import os from datetime import timedelta from pagure.mail_logging import ContextInjector ### Set the time after which the admin session expires # There are two sessions on pagure, login that holds for 31 days and # the session defined here after which an user has to re-login. # This session is used when accessing all administrative parts of pagure # (ie: changing a project's or a user's settings) ADMIN_SESSION_LIFETIME = timedelta(minutes=20000000) # Enable tickets and docs for all repos ENABLE_TICKETS = True ENABLE_DOCS = True ### Secret key for the Flask application SECRET_KEY='' ### url to the database server: #DB_URL=mysql://user:pass@host/db_name #DB_URL=postgres://user:pass@host/db_name DB_URL = 'sqlite:////srv/git/pagure_dev.sqlite' ### The FAS group in which the admin of pagure are ADMIN_GROUP = ['sysadmin-main'] ### Hard-coded list of global admins PAGURE_ADMIN_USERS = [] ### The URL at which the project is available. APP_URL = 'http://127.0.0.1:5000' ### The URL at which the documentation of projects will be available ## This should be in a different domain to avoid XSS issues since we want ## to allow raw html to be displayed (different domain, ie not a sub-domain). DOC_APP_URL = '*' # Avoid sending emails while developing by default EMAIL_SEND = False EMAIL_ERROR = 'vagrant@localhost' ### The URL to use to clone git repositories. GIT_URL_SSH = 'ssh://git@pagure-dev.example.com/' GIT_URL_GIT = 'http://pagure-dev.example.com:5000/' ### Folder containing to the git repos STORAGE_ROOT = '/srv/git/' GIT_FOLDER = os.path.join(STORAGE_ROOT, 'repositories') ### Folder containing the clones for the remote pull-requests REMOTE_GIT_FOLDER = os.path.join(STORAGE_ROOT, 'remotes') ### Whether to enable scanning for viruses in attachments VIRUS_SCAN_ATTACHMENTS = False SSH_FOLDER = "/srv/git/.ssh/" GIT_AUTH_BACKEND = "pagure_authorized_keys" SSH_KEYS_OPTIONS = ( 'restrict,command="/usr/bin/python3 /srv/pagure/files/aclchecker.py %(username)s"' ) SSH_COMMAND_NON_REPOSPANNER = ([ "/usr/bin/%(cmd)s", "/srv/git/repositories/%(reponame)s", ], {"GL_USER": "%(username)s"}) # SSH Information ### The ssh certificates of the git server to be provided to the user ### /!\ format is important # SSH_KEYS = {'RSA': {'fingerprint': '', 'pubkey': ''}} # Optional configuration ### Maximum size of the uploaded content # Used to limit the size of file attached to a ticket for example MAX_CONTENT_LENGTH = 4 * 1024 * 1024 # 4 megabytes ### Lenght for short commits ids or file hex SHORT_LENGTH = 6 ### IP addresses allowed to access the internal endpoints ### These endpoints are used by the milter and are security sensitive, thus ### the IP filter IP_ALLOWED_INTERNAL = ['127.0.0.1', 'localhost', '::1',] ### EventSource/Web-Hook/Redis configuration # The eventsource integration is what allows pagure to refresh the content # on your page when someone else comments on the ticket (and this without # asking you to reload the page. # By default it is off, ie: EVENTSOURCE_SOURCE is None, to turn it on, specify # here what the URL of the eventsource server is, for example: # https://ev.pagure.io or https://pagure.io:8080 or whatever you are using # (Note: the urls sent to it start with a '/' so no need to add one yourself) EVENTSOURCE_SOURCE = 'http://localhost:8080' # Port where the event source server is running (maybe be the same port # as the one specified in EVENTSOURCE_SOURCE or a different one if you # have something running in front of the server such as apache or stunnel). EVENTSOURCE_PORT = 8080 # If this port is specified, the event source server will run another server # at this port and will provide information about the number of active # connections running on the first (main) event source server #EV_STATS_PORT = 8888 # Web-hook can be turned on or off allowing using them for notifications, or # not. WEBHOOK = True ### Redis configuration # A redis server is required for both the Event-Source server or the web-hook # server. REDIS_HOST = '127.0.0.1' REDIS_PORT = 6379 REDIS_DB = 0 # Authentication related configuration option ### Switch the authentication method # Specify which authentication method to use, defaults to `fas` can be or # `local` # Default: ``fas``. PAGURE_AUTH = 'local' # When this is set to True, the session cookie will only be returned to the # server via ssl (https). If you connect to the server via plain http, the # cookie will not be sent. This prevents sniffing of the cookie contents. # This may be set to False when testing your application but should always # be set to True in production. # Default: ``True``. SESSION_COOKIE_SECURE = False # The name of the cookie used to store the session id. # Default: ``.pagure``. SESSION_COOKIE_NAME = 'pagure' # Boolean specifying whether to check the user's IP address when retrieving # its session. This make things more secure (thus is on by default) but # under certain setup it might not work (for example is there are proxies # in front of the application). CHECK_SESSION_IP = True # Used by SESSION_COOKIE_PATH APPLICATION_ROOT = '/' # Allow the backward compatiblity endpoints for the old URLs schema to # see the commits of a repo. This is only interesting if you pagure instance # was running since before version 1.3 and if you care about backward # compatibility in your URLs. OLD_VIEW_COMMIT_ENABLED = False LOGGING = { "version": 1, "disable_existing_loggers": False, "formatters": { "standard": { "format": "%(asctime)s [%(levelname)s] %(name)s: %(message)s" }, }, "filters": {"myfilter": {"()": ContextInjector}}, "handlers": { "console": { "formatter": "standard", "class": "logging.StreamHandler", "stream": "ext://sys.stdout", }, }, # The root logger configuration; this is a catch-all configuration # that applies to all log messages not handled by a different logger "root": {"handlers": ["console"]}, "loggers": { "pagure": { "handlers": ["console"], "level": "DEBUG", "propagate": True, }, "flask": { "handlers": ["console"], "level": "INFO", "propagate": False, }, "sqlalchemy": { "handlers": ["console"], "level": "WARN", "propagate": False, }, "pagure.lib.encoding_utils": { "handlers": ["console"], "level": "WARN", "propagate": False, }, }, }