Yves Chibon |
9c2953 |
"pull_request_comment": "Comment on a pull-request",
|
|
Pierre-Yves Chibon |
9c2953 |
"pull_request_flag": "Flag a pull-request",
|
|
Pierre-Yves Chibon |
9c2953 |
"pull_request_merge": "Merge a pull-request",
|
|
Pierre-Yves Chibon |
9c2953 |
"pull_request_subscribe": (
|
|
Pierre-Yves Chibon |
9c2953 |
"Subscribe the user with this token to a pull-request"
|
|
Pierre-Yves Chibon |
9c2953 |
),
|
|
Pierre-Yves Chibon |
bc397c |
"pull_request_assign": "Assign someone to a pull-request",
|
|
Pierre-Yves Chibon |
bc397c |
"pull_request_update": (
|
|
Pierre-Yves Chibon |
bc397c |
"Update a pull-request (title, description, assignee...)"
|
|
Pierre-Yves Chibon |
bc397c |
),
|
|
Pierre-Yves Chibon |
9c2953 |
"update_watch_status": "Update the watch status on a project",
|
|
Pierre-Yves Chibon |
5798ff |
"pull_request_rebase": "Rebase a pull-request",
|
|
Pierre-Yves Chibon |
adc5dd |
}
|
|
Farhaan Bukhsh |
5bc780 |
|
|
Pierre-Yves Chibon |
cf7d3a |
# List of ACLs which a regular user is allowed to associate to an API token
|
|
Pierre-Yves Chibon |
a892ce |
# from the ACLs above
|
|
Slavek Kabrda |
984d0f |
USER_ACLS = [
|
|
Slavek Kabrda |
984d0f |
key
|
|
Slavek Kabrda |
984d0f |
for key in ACLS.keys()
|
|
Slavek Kabrda |
984d0f |
if key not in ["generate_acls_project", "internal_access"]
|
|
Slavek Kabrda |
984d0f |
]
|
|
Pierre-Yves Chibon |
87442f |
|
|
Pierre-Yves Chibon |
91fe5e |
# From the ACLs above lists which ones are tolerated to be associated with
|
|
Pierre-Yves Chibon |
91fe5e |
# an API token that isn't linked to a particular project.
|
|
Pierre-Yves Chibon |
91fe5e |
CROSS_PROJECT_ACLS = [
|
|
Pierre-Yves Chibon |
9c2953 |
"create_project",
|
|
Pierre-Yves Chibon |
9c2953 |
"fork_project",
|
|
Pierre-Yves Chibon |
9c2953 |
"modify_project",
|
|
Pierre-Yves Chibon |
9c2953 |
"update_watch_status",
|
|
Lenka Segura |
3d9cf6 |
"pull_request_create",
|
|
Pierre-Yves Chibon |
4499ab |
]
|
|
Pierre-Yves Chibon |
4499ab |
|
|
Pierre-Yves Chibon |
4499ab |
# ACLs with which admins are allowed to create project-less API tokens
|
|
Pierre-Yves Chibon |
4499ab |
ADMIN_API_ACLS = [
|
|
Slavek Kabrda |
984d0f |
"internal_access",
|
|
Pierre-Yves Chibon |
9c2953 |
"issue_comment",
|
|
Pierre-Yves Chibon |
9c2953 |
"issue_create",
|
|
Pierre-Yves Chibon |
9c2953 |
"issue_change_status",
|
|
Pierre-Yves Chibon |
9c2953 |
"pull_request_flag",
|
|
Pierre-Yves Chibon |
9c2953 |
"pull_request_comment",
|
|
Pierre-Yves Chibon |
9c2953 |
"pull_request_merge",
|
|
Pierre-Yves Chibon |
9c2953 |
"generate_acls_project",
|
|
Pierre-Yves Chibon |
9c2953 |
"commit_flag",
|
|
Pierre-Yves Chibon |
9c2953 |
"create_branch",
|
|
Pierre-Yves Chibon |
91fe5e |
]
|
|
Pierre-Yves Chibon |
91fe5e |
|
|
Pierre-Yves Chibon |
208fe5 |
# List of the type of CI service supported by this pagure instance
|
|
Pierre-Yves Chibon |
890d6c |
PAGURE_CI_SERVICES = []
|
|
Pierre-Yves Chibon |
3175b1 |
|
|
Pierre-Yves Chibon |
3175b1 |
# Boolean to turn on project being by default in the user's namespace
|
|
Pierre-Yves Chibon |
3175b1 |
USER_NAMESPACE = False
|
|
Pierre-Yves Chibon |
0f5019 |
|
|
Pierre-Yves Chibon |
0f5019 |
# List of groups whose projects should not be shown on the user's info page
|
|
Pierre-Yves Chibon |
0f5019 |
# unless the user has direct access to it.
|
|
Pierre-Yves Chibon |
0f5019 |
EXCLUDE_GROUP_INDEX = []
|
|
Pierre-Yves Chibon |
6706a2 |
|
|
Slavek Kabrda |
a80d7c |
TRIGGER_CI = {
|
|
Slavek Kabrda |
a80d7c |
"pretty please pagure-ci rebuild": {
|
|
Slavek Kabrda |
a80d7c |
"name": "Default CI",
|
|
Slavek Kabrda |
a80d7c |
"description": "Rerun default CI",
|
|
Slavek Kabrda |
a80d7c |
"requires_project_hook_attr": ("ci_hook", "active_pr", True),
|
|
Pierre-Yves Chibon |
ee649a |
}
|
|
Slavek Kabrda |
a80d7c |
}
|
|
Pierre-Yves Chibon |
b73de8 |
|
|
Slavek Kabrda |
45252f |
FLAG_STATUSES_LABELS = {
|
|
Pierre-Yves Chibon |
9c2953 |
"success": "badge-success",
|
|
Pierre-Yves Chibon |
9c2953 |
"failure": "badge-danger",
|
|
Pierre-Yves Chibon |
9c2953 |
"error": "badge-danger",
|
|
Pierre-Yves Chibon |
9c2953 |
"pending": "badge-info",
|
|
Pierre-Yves Chibon |
9c2953 |
"canceled": "badge-warning",
|
|
Slavek Kabrda |
45252f |
}
|
|
Pierre-Yves Chibon |
9c2953 |
FLAG_SUCCESS = "success"
|
|
Pierre-Yves Chibon |
9c2953 |
FLAG_FAILURE = "failure"
|
|
Pierre-Yves Chibon |
9c2953 |
FLAG_PENDING = "pending"
|
|
Slavek Kabrda |
45252f |
|
|
Patrick Uiterwijk |
7b9080 |
# Never enable this option, this is intended for tests only, and can allow
|
|
Patrick Uiterwijk |
7b9080 |
# easy denial of service to the system if enabled.
|
|
Patrick Uiterwijk |
7b9080 |
ALLOW_PROJECT_DOWAIT = False
|
|
Patrick Uiterwijk |
7b9080 |
|
|
jingjing |
a949ff |
# Settings for MQTT message sending
|
|
jingjing |
a949ff |
MQTT_NOTIFICATIONS = False
|
|
jingjing |
a949ff |
MQTT_HOST = None
|
|
jingjing |
a949ff |
MQTT_PORT = None
|
|
jingjing |
a949ff |
MQTT_USERNAME = None
|
|
jingjing |
a949ff |
MQTT_PASSWORD = None
|
|
jingjing |
a949ff |
MQTT_CA_CERTS = None
|
|
jingjing |
a949ff |
MQTT_CERTFILE = None
|
|
jingjing |
a949ff |
MQTT_KEYFILE = None
|
|
jingjing |
a949ff |
MQTT_CIPHERS = None
|
|
jingjing |
a949ff |
|
|
Slavek Kabrda |
631df5 |
# Settings for Stomp message sending
|
|
Slavek Kabrda |
631df5 |
STOMP_NOTIFICATIONS = False
|
|
Slavek Kabrda |
631df5 |
STOMP_BROKERS = []
|
|
Slavek Kabrda |
631df5 |
STOMP_SSL = False
|
|
Slavek Kabrda |
631df5 |
STOMP_KEY_FILE = None
|
|
Slavek Kabrda |
631df5 |
STOMP_CERT_FILE = None
|
|
Slavek Kabrda |
631df5 |
STOMP_CREDS_PASSWORD = None
|
|
Slavek Kabrda |
631df5 |
STOMP_HIERARCHY = None
|
|
Pierre-Yves Chibon |
b73de8 |
|
|
Pierre-Yves Chibon |
b73de8 |
LOGGING = {
|
|
Pierre-Yves Chibon |
9c2953 |
"version": 1,
|
|
Pierre-Yves Chibon |
9c2953 |
"disable_existing_loggers": False,
|
|
Pierre-Yves Chibon |
9c2953 |
"formatters": {
|
|
Pierre-Yves Chibon |
9c2953 |
"standard": {
|
|
Pierre-Yves Chibon |
9c2953 |
"format": "%(asctime)s [%(levelname)s] %(name)s: %(message)s"
|
|
Pierre-Yves Chibon |
b73de8 |
},
|
|
Pierre-Yves Chibon |
9c2953 |
"email_format": {"format": MSG_FORMAT},
|
|
Pierre-Yves Chibon |
24747e |
},
|
|
Pierre-Yves Chibon |
9c2953 |
"filters": {"myfilter": {"()": ContextInjector}},
|
|
Pierre-Yves Chibon |
9c2953 |
"handlers": {
|
|
Pierre-Yves Chibon |
9c2953 |
"console": {
|
|
Pierre-Yves Chibon |
9c2953 |
"level": "INFO",
|
|
Pierre-Yves Chibon |
9c2953 |
"formatter": "standard",
|
|
Pierre-Yves Chibon |
9c2953 |
"class": "logging.StreamHandler",
|
|
Pierre-Yves Chibon |
9c2953 |
"stream": "ext://sys.stdout",
|
|
Pierre-Yves Chibon |
b73de8 |
},
|
|
Pierre-Yves Chibon |
9c2953 |
"email": {
|
|
Pierre-Yves Chibon |
9c2953 |
"level": "ERROR",
|
|
Pierre-Yves Chibon |
9c2953 |
"formatter": "email_format",
|
|
Pierre-Yves Chibon |
9c2953 |
"class": "logging.handlers.SMTPHandler",
|
|
Pierre-Yves Chibon |
9c2953 |
"mailhost": "localhost",
|
|
Pierre-Yves Chibon |
9c2953 |
"fromaddr": "pagure@localhost",
|
|
Pierre-Yves Chibon |
9c2953 |
"toaddrs": "root@localhost",
|
|
Pierre-Yves Chibon |
9c2953 |
"subject": "ERROR on pagure",
|
|
Pierre-Yves Chibon |
9c2953 |
"filters": ["myfilter"],
|
|
Pierre-Yves Chibon |
24747e |
},
|
|
Pierre-Yves Chibon |
b73de8 |
},
|
|
Pierre-Yves Chibon |
b73de8 |
# The root logger configuration; this is a catch-all configuration
|
|
Pierre-Yves Chibon |
b73de8 |
# that applies to all log messages not handled by a different logger
|
|
Pierre-Yves Chibon |
9c2953 |
"root": {"level": "INFO", "handlers": ["console"]},
|
|
Pierre-Yves Chibon |
9c2953 |
"loggers": {
|
|
Pierre-Yves Chibon |
9c2953 |
"pagure": {
|
|
Pierre-Yves Chibon |
9c2953 |
"handlers": ["console"],
|
|
Pierre-Yves Chibon |
9c2953 |
"level": "DEBUG",
|
|
Pierre-Yves Chibon |
9c2953 |
"propagate": True,
|
|
Pierre-Yves Chibon |
b73de8 |
},
|
|
Pierre-Yves Chibon |
9c2953 |
"flask": {
|
|
Pierre-Yves Chibon |
9c2953 |
"handlers": ["console"],
|
|
Pierre-Yves Chibon |
9c2953 |
"level": "INFO",
|
|
Pierre-Yves Chibon |
9c2953 |
"propagate": False,
|
|
Pierre-Yves Chibon |
b73de8 |
},
|
|
Pierre-Yves Chibon |
9c2953 |
"sqlalchemy": {
|
|
Pierre-Yves Chibon |
9c2953 |
"handlers": ["console"],
|
|
Pierre-Yves Chibon |
9c2953 |
"level": "WARN",
|
|
Pierre-Yves Chibon |
9c2953 |
"propagate": False,
|
|
Pierre-Yves Chibon |
b73de8 |
},
|
|
Pierre-Yves Chibon |
9c2953 |
"binaryornot": {
|
|
Pierre-Yves Chibon |
9c2953 |
"handlers": ["console"],
|
|
Pierre-Yves Chibon |
9c2953 |
"level": "WARN",
|
|
Pierre-Yves Chibon |
9c2953 |
"propagate": True,
|
|
Pierre-Yves Chibon |
d265db |
},
|
|
Pierre-Yves Chibon |
9c2953 |
"MARKDOWN": {
|
|
Pierre-Yves Chibon |
9c2953 |
"handlers": ["console"],
|
|
Pierre-Yves Chibon |
9c2953 |
"level": "WARN",
|
|
Pierre-Yves Chibon |
9c2953 |
"propagate": True,
|
|
Pierre-Yves Chibon |
9af365 |
},
|
|
Pierre-Yves Chibon |
9c2953 |
"PIL": {"handlers": ["console"], "level": "WARN", "propagate": True},
|
|
Pierre-Yves Chibon |
9c2953 |
"chardet": {
|
|
Pierre-Yves Chibon |
9c2953 |
"handlers": ["console"],
|
|
Pierre-Yves Chibon |
9c2953 |
"level": "WARN",
|
|
Pierre-Yves Chibon |
9c2953 |
"propagate": True,
|
|
Pierre-Yves Chibon |
323aec |
},
|
|
Pierre-Yves Chibon |
9c2953 |
"pagure.lib.encoding_utils": {
|
|
Pierre-Yves Chibon |
9c2953 |
"handlers": ["console"],
|
|
Pierre-Yves Chibon |
9c2953 |
"level": "WARN",
|
|
Pierre-Yves Chibon |
9c2953 |
"propagate": False,
|
|
Pierre-Yves Chibon |
323aec |
},
|
|
Pierre-Yves Chibon |
9c2953 |
},
|
|
Pierre-Yves Chibon |
b73de8 |
}
|
|
Pierre-Yves Chibon |
a1fca3 |
|
|
Pierre-Yves Chibon |
a1fca3 |
# Gives commit access to all, all but some or just some project based on
|
|
Pierre-Yves Chibon |
a1fca3 |
# groups provided by the auth system.
|
|
Pierre-Yves Chibon |
a1fca3 |
EXTERNAL_COMMITTER = {}
|
|
Pierre-Yves Chibon |
e1d70f |
|
|
Pierre-Yves Chibon |
e1d70f |
# Allows to require that the users are members of a certain group to be added
|
|
Pierre-Yves Chibon |
e1d70f |
# to a project (not a fork).
|
|
Pierre-Yves Chibon |
e1d70f |
REQUIRED_GROUPS = {}
|
|
Lubomír Sedlář |
59889e |
|
|
Lubomír Sedlář |
59889e |
# Predefined reactions. Selecting others is possible by typing their name. The
|
|
Lubomír Sedlář |
59889e |
# order here will be preserved in the web UI picker for reactions.
|
|
Lubomír Sedlář |
59889e |
REACTIONS = [
|
|
Pierre-Yves Chibon |
9c2953 |
("Thumbs up", "emojione-1F44D"), # Thumbs up
|
|
Lubomír Sedlář |
59889e |
("Thumbs down", "emojione-1F44E"), # Thumbs down
|
|
Pierre-Yves Chibon |
9c2953 |
("Confused", "emojione-1F615"), # Confused
|
|
Pierre-Yves Chibon |
9c2953 |
("Heart", "emojione-2764"), # Heart
|
|
Lubomír Sedlář |
59889e |
]
|
|
Pierre-Yves Chibon |
d5a31d |
|
|
Lubomír Sedlář |
59889e |
# This is used for faster indexing. Do not change.
|
|
Lubomír Sedlář |
59889e |
_REACTIONS_DICT = dict(REACTIONS)
|
|
Patrick Uiterwijk |
3f97f6 |
|
|
Patrick Uiterwijk |
a50651 |
# HTTP pull/push options
|
|
Patrick Uiterwijk |
a50651 |
# Whether to allow Git HTTP proxying
|
|
Patrick Uiterwijk |
a50651 |
ALLOW_HTTP_PULL_PUSH = True
|
|
Patrick Uiterwijk |
a50651 |
# Whether to allow pushing via HTTP
|
|
Patrick Uiterwijk |
a50651 |
ALLOW_HTTP_PUSH = False
|
|
Patrick Uiterwijk |
a50651 |
# Path to Gitolite-shell if using that, None to use Git directly
|
|
Patrick Uiterwijk |
a50651 |
HTTP_REPO_ACCESS_GITOLITE = "/usr/share/gitolite3/gitolite-shell"
|
|
Patrick Uiterwijk |
a50651 |
|
|
Patrick Uiterwijk |
3f97f6 |
# repoSpanner integration settings
|
|
Patrick Uiterwijk |
8174a4 |
# Path the the repoBridge binary
|
|
Patrick Uiterwijk |
8174a4 |
REPOBRIDGE_BINARY = "/usr/libexec/repobridge"
|
|
Patrick Uiterwijk |
3f97f6 |
# Whether to create new repositories on repoSpanner by default.
|
|
Patrick Uiterwijk |
3f97f6 |
# Either None or a region name.
|
|
Patrick Uiterwijk |
3f97f6 |
REPOSPANNER_NEW_REPO = None
|
|
Patrick Uiterwijk |
3f97f6 |
# Whether to allow admins to override region selection on creation.
|
|
Patrick Uiterwijk |
3f97f6 |
REPOSPANNER_NEW_REPO_ADMIN_OVERRIDE = False
|
|
Patrick Uiterwijk |
3f97f6 |
# Whether to create new forks on repoSpanner.
|
|
Patrick Uiterwijk |
3f97f6 |
# Either None (no repoSpanner), True (same as origin project) or a region name.
|
|
Patrick Uiterwijk |
3f97f6 |
REPOSPANNER_NEW_FORK = True
|
|
Patrick Uiterwijk |
3f97f6 |
# Whether to allow an admin to manually migrate an individual project.
|
|
Patrick Uiterwijk |
3f97f6 |
REPOSPANNER_ADMIN_MIGRATION = False
|
|
Patrick Uiterwijk |
3f97f6 |
# The repoSpanner regions to be used in this Pagure instance.
|
|
Patrick Uiterwijk |
3f97f6 |
# Example entry:
|
|
Patrick Uiterwijk |
3f97f6 |
# 'default': {'url': 'https://nodea.regiona.repospanner.local:8444',
|
|
Patrick Uiterwijk |
3f97f6 |
# 'repo_prefix': 'pagure/',
|
|
Patrick Uiterwijk |
d29158 |
# 'hook': None,
|
|
Patrick Uiterwijk |
3f97f6 |
# 'ca': '',
|
|
Patrick Uiterwijk |
3f97f6 |
# 'admin_cert': {'cert': '',
|
|
Patrick Uiterwijk |
3f97f6 |
# 'key': ''},
|
|
Patrick Uiterwijk |
3f97f6 |
# 'push_cert': {'cert': '',
|
|
Patrick Uiterwijk |
3f97f6 |
# 'key': ''}}
|
|
Patrick Uiterwijk |
3f97f6 |
REPOSPANNER_REGIONS = {}
|
|
Patrick Uiterwijk |
6e47de |
|
|
Patrick Uiterwijk |
6e47de |
# Configuration for the key helper
|
|
Patrick Uiterwijk |
6e47de |
# Look a username up in the database, overrides SSH_KEYS_USERNAME_EXPECT
|
|
Patrick Uiterwijk |
6e47de |
SSH_KEYS_USERNAME_LOOKUP = False
|
|
Patrick Uiterwijk |
e95068 |
# Except certain usernames from being used via the keyhelper
|
|
Patrick Uiterwijk |
e95068 |
SSH_KEYS_USERNAME_FORBIDDEN = ["root"]
|
|
Patrick Uiterwijk |
6e47de |
# Username to expect for ssh. Set to None to disallow any access
|
|
Patrick Uiterwijk |
6e47de |
SSH_KEYS_USERNAME_EXPECT = None
|
|
Patrick Uiterwijk |
6e47de |
# Arguments to add to the SSH keys, possible replacements:
|
|
Patrick Uiterwijk |
6e47de |
# %(username)s: username owning this key
|
|
Pierre-Yves Chibon |
5893c8 |
SSH_KEYS_OPTIONS = (
|
|
Pierre-Yves Chibon |
01c170 |
'restrict,command="/usr/libexec/pagure/aclchecker.py %(username)s"'
|
|
Patrick Uiterwijk |
59387b |
)
|
|
Slavek Kabrda |
984d0f |
# If not set to None, aclchecker and keyhelper will use this api admin
|
|
Slavek Kabrda |
984d0f |
# token to get authorized to internal endpoints that they use. The token
|
|
Slavek Kabrda |
984d0f |
# must have the internal_access ACL.
|
|
Slavek Kabrda |
984d0f |
SSH_ADMIN_TOKEN = None
|
|
Patrick Uiterwijk |
59387b |
|
|
Patrick Uiterwijk |
59387b |
# ACL Checker options
|
|
Patrick Uiterwijk |
59387b |
SSH_COMMAND_REPOSPANNER = (
|
|
Patrick Uiterwijk |
59387b |
[
|
|
Patrick Uiterwijk |
59387b |
"/usr/libexec/repobridge",
|
|
Patrick Uiterwijk |
59387b |
"--extra",
|
|
Patrick Uiterwijk |
59387b |
"username",
|
|
Patrick Uiterwijk |
59387b |
"%(username)s",
|
|
Patrick Uiterwijk |
b1d78f |
"--extra",
|
|
Patrick Uiterwijk |
b1d78f |
"repotype",
|
|
Patrick Uiterwijk |
b1d78f |
"%(repotype)s",
|
|
Patrick Uiterwijk |
b1d78f |
"--extra",
|
|
Patrick Uiterwijk |
b1d78f |
"project_name",
|
|
Patrick Uiterwijk |
b1d78f |
"%(project_name)s",
|
|
Patrick Uiterwijk |
b1d78f |
"--extra",
|
|
Patrick Uiterwijk |
b1d78f |
"project_user",
|
|
Patrick Uiterwijk |
b1d78f |
"%(project_user)s",
|
|
Patrick Uiterwijk |
b1d78f |
"--extra",
|
|
Patrick Uiterwijk |
b1d78f |
"project_namespace",
|
|
Patrick Uiterwijk |
b1d78f |
"%(project_namespace)s",
|
|
Patrick Uiterwijk |
59387b |
"%(cmd)s",
|
|
Slavek Kabrda |
b6a383 |
"'%(repospanner_reponame)s'",
|
|
Patrick Uiterwijk |
59387b |
],
|
|
Patrick Uiterwijk |
59387b |
{"REPOBRIDGE_CONFIG": "/etc/repospanner/bridge_%(region)s.json"},
|
|
Patrick Uiterwijk |
59387b |
)
|
|
Patrick Uiterwijk |
59387b |
SSH_COMMAND_NON_REPOSPANNER = (
|
|
Patrick Uiterwijk |
59387b |
[
|
|
Patrick Uiterwijk |
59387b |
"/usr/share/gitolite3/gitolite-shell",
|
|
Patrick Uiterwijk |
59387b |
"%(username)s",
|
|
Patrick Uiterwijk |
59387b |
"%(cmd)s",
|
|
Patrick Uiterwijk |
59387b |
"%(reponame)s",
|
|
Patrick Uiterwijk |
59387b |
],
|
|
Patrick Uiterwijk |
59387b |
{},
|
|
Pierre-Yves Chibon |
5893c8 |
)
|
|
Pierre-Yves Chibon |
d5a31d |
|
|
Pierre-Yves Chibon |
d5a31d |
CSP_HEADERS = (
|
|
Pierre-Yves Chibon |
d5a31d |
"default-src 'self' https:; "
|
|
Pierre-Yves Chibon |
d5a31d |
"script-src 'self' 'nonce-{nonce}'; "
|
|
Pierre-Yves Chibon |
d5a31d |
"style-src 'self' 'nonce-{nonce}'"
|
|
Pierre-Yves Chibon |
d5a31d |
)
|