1
0

configuration.rst 52 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798991001011021031041051061071081091101111121131141151161171181191201211221231241251261271281291301311321331341351361371381391401411421431441451461471481491501511521531541551561571581591601611621631641651661671681691701711721731741751761771781791801811821831841851861871881891901911921931941951961971981992002012022032042052062072082092102112122132142152162172182192202212222232242252262272282292302312322332342352362372382392402412422432442452462472482492502512522532542552562572582592602612622632642652662672682692702712722732742752762772782792802812822832842852862872882892902912922932942952962972982993003013023033043053063073083093103113123133143153163173183193203213223233243253263273283293303313323333343353363373383393403413423433443453463473483493503513523533543553563573583593603613623633643653663673683693703713723733743753763773783793803813823833843853863873883893903913923933943953963973983994004014024034044054064074084094104114124134144154164174184194204214224234244254264274284294304314324334344354364374384394404414424434444454464474484494504514524534544554564574584594604614624634644654664674684694704714724734744754764774784794804814824834844854864874884894904914924934944954964974984995005015025035045055065075085095105115125135145155165175185195205215225235245255265275285295305315325335345355365375385395405415425435445455465475485495505515525535545555565575585595605615625635645655665675685695705715725735745755765775785795805815825835845855865875885895905915925935945955965975985996006016026036046056066076086096106116126136146156166176186196206216226236246256266276286296306316326336346356366376386396406416426436446456466476486496506516526536546556566576586596606616626636646656666676686696706716726736746756766776786796806816826836846856866876886896906916926936946956966976986997007017027037047057067077087097107117127137147157167177187197207217227237247257267277287297307317327337347357367377387397407417427437447457467477487497507517527537547557567577587597607617627637647657667677687697707717727737747757767777787797807817827837847857867877887897907917927937947957967977987998008018028038048058068078088098108118128138148158168178188198208218228238248258268278288298308318328338348358368378388398408418428438448458468478488498508518528538548558568578588598608618628638648658668678688698708718728738748758768778788798808818828838848858868878888898908918928938948958968978988999009019029039049059069079089099109119129139149159169179189199209219229239249259269279289299309319329339349359369379389399409419429439449459469479489499509519529539549559569579589599609619629639649659669679689699709719729739749759769779789799809819829839849859869879889899909919929939949959969979989991000100110021003100410051006100710081009101010111012101310141015101610171018101910201021102210231024102510261027102810291030103110321033103410351036103710381039104010411042104310441045104610471048104910501051105210531054105510561057105810591060106110621063106410651066106710681069107010711072107310741075107610771078107910801081108210831084108510861087108810891090109110921093109410951096109710981099110011011102110311041105110611071108110911101111111211131114111511161117111811191120112111221123112411251126112711281129113011311132113311341135113611371138113911401141114211431144114511461147114811491150115111521153115411551156115711581159116011611162116311641165116611671168116911701171117211731174117511761177117811791180118111821183118411851186118711881189119011911192119311941195119611971198119912001201120212031204120512061207120812091210121112121213121412151216121712181219122012211222122312241225122612271228122912301231123212331234123512361237123812391240124112421243124412451246124712481249125012511252125312541255125612571258125912601261126212631264126512661267126812691270127112721273127412751276127712781279128012811282128312841285128612871288128912901291129212931294129512961297129812991300130113021303130413051306130713081309131013111312131313141315131613171318131913201321132213231324132513261327132813291330133113321333133413351336133713381339134013411342134313441345134613471348134913501351135213531354135513561357135813591360136113621363136413651366136713681369137013711372137313741375137613771378137913801381138213831384138513861387138813891390139113921393139413951396139713981399140014011402140314041405140614071408140914101411141214131414141514161417141814191420142114221423142414251426142714281429143014311432143314341435143614371438143914401441144214431444144514461447144814491450145114521453145414551456145714581459146014611462146314641465146614671468146914701471147214731474147514761477147814791480148114821483148414851486148714881489149014911492149314941495149614971498149915001501150215031504150515061507150815091510151115121513151415151516151715181519152015211522152315241525152615271528152915301531153215331534153515361537153815391540154115421543154415451546154715481549155015511552155315541555155615571558155915601561156215631564156515661567156815691570157115721573157415751576157715781579158015811582158315841585158615871588158915901591159215931594159515961597159815991600160116021603160416051606160716081609161016111612161316141615161616171618161916201621162216231624162516261627162816291630163116321633163416351636163716381639164016411642164316441645164616471648164916501651165216531654165516561657165816591660166116621663166416651666166716681669167016711672167316741675167616771678167916801681168216831684168516861687168816891690169116921693169416951696169716981699170017011702170317041705170617071708170917101711171217131714171517161717171817191720172117221723172417251726172717281729173017311732173317341735173617371738173917401741174217431744174517461747174817491750175117521753175417551756175717581759176017611762176317641765176617671768176917701771177217731774177517761777177817791780178117821783178417851786178717881789179017911792179317941795179617971798179918001801180218031804180518061807180818091810181118121813181418151816181718181819182018211822182318241825182618271828
  1. Configuration
  2. =============
  3. Pagure offers a wide varieties of options that must or can be used to
  4. adjust its behavior.
  5. Must options
  6. ------------
  7. Here are the options you must set up in order to get pagure running.
  8. SECRET_KEY
  9. ~~~~~~~~~~
  10. This configuration key is used by flask to create the session. It should be kept secret
  11. and set as a long and random string.
  12. SALT_EMAIL
  13. ~~~~~~~~~~
  14. This configuration key is used to ensure that when sending
  15. notifications to different users, each one of them has a different, unique
  16. and unfakeable ``Reply-To`` header. This header is then used by the milter to find
  17. out if the response received is a real one or a fake/invalid one.
  18. DB_URL
  19. ~~~~~~
  20. This configuration key indicates to the framework how and where to connect to the database
  21. server. Pagure uses `SQLAchemy <http://www.sqlalchemy.org/>`_ to connect
  22. to a wide range of database server including MySQL, PostgreSQL, and SQLite.
  23. Examples values:
  24. ::
  25. DB_URL = 'mysql://user:pass@host/db_name'
  26. DB_URL = 'postgres://user:pass@host/db_name'
  27. DB_URL = 'sqlite:////var/tmp/pagure_dev.sqlite'
  28. Defaults to ``sqlite:////var/tmp/pagure_dev.sqlite``
  29. APP_URL
  30. ~~~~~~~
  31. This configuration key indicates the URL at which this pagure instance will be made available.
  32. Defaults to: ``http://localhost.localdomain/``
  33. EMAIL_ERROR
  34. ~~~~~~~~~~~
  35. Pagure sends email when it catches an unexpected error (which saves you from
  36. having to monitor the logs regularly; but if you like, the error is still
  37. present in the logs).
  38. This configuration key allows you to specify to which email address to send
  39. these error reports.
  40. GIT_URL_SSH
  41. ~~~~~~~~~~~
  42. This configuration key provides the information to the user on how to clone
  43. the git repos hosted on pagure via `SSH <https://en.wikipedia.org/wiki/Secure_Shell>`_.
  44. The URL should end with a slash ``/``.
  45. Defaults to: ``'ssh://git@llocalhost.localdomain/'``
  46. .. note:: If you are using a custom setup for your deployment where every
  47. user has an account on the machine you may want to tweak this URL
  48. to include the username. If that is the case, you can use
  49. ``{username}`` in the URL and it will be expanded to the username
  50. of the user viewing the page when rendered.
  51. For example: ``'ssh://{username}@pagure.org/'``
  52. GIT_URL_GIT
  53. ~~~~~~~~~~~
  54. This configuration key provides the information to the user on how to clone
  55. the git repos hosted on pagure anonymously. This access can be granted via
  56. the ``git://`` or ``http(s)://`` protocols.
  57. The URL should end with a slash ``/``.
  58. Defaults to: ``'git://localhost.localdomain/'``
  59. BROKER_URL
  60. ~~~~~~~~~~
  61. This configuration key is used to point celery to the broker to use. This
  62. is the broker that is used to communicate between the web application and
  63. its workers.
  64. Defaults to: ``'redis://%s' % APP.config['REDIS_HOST']``
  65. .. note:: See the :ref:`redis-section` for the ``REDIS_HOST`` configuration
  66. key
  67. Repo Directories
  68. ----------------
  69. Each project in pagure has 2 to 4 git repositories, depending on configuration
  70. of the Pagure instance (see below):
  71. - the main repo for the code
  72. - the doc repo showed in the doc server (optional)
  73. - the ticket repo storing the metadata of the tickets (optional)
  74. - the request repo storing the metadata of the pull-requests
  75. There are then another 3 folders: one for specifying the locations of the forks, one
  76. for the remote git repo used for the remotes pull-requests (ie: those coming from
  77. a project not hosted on this instance of pagure), and one for user-uploaded tarballs.
  78. GIT_FOLDER
  79. ~~~~~~~~~~
  80. This configuration key points to the folder where the git repos are stored.
  81. For every project, two to four repos are created:
  82. * a repo with source code of the project
  83. * a repo with documentation of the project
  84. (if ``ENABLE_DOCS`` is ``True``)
  85. * a repo with metadata of tickets opened against the project
  86. (if ``ENABLE_TICKETS`` is ``True``)
  87. * a repo with metadata of pull requests opened against the project
  88. Note that gitolite config value ``GL_REPO_BASE`` (if using gitolite 3)
  89. or ``$REPO_BASE`` (if using gitolite 2) **must** have exactly the same
  90. value as ``GIT_FOLDER``.
  91. REMOTE_GIT_FOLDER
  92. ~~~~~~~~~~~~~~~~~
  93. This configuration key points to the folder where the remote git repos (ie:
  94. not hosted on pagure) that someone used to open a pull-request against a
  95. project hosted on pagure are stored.
  96. UPLOAD_FOLDER_PATH
  97. ~~~~~~~~~~~~~~~~~~
  98. This configuration key points to the folder where user-uploaded tarballs
  99. are stored and served from.
  100. ATTACHMENTS_FOLDER
  101. ~~~~~~~~~~~~~~~~~~
  102. This configuration key points to the folder where attachments can be cached
  103. for easier access by the web-server (allowing to not interact with the git
  104. repo having it to serve it).
  105. UPLOAD_FOLDER_URL
  106. ~~~~~~~~~~~~~~~~~~
  107. Full URL to where the uploads are available. It is highly recommended for
  108. security reasons that this URL lives on a different domain than the main
  109. application (an entirely different domain, not just a sub-domain).
  110. Defaults to: ``/releases/``, unsafe for production!
  111. .. warning:: both `UPLOAD_FOLDER_PATH` and `UPLOAD_FOLDER_URL` must be
  112. specified for the upload release feature to work
  113. SESSION_COOKIE_SECURE
  114. ~~~~~~~~~~~~~~~~~~~~~
  115. When this is set to True, the session cookie will only be returned to the
  116. server via ssl (https). If you connect to the server via plain http, the
  117. cookie will not be sent. This prevents sniffing of the cookie contents.
  118. This may be set to False when testing your application but should always
  119. be set to True in production.
  120. Defaults to: ``False`` for development, must be ``True`` in production with
  121. https.
  122. SESSION_TYPE
  123. ~~~~~~~~~~~~
  124. Enables the `flask-session <https://pythonhosted.org/Flask-Session/>`_
  125. extension if set to a value other than ``None``. The ``flask-session``
  126. package needs to be installed and proper
  127. `configuration <https://pythonhosted.org/Flask-Session/#configuration>`_
  128. needs to be included in the Pagure config file.
  129. This is useful when the Pagure server needs to be scaled up to multiple
  130. instances, which requires the flask session keys to be shared between those.
  131. Flask-session allows you to use Redis, Memcached, relational database
  132. or MongoDB for storing shared session keys.
  133. FROM_EMAIL
  134. ~~~~~~~~~~
  135. This configuration key specifies the email address used by this pagure instance
  136. when sending emails (notifications).
  137. Defaults to: ``pagure@localhost.localdomain``
  138. DOMAIN_EMAIL_NOTIFICATIONS
  139. ~~~~~~~~~~~~~~~~~~~~~~~~~~
  140. This configuration key specifies the domain used by this pagure instance
  141. when sending emails (notifications). More precisely, it is used
  142. when building the ``msg-id`` header of the emails sent.
  143. Defaults to: ``localhost.localdomain``
  144. VIRUS_SCAN_ATTACHMENTS
  145. ~~~~~~~~~~~~~~~~~~~~~~
  146. This configuration key configures whether attachments are scanned for viruses on
  147. upload. For more information, see the install.rst guide.
  148. Defaults to: ``False``
  149. GIT_AUTH_BACKEND
  150. ^^^^^^^^^^^^^^^^
  151. This configuration key allows specifying which git auth backend to use.
  152. Git auth backends can either be static (like gitolite), where a file is
  153. generated when something changed and then used on login, or dynamic,
  154. where the actual ACLs are checked in a git hook before being applied.
  155. By default pagure provides the following backends:
  156. - `test_auth`: simple debugging backend printing and returning the string ``Called GitAuthTestHelper.generate_acls()``
  157. - `gitolite2`: allows deploying pagure on the top of gitolite 2
  158. - `gitolite3`: allows deploying pagure on the top of gitolite 3
  159. Defaults to: ``gitolite3``
  160. .. note:: The option GITOLITE_BACKEND is the legacy name, and for backwards compatibility reasons will override this setting
  161. .. note:: These options can be expended, cf :ref:`custom-gitolite`.
  162. Configure Gitolite
  163. ------------------
  164. Pagure can use `gitolite <http://gitolite.com/>`_ as an authorization layer.
  165. Gitolite relies on `SSH <https://en.wikipedia.org/wiki/Secure_Shell>`_ for
  166. the authentication. In other words, SSH lets you in and gitolite checks if
  167. you are allowed to do what you are trying to do once you are inside.
  168. Pagure supports both gitolite 2 and gitolite 3 and the code generating
  169. the gitolite configuration can be customized for easier integration with
  170. other systems (cf :ref:`custom-gitolite`).
  171. **gitolite 2 and 3**
  172. ~~~~~~~~~~~~~~~~~~~~
  173. GITOLITE_HOME
  174. ^^^^^^^^^^^^^
  175. This configuration key points to the home directory of the user under which
  176. gitolite is ran.
  177. GITOLITE_KEYDIR
  178. ^^^^^^^^^^^^^^^
  179. This configuration key points to the folder where gitolite stores and accesses
  180. the public SSH keys of all the user have access to the server.
  181. Since pagure is the user interface, it is pagure that writes down the files
  182. in this directory, effectively setting up the users to be able to use gitolite.
  183. GITOLITE_CONFIG
  184. ^^^^^^^^^^^^^^^
  185. This configuration key points to the gitolite.conf file where pagure writes
  186. the gitolite repository access configuration.
  187. GITOLITE_CELERY_QUEUE
  188. ^^^^^^^^^^^^^^^^^^^^^
  189. This configuration is useful for large pagure deployment where recompiling
  190. the gitolite config file can take a long time. By default the compilation
  191. of gitolite's configuration file is done by the pagure_worker, which spawns
  192. by default 4 concurrent workers. If it takes a while to recompile the
  193. gitolite configuration file, these workers may be stepping on each others'
  194. toes.
  195. In this situation, this configuration key allows you to direct the messages
  196. asking for the gitolite configuration file to be compiled to a different
  197. queue which can then be handled by a different service/worker.
  198. Pagure provides a ``pagure_gitolite_worker.service`` systemd service file
  199. pre-configured to handles these messages if this configuration key is set
  200. to ``gitolite_queue``.
  201. **gitolite 2 only**
  202. ~~~~~~~~~~~~~~~~~~~
  203. GL_RC
  204. ^^^^^
  205. This configuration key points to the file ``gitolite.rc`` used by gitolite
  206. to record who has access to what (ie: who has access to which repo/branch).
  207. GL_BINDIR
  208. ^^^^^^^^^
  209. This configuration key indicates the folder in which the gitolite tools can
  210. be found. It can be as simple as ``/usr/bin/`` if the tools have been installed
  211. using a package manager or something like ``/opt/bin/`` for a more custom
  212. install.
  213. **gitolite 3 only**
  214. ~~~~~~~~~~~~~~~~~~~
  215. GITOLITE_HAS_COMPILE_1
  216. ^^^^^^^^^^^^^^^^^^^^^^
  217. By setting this configuration key to ``True``, you can turn on using the
  218. gitolite ``compile-1`` binary. This speeds up gitolite task when it recompiles
  219. configuration after new project is created. In order to use this, you need to
  220. have the ``compile-1`` gitolite command.
  221. There are two ways to have it,
  222. #. You distribution already has the file installed for you and you can then
  223. just use it.
  224. #. You need to download and install it yourself. We are describing what
  225. needs to be done for this here below.
  226. Installing the ``compile-1`` command:
  227. * You also have to make sure that your distribution of gitolite contains
  228. `patch <https://github.com/sitaramc/gitolite/commit/c4b6521a4b82e639f6ed776abad79c>`_
  229. which makes gitolite respect ``ALLOW_ORPHAN_GL_CONF`` configuration variable,
  230. if this patch isn't already present, you will have to make the change yourself.
  231. * In your ``gitolite.rc`` set ``ALLOW_ORPHAN_GL_CONF`` to ``1`` (you may
  232. have to add it yourself).
  233. * Still in your ``gitolite.rc`` file, uncomment ``LOCAL_CODE`` file and set
  234. it to a full path of a directory that you choose (for example
  235. ``/usr/local/share/gitolite3``).
  236. * Create a subdirectory ``commands`` under the path you picked for ``LOCAL_CODE``
  237. (in our example, you will need to do: ``mkdir -p /usr/local/share/gitolite3/commands``)
  238. * Finally, install the ``compile-1`` command in this ``commands`` subdirectory
  239. If your installation doesn't ship this file, you can `download it
  240. <https://github.com/sitaramc/gitolite/blob/master/contrib/commands/compile-1>`_.
  241. (Ensure the file is executable, otherwise gitolite will not find it)
  242. Defaults to: ``False``
  243. EventSource options
  244. -------------------
  245. EVENTSOURCE_SOURCE
  246. ~~~~~~~~~~~~~~~~~~
  247. This configuration key indicates the URL at which the EventSource server is
  248. available. If not defined, pagure will behave as if there are no EventSource
  249. server running.
  250. EVENTSOURCE_PORT
  251. ~~~~~~~~~~~~~~~~
  252. This configuration key indicates the port at which the EventSource server is
  253. running.
  254. .. note:: The EventSource server requires a redis server (see ``Redis options``
  255. below)
  256. Web-hooks notifications
  257. -----------------------
  258. WEBHOOK
  259. ~~~~~~~
  260. This configuration key allows turning on or off web-hooks notifications for
  261. this pagure instance.
  262. Defaults to: ``False``.
  263. .. note:: The Web-hooks server requires a redis server (see ``Redis options``
  264. below)
  265. .. _redis-section:
  266. Redis options
  267. -------------
  268. REDIS_HOST
  269. ~~~~~~~~~~
  270. This configuration key indicates the host at which the `redis <http://redis.io/>`_
  271. server is running.
  272. Defaults to: ``0.0.0.0``.
  273. REDIS_PORT
  274. ~~~~~~~~~~
  275. This configuration key indicates the port at which the redis server can be
  276. contacted.
  277. Defaults to: ``6379``.
  278. REDIS_DB
  279. ~~~~~~~~
  280. This configuration key indicates the name of the redis database to use for
  281. communicating with the EventSource server.
  282. Defaults to: ``0``.
  283. Authentication options
  284. ----------------------
  285. ADMIN_GROUP
  286. ~~~~~~~~~~~
  287. List of groups, either local or remote (if the openid server used supports the
  288. group extension), that are the site admins. These admins can regenerate the
  289. gitolite configuration, the ssh key files, and the hook-token for every project
  290. as well as manage users and groups.
  291. PAGURE_ADMIN_USERS
  292. ~~~~~~~~~~~~~~~~~~
  293. List of local users that are the site admins. These admins have the same rights as
  294. the users in the admin groups listed above as well as admin rights to
  295. all projects hosted on this pagure instance.
  296. Celery Queue options
  297. --------------------
  298. In order to help prioritize between tasks having a direct impact on the user
  299. experience and tasks needed to be run on the background but not directly
  300. impacting the users, we have split the generic tasks triggered by the web
  301. application into three possible queues: Fast, Medium, Slow.
  302. If none of these options are set, a single queue will be used for all tasks.
  303. FAST_CELERY_QUEUE
  304. ~~~~~~~~~~~~~~~~~
  305. This configuration key allows to specify a dedicated queue for tasks that
  306. are triggered by the web frontend and need to be processed quickly for the
  307. best user experience.
  308. This will be used for tasks such as creating a new project, forking or
  309. merging a pull-request.
  310. Defaults to: ``None``.
  311. MEDIUM_CELERY_QUEUE
  312. ~~~~~~~~~~~~~~~~~~~
  313. This configuration key allows to specify a dedicated queue for tasks that
  314. are triggered by the web frontend and need to be processed but aren't critical
  315. for the best user experience.
  316. This will be used for tasks such as updating a file in a git repository.
  317. Defaults to: ``None``.
  318. SLOW_CELERY_QUEUE
  319. ~~~~~~~~~~~~~~~~~
  320. This configuration key allows to specify a dedicated queue for tasks that
  321. are triggered by the web frontend, are slow and do not impact the user
  322. experience in the user interface.
  323. This will be used for tasks such as updating the ticket git repo based on
  324. the content posted in the user interface.
  325. Defaults to: ``None``.
  326. Stomp Options
  327. -------------
  328. Pagure integration with Stomp allows you to emit messages to any
  329. stomp-compliant message bus.
  330. STOMP_NOTIFICATIONS
  331. ~~~~~~~~~~~~~~~~~~~
  332. This configuration key allows to turn on or off notifications via
  333. `stomp protocol <https://stomp.github.io/>`_. All other stomp-related
  334. settings don't need to be present if this is set to ``False``.
  335. Defaults to: ``False``.
  336. STOMP_BROKERS
  337. ~~~~~~~~~~~~~
  338. List of 2-tuples with broker domain names and ports. For example
  339. ``[('primary.msg.bus.com', 6543), ('backup.msg.bus.com`, 6543)]``.
  340. STOMP_HIERARCHY
  341. ~~~~~~~~~~~~~~~
  342. Base name of the hierarchy to emit messages to. For example
  343. ``/queue/some.hierarchy.``. Note that this **must** end with
  344. a dot. Pagure will append queue names such as ``project.new``
  345. to this value, resulting in queue names being e.g.
  346. ``/queue/some.hierarchy.project.new``.
  347. STOMP_SSL
  348. ~~~~~~~~~
  349. Whether or not to use SSL when connecting to message brokers.
  350. Defaults to: ``False``.
  351. STOMP_KEY_FILE
  352. ~~~~~~~~~~~~~~
  353. Absolute path to key file for SSL connection. Only required if
  354. ``STOMP_SSL`` is set to ``True``.
  355. STOMP_CERT_FILE
  356. ~~~~~~~~~~~~~~~
  357. Absolute path to certificate file for SSL connection. Only required if
  358. ``STOMP_SSL`` is set to ``True``.
  359. STOMP_CREDS_PASSWORD
  360. ~~~~~~~~~~~~~~~~~~~~
  361. Password for decoding ``STOMP_CERT_FILE`` and ``STOMP_KEY_FILE``. Only
  362. required if ``STOMP_SSL`` is set to ``True`` and credentials files are
  363. password-encoded.
  364. API token ACLs
  365. --------------
  366. ACLS
  367. ~~~~
  368. This configuration key lists all the ACLs that can be associated with an API
  369. token with a short description of what the ACL allows to do.
  370. This key it not really meant to be changed unless you really know what you
  371. are doing.
  372. USER_ACLS
  373. ~~~~~~~~~
  374. This configuration key allows to list which of the ACLs listed in ``ACLS``
  375. can be associated with an API token of a project in the (web) user interface.
  376. Use this configuration key in combination with ``ADMIN_API_ACLS`` to disable
  377. certain ACLs for users while allowing admins to generate keys with them.
  378. Defaults to: ``[key for key in ACLS.keys() if key != 'generate_acls_project']``
  379. (ie: all the ACLs in ``ACLS`` except for ``generate_acls_project``)
  380. ADMIN_API_ACLS
  381. ~~~~~~~~~~~~~~
  382. This configuration key allows to list which of the ACLs listed in ``ACLS``
  383. can be generated by the ``pagure-admin`` CLI tool by admins.
  384. Defaults to: ``['issue_comment', 'issue_create', 'issue_change_status', 'pull_request_flag', 'pull_request_comment', 'pull_request_merge', 'generate_acls_project', 'commit_flag', 'create_branch']``
  385. CROSS_PROJECT_ACLS
  386. ~~~~~~~~~~~~~~~~~~
  387. This configuration key allows to list which of the ACLs listed in ``ACLS``
  388. can be associated with a project-less API token in the (web) user interface.
  389. These project-less API tokens can be generated in the user's settings page
  390. and allows action in multiple projects instead of being restricted to a
  391. specific one.
  392. Defaults to: ``['create_project', 'fork_project', 'modify_project']``
  393. Optional options
  394. ----------------
  395. Git repository templates
  396. ~~~~~~~~~~~~~~~~~~~~~~~~
  397. PROJECT_TEMPLATE_PATH
  398. ^^^^^^^^^^^^^^^^^^^^^
  399. This configuration key allows you to specify the path to a git repository
  400. to use as a template when creating new repository for new projects.
  401. This template will not be used for forks nor any of the git repository but
  402. the one used for the sources (ie: it will not be used for the tickets,
  403. requests or docs repositories).
  404. FORK_TEMPLATE_PATH
  405. ^^^^^^^^^^^^^^^^^^
  406. This configuration key allows you to specify the path to a git repository
  407. to use as a template when creating new repository for new forks.
  408. This template will not be used for any of the git repository but
  409. the one used for the sources of forks (ie: it will not be used for the
  410. tickets, requests or docs repositories).
  411. SSH_KEYS
  412. ~~~~~~~~
  413. It is a good practice to publish the fingerprint and public SSH key of a
  414. server you provide access to.
  415. Pagure offers the possibility to expose this information based on the values
  416. set in the configuration file, in the ``SSH_KEYS`` configuration key.
  417. See the `SSH hostkeys/Fingerprints page on pagure.io <https://pagure.io/ssh_info>`_.
  418. .. warning: The format is important
  419. SSH_KEYS = {'RSA': {'fingerprint': '<foo>', 'pubkey': '<bar>'}}
  420. Where `<foo>` and `<bar>` must be replaced by your values.
  421. LOGGING
  422. ~~~~~~~
  423. This configuration key allows you to set up the logging of the application.
  424. It relies on the standard `python logging module
  425. <https://docs.python.org/2/library/logging.html>`_.
  426. The default value is:
  427. ::
  428. LOGGING = {
  429. 'version': 1,
  430. 'disable_existing_loggers': False,
  431. 'formatters': {
  432. 'standard': {
  433. 'format': '%(asctime)s [%(levelname)s] %(name)s: %(message)s'
  434. },
  435. 'email_format': {
  436. 'format': MSG_FORMAT
  437. }
  438. },
  439. 'filters': {
  440. 'myfilter': {
  441. '()': ContextInjector,
  442. }
  443. },
  444. 'handlers': {
  445. 'console': {
  446. 'level': 'INFO',
  447. 'formatter': 'standard',
  448. 'class': 'logging.StreamHandler',
  449. 'stream': 'ext://sys.stdout',
  450. },
  451. 'email': {
  452. 'level': 'ERROR',
  453. 'formatter': 'email_format',
  454. 'class': 'logging.handlers.SMTPHandler',
  455. 'mailhost': 'localhost',
  456. 'fromaddr': 'pagure@localhost',
  457. 'toaddrs': 'root@localhost',
  458. 'subject': 'ERROR on pagure',
  459. 'filters': ['myfilter'],
  460. },
  461. },
  462. # The root logger configuration; this is a catch-all configuration
  463. # that applies to all log messages not handled by a different logger
  464. 'root': {
  465. 'level': 'INFO',
  466. 'handlers': ['console'],
  467. },
  468. 'loggers': {
  469. 'pagure': {
  470. 'handlers': ['console'],
  471. 'level': 'DEBUG',
  472. 'propagate': True
  473. },
  474. 'flask': {
  475. 'handlers': ['console'],
  476. 'level': 'INFO',
  477. 'propagate': False
  478. },
  479. 'sqlalchemy': {
  480. 'handlers': ['console'],
  481. 'level': 'WARN',
  482. 'propagate': False
  483. },
  484. 'binaryornot': {
  485. 'handlers': ['console'],
  486. 'level': 'WARN',
  487. 'propagate': True
  488. },
  489. 'pagure.lib.encoding_utils': {
  490. 'handlers': ['console'],
  491. 'level': 'WARN',
  492. 'propagate': False
  493. },
  494. }
  495. }
  496. .. note:: as you can see there is an ``email`` handler defined. It's not used
  497. anywhere by default but you can use it to get report of errors by email
  498. and thus monitor your pagure instance.
  499. To do this the easiest is to set, on the ``root`` logger:
  500. ::
  501. 'handlers': ['console', 'email'],
  502. ITEM_PER_PAGE
  503. ~~~~~~~~~~~~~
  504. This configuration key allows you to configure the length of a page by
  505. setting the number of items on the page. Items can be commits, users, groups,
  506. or projects for example.
  507. Defaults to: ``50``.
  508. PR_TARGET_MATCHING_BRANCH
  509. ~~~~~~~~~~~~~~~~~~~~~~~~~
  510. If set to ``True``, the default target branch for all pull requests in UI
  511. is the branch that is longest substring of the branch that the pull request
  512. is created from. For example, a ``mybranch`` branch in original repo will
  513. be the default target of a pull request from branch ``mybranch-feature-1``
  514. in a fork when opening a new pull request. If this is set to ``False``,
  515. the default branch of the repo will be the default target of all pull requests.
  516. Defaults to: ``False``.
  517. SMTP_SERVER
  518. ~~~~~~~~~~~
  519. This configuration key specifies the SMTP server to use when
  520. sending emails.
  521. Defaults to: ``localhost``.
  522. SMTP_PORT
  523. ~~~~~~~~~
  524. This configuration key specifies the SMTP server port.
  525. SMTP by default uses TCP port 25. The protocol for mail submission is
  526. the same, but uses port 587.
  527. SMTP connections secured by SSL, known as SMTPS, default to port 465
  528. (nonstandard, but sometimes used for legacy reasons).
  529. Defaults to: ``25``
  530. SMTP_SSL
  531. ~~~~~~~~
  532. This configuration key specifies whether the SMTP connections
  533. should be secured over SSL.
  534. Defaults to: ``False``
  535. SMTP_USERNAME
  536. ~~~~~~~~~~~~~
  537. This configuration key allows usage of SMTP with auth.
  538. Note: Specify SMTP_USERNAME and SMTP_PASSWORD for using SMTP auth
  539. Defaults to: ``None``
  540. SMTP_PASSWORD
  541. ~~~~~~~~~~~~~
  542. This configuration key allows usage of SMTP with auth.
  543. Note: Specify SMTP_USERNAME and SMTP_PASSWORD for using SMTP auth
  544. Defaults to: ``None``
  545. SHORT_LENGTH
  546. ~~~~~~~~~~~~
  547. This configuration key specifies the length of the commit ids or
  548. file hex displayed in the user interface.
  549. Defaults to: ``6``.
  550. BLACKLISTED_PROJECTS
  551. ~~~~~~~~~~~~~~~~~~~~
  552. This configuration key specifies a list of project names that are forbidden.
  553. This list is used for example to avoid conflicts at the URL level between the
  554. static files located under ``/static/`` and a project that would be named
  555. ``static`` and thus be located at ``/static``.
  556. Defaults to:
  557. ::
  558. [
  559. 'static', 'pv', 'releases', 'new', 'api', 'settings',
  560. 'logout', 'login', 'users', 'groups', 'about'
  561. ]
  562. CHECK_SESSION_IP
  563. ~~~~~~~~~~~~~~~~
  564. This configuration key specifies whether to check the user's IP
  565. address when retrieving its session. This makes things more secure but
  566. under certain setups it might not work (for example if there
  567. are proxies in front of the application).
  568. Defaults to: ``True``.
  569. PAGURE_AUTH
  570. ~~~~~~~~~~~~
  571. This configuration key specifies which authentication method to use.
  572. Valid options are ``fas``, ``openid``, ``oidc``, or ``local``.
  573. * ``fas`` uses the Fedora Account System `FAS <https://admin.fedoraproject.org/accounts>`
  574. to provide user authentication and enforces that users sign the FPCA.
  575. * ``openid`` uses OpenID authentication. Any provider may be used by
  576. changing the FAS_OPENID_ENDPOINT configuration key. By default
  577. FAS (without FPCA) will be used.
  578. * ``oidc`` enables OpenID Connect using any provider. This provider requires
  579. the configuration options starting with ``OIDC_`` (see below) to be provided.
  580. * ``local`` causes pagure to use the local pagure database for user management.
  581. Defaults to: ``local``.
  582. OIDC Settings
  583. ~~~~~~~~~~~~~
  584. .. note:: Pagure uses `flask-oidc <https://github.com/puiterwijk/flask-oidc/>`_
  585. to support OIDC authentication. This extension has a `number of configuration
  586. keys <http://flask-oidc.readthedocs.io/en/latest/#settings-reference>`_
  587. that may be useful depending on your set-up
  588. OIDC_CLIENT_SECRETS
  589. ^^^^^^^^^^^^^^^^^^^
  590. Provide a path to client secrets file on local filesystem. This file can be
  591. obtained from your OpenID Connect identity provider. Note that some providers
  592. don't fill in ``userinfo_uri``. If that is the case, you need to add it to
  593. the secrets file manually.
  594. OIDC_ID_TOKEN_COOKIE_SECURE
  595. ^^^^^^^^^^^^^^^^^^^^^^^^^^^
  596. When this is set to True, the cookie with OpenID Connect Token will only be
  597. returned to the server via ssl (https). If you connect to the server via plain
  598. http, the cookie will not be sent. This prevents sniffing of the cookie contents.
  599. This may be set to False when testing your application but should always
  600. be set to True in production.
  601. Defaults to: ``True`` for production with https, can be set to ``False`` for
  602. convenient development.
  603. OIDC_SCOPES
  604. ^^^^^^^^^^^
  605. List of `OpenID Connect scopes http://openid.net/specs/openid-connect-core-1_0.html#ScopeClaims`
  606. to request from identity provider.
  607. OIDC_PAGURE_EMAIL
  608. ^^^^^^^^^^^^^^^^^
  609. Name of key of user's email in userinfo JSON returned by identity provider.
  610. OIDC_PAGURE_FULLNAME
  611. ^^^^^^^^^^^^^^^^^^^^
  612. Name of key of user's full name in userinfo JSON returned by identity provider.
  613. OIDC_PAGURE_USERNAME
  614. ^^^^^^^^^^^^^^^^^^^^
  615. Name of key of user's preferred username in userinfo JSON returned by identity
  616. provider.
  617. OIDC_PAGURE_SSH_KEY
  618. ^^^^^^^^^^^^^^^^^^^
  619. Name of key of user's ssh key in userinfo JSON returned by identity provider.
  620. OIDC_PAGURE_GROUPS
  621. ^^^^^^^^^^^^^^^^^^
  622. Name of key of user's groups in userinfo JSON returned by identity provider.
  623. OIDC_PAGURE_USERNAME_FALLBACK
  624. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  625. This specifies fallback for getting username assuming ``OIDC_PAGURE_USERNAME``
  626. is empty - can be ``email`` (to use the part before ``@``) or ``sub``
  627. (IdP-specific user id, can be a nickname, email or a numeric ID
  628. depending on identity provider).
  629. IP_ALLOWED_INTERNAL
  630. ~~~~~~~~~~~~~~~~~~~
  631. This configuration key specifies which IP addresses are allowed
  632. to access the internal API endpoint. These endpoints are accessed by the
  633. milters for example and allow performing actions in the name of someone else
  634. which is sensitive, thus the origin of the request using
  635. these endpoints is validated.
  636. Defaults to: ``['127.0.0.1', 'localhost', '::1']``.
  637. MAX_CONTENT_LENGTH
  638. ~~~~~~~~~~~~~~~~~~
  639. This configuration key specifies the maximum file size allowed when
  640. uploading content to pagure (for example, screenshots to a ticket).
  641. Defaults to: ``4 * 1024 * 1024`` which corresponds to 4 megabytes.
  642. ENABLE_TICKETS
  643. ~~~~~~~~~~~~~~
  644. This configuration key activates or deactivates the ticketing system
  645. for all the projects hosted on this pagure instance.
  646. Defaults to: ``True``
  647. ENABLE_DOCS
  648. ~~~~~~~~~~~
  649. This configuration key activates or deactivates creation of git repos
  650. for documentation for all the projects hosted on this pagure instance.
  651. Defaults to: ``True``
  652. ENABLE_NEW_PROJECTS
  653. ~~~~~~~~~~~~~~~~~~~
  654. This configuration key permits or forbids creation of new projects via
  655. the user interface and the API of this pagure instance.
  656. Defaults to: ``True``
  657. ENABLE_UI_NEW_PROJECTS
  658. ~~~~~~~~~~~~~~~~~~~~~~
  659. This configuration key permits or forbids creation of new projects via
  660. the user interface (only) of this pagure instance. It allows forbidding
  661. to create new project in the user interface while letting a set of trusted
  662. person to create projects via the API granted they have the API token with
  663. the corresponding ACL.
  664. Defaults to: ``True``
  665. ENABLE_DEL_PROJECTS
  666. ~~~~~~~~~~~~~~~~~~~
  667. This configuration key permits or forbids deletion of projects via
  668. the user interface of this pagure instance.
  669. Defaults to: ``True``
  670. ENABLE_DEL_FORKS
  671. ~~~~~~~~~~~~~~~~
  672. This configuration key permits or forbids deletion of forks via
  673. the user interface of this pagure instance.
  674. Defaults to: ``ENABLE_DEL_PROJECTS``
  675. EMAIL_SEND
  676. ~~~~~~~~~~
  677. This configuration key enables or disables all email notifications for
  678. this pagure instance. This can be useful to turn off when developing on
  679. pagure, or for test or pre-production instances.
  680. Defaults to: ``False``.
  681. .. note::
  682. This does not disable emails to the email address set in ``EMAIL_ERROR``.
  683. FEDMSG_NOTIFICATIONS
  684. ~~~~~~~~~~~~~~~~~~~~
  685. This configuration key allows to turn on or off notifications via `fedmsg
  686. <http://www.fedmsg.com/>`_.
  687. Defaults to: ``False``.
  688. ALWAYS_FEDMSG_ON_COMMITS
  689. ~~~~~~~~~~~~~~~~~~~~~~~~
  690. This configuration key allows to enforce `fedmsg <http://www.fedmsg.com/>`_
  691. notifications on commits made on all projects in a pagure instance.
  692. Defaults to: ``True``.
  693. ALLOW_DELETE_BRANCH
  694. ~~~~~~~~~~~~~~~~~~~
  695. This configuration keys enables or disables allowing users to delete git
  696. branches from the user interface. In sensible pagure instance you may
  697. want to turn this off and with a customized gitolite configuration you can
  698. prevent users from deleting branches in their git repositories.
  699. Defaults to: ``True``.
  700. ALLOW_ADMIN_IGNORE_EXISTING_REPOS
  701. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  702. This enables a checkbox "Ignore existing repos" for admins when creating a new
  703. project. When this is checkbox is checked, existing repositories will not cause
  704. project creation to fail.
  705. This could be used to assume responsibility of existing repositories.
  706. Defaults to: ``False``.
  707. USERS_IGNORE_EXISTING_REPOS
  708. ~~~~~~~~~~~~~~~~~~~~~~~~~~~
  709. List of users who can al create a project while ignoring existing repositories.
  710. Defaults to: ``[]``.
  711. LOCAL_SSH_KEY
  712. ~~~~~~~~~~~~~
  713. This configuration key allows to let pagure administrate the user's ssh keys
  714. or have a third party tool do it for you.
  715. In most cases, it will be fine to let pagure handle it.
  716. Defaults to ``True``.
  717. DEPLOY_KEY
  718. ~~~~~~~~~~
  719. This configuration key allows to disable the deploy keys feature of an
  720. entire pagure instance. This feature enable to add extra public ssh keys
  721. that a third party could use to push to a project.
  722. Defaults to ``True``.
  723. OLD_VIEW_COMMIT_ENABLED
  724. ~~~~~~~~~~~~~~~~~~~~~~~
  725. In version 1.3, pagure changed its URL scheme to view the commit of a
  726. project in order to add support for pseudo-namespaced projects.
  727. For pagure instances older than 1.3, who care about backward compatibility,
  728. we added an endpoint ``view_commit_old`` that brings URL backward
  729. compatibility for URLs using the complete git hash (the 40 characters).
  730. For URLs using a shorter hash, the URLs will remain broken.
  731. This configuration key enables or disables this backward compatibility
  732. which is useful for pagure instances running since before 1.3 but is not
  733. for newer instances.
  734. Defaults to: ``False``.
  735. DISABLE_REMOTE_PR
  736. ~~~~~~~~~~~~~~~~~
  737. In some pagure deployments remote pull requests need to be disabled
  738. due to legal / policy reasons.
  739. Defaults to: ``False``.
  740. PAGURE_CI_SERVICES
  741. ~~~~~~~~~~~~~~~~~~
  742. Pagure can be configure to integrate results of a Continuous Integration (CI)
  743. service to pull-requests open against a project.
  744. To enable this integration, follow the documentation on how to install
  745. pagure-ci and set this configuration key to ``['jenkins']`` (Jenkins being
  746. the only CI service supported at the moment).
  747. Defaults to: ``None``.
  748. .. warning:: Requires `Redis` to be configured and running.
  749. INSTANCE_NAME
  750. ~~~~~~~~~~~~~
  751. This allows giving a name to this running instance of pagure. The name is
  752. then used in the welcome screen shown upon first login.
  753. Defaults to: ``Pagure``
  754. .. note: the welcome screen currently does not work with the `local`
  755. authentication.
  756. ADMIN_EMAIL
  757. ~~~~~~~~~~~
  758. This configuration key allows you to change the default administrator email
  759. which is displayed on the "about" page. It can also be used elsewhere.
  760. Defaults to: ``root@localhost.localdomain``
  761. USER_NAMESPACE
  762. ~~~~~~~~~~~~~~
  763. This configuration key allows to enforce that project are namespaced under
  764. the user's username, behaving in this way in a similar fashion as github.com
  765. or gitlab.com.
  766. Defaults to: ``False``
  767. DOC_APP_URL
  768. ~~~~~~~~~~~
  769. This configuration key allows you to specify where the documentation server
  770. is running (preferably in a different domain name entirely).
  771. If not set, the documentation page will show an error message saying that
  772. this pagure instance does not have a documentation server.
  773. Defaults to: ``None``
  774. PRIVATE_PROJECTS
  775. ~~~~~~~~~~~~~~~~
  776. This configuration key allows you to host private repositories. These
  777. repositories are visible only to the creator of the repository and to the
  778. users who are given access to the repository. No information is leaked about the
  779. private repository which means redis doesn't have the access to the repository
  780. and even fedmsg doesn't get any notifications.
  781. Defaults to: ``True``
  782. EXCLUDE_GROUP_INDEX
  783. ~~~~~~~~~~~~~~~~~~~
  784. This configuration key can be used to hide project an user has access to via
  785. one of the groups listed in this key.
  786. The use-case is the following: the Fedora project is deploying pagure has a
  787. front-end for the git repos of the packages in the distribution, that means
  788. about 17,000 git repositories in pagure. The project has a group of people
  789. that have access to all of these repositories, so when viewing the user's
  790. page of one member of that group, instead of seeing all the project that
  791. this user works on, you can see all the projects hosted in that pagure
  792. instance. Using this configuration key, pagure will hide all the projects
  793. that this user has access to via the specified groups and thus return only
  794. the groups of forks of that users.
  795. Defaults to: ``[]``
  796. TRIGGER_CI
  797. ~~~~~~~~~~
  798. A run of pagure-ci can be manually triggered if some key sentences are added
  799. as comment to a pull-request, either manually or via the "Rerun CI" dropdown.
  800. This allows to re-run a test that failed due to some network outage or other
  801. unexpected issues unrelated to the test suite.
  802. This configuration key allows to define all the sentences that can be used
  803. to trigger this pagure-ci run. The format is following: ``{"<sentence>":
  804. {"name": "<name of the CI>", "description": "<short description>"}}``
  805. Sentences which have ``None`` as value won't show up in the "Rerun CI"
  806. dropdown. Additionally, it's possible to add a ``requires_project_hook_attr``
  807. key to the dict with data about a sentence. For example, having
  808. ``"requires_project_hook_attr": ("ci_hook", "active_pr", True)`` would make
  809. the "Rerun CI" dropdown have a button for this specific CI only if the
  810. project has ``ci_hook`` activated and its ``active_pr`` value is ``True``.
  811. In versions before 5.2, this was a list containing just the sentences.
  812. Defaults to: ``{"pretty please pagure-ci rebuild": {"name": "Default CI",
  813. "description": "Rerun default CI"}}``
  814. .. note:: The sentences defined in this configuration key should be lower
  815. case only!
  816. FLAG_STATUSES_LABELS
  817. ~~~~~~~~~~~~~~~~~~~~
  818. By default, Pagure has ``success``, ``failure``, ``error``, ``pending`` and
  819. ``canceled`` statuses of PR and commit flags. This setting allows you to
  820. define a custom mapping of statuses to their respective Bootstrap labels.
  821. FLAG_SUCCESS
  822. ~~~~~~~~~~~~
  823. Holds name of PR/commit flag that is considered a success.
  824. Defaults to: ``success``
  825. FLAG_FAILURE
  826. ~~~~~~~~~~~~
  827. Holds name of PR/commit flag that is considered a failure.
  828. Defaults to: ``failure``
  829. FLAG_PENDING
  830. ~~~~~~~~~~~~
  831. Holds name of PR/commit flag that is considered a pending state.
  832. Defaults to: ``pending``
  833. EXTERNAL_COMMITTER
  834. ~~~~~~~~~~~~~~~~~~
  835. The external committer feature is a way to allow members of groups defined
  836. outside pagure (and provided to pagure upon login by the authentication
  837. system) to be consider committers on pagure.
  838. This feature can give access to all the projects on the instance, all but
  839. some or just some.
  840. Defaults to: ``{}``
  841. To give access to all the projects to a group named ``fedora-altarch`` use
  842. a such a structure::
  843. EXTERNAL_COMMITTER = {
  844. 'fedora-altarch': {}
  845. }
  846. To give access to all the projects but one (named ``rpms/test``) to a group
  847. named ``provenpackager`` use a such a structure::
  848. EXTERNAL_COMMITTER = {
  849. 'fedora-altarch': {},
  850. 'provenpackager': {
  851. 'exclude': ['rpms/test']
  852. }
  853. }
  854. To give access to just some projects (named ``rpms/test`` and
  855. ``modules/test``) to a group named ``testers`` use a such a structure::
  856. EXTERNAL_COMMITTER = {
  857. 'fedora-altarch': {},
  858. 'provenpackager': {
  859. 'exclude': ['rpms/test']
  860. },
  861. 'testers': {
  862. 'restrict': ['rpms/test', 'modules/test']
  863. }
  864. }
  865. REQUIRED_GROUPS
  866. ~~~~~~~~~~~~~~~
  867. The required groups allows to specify in which group an user must be to be
  868. added to a project with commit or admin access.
  869. Defaults to: ``{}``
  870. Example configuration::
  871. REQUIRED_GROUPS = {
  872. 'rpms/kernel': ['packager', 'kernel-team'],
  873. 'modules/*': ['module-packager', 'packager'],
  874. 'rpms/*': ['packager'],
  875. '*': ['contributor'],
  876. }
  877. With this configuration (evaluated in the provided order):
  878. * only users that are in the groups ``packager`` and ``kernel-team`` will be
  879. allowed to be added the ``rpms/kernel`` project (where ``rpms`` is the
  880. namespace and ``kernel`` the project name).
  881. * only users that are in the groups ``module-packager`` and ``packager``
  882. will be allowed to be added to projects in the ``modules`` namespace.
  883. * only users that are in the group ``packager`` will be allowed to be added
  884. to projects in the ``rpms`` namespace.
  885. * only users in the ``contributor`` group will be allowed to be added to
  886. any project on this pagure instance.
  887. GITOLITE_PRE_CONFIG
  888. ~~~~~~~~~~~~~~~~~~~
  889. This configuration key allows you to include some content at the *top* of
  890. the gitolite configuration file (such as some specific group definition),
  891. thus allowing to customize the gitolite configuration file with elements
  892. and information that are outside of pagure's control.
  893. This can be used in combination with ``GITOLITE_POST_CONFIG`` to further
  894. customize gitolite's configuration file. It can also be used with
  895. ``EXTERNAL_COMMITTER`` to give commit access to git repos based on external
  896. information.
  897. Defaults to: ``None``
  898. GITOLITE_POST_CONFIG
  899. ~~~~~~~~~~~~~~~~~~~~
  900. This configuration key allows you to include some content at the *end* of
  901. the gitolite configuration file (such as some project definition or access),
  902. thus allowing to customize the gitolite configuration file with elements
  903. and information that are outside of pagure's control.
  904. This can be used in combination with ``GITOLITE_PRE_CONFIG`` to further
  905. customize gitolite's configuration file. It can also be used with
  906. ``EXTERNAL_COMMITTER`` to give commit access to git repos based on external
  907. information.
  908. Defaults to: ``None``
  909. GIT_GARBAGE_COLLECT
  910. ~~~~~~~~~~~~~~~~~~~
  911. This configuration key allows for explicit running of ``git gc --auto``
  912. after every operation that adds new objects to any git repository -
  913. that is after pushing and merging. The reason for having this functionality
  914. in Pagure is that gc is not guaranteed to be run by git after every
  915. object-adding operation.
  916. The garbage collection run by Pagure will respect git settings, so you
  917. can tweak ``gc.auto`` and ``gc.autoPackLimit`` to your liking
  918. and that will have immediate effect on the task that runs the garbage
  919. collection. These values can be configured system-wide in ``/etc/gitconfig``.
  920. See https://git-scm.com/docs/git-gc#git-gc---auto for more details.
  921. This is especially useful if repositories are stored on NFS (or similar
  922. network storage), where file metadata access is expensive - having unpacked
  923. objects in repositories requires *a lot* of metadata reads.
  924. Note that the garbage collection is only run on repos that are not on
  925. repoSpanner.
  926. Defaults to: ``False``
  927. CELERY_CONFIG
  928. ~~~~~~~~~~~~~
  929. This configuration key allows you to tweak the configuration of celery for
  930. your needs.
  931. See the documentation about `celery configuration
  932. <http://docs.celeryproject.org/en/latest/userguide/configuration.html>`_ for
  933. more information.
  934. Defaults to: ``{}``
  935. CASE_SENSITIVE
  936. ~~~~~~~~~~~~~~
  937. This configuration key allows to make this pagure instance case sensitive
  938. instead of its default: case-insensitive.
  939. Defaults to: ``False``
  940. PROJECT_NAME_REGEX
  941. ~~~~~~~~~~~~~~~~~~
  942. This configuration key allows to customize the regular expression used to
  943. validate new project name.
  944. Defaults to: ``^[a-zA-z0-9_][a-zA-Z0-9-_]*$``
  945. APPLICATION_ROOT
  946. ~~~~~~~~~~~~~~~~
  947. This configuration key is used in the path of the cookie used by pagure.
  948. Defaults to: ``'/'``
  949. ALLOWED_PREFIX
  950. ~~~~~~~~~~~~~~
  951. This configuration key allows to specify a list of allowed namespaces that
  952. will not require creating a group for users to create projects in.
  953. Defaults to: ``[]``
  954. ADMIN_SESSION_LIFETIME
  955. ~~~~~~~~~~~~~~~~~~~~~~
  956. This configuration key allows specifying the lifetime of the session during
  957. which the user won't have to re-login for admin actions.
  958. In other words, the maximum time between which an user can access a project's
  959. settings page without re-login.
  960. Defaults to: ``timedelta(minutes=20)``
  961. where timedelta comes from the python datetime module
  962. BLACKLISTED_GROUPS
  963. ~~~~~~~~~~~~~~~~~~
  964. This configuration key allows to blacklist some group names.
  965. Defaults to: ``['forks', 'group']``
  966. ENABLE_GROUP_MNGT
  967. ~~~~~~~~~~~~~~~~~
  968. This configuration key allows to turn on or off managing (ie: creating a
  969. group, adding or removing users in that group) groups in this pagure instance.
  970. If turned off, groups and group members are to be managed outside of pagure
  971. and synced upon login.
  972. Defaults to: ``True``
  973. ENABLE_USER_MNGT
  974. ~~~~~~~~~~~~~~~~
  975. This configuration key allows to turn on or off managing users (adding or
  976. removing them from a project) in this pagure instance.
  977. If turned off, users are managed outside of pagure.
  978. Defaults to: ``True``
  979. SESSION_COOKIE_NAME
  980. ~~~~~~~~~~~~~~~~~~~
  981. This configuration key allows to specify the name of the session cookie used
  982. by pagure.
  983. Defaults to: ``'pagure'``
  984. SHOW_PROJECTS_INDEX
  985. ~~~~~~~~~~~~~~~~~~~
  986. This configuration key allows to specify what is shown in the index page of
  987. logged in users.
  988. Defaults to: ``['repos', 'myrepos', 'myforks']``
  989. EMAIL_ON_WATCHCOMMITS
  990. ~~~~~~~~~~~~~~~~~~~~~
  991. By default pagure sends an email to every one watch commits on a project when a
  992. commit is made.
  993. However some pagure instances may be using a different notification mechanism on
  994. commits and thus may not want this feature to double the notifications received.
  995. This configuration key allows to turn on or off email being sent to people
  996. watching commits on a project upon commits.
  997. Defaults to: ``True``
  998. ALLOW_HTTP_PULL_PUSH
  999. ~~~~~~~~~~~~~~~~~~~~
  1000. This configuration key controls whether any HTTP access to repositories is provided
  1001. via the support for that that's embedded in Pagure.
  1002. This provides HTTP pull access via <pagureurl>/<reponame>.git if nothing else
  1003. serves this URL.
  1004. Defaults to: ``True``
  1005. ALLOW_HTTP_PUSH
  1006. ~~~~~~~~~~~~~~~
  1007. This configuration key controls whether pushing is possible via the HTTP interface.
  1008. This is disabled by default, as it requires setting up an authentication mechanism
  1009. on the webserver that sets REMOTE_USER.
  1010. Defaults to: ``False``
  1011. HTTP_REPO_ACCESS_GITOLITE
  1012. ~~~~~~~~~~~~~~~~~~~~~~~~~
  1013. This configuration key configures the path to the gitolite-shell binary.
  1014. If this is set to None, Git http-backend is used directly.
  1015. Only set this to ``None`` if you intend to provide HTTP push access via Pagure, and
  1016. are using a dynamic ACL backend.
  1017. Defaults to: ``/usr/share/gitolite3/gitolite-shell``
  1018. MIRROR_SSHKEYS_FOLDER
  1019. ~~~~~~~~~~~~~~~~~~~~~
  1020. This configuration key specificies where pagure should store the ssh keys
  1021. generated for the mirroring feature. This folder should be properly backed up
  1022. and kept secure.
  1023. Defaults to: ``/var/lib/pagure/sshkeys/``
  1024. LOG_ALL_COMMITS
  1025. ~~~~~~~~~~~~~~~
  1026. This configuration key will make pagure log all commits pushed to all
  1027. branches of all repositories instead of logging only the once that are
  1028. pushed to the default branch.
  1029. Defaults to: ``False``
  1030. RepoSpanner Options
  1031. -------------------
  1032. Pagure can be integrated with `repoSpanner <https://repospanner.org>`_
  1033. allowing to deploy pagure in a load-balanced environment since the git
  1034. repositories are then synced accross multiple servers simultaneously.
  1035. Support for this integration has been included in Pagure version 5.0 and higher.
  1036. Here below are the different options one can/should use to integrate pagure
  1037. with repoSpanner.
  1038. REPOBRIDGE_BINARY
  1039. ~~~~~~~~~~~~~~~~~
  1040. This should contain the path to the repoBridge binary, which is used for pushing
  1041. and pulling to/from repoSpanner.
  1042. Defaults to: ``/usr/libexec/repobridge``.
  1043. REPOSPANNER_NEW_REPO
  1044. ~~~~~~~~~~~~~~~~~~~~
  1045. This configuration key instructs pagure to create new git repositories on
  1046. repoSpanner or not.
  1047. Its value should be the region in which the new git repositories should be
  1048. created on.
  1049. Defaults to: ``None``.
  1050. REPOSPANNER_NEW_REPO_ADMIN_OVERRIDE
  1051. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  1052. This configuration key can be used to let pagure admin override the default
  1053. region used when creating new git repositories on repoSpanner.
  1054. Its value should be a boolean.
  1055. Defaults to: ``False``
  1056. REPOSPANNER_NEW_FORK
  1057. ~~~~~~~~~~~~~~~~~~~~
  1058. This configuration key instructs pagure on where/how to create new git
  1059. repositories for the forks with repoSpanner.
  1060. If ``None``, git repositories for forks are created outside of repoSpanner
  1061. entirely.
  1062. If ``True``, git repositories for forks are created in the same region as
  1063. the parent project.
  1064. Otherwise, a region can be directly specified where git repositories for
  1065. forks will be created.
  1066. Defaults to: ``True``
  1067. REPOSPANNER_ADMIN_MIGRATION
  1068. ~~~~~~~~~~~~~~~~~~~~~~~~~~~
  1069. This configuration key can be used to let admin manually migrate individual
  1070. project into repoSpanner once it is set up.
  1071. Defaults to: ``False``
  1072. REPOSPANNER_REGIONS
  1073. ~~~~~~~~~~~~~~~~~~~
  1074. This configuration key allows to specify the different region where repoSpanner
  1075. is deployed and thus with which this pagure instance can be integrated.
  1076. An example entry could look like:
  1077. ::
  1078. REPOSPANNER_REGIONS = {
  1079. 'default': {'url': 'https://nodea.regiona.repospanner.local:8444',
  1080. 'repo_prefix': 'pagure/',
  1081. 'hook': None,
  1082. 'ca': '/etc/pki/repospanner/pki/ca.crt',
  1083. 'admin_cert': {'cert': '/etc/pki/repospanner/pki/admin.crt',
  1084. 'key': '/etc/pki/repospanner/pki/admin.key'},
  1085. 'push_cert': {'cert': '/etc/pki/repospanner/pki/pagure.crt',
  1086. 'key': '/etc/pki/repospanner/pki/pagure.key'}}
  1087. }
  1088. If this configuration key is not defined, pagure will consider that it is
  1089. not set to be integrated with repoSpanner.
  1090. Defaults to: ``{}``
  1091. SSH_KEYS_USERNAME_LOOKUP
  1092. ~~~~~~~~~~~~~~~~~~~~~~~~
  1093. This configuration key is used by the keyhelper script to indicate that the
  1094. git username should be used and looked up. Use this if the username that is sent
  1095. to ssh is specific for a unique Pagure user (i.e. not using a single "git@" user
  1096. for all git operations).
  1097. SSH_KEYS_USERNAME_FORBIDDEN
  1098. ~~~~~~~~~~~~~~~~~~~~~~~~~~~
  1099. A list of usernames that are exempted from being verified via the keyhelper.
  1100. SSH_KEYS_USERNAME_EXPECT
  1101. ~~~~~~~~~~~~~~~~~~~~~~~~
  1102. This configuration key should contain the username that is used for git if a single
  1103. SSH user is used for all git ssh traffic (i.e. "git").
  1104. SSH_KEYS_OPTIONS
  1105. ~~~~~~~~~~~~~~~~
  1106. This configuration key provides the options added to keys as they are returned
  1107. to sshd, in the same format as AuthorizedKeysFile
  1108. (see "AUTHORIZED_KEYS FILE FORMAT" in sshd(8)).
  1109. SSH_ADMIN_TOKEN
  1110. ~~~~~~~~~~~~~~~
  1111. If not set to ``None``, ``aclchecker`` and ``keyhelper`` will use this api
  1112. admin token to get authorized to internal endpoints that they use. The token
  1113. must have the ``internal_access`` ACL.
  1114. This is useful when the IP address of sshd service is not predictable
  1115. (e.g. because of running in a distributed cloud environment) and so
  1116. it's not possible to use the ``IP_ALLOWED_INTERNAL`` address list.
  1117. Defaults to: ``None``
  1118. SSH_COMMAND_REPOSPANNER
  1119. ~~~~~~~~~~~~~~~~~~~~~~~
  1120. The command to run if a repository is on repospanner when aclchecker is in use.
  1121. SSH_COMMAND_NON_REPOSPANNER
  1122. ~~~~~~~~~~~~~~~~~~~~~~~~~~~
  1123. The command to run if a repository is not on repospanner when aclchecker is in use.
  1124. Deprecated configuration keys
  1125. -----------------------------
  1126. FORK_FOLDER
  1127. ~~~~~~~~~~~
  1128. This configuration key used to be use to specify the folder where the forks
  1129. are placed. Since the release 2.0 of pagure, it has been deprecated, forks
  1130. are now automatically placed in a sub-folder of the folder containing the
  1131. mains git repositories (ie ``GIT_FOLDER``).
  1132. See the ``UPGRADING.rst`` file for more information about this change and
  1133. how to handle it.
  1134. UPLOAD_FOLDER
  1135. ~~~~~~~~~~~~~
  1136. This configuration key used to be use to specify where the uploaded releases
  1137. are available. It has been replaced by `UPLOAD_FOLDER_PATH` in the release
  1138. 2.10 of pagure.
  1139. GITOLITE_VERSION
  1140. ~~~~~~~~~~~~~~~~
  1141. This configuration key specifies which version of gitolite you are
  1142. using, it can be either ``2`` or ``3``.
  1143. Defaults to: ``3``.
  1144. This has been replaced by `GITOLITE_BACKEND` in the release 3.0 of pagure.
  1145. DOCS_FOLDER, REQUESTS_FOLDER, TICKETS_FOLDER
  1146. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  1147. These configuration values were removed. It has been found out that
  1148. due to how Pagure writes repo names in the gitolite configuration file,
  1149. these must have fixed paths relative to `GIT_FOLDER`. Specifically, they
  1150. must occupy subdirectories `docs`, `requests` and `tickets` under `GIT_FOLDER`.
  1151. They are now computed automatically based on value of `GIT_FOLDER`.
  1152. Usage of docs and tickets can be triggered by setting `ENABLE_DOCS` and
  1153. `ENABLE_TICKETS` to `True` (this is the default).
  1154. FILE_SIZE_HIGHLIGHT
  1155. ~~~~~~~~~~~~~~~~~~~
  1156. This configuration key allows to specify the maximum number of characters a file
  1157. or diff should have to have syntax highlighting. Everything above this limit
  1158. will not have syntax highlighting as this is a memory intensive procedure that
  1159. easily leads to out of memory error on large files or diff.
  1160. Defaults to: ``5000``
  1161. BOOTSTRAP_URLS_CSS
  1162. ~~~~~~~~~~~~~~~~~~
  1163. This configuration key allows to specify the URL where are hosted the bootstrap
  1164. CSS file since the files hosted on apps.fedoraproject.org used in pagure.io
  1165. are not restricted in browser access.
  1166. Defaults to: ``'https://apps.fedoraproject.org/global/fedora-bootstrap-1.1.1/fedora-bootstrap.css'``
  1167. This has been deprecated by the new way of theming pagure, see the `theming
  1168. documentation <https://docs.pagure.org/pagure/usage/theming.html>`_
  1169. BOOTSTRAP_URLS_JS
  1170. ~~~~~~~~~~~~~~~~~
  1171. This configuration key allows to specify the URL where are hosted the bootstrap
  1172. JS file since the files hosted on apps.fedoraproject.org used in pagure.io
  1173. are not restricted in browser access.
  1174. Defaults to: ``'https://apps.fedoraproject.org/global/fedora-bootstrap-1.1.1/fedora-bootstrap.js'``
  1175. This has been deprecated by the new way of theming pagure, see the `theming
  1176. documentation <https://docs.pagure.org/pagure/usage/theming.html>`_
  1177. HTML_TITLE
  1178. ~~~~~~~~~~
  1179. This configuration key allows you to customize the HTML title of all the
  1180. pages, from ``... - pagure`` (default) to ``... - <your value>``.
  1181. Defaults to: ``Pagure``
  1182. This has been deprecated by the new way of theming pagure, see the `theming
  1183. documentation <https://docs.pagure.org/pagure/usage/theming.html>`_
  1184. GITOLITE_BACKEND
  1185. ~~~~~~~~~~~~~~~~
  1186. This configuration key allowed specifying the gitolite backend.
  1187. This has now been replaced by GIT_AUTH_BACKEND, please see that option
  1188. for information on valid values.