1
0

configuration.rst 57 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056105710581059106010611062106310641065106610671068106910701071107210731074107510761077107810791080108110821083108410851086108710881089109010911092109310941095109610971098109911001101110211031104110511061107110811091110111111121113111411151116111711181119112011211122112311241125112611271128112911301131113211331134113511361137113811391140114111421143114411451146114711481149115011511152115311541155115611571158115911601161116211631164116511661167116811691170117111721173117411751176117711781179118011811182118311841185118611871188118911901191119211931194119511961197119811991200120112021203120412051206120712081209121012111212121312141215121612171218121912201221122212231224122512261227122812291230123112321233123412351236123712381239124012411242124312441245124612471248124912501251125212531254125512561257125812591260126112621263126412651266126712681269127012711272127312741275127612771278127912801281128212831284128512861287128812891290129112921293129412951296129712981299130013011302130313041305130613071308130913101311131213131314131513161317131813191320132113221323132413251326132713281329133013311332133313341335133613371338133913401341134213431344134513461347134813491350135113521353135413551356135713581359136013611362136313641365136613671368136913701371137213731374137513761377137813791380138113821383138413851386138713881389139013911392139313941395139613971398139914001401140214031404140514061407140814091410141114121413141414151416141714181419142014211422142314241425142614271428142914301431143214331434143514361437143814391440144114421443144414451446144714481449145014511452145314541455145614571458145914601461146214631464146514661467146814691470147114721473147414751476147714781479148014811482148314841485148614871488148914901491149214931494149514961497149814991500150115021503150415051506150715081509151015111512151315141515151615171518151915201521152215231524152515261527152815291530153115321533153415351536153715381539154015411542154315441545154615471548154915501551155215531554155515561557155815591560156115621563156415651566156715681569157015711572157315741575157615771578157915801581158215831584158515861587158815891590159115921593159415951596159715981599160016011602160316041605160616071608160916101611161216131614161516161617161816191620162116221623162416251626162716281629163016311632163316341635163616371638163916401641164216431644164516461647164816491650165116521653165416551656165716581659166016611662166316641665166616671668166916701671167216731674167516761677167816791680168116821683168416851686168716881689169016911692169316941695169616971698169917001701170217031704170517061707170817091710171117121713171417151716171717181719172017211722172317241725172617271728172917301731173217331734173517361737173817391740174117421743174417451746174717481749175017511752175317541755175617571758175917601761176217631764176517661767176817691770177117721773177417751776177717781779178017811782178317841785178617871788178917901791179217931794179517961797179817991800180118021803180418051806180718081809181018111812181318141815181618171818181918201821182218231824182518261827182818291830183118321833183418351836183718381839184018411842184318441845184618471848184918501851185218531854185518561857185818591860186118621863186418651866186718681869187018711872187318741875187618771878187918801881188218831884188518861887188818891890189118921893189418951896189718981899190019011902190319041905190619071908190919101911191219131914191519161917191819191920192119221923192419251926192719281929193019311932193319341935193619371938193919401941194219431944194519461947194819491950195119521953195419551956195719581959196019611962196319641965196619671968196919701971197219731974197519761977197819791980198119821983198419851986198719881989199019911992199319941995199619971998199920002001200220032004200520062007200820092010201120122013201420152016201720182019202020212022202320242025202620272028202920302031203220332034203520362037203820392040204120422043
  1. Configuration
  2. =============
  3. Pagure offers a wide varieties of options that must or can be used to
  4. adjust its behavior.
  5. All of these options can be edited or added to your configuration file.
  6. If you have installed pagure, this configuration file is likely located in
  7. ``/etc/pagure/pagure.cfg``. Otherwise, it will depend on your
  8. setup/deployment.
  9. Must options
  10. ------------
  11. Here are the options you must set up in order to get pagure running.
  12. SECRET_KEY
  13. ~~~~~~~~~~
  14. This configuration key is used by flask to create the session. It should be kept secret
  15. and set as a long and random string.
  16. SALT_EMAIL
  17. ~~~~~~~~~~
  18. This configuration key is used to ensure that when sending
  19. notifications to different users, each one of them has a different, unique
  20. and unfakeable ``Reply-To`` header. This header is then used by the milter to find
  21. out if the response received is a real one or a fake/invalid one.
  22. DB_URL
  23. ~~~~~~
  24. This configuration key indicates to the framework how and where to connect to the database
  25. server. Pagure uses `SQLAchemy <http://www.sqlalchemy.org/>`_ to connect
  26. to a wide range of database server including MySQL, PostgreSQL, and SQLite.
  27. Examples values:
  28. ::
  29. DB_URL = 'mysql://user:pass@host/db_name'
  30. DB_URL = 'postgresql://user:pass@host/db_name'
  31. DB_URL = 'sqlite:////var/tmp/pagure_dev.sqlite'
  32. Defaults to ``sqlite:////var/tmp/pagure_dev.sqlite``
  33. APP_URL
  34. ~~~~~~~
  35. This configuration key indicates the URL at which this pagure instance will be made available.
  36. Defaults to: ``http://localhost.localdomain/``
  37. EMAIL_ERROR
  38. ~~~~~~~~~~~
  39. Pagure sends email when it catches an unexpected error (which saves you from
  40. having to monitor the logs regularly; but if you like, the error is still
  41. present in the logs).
  42. This configuration key allows you to specify to which email address to send
  43. these error reports.
  44. GIT_URL_SSH
  45. ~~~~~~~~~~~
  46. This configuration key provides the information to the user on how to clone
  47. the git repos hosted on pagure via `SSH <https://en.wikipedia.org/wiki/Secure_Shell>`_.
  48. The URL should end with a slash ``/``.
  49. Defaults to: ``'ssh://git@llocalhost.localdomain/'``
  50. .. note:: If you are using a custom setup for your deployment where every
  51. user has an account on the machine you may want to tweak this URL
  52. to include the username. If that is the case, you can use
  53. ``{username}`` in the URL and it will be expanded to the username
  54. of the user viewing the page when rendered.
  55. For example: ``'ssh://{username}@pagure.org/'``
  56. GIT_URL_GIT
  57. ~~~~~~~~~~~
  58. This configuration key provides the information to the user on how to clone
  59. the git repos hosted on pagure anonymously. This access can be granted via
  60. the ``git://`` or ``http(s)://`` protocols.
  61. The URL should end with a slash ``/``.
  62. Defaults to: ``'git://localhost.localdomain/'``
  63. BROKER_URL
  64. ~~~~~~~~~~
  65. This configuration key is used to point celery to the broker to use. This
  66. is the broker that is used to communicate between the web application and
  67. its workers.
  68. Defaults to: ``"redis://%s:%d/%d" % (pagure_config["REDIS_HOST"], pagure_config["REDIS_PORT"], pagure_config["REDIS_DB"])``
  69. .. note:: See the :ref:`redis-section` for the ``REDIS_HOST``, ``REDIS_PORT``
  70. and ``REDIS_DB``configuration keys
  71. Repo Directories
  72. ----------------
  73. Each project in pagure has 2 to 4 git repositories, depending on configuration
  74. of the Pagure instance (see below):
  75. - the main repo for the code
  76. - the doc repo showed in the doc server (optional)
  77. - the ticket repo storing the metadata of the tickets (optional)
  78. - the request repo storing the metadata of the pull-requests
  79. There are then another 3 folders: one for specifying the locations of the forks, one
  80. for the remote git repo used for the remotes pull-requests (ie: those coming from
  81. a project not hosted on this instance of pagure), and one for user-uploaded tarballs.
  82. GIT_FOLDER
  83. ~~~~~~~~~~
  84. This configuration key points to the folder where the git repos are stored.
  85. For every project, two to four repos are created:
  86. * a repo with source code of the project
  87. * a repo with documentation of the project
  88. (if ``ENABLE_DOCS`` is ``True``)
  89. * a repo with metadata of tickets opened against the project
  90. (if ``ENABLE_TICKETS`` is ``True``)
  91. * a repo with metadata of pull requests opened against the project
  92. REMOTE_GIT_FOLDER
  93. ~~~~~~~~~~~~~~~~~
  94. This configuration key points to the folder where the remote git repos (ie:
  95. not hosted on pagure) that someone used to open a pull-request against a
  96. project hosted on pagure are stored.
  97. UPLOAD_FOLDER_PATH
  98. ~~~~~~~~~~~~~~~~~~
  99. This configuration key points to the folder where user-uploaded tarballs
  100. are stored and served from.
  101. ATTACHMENTS_FOLDER
  102. ~~~~~~~~~~~~~~~~~~
  103. This configuration key points to the folder where attachments can be cached
  104. for easier access by the web-server (allowing to not interact with the git
  105. repo having it to serve it).
  106. UPLOAD_FOLDER_URL
  107. ~~~~~~~~~~~~~~~~~~
  108. Full URL to where the uploads are available. It is highly recommended for
  109. security reasons that this URL lives on a different domain than the main
  110. application (an entirely different domain, not just a sub-domain).
  111. Defaults to: ``/releases/``, unsafe for production!
  112. .. warning:: both `UPLOAD_FOLDER_PATH` and `UPLOAD_FOLDER_URL` must be
  113. specified for the upload release feature to work
  114. SESSION_COOKIE_SECURE
  115. ~~~~~~~~~~~~~~~~~~~~~
  116. When this is set to True, the session cookie will only be returned to the
  117. server via ssl (https). If you connect to the server via plain http, the
  118. cookie will not be sent. This prevents sniffing of the cookie contents.
  119. This may be set to False when testing your application but should always
  120. be set to True in production.
  121. Defaults to: ``False`` for development, must be ``True`` in production with
  122. https.
  123. SESSION_TYPE
  124. ~~~~~~~~~~~~
  125. Enables the `flask-session <https://pythonhosted.org/Flask-Session/>`_
  126. extension if set to a value other than ``None``. The ``flask-session``
  127. package needs to be installed and proper
  128. `configuration <https://pythonhosted.org/Flask-Session/#configuration>`_
  129. needs to be included in the Pagure config file.
  130. This is useful when the Pagure server needs to be scaled up to multiple
  131. instances, which requires the flask session keys to be shared between those.
  132. Flask-session allows you to use Redis, Memcached, relational database
  133. or MongoDB for storing shared session keys.
  134. FROM_EMAIL
  135. ~~~~~~~~~~
  136. This configuration key specifies the email address used by this pagure instance
  137. when sending emails (notifications).
  138. Defaults to: ``pagure@localhost.localdomain``
  139. DOMAIN_EMAIL_NOTIFICATIONS
  140. ~~~~~~~~~~~~~~~~~~~~~~~~~~
  141. This configuration key specifies the domain used by this pagure instance
  142. when sending emails (notifications). More precisely, it is used
  143. when building the ``msg-id`` header of the emails sent.
  144. Defaults to: ``localhost.localdomain``
  145. VIRUS_SCAN_ATTACHMENTS
  146. ~~~~~~~~~~~~~~~~~~~~~~
  147. This configuration key configures whether attachments are scanned for viruses on
  148. upload. For more information, see the install.rst guide.
  149. Defaults to: ``False``
  150. GIT_AUTH_BACKEND
  151. ^^^^^^^^^^^^^^^^
  152. This configuration key allows specifying which git auth backend to use.
  153. By default pagure provides the following backends:
  154. - `test_auth`: simple debugging backend printing and returning the string ``Called GitAuthTestHelper.generate_acls()``
  155. - `pagure`: Pagure git auth implementation (using keyhelper.py and aclchecker.py) that is used via sshd AuthorizedKeysCommand
  156. - `pagure_authorized_keys`: Pagure git auth implementation that writes to authorized_keys file
  157. Defaults to: ``pagure_authorized_keys``
  158. Configure Pagure Auth
  159. ---------------------
  160. Pagure offers a simple, but extensible internal authentication mechanism
  161. for Git repositories. It relies on `SSH <https://en.wikipedia.org/wiki/Secure_Shell>`_
  162. for authentication. In other words, SSH lets you in and Pagure checks if
  163. you are allowed to do what you are trying to do once you are inside.
  164. This authentication mechanism uses ``keyhelper.py`` and ``aclchecker.py`` to
  165. check the Pagure database for user registered SSH keys to do the authentication.
  166. The integrated authentication mechanism has two modes of operation: one
  167. where it is configured as the ``AuthorizedKeysCommand`` for the SSH user (preferred)
  168. and one where it is configured to manage the ``authorized_keys`` file for
  169. the SSH user.
  170. In the preferred mode, when you attempt to do an action with a remote Git repo
  171. over SSH (e.g. ``git clone ssh://git@localhost.localdomain/repository.git``),
  172. the SSH server will ask Pagure to validate the SSH user key. This has the
  173. advantage of performance (no racey and slow file I/O) but has the disadvantage
  174. of requiring changes to the system's ``sshd_config`` file to use it.
  175. To use this variant, set the following in ``pagure.cfg``:
  176. ::
  177. GIT_AUTH_BACKEND = "pagure"
  178. SSH_KEYS_USERNAME_EXPECT = "git"
  179. SSH_COMMAND = ([
  180. "/usr/bin/%(cmd)s",
  181. "/srv/git/repositories/%(reponame)s",
  182. ], {"GL_USER": "%(username)s"})
  183. Setting the following in ``/etc/ssh/sshd_config`` is also required:
  184. ::
  185. Match User git
  186. AuthorizedKeysCommand /usr/libexec/pagure/keyhelper.py "%u" "%h" "%t" "%f"
  187. AuthorizedKeysCommandUser git
  188. If you do not have the ability to modify the sshd configuration to set up
  189. the ``pagure`` backend, then you need to use the ``pagure_authorized_keys``
  190. alternative backend. This backend will write to the git user's ``authorized_keys``
  191. file instead. This is slower than the preferred mode and also has the
  192. disadvantage of making it impossible to scale to multiple Pagure frontend
  193. instances on top of a shared Git storage without causing races and triggering
  194. inconsistencies. It also adds to the I/O contention on a heavily used system,
  195. but for most smaller setups with few users, the trade-off is not noticeable.
  196. To use this variant, enable the ``pagure_authorized_keys_worker`` service and
  197. set the following to ``pagure.cfg``:
  198. ::
  199. SSH_FOLDER = "/srv/git/.ssh"
  200. GIT_AUTH_BACKEND = "pagure_authorized_keys"
  201. SSH_COMMAND = ([
  202. "/usr/bin/%(cmd)s",
  203. "/srv/git/repositories/%(reponame)s",
  204. ], {"GL_USER": "%(username)s"})
  205. EventSource options
  206. -------------------
  207. EVENTSOURCE_SOURCE
  208. ~~~~~~~~~~~~~~~~~~
  209. This configuration key indicates the URL at which the EventSource server is
  210. available. If not defined, pagure will behave as if there are no EventSource
  211. server running.
  212. EVENTSOURCE_PORT
  213. ~~~~~~~~~~~~~~~~
  214. This configuration key indicates the port at which the EventSource server is
  215. running.
  216. .. note:: The EventSource server requires a redis server (see ``Redis options``
  217. below)
  218. Web-hooks notifications
  219. -----------------------
  220. WEBHOOK
  221. ~~~~~~~
  222. This configuration key allows turning on or off web-hooks notifications for
  223. this pagure instance.
  224. Defaults to: ``False``.
  225. .. note:: The Web-hooks server requires a redis server (see ``Redis options``
  226. below)
  227. .. _redis-section:
  228. Redis options
  229. -------------
  230. REDIS_HOST
  231. ~~~~~~~~~~
  232. This configuration key indicates the host at which the `redis <http://redis.io/>`_
  233. server is running.
  234. Defaults to: ``0.0.0.0``.
  235. REDIS_PORT
  236. ~~~~~~~~~~
  237. This configuration key indicates the port at which the redis server can be
  238. contacted.
  239. Defaults to: ``6379``.
  240. REDIS_DB
  241. ~~~~~~~~
  242. This configuration key indicates the name of the redis database to use for
  243. communicating with the EventSource server.
  244. Defaults to: ``0``.
  245. Authentication options
  246. ----------------------
  247. ADMIN_GROUP
  248. ~~~~~~~~~~~
  249. List of groups, either local or remote (if the openid server used supports the
  250. group extension), that are the site admins. These admins can regenerate the
  251. ssh key files, and the hook-token for every project
  252. as well as manage users and groups.
  253. PAGURE_ADMIN_USERS
  254. ~~~~~~~~~~~~~~~~~~
  255. List of local users that are the site admins. These admins have the same rights as
  256. the users in the admin groups listed above as well as admin rights to
  257. all projects hosted on this pagure instance.
  258. Celery Queue options
  259. --------------------
  260. In order to help prioritize between tasks having a direct impact on the user
  261. experience and tasks needed to be run on the background but not directly
  262. impacting the users, we have split the generic tasks triggered by the web
  263. application into three possible queues: Fast, Medium, Slow.
  264. If none of these options are set, a single queue will be used for all tasks.
  265. FAST_CELERY_QUEUE
  266. ~~~~~~~~~~~~~~~~~
  267. This configuration key can be used to specify a dedicated queue for tasks that
  268. are triggered by the web frontend and need to be processed quickly for the
  269. best user experience.
  270. This will be used for tasks such as creating a new project, forking or
  271. merging a pull-request.
  272. Defaults to: ``None``.
  273. MEDIUM_CELERY_QUEUE
  274. ~~~~~~~~~~~~~~~~~~~
  275. This configuration key can be used to specify a dedicated queue for tasks that
  276. are triggered by the web frontend and need to be processed but aren't critical
  277. for the best user experience.
  278. This will be used for tasks such as updating a file in a git repository.
  279. Defaults to: ``None``.
  280. SLOW_CELERY_QUEUE
  281. ~~~~~~~~~~~~~~~~~
  282. This configuration key can be used to specify a dedicated queue for tasks that
  283. are triggered by the web frontend, are slow and do not impact the user
  284. experience in the user interface.
  285. This will be used for tasks such as updating the ticket git repo based on
  286. the content posted in the user interface.
  287. Defaults to: ``None``.
  288. Stomp Options
  289. -------------
  290. Pagure integration with Stomp allows you to emit messages to any
  291. stomp-compliant message bus.
  292. STOMP_NOTIFICATIONS
  293. ~~~~~~~~~~~~~~~~~~~
  294. This configuration key can be used to turn on or off notifications via
  295. `stomp protocol <https://stomp.github.io/>`_. All other stomp-related
  296. settings don't need to be present if this is set to ``False``.
  297. Defaults to: ``False``.
  298. STOMP_BROKERS
  299. ~~~~~~~~~~~~~
  300. List of 2-tuples with broker domain names and ports. For example
  301. ``[('primary.msg.bus.com', 6543), ('backup.msg.bus.com`, 6543)]``.
  302. STOMP_HIERARCHY
  303. ~~~~~~~~~~~~~~~
  304. Base name of the hierarchy to emit messages to. For example
  305. ``/queue/some.hierarchy.``. Note that this **must** end with
  306. a dot. Pagure will append queue names such as ``project.new``
  307. to this value, resulting in queue names being e.g.
  308. ``/queue/some.hierarchy.project.new``.
  309. STOMP_SSL
  310. ~~~~~~~~~
  311. Whether or not to use SSL when connecting to message brokers.
  312. Defaults to: ``False``.
  313. STOMP_KEY_FILE
  314. ~~~~~~~~~~~~~~
  315. Absolute path to key file for SSL connection. Only required if
  316. ``STOMP_SSL`` is set to ``True``.
  317. STOMP_CERT_FILE
  318. ~~~~~~~~~~~~~~~
  319. Absolute path to certificate file for SSL connection. Only required if
  320. ``STOMP_SSL`` is set to ``True``.
  321. STOMP_CREDS_PASSWORD
  322. ~~~~~~~~~~~~~~~~~~~~
  323. Password for decoding ``STOMP_CERT_FILE`` and ``STOMP_KEY_FILE``. Only
  324. required if ``STOMP_SSL`` is set to ``True`` and credentials files are
  325. password-encoded.
  326. ALWAYS_STOMP_ON_COMMITS
  327. ~~~~~~~~~~~~~~~~~~~~~~~
  328. This configuration key can be used to enforce `stomp <https://stomp.github.io/>`_
  329. notifications on commits made on all projects in a pagure instance.
  330. Defaults to: ``False``.
  331. API token ACLs
  332. --------------
  333. ACLS
  334. ~~~~
  335. This configuration key lists all the ACLs that can be associated with an API
  336. token with a short description of what the ACL allows one to do.
  337. This key it not really meant to be changed unless you really know what you
  338. are doing.
  339. USER_ACLS
  340. ~~~~~~~~~
  341. This configuration key can be used to list which of the ACLs listed in ``ACLS``
  342. can be associated with an API token of a project in the (web) user interface.
  343. Use this configuration key in combination with ``ADMIN_API_ACLS`` to disable
  344. certain ACLs for users while allowing admins to generate keys with them.
  345. Defaults to: ``[key for key in ACLS.keys() if key != 'generate_acls_project']``
  346. (ie: all the ACLs in ``ACLS`` except for ``generate_acls_project``)
  347. ADMIN_API_ACLS
  348. ~~~~~~~~~~~~~~
  349. This configuration key can be used to list which of the ACLs listed in ``ACLS``
  350. can be generated by the ``pagure-admin`` CLI tool by admins.
  351. Defaults to: ``['issue_comment', 'issue_create', 'issue_change_status', 'pull_request_flag', 'pull_request_comment', 'pull_request_merge', 'generate_acls_project', 'commit_flag', 'create_branch']``
  352. CROSS_PROJECT_ACLS
  353. ~~~~~~~~~~~~~~~~~~
  354. This configuration key can be used to list which of the ACLs listed in ``ACLS``
  355. can be associated with a project-less API token in the (web) user interface.
  356. These project-less API tokens can be generated in the user's settings page
  357. and allows action in multiple projects instead of being restricted to a
  358. specific one.
  359. Defaults to: ``['create_project', 'fork_project', 'modify_project']``
  360. Optional options
  361. ----------------
  362. Theming
  363. ~~~~~~~
  364. THEME
  365. ^^^^^
  366. This configuration key allows you to specify the theme to be used. The
  367. string specified is the name of the theme directory in ``pagure/themes/``
  368. For more information about theming see the :doc:`usage/theming`
  369. Default options:
  370. - ``chameleon`` The OpenSUSE theme for pagure
  371. - ``default`` The default theme for pagure
  372. - ``pagureio`` The theme used at https://pagure.io
  373. - ``srcfpo`` The theme used at https://src.fedoraproject.org
  374. Defaults to: ``default``
  375. Git repository templates
  376. ~~~~~~~~~~~~~~~~~~~~~~~~
  377. PROJECT_TEMPLATE_PATH
  378. ^^^^^^^^^^^^^^^^^^^^^
  379. This configuration key allows you to specify the path to a git repository
  380. to use as a template when creating new repository for new projects.
  381. This template will not be used for forks nor any of the git repository but
  382. the one used for the sources (ie: it will not be used for the tickets,
  383. requests or docs repositories).
  384. FORK_TEMPLATE_PATH
  385. ^^^^^^^^^^^^^^^^^^
  386. This configuration key allows you to specify the path to a git repository
  387. to use as a template when creating new repository for new forks.
  388. This template will not be used for any of the git repository but
  389. the one used for the sources of forks (ie: it will not be used for the
  390. tickets, requests or docs repositories).
  391. SSH_KEYS
  392. ~~~~~~~~
  393. It is a good practice to publish the fingerprint and public SSH key of a
  394. server you provide access to.
  395. Pagure offers the possibility to expose this information based on the values
  396. set in the configuration file, in the ``SSH_KEYS`` configuration key.
  397. See the `SSH hostkeys/Fingerprints page on pagure.io <https://pagure.io/ssh_info>`_.
  398. .. warning: The format is important
  399. SSH_KEYS = {'RSA': {'fingerprint': '<foo>', 'pubkey': '<bar>'}}
  400. Where `<foo>` and `<bar>` must be replaced by your values.
  401. CSP_HEADERS
  402. ~~~~~~~~~~~
  403. Content Security Policy (CSP) is a computer security standard introduced to
  404. prevent cross-site scripting (XSS), clickjacking and other code injection
  405. attacks resulting from execution of malicious content in the trusted web page
  406. context
  407. Source: https://en.wikipedia.org/wiki/Content_Security_Policy
  408. Defaults to:
  409. ::
  410. CSP_HEADERS = (
  411. "default-src 'self' https:; "
  412. "script-src 'self' 'nonce-{nonce}'; "
  413. "style-src 'self' 'nonce-{nonce}'"
  414. )
  415. Where ``{nonce}`` is dynamically set by pagure.
  416. LOGGING_GIT_HOOKS
  417. ~~~~~~~~~~~~~~~~~
  418. This configuration key allows to have a different logging configuration for the
  419. web application and the git hooks.
  420. If un-specified (default), the logging configuration used by the git hooks will
  421. be the same as the one for the web application (i.e.: defined in ``LOGGING`` here
  422. below).
  423. Defaults to: ``None``.
  424. LOGGING
  425. ~~~~~~~
  426. This configuration key allows you to set up the logging of the application.
  427. It relies on the standard `python logging module
  428. <https://docs.python.org/2/library/logging.html>`_.
  429. The default value is:
  430. ::
  431. LOGGING = {
  432. "version": 1,
  433. "disable_existing_loggers": False,
  434. "formatters": {
  435. "standard": {
  436. "format": "%(asctime)s [%(levelname)s] %(name)s: %(message)s"
  437. },
  438. "email_format": {"format": MSG_FORMAT},
  439. },
  440. "filters": {"myfilter": {"()": ContextInjector}},
  441. "handlers": {
  442. "console": {
  443. "formatter": "standard",
  444. "class": "logging.StreamHandler",
  445. "stream": "ext://sys.stdout",
  446. },
  447. "auth_handler": {
  448. "formatter": "standard",
  449. "class": "logging.StreamHandler",
  450. "stream": "ext://sys.stdout",
  451. },
  452. "email": {
  453. "level": "ERROR",
  454. "formatter": "email_format",
  455. "class": "logging.handlers.SMTPHandler",
  456. "mailhost": "localhost",
  457. "fromaddr": "pagure@localhost",
  458. "toaddrs": "root@localhost",
  459. "subject": "ERROR on pagure",
  460. "filters": ["myfilter"],
  461. },
  462. },
  463. # The root logger configuration; this is a catch-all configuration
  464. # that applies to all log messages not handled by a different logger
  465. "root": {"level": "INFO", "handlers": ["console"]},
  466. "loggers": {
  467. "pagure": {
  468. "handlers": ["console"],
  469. "level": "DEBUG",
  470. "propagate": True,
  471. },
  472. "pagure_auth": {
  473. "handlers": ["auth_handler"],
  474. "level": "DEBUG",
  475. "propagate": False,
  476. },
  477. "flask": {
  478. "handlers": ["console"],
  479. "level": "INFO",
  480. "propagate": False,
  481. },
  482. "sqlalchemy": {
  483. "handlers": ["console"],
  484. "level": "WARN",
  485. "propagate": False,
  486. },
  487. "binaryornot": {
  488. "handlers": ["console"],
  489. "level": "WARN",
  490. "propagate": True,
  491. },
  492. "MARKDOWN": {
  493. "handlers": ["console"],
  494. "level": "WARN",
  495. "propagate": True,
  496. },
  497. "PIL": {"handlers": ["console"], "level": "WARN", "propagate": True},
  498. "chardet": {
  499. "handlers": ["console"],
  500. "level": "WARN",
  501. "propagate": True,
  502. },
  503. "pagure.lib.encoding_utils": {
  504. "handlers": ["console"],
  505. "level": "WARN",
  506. "propagate": False,
  507. },
  508. },
  509. }
  510. .. note:: as you can see there is an ``email`` handler defined. It's not used
  511. anywhere by default but you can use it to get report of errors by email
  512. and thus monitor your pagure instance.
  513. To do this the easiest is to set, on the ``root`` logger:
  514. ::
  515. 'handlers': ['console', 'email'],
  516. .. note:: The ``pagure_auth`` logger is a special one logging all activities
  517. regarding read/write access to git repositories. It will be a pretty
  518. important log for auditing if needed.
  519. You can separate this log into its own file if you like by using the
  520. following handler:
  521. ::
  522. "auth_handler": {
  523. "formatter": "standard",
  524. "class": "logging.handlers.TimedRotatingFileHandler",
  525. "filename": "/var/log/pagure/pagure_auth.log",
  526. "backupCount": 10,
  527. "when": "midnight",
  528. "utc": True,
  529. },
  530. This snippet will automatically make the logs rotate at midnight each day,
  531. keep the logs for 10 days and use UTC as timezone for the logs. Depending on
  532. how your pagure instance is set-up, you may have to tweak the filesystem
  533. permissions on the folder and file so the rotation works properly.
  534. ITEM_PER_PAGE
  535. ~~~~~~~~~~~~~
  536. This configuration key allows you to configure the length of a page by
  537. setting the number of items on the page. Items can be commits, users, groups,
  538. or projects for example.
  539. Defaults to: ``50``.
  540. PR_TARGET_MATCHING_BRANCH
  541. ~~~~~~~~~~~~~~~~~~~~~~~~~
  542. If set to ``True``, the default target branch for all pull requests in UI
  543. is the branch that is longest substring of the branch that the pull request
  544. is created from. For example, a ``mybranch`` branch in original repo will
  545. be the default target of a pull request from branch ``mybranch-feature-1``
  546. in a fork when opening a new pull request. If this is set to ``False``,
  547. the default branch of the repo will be the default target of all pull requests.
  548. Defaults to: ``False``.
  549. SSH_ACCESS_GROUPS
  550. ~~~~~~~~~~~~~~~~~
  551. Some instances of pagure are deployed in such a way that only the members of
  552. certain groups are allowed to commit via ssh. This configuration key allows
  553. to specify which groups have commit access and thus let pagure hide the ssh
  554. URL from the drop-down "Clone" menu for all the person who are not in one of
  555. these groups.
  556. If this configuration key is not defined or left empty, it is assume that there
  557. is no such group restriction and everyone can commit via ssh (default behavior).
  558. Defaults to: ``[]``
  559. SMTP configuration
  560. ~~~~~~~~~~~~~~~~~~
  561. SMTP_SERVER
  562. ^^^^^^^^^^^
  563. This configuration key specifies the SMTP server to use when
  564. sending emails.
  565. Defaults to: ``localhost``.
  566. See also the SMTP_STARTTLS section.
  567. SMTP_PORT
  568. ^^^^^^^^^
  569. This configuration key specifies the SMTP server port.
  570. SMTP by default uses TCP port 25. The protocol for mail submission is
  571. the same, but uses port 587.
  572. SMTP connections secured by SSL, known as SMTPS, default to port 465
  573. (nonstandard, but sometimes used for legacy reasons).
  574. Defaults to: ``25``
  575. SMTP_SSL
  576. ^^^^^^^^
  577. This configuration key specifies whether the SMTP connections
  578. should be secured over SSL.
  579. Defaults to: ``False``
  580. SMTP_STARTTLS
  581. ^^^^^^^^^^^^^
  582. This configuration key specifies instructs pagure to starts connecting to
  583. the SMTP server via a `starttls` command.
  584. When enabling STARTTLS in conjunction with a local smtp server, you should
  585. replace ``localhost`` with a host name that is included in the server's
  586. certificate. If the server only relays messages originating from ``localhost``,
  587. then you should also ensure that the above host name resolves to the same
  588. tcp address as ``localhost``, for instance by adding an appropriate record
  589. to */etc/hosts*.
  590. Defaults to: ``False``
  591. SMTP_KEYFILE
  592. ^^^^^^^^^^^^
  593. This configuration key allows to specify a key file to be used in the
  594. `starttls` command when connecting to the smtp server.
  595. Defaults to: ``None``
  596. SMTP_CERTFILE
  597. ^^^^^^^^^^^^^
  598. This configuration key allows to specify a certificate file to be used in
  599. the `starttls` command when connecting to the smtp server.
  600. Defaults to: ``None``
  601. SMTP_USERNAME
  602. ^^^^^^^^^^^^^
  603. This configuration key allows usage of SMTP with auth.
  604. Note: Specify SMTP_USERNAME and SMTP_PASSWORD for using SMTP auth
  605. Defaults to: ``None``
  606. SMTP_PASSWORD
  607. ^^^^^^^^^^^^^
  608. This configuration key allows usage of SMTP with auth.
  609. Note: Specify SMTP_USERNAME and SMTP_PASSWORD for using SMTP auth
  610. Defaults to: ``None``
  611. SHORT_LENGTH
  612. ~~~~~~~~~~~~
  613. This configuration key specifies the length of the commit ids or
  614. file hex displayed in the user interface.
  615. Defaults to: ``6``.
  616. BLACKLISTED_PROJECTS
  617. ~~~~~~~~~~~~~~~~~~~~
  618. This configuration key specifies a list of project names that are forbidden.
  619. This list is used for example to avoid conflicts at the URL level between the
  620. static files located under ``/static/`` and a project that would be named
  621. ``static`` and thus be located at ``/static``.
  622. Defaults to:
  623. ::
  624. [
  625. 'static', 'pv', 'releases', 'new', 'api', 'settings',
  626. 'logout', 'login', 'users', 'groups', 'about'
  627. ]
  628. CHECK_SESSION_IP
  629. ~~~~~~~~~~~~~~~~
  630. This configuration key specifies whether to check the user's IP
  631. address when retrieving its session. This makes things more secure but
  632. under certain setups it might not work (for example if there
  633. are proxies in front of the application).
  634. Defaults to: ``True``.
  635. PAGURE_AUTH
  636. ~~~~~~~~~~~~
  637. This configuration key specifies which authentication method to use.
  638. Valid options are ``fas``, ``openid``, ``oidc``, or ``local``.
  639. * ``fas`` uses the Fedora Account System `FAS <https://accounts.fedoraproject.org>`
  640. to provide user authentication and enforces that users sign the FPCA.
  641. * ``openid`` uses OpenID authentication. Any provider may be used by
  642. changing the FAS_OPENID_ENDPOINT configuration key. By default
  643. FAS (without FPCA) will be used.
  644. * ``oidc`` enables OpenID Connect using any provider. This provider requires
  645. the configuration options starting with ``OIDC_`` (see below) to be provided.
  646. * ``local`` causes pagure to use the local pagure database for user management.
  647. User registration can be disabled with the ALLOW_USER_REGISTRATION configuration key.
  648. Defaults to: ``local``.
  649. OIDC Settings
  650. ~~~~~~~~~~~~~
  651. .. note:: Pagure uses `flask-oidc <https://github.com/puiterwijk/flask-oidc/>`_
  652. to support OIDC authentication. This extension has a `number of configuration
  653. keys <http://flask-oidc.readthedocs.io/en/latest/#settings-reference>`_
  654. that may be useful depending on your set-up
  655. OIDC_CLIENT_SECRETS
  656. ^^^^^^^^^^^^^^^^^^^
  657. Provide a path to client secrets file on local filesystem. This file can be
  658. obtained from your OpenID Connect identity provider. Note that some providers
  659. don't fill in ``userinfo_uri``. If that is the case, you need to add it to
  660. the secrets file manually.
  661. OIDC_ID_TOKEN_COOKIE_SECURE
  662. ^^^^^^^^^^^^^^^^^^^^^^^^^^^
  663. When this is set to True, the cookie with OpenID Connect Token will only be
  664. returned to the server via ssl (https). If you connect to the server via plain
  665. http, the cookie will not be sent. This prevents sniffing of the cookie contents.
  666. This may be set to False when testing your application but should always
  667. be set to True in production.
  668. Defaults to: ``True`` for production with https, can be set to ``False`` for
  669. convenient development.
  670. OIDC_SCOPES
  671. ^^^^^^^^^^^
  672. List of `OpenID Connect scopes http://openid.net/specs/openid-connect-core-1_0.html#ScopeClaims`
  673. to request from identity provider.
  674. OIDC_PAGURE_EMAIL
  675. ^^^^^^^^^^^^^^^^^
  676. Name of key of user's email in userinfo JSON returned by identity provider.
  677. OIDC_PAGURE_FULLNAME
  678. ^^^^^^^^^^^^^^^^^^^^
  679. Name of key of user's full name in userinfo JSON returned by identity provider.
  680. OIDC_PAGURE_USERNAME
  681. ^^^^^^^^^^^^^^^^^^^^
  682. Name of key of user's preferred username in userinfo JSON returned by identity
  683. provider.
  684. OIDC_PAGURE_SSH_KEY
  685. ^^^^^^^^^^^^^^^^^^^
  686. Name of key of user's ssh key in userinfo JSON returned by identity provider.
  687. OIDC_PAGURE_GROUPS
  688. ^^^^^^^^^^^^^^^^^^
  689. Name of key of user's groups in userinfo JSON returned by identity provider.
  690. OIDC_PAGURE_USERNAME_FALLBACK
  691. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  692. This specifies fallback for getting username assuming ``OIDC_PAGURE_USERNAME``
  693. is empty - can be ``email`` (to use the part before ``@``) or ``sub``
  694. (IdP-specific user id, can be a nickname, email or a numeric ID
  695. depending on identity provider).
  696. IP_ALLOWED_INTERNAL
  697. ~~~~~~~~~~~~~~~~~~~
  698. This configuration key specifies which IP addresses are allowed
  699. to access the internal API endpoint. These endpoints are accessed by the
  700. milters for example and allow performing actions in the name of someone else
  701. which is sensitive, thus the origin of the request using
  702. these endpoints is validated.
  703. Defaults to: ``['127.0.0.1', 'localhost', '::1']``.
  704. MAX_CONTENT_LENGTH
  705. ~~~~~~~~~~~~~~~~~~
  706. This configuration key specifies the maximum file size allowed when
  707. uploading content to pagure (for example, screenshots to a ticket).
  708. Defaults to: ``4 * 1024 * 1024`` which corresponds to 4 megabytes.
  709. ENABLE_TICKETS
  710. ~~~~~~~~~~~~~~
  711. This configuration key activates or deactivates the ticketing system
  712. for all the projects hosted on this pagure instance.
  713. Defaults to: ``True``
  714. ENABLE_TICKETS_NAMESPACE
  715. ~~~~~~~~~~~~~~~~~~~~~~~~
  716. This configuration key can be used to restrict the namespace in which the ticketing
  717. system is enabled.
  718. So if your pagure instance has ``ENABLE_TICKETS`` as ``True`` and sets
  719. ``ENABLE_TICKETS_NAMESPACE`` to ``['tests', 'infra']`` only the projects opened
  720. in these two namespaces will have the ticketing system enabled. All the other
  721. namespaces will not.
  722. Defaults to: ``[]``
  723. ENABLE_DOCS
  724. ~~~~~~~~~~~
  725. This configuration key activates or deactivates creation of git repos
  726. for documentation for all the projects hosted on this pagure instance.
  727. Defaults to: ``True``
  728. ENABLE_NEW_PROJECTS
  729. ~~~~~~~~~~~~~~~~~~~
  730. This configuration key permits or forbids creation of new projects via
  731. the user interface and the API of this pagure instance.
  732. Defaults to: ``True``
  733. ENABLE_UI_NEW_PROJECTS
  734. ~~~~~~~~~~~~~~~~~~~~~~
  735. This configuration key permits or forbids creation of new projects via
  736. the user interface (only) of this pagure instance. It allows forbidding
  737. to create new project in the user interface while letting a set of trusted
  738. person to create projects via the API granted they have the API token with
  739. the corresponding ACL.
  740. Defaults to: ``True``
  741. RESTRICT_CREATE_BY_OIDC_GROUP
  742. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  743. This configuration key, when defined, only allows users that are a member of the group defined
  744. the ability to create new projects and groups.
  745. Defaults to: ``None``
  746. RESTRICT_CREATE_BY_OIDC_GROUP_COUNT
  747. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  748. This configuration key, when defined, only allows users that are a member of the group defined
  749. by RESTRICT_CREATE_BY_OIDC_GROUP and a member of at least the number of groups defined by this
  750. key the ability to create new projects.
  751. Defaults to: 0
  752. ENABLE_DEL_PROJECTS
  753. ~~~~~~~~~~~~~~~~~~~
  754. This configuration key permits or forbids deletion of projects via
  755. the user interface of this pagure instance.
  756. Defaults to: ``True``
  757. ENABLE_DEL_FORKS
  758. ~~~~~~~~~~~~~~~~
  759. This configuration key permits or forbids deletion of forks via
  760. the user interface of this pagure instance.
  761. Defaults to: ``ENABLE_DEL_PROJECTS``
  762. GIT_HOOK_DB_RO
  763. ~~~~~~~~~~~~~~
  764. This configuration key specifies if the git hook have a read-only (RO) access
  765. to the database or not.
  766. Some pagure deployment provide an actual shell account on the host and thus the
  767. git hook called upon git push are executed under that account. If the user
  768. manages to by-pass git and is able to access the configuration file, they could
  769. have access to "private" information. So in those deployments the git hooks
  770. have a specific configuration file with a database access that is read-only,
  771. making pagure behave differently in those situations.
  772. Defaults to: ``False``
  773. EMAIL_SEND
  774. ~~~~~~~~~~
  775. This configuration key enables or disables all email notifications for
  776. this pagure instance. This can be useful to turn off when developing on
  777. pagure, or for test or pre-production instances.
  778. Defaults to: ``False``.
  779. .. note::
  780. This does not disable emails to the email address set in ``EMAIL_ERROR``.
  781. FEDMSG_NOTIFICATIONS
  782. ~~~~~~~~~~~~~~~~~~~~
  783. This configuration key can be used to turn on or off notifications via `fedmsg
  784. <https://fedmsg.readthedocs.io/>`_.
  785. Defaults to: ``False``.
  786. FEDORA_MESSAGING_NOTIFICATIONS
  787. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  788. This configuration key can be used to turn on or off sending notifications via
  789. `fedora-messaging <https://fedora-messaging.readthedocs.io/en/stable/>`_.
  790. Defaults to: ``False``.
  791. ALWAYS_FEDMSG_ON_COMMITS
  792. ~~~~~~~~~~~~~~~~~~~~~~~~
  793. This configuration key can be used to enforce `fedmsg <https://fedmsg.readthedocs.io/>`_
  794. notifications on commits made on all projects in a pagure instance.
  795. Defaults to: ``True``.
  796. ALLOW_DELETE_BRANCH
  797. ~~~~~~~~~~~~~~~~~~~
  798. This configuration keys enables or disables allowing users to delete git
  799. branches from the user interface. In sensible pagure instance you may
  800. want to turn this off.
  801. Defaults to: ``True``.
  802. ALLOW_ADMIN_IGNORE_EXISTING_REPOS
  803. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  804. This enables a checkbox "Ignore existing repos" for admins when creating a new
  805. project. When this is checkbox is checked, existing repositories will not cause
  806. project creation to fail.
  807. This could be used to assume responsibility of existing repositories.
  808. Defaults to: ``False``.
  809. USERS_IGNORE_EXISTING_REPOS
  810. ~~~~~~~~~~~~~~~~~~~~~~~~~~~
  811. List of users who can al create a project while ignoring existing repositories.
  812. Defaults to: ``[]``.
  813. LOCAL_SSH_KEY
  814. ~~~~~~~~~~~~~
  815. This configuration key can be used to let pagure administrate the user's ssh keys
  816. or have a third party tool do it for you.
  817. In most cases, it will be fine to let pagure handle it.
  818. Defaults to ``True``.
  819. DEPLOY_KEY
  820. ~~~~~~~~~~
  821. This configuration key can be used to disable the deploy keys feature of an
  822. entire pagure instance. This feature enable to add extra public ssh keys
  823. that a third party could use to push to a project.
  824. Defaults to ``True``.
  825. OLD_VIEW_COMMIT_ENABLED
  826. ~~~~~~~~~~~~~~~~~~~~~~~
  827. In version 1.3, pagure changed its URL scheme to view the commit of a
  828. project in order to add support for pseudo-namespaced projects.
  829. For pagure instances older than 1.3, who care about backward compatibility,
  830. we added an endpoint ``view_commit_old`` that brings URL backward
  831. compatibility for URLs using the complete git hash (the 40 characters).
  832. For URLs using a shorter hash, the URLs will remain broken.
  833. This configuration key enables or disables this backward compatibility
  834. which is useful for pagure instances running since before 1.3 but is not
  835. for newer instances.
  836. Defaults to: ``False``.
  837. DISABLE_REMOTE_PR
  838. ~~~~~~~~~~~~~~~~~
  839. In some pagure deployments remote pull requests need to be disabled
  840. due to legal / policy reasons.
  841. Defaults to: ``False``.
  842. PAGURE_CI_SERVICES
  843. ~~~~~~~~~~~~~~~~~~
  844. Pagure can be configure to integrate results of a Continuous Integration (CI)
  845. service to pull-requests open against a project.
  846. To enable this integration, follow the documentation on how to install
  847. pagure-ci and set this configuration key to ``['jenkins']`` (Jenkins being
  848. the only CI service supported at the moment).
  849. Defaults to: ``None``.
  850. .. warning:: Requires `Redis` to be configured and running.
  851. INSTANCE_NAME
  852. ~~~~~~~~~~~~~
  853. This allows giving a name to this running instance of pagure. The name is
  854. then used in the welcome screen shown upon first login.
  855. Defaults to: ``Pagure``
  856. .. note: the welcome screen currently does not work with the `local`
  857. authentication.
  858. ADMIN_EMAIL
  859. ~~~~~~~~~~~
  860. This configuration key allows you to change the default administrator email
  861. which is displayed on the "about" page. It can also be used elsewhere.
  862. Defaults to: ``root@localhost.localdomain``
  863. USER_NAMESPACE
  864. ~~~~~~~~~~~~~~
  865. This configuration key can be used to enforce that project are namespaced under
  866. the user's username, behaving in this way in a similar fashion as github.com
  867. or gitlab.com.
  868. Defaults to: ``False``
  869. DOC_APP_URL
  870. ~~~~~~~~~~~
  871. This configuration key allows you to specify where the documentation server
  872. is running (preferably in a different domain name entirely).
  873. If not set, the documentation page will show an error message saying that
  874. this pagure instance does not have a documentation server.
  875. Defaults to: ``None``
  876. PRIVATE_PROJECTS
  877. ~~~~~~~~~~~~~~~~
  878. This configuration key allows you to host private repositories. These
  879. repositories are visible only to the creator of the repository and to the
  880. users who are given access to the repository. No information is leaked about the
  881. private repository which means redis doesn't have the access to the repository
  882. and even fedmsg doesn't get any notifications.
  883. Defaults to: ``True``
  884. EXCLUDE_GROUP_INDEX
  885. ~~~~~~~~~~~~~~~~~~~
  886. This configuration key can be used to hide project an user has access to via
  887. one of the groups listed in this key.
  888. The use-case is the following: the Fedora project is deploying pagure has a
  889. front-end for the git repos of the packages in the distribution, that means
  890. about 17,000 git repositories in pagure. The project has a group of people
  891. that have access to all of these repositories, so when viewing the user's
  892. page of one member of that group, instead of seeing all the project that
  893. this user works on, you can see all the projects hosted in that pagure
  894. instance. Using this configuration key, pagure will hide all the projects
  895. that this user has access to via the specified groups and thus return only
  896. the groups of forks of that users.
  897. Defaults to: ``[]``
  898. TRIGGER_CI
  899. ~~~~~~~~~~
  900. A run of pagure-ci can be manually triggered if some key sentences are added
  901. as comment to a pull-request, either manually or via the "Rerun CI" dropdown.
  902. This allows one to re-run a test that failed due to some network outage or other
  903. unexpected issues unrelated to the test suite.
  904. This configuration key can be used to define all the sentences that can be used
  905. to trigger this pagure-ci run. The format is following: ``{"<sentence>":
  906. {"name": "<name of the CI>", "description": "<short description>"}}``
  907. Sentences which have ``None`` as value won't show up in the "Rerun CI"
  908. dropdown. Additionally, it's possible to add a ``requires_project_hook_attr``
  909. key to the dict with data about a sentence. For example, having
  910. ``"requires_project_hook_attr": ("ci_hook", "active_pr", True)`` would make
  911. the "Rerun CI" dropdown have a button for this specific CI only if the
  912. project has ``ci_hook`` activated and its ``active_pr`` value is ``True``.
  913. In versions before 5.2, this was a list containing just the sentences.
  914. Defaults to: ``{"pretty please pagure-ci rebuild": {"name": "Default CI",
  915. "description": "Rerun default CI"}}``
  916. .. note:: The sentences defined in this configuration key should be lower
  917. case only!
  918. FLAG_STATUSES_LABELS
  919. ~~~~~~~~~~~~~~~~~~~~
  920. By default, Pagure has ``success``, ``failure``, ``error``, ``pending`` and
  921. ``canceled`` statuses of PR and commit flags. This setting allows you to
  922. define a custom mapping of statuses to their respective Bootstrap labels.
  923. FLAG_SUCCESS
  924. ~~~~~~~~~~~~
  925. Holds name of PR/commit flag that is considered a success.
  926. Defaults to: ``success``
  927. FLAG_FAILURE
  928. ~~~~~~~~~~~~
  929. Holds name of PR/commit flag that is considered a failure.
  930. Defaults to: ``failure``
  931. FLAG_PENDING
  932. ~~~~~~~~~~~~
  933. Holds name of PR/commit flag that is considered a pending state.
  934. Defaults to: ``pending``
  935. EXTERNAL_COMMITTER
  936. ~~~~~~~~~~~~~~~~~~
  937. The external committer feature is a way to allow members of groups defined
  938. outside pagure (and provided to pagure upon login by the authentication
  939. system) to be consider committers on pagure.
  940. This feature can give access to all the projects on the instance, all but
  941. some or just some.
  942. Defaults to: ``{}``
  943. To give access to all the projects to a group named ``fedora-altarch`` use
  944. a such a structure::
  945. EXTERNAL_COMMITTER = {
  946. 'fedora-altarch': {}
  947. }
  948. To give access to all the projects but one (named ``rpms/test``) to a group
  949. named ``provenpackager`` use a such a structure::
  950. EXTERNAL_COMMITTER = {
  951. 'fedora-altarch': {},
  952. 'provenpackager': {
  953. 'exclude': ['rpms/test']
  954. }
  955. }
  956. To give access to just some projects (named ``rpms/test`` and
  957. ``modules/test``) to a group named ``testers`` use a such a structure::
  958. EXTERNAL_COMMITTER = {
  959. 'fedora-altarch': {},
  960. 'provenpackager': {
  961. 'exclude': ['rpms/test']
  962. },
  963. 'testers': {
  964. 'restrict': ['rpms/test', 'modules/test']
  965. }
  966. }
  967. REQUIRED_GROUPS
  968. ~~~~~~~~~~~~~~~
  969. The required groups allows one to specify in which group an user must be to be
  970. added to a project with commit or admin access.
  971. Defaults to: ``{}``
  972. Example configuration::
  973. REQUIRED_GROUPS = {
  974. 'rpms/kernel': ['packager', 'kernel-team'],
  975. 'modules/*': ['module-packager', 'packager'],
  976. 'rpms/*': ['packager'],
  977. '*': ['contributor'],
  978. }
  979. With this configuration (evaluated in the provided order):
  980. * only users that are in the groups ``packager`` and ``kernel-team`` will be
  981. allowed to be added the ``rpms/kernel`` project (where ``rpms`` is the
  982. namespace and ``kernel`` the project name).
  983. * only users that are in the groups ``module-packager`` and ``packager``
  984. will be allowed to be added to projects in the ``modules`` namespace.
  985. * only users that are in the group ``packager`` will be allowed to be added
  986. to projects in the ``rpms`` namespace.
  987. * only users in the ``contributor`` group will be allowed to be added to
  988. any project on this pagure instance.
  989. GIT_GARBAGE_COLLECT
  990. ~~~~~~~~~~~~~~~~~~~
  991. This configuration key allows for explicit running of ``git gc --auto``
  992. after every operation that adds new objects to any git repository -
  993. that is after pushing and merging. The reason for having this functionality
  994. in Pagure is that gc is not guaranteed to be run by git after every
  995. object-adding operation.
  996. The garbage collection run by Pagure will respect git settings, so you
  997. can tweak ``gc.auto`` and ``gc.autoPackLimit`` to your liking
  998. and that will have immediate effect on the task that runs the garbage
  999. collection. These values can be configured system-wide in ``/etc/gitconfig``.
  1000. See https://git-scm.com/docs/git-gc#git-gc---auto for more details.
  1001. This is especially useful if repositories are stored on NFS (or similar
  1002. network storage), where file metadata access is expensive - having unpacked
  1003. objects in repositories requires *a lot* of metadata reads.
  1004. Defaults to: ``False``
  1005. CELERY_CONFIG
  1006. ~~~~~~~~~~~~~
  1007. This configuration key allows you to tweak the configuration of celery for
  1008. your needs.
  1009. See the documentation about `celery configuration
  1010. <http://docs.celeryproject.org/en/latest/userguide/configuration.html>`_ for
  1011. more information.
  1012. Defaults to: ``{}``
  1013. CASE_SENSITIVE
  1014. ~~~~~~~~~~~~~~
  1015. This configuration key can be used to make this pagure instance case sensitive
  1016. instead of its default: case-insensitive.
  1017. Defaults to: ``False``
  1018. PROJECT_NAME_REGEX
  1019. ~~~~~~~~~~~~~~~~~~
  1020. This configuration key can be used to customize the regular expression used to
  1021. validate new project name.
  1022. Defaults to: ``^[a-zA-z0-9_][a-zA-Z0-9-_]*$``
  1023. APPLICATION_ROOT
  1024. ~~~~~~~~~~~~~~~~
  1025. This configuration key is used in the path of the cookie used by pagure.
  1026. Defaults to: ``'/'``
  1027. ALLOWED_PREFIX
  1028. ~~~~~~~~~~~~~~
  1029. This configuration key can be used to specify a list of allowed namespaces that
  1030. will not require creating a group for users to create projects in.
  1031. Defaults to: ``[]``
  1032. ADMIN_SESSION_LIFETIME
  1033. ~~~~~~~~~~~~~~~~~~~~~~
  1034. This configuration key allows specifying the lifetime of the session during
  1035. which the user won't have to log in again for admin actions.
  1036. In other words, the maximum time between which an user can access a project's
  1037. settings page without a re-login.
  1038. Defaults to: ``timedelta(minutes=20)``
  1039. where timedelta comes from the python datetime module
  1040. BLACKLISTED_GROUPS
  1041. ~~~~~~~~~~~~~~~~~~
  1042. This configuration key can be used to blacklist some group names.
  1043. Defaults to: ``['forks', 'group']``
  1044. ENABLE_GROUP_MNGT
  1045. ~~~~~~~~~~~~~~~~~
  1046. This configuration key can be used to turn on or off managing (ie: creating a
  1047. group, adding or removing users in that group) groups in this pagure instance.
  1048. If turned off, groups and group members are to be managed outside of pagure
  1049. and synced upon login.
  1050. Defaults to: ``True``
  1051. ENABLE_USER_MNGT
  1052. ~~~~~~~~~~~~~~~~
  1053. This configuration key can be used to turn on or off managing users (adding or
  1054. removing them from a project) in this pagure instance.
  1055. If turned off, users are managed outside of pagure.
  1056. Defaults to: ``True``
  1057. ALLOW_USER_REGISTRATION
  1058. ~~~~~~~~~~~~~~~~~~~~~~~
  1059. This configuration key can be used to turn on or off user registration
  1060. (that is, the ability for users to create an account) in this pagure instance.
  1061. If turned off, user accounts cannot be created through the UI or API.
  1062. Currently, this key only applies to pagure instances configured with the ``local``
  1063. authentication backend and has no effect with the other authentication backends.
  1064. Defaults to: ``True``
  1065. SESSION_COOKIE_NAME
  1066. ~~~~~~~~~~~~~~~~~~~
  1067. This configuration key can be used to specify the name of the session cookie used
  1068. by pagure.
  1069. Defaults to: ``'pagure'``
  1070. SHOW_PROJECTS_INDEX
  1071. ~~~~~~~~~~~~~~~~~~~
  1072. This configuration key can be used to specify what is shown in the index page of
  1073. logged in users.
  1074. Defaults to: ``['repos', 'myrepos', 'myforks']``
  1075. EMAIL_ON_WATCHCOMMITS
  1076. ~~~~~~~~~~~~~~~~~~~~~
  1077. By default pagure sends an email to every one watch commits on a project when a
  1078. commit is made.
  1079. However some pagure instances may be using a different notification mechanism on
  1080. commits and thus may not want this feature to double the notifications received.
  1081. This configuration key can be used to turn on or off email being sent to people
  1082. watching commits on a project upon commits.
  1083. Defaults to: ``True``
  1084. ALLOW_HTTP_PULL_PUSH
  1085. ~~~~~~~~~~~~~~~~~~~~
  1086. This configuration key controls whether any HTTP access to repositories is provided
  1087. via the support for that that's embedded in Pagure.
  1088. This provides HTTP pull access via <pagureurl>/<reponame>.git if nothing else
  1089. serves this URL.
  1090. Defaults to: ``True``
  1091. ALLOW_HTTP_PUSH
  1092. ~~~~~~~~~~~~~~~
  1093. This configuration key controls whether pushing is possible via the HTTP interface.
  1094. This is disabled by default, as it requires setting up an authentication mechanism
  1095. on the webserver that sets REMOTE_USER.
  1096. Defaults to: ``False``
  1097. MIRROR_SSHKEYS_FOLDER
  1098. ~~~~~~~~~~~~~~~~~~~~~
  1099. This configuration key specificies where pagure should store the ssh keys
  1100. generated for the mirroring feature. This folder should be properly backed up
  1101. and kept secure.
  1102. Defaults to: ``/var/lib/pagure/sshkeys/``
  1103. LOG_ALL_COMMITS
  1104. ~~~~~~~~~~~~~~~
  1105. This configuration key will make pagure log all commits pushed to all
  1106. branches of all repositories instead of logging only the once that are
  1107. pushed to the default branch.
  1108. Defaults to: ``False``
  1109. DISABLE_MIRROR_IN
  1110. ~~~~~~~~~~~~~~~~~
  1111. This configuration key allows a pagure instance to not support mirroring in
  1112. projects (from third party git server).
  1113. Defaults to: ``False``
  1114. SYNTAX_ALIAS_OVERRIDES
  1115. ~~~~~~~~~~~~~~~~~~~~~~
  1116. This configuration key can be used to force highlight.js to use a certain logic
  1117. on certain files based on their extensions.
  1118. It should be a dictionary containing the file extensions as keys and
  1119. the highlighting language/category to use as values.
  1120. Defaults to: ``{".spec": "specfile", ".patch": "diff"}``
  1121. ALLOW_API_UPDATE_GIT_TAGS
  1122. ~~~~~~~~~~~~~~~~~~~~~~~~~
  1123. This configuration key determines whether users are allowed to update
  1124. existing git tags via the API.
  1125. When set to ``False``, this essentially makes the API ignore whether the
  1126. ``force`` argument is set or not.
  1127. Defaults to: ``True``
  1128. PAGURE_PLUGINS_CONFIG
  1129. ~~~~~~~~~~~~~~~~~~~~~~
  1130. This option can be used to specify the configuration file used for loading
  1131. plugins. It is not set by default, instead if must be declared explicitly.
  1132. Also see the documentation on plugins at :ref:`plugins`.
  1133. GIT_DEFAULT_BRANCH
  1134. ~~~~~~~~~~~~~~~~~~
  1135. This configuration key allows to specify the default branch configured upon
  1136. project creation. The default branch can be specified by the user upon project
  1137. creation but if the user does not specify any branch, this branch name will be
  1138. used.
  1139. Defaults to: ``None`` (which results in the default branch being ``master``).
  1140. PR_WARN_CHARACTERS
  1141. ~~~~~~~~~~~~~~~~~~
  1142. List of characters that triggers a warning to the users when met in a commit of
  1143. a pull-request (each commit being made checked).
  1144. Defaults to:
  1145. ::
  1146. set([
  1147. chr(0x202a), chr(0x202b), chr(0x202c), chr(0x202d), chr(0x202e),
  1148. chr(0x2066), chr(0x2067), chr(0x2068), chr(0x2069)
  1149. ])
  1150. SSH_KEYS_USERNAME_LOOKUP
  1151. ~~~~~~~~~~~~~~~~~~~~~~~~
  1152. This configuration key is used by the keyhelper script to indicate that the
  1153. git username should be used and looked up. Use this if the username that is sent
  1154. to ssh is specific for a unique Pagure user (i.e. not using a single "git@" user
  1155. for all git operations).
  1156. SSH_KEYS_USERNAME_FORBIDDEN
  1157. ~~~~~~~~~~~~~~~~~~~~~~~~~~~
  1158. A list of usernames that are exempted from being verified via the keyhelper.
  1159. SSH_KEYS_USERNAME_EXPECT
  1160. ~~~~~~~~~~~~~~~~~~~~~~~~
  1161. This configuration key should contain the username that is used for git if a single
  1162. SSH user is used for all git ssh traffic (i.e. "git").
  1163. SSH_KEYS_OPTIONS
  1164. ~~~~~~~~~~~~~~~~
  1165. This configuration key provides the options added to keys as they are returned
  1166. to sshd, in the same format as AuthorizedKeysFile
  1167. (see "AUTHORIZED_KEYS FILE FORMAT" in sshd(8)).
  1168. SSH_ADMIN_TOKEN
  1169. ~~~~~~~~~~~~~~~
  1170. If not set to ``None``, ``aclchecker`` and ``keyhelper`` will use this api
  1171. admin token to get authorized to internal endpoints that they use. The token
  1172. must have the ``internal_access`` ACL.
  1173. This is useful when the IP address of sshd service is not predictable
  1174. (e.g. because of running in a distributed cloud environment) and so
  1175. it's not possible to use the ``IP_ALLOWED_INTERNAL`` address list.
  1176. Defaults to: ``None``
  1177. SSH_COMMAND
  1178. ~~~~~~~~~~~
  1179. The command to run when aclchecker is in use.
  1180. MQTT Options
  1181. ------------
  1182. If approprietly configured pagure supports sending messages to an MQTT
  1183. message queue.
  1184. Here below are the different configuration options to make it so.
  1185. MQTT_NOTIFICATIONS
  1186. ~~~~~~~~~~~~~~~~~~
  1187. Global configuration key to turn on or off the code to send notifications
  1188. to an MQTT message queue.
  1189. Defaults to: ``False``
  1190. MQTT_HOST
  1191. ~~~~~~~~~
  1192. Host name of the MQTT server to send the MQTT notifications to.
  1193. Defaults to: ``None``
  1194. MQTT_PORT
  1195. ~~~~~~~~~
  1196. Port of the MQTT server to use to send the MQTT notifications to.
  1197. Defaults to: ``None``
  1198. MQTT_USERNAME
  1199. ~~~~~~~~~~~~~
  1200. Username to authenticate to the MQTT server as.
  1201. Defaults to: ``None``
  1202. MQTT_PASSWORD
  1203. ~~~~~~~~~~~~~
  1204. Password to authenticate to the MQTT server with.
  1205. Defaults to: ``None``
  1206. MQTT_CA_CERTS
  1207. ~~~~~~~~~~~~~
  1208. When using SSL-based authentication to the MQTT server, use this
  1209. configuration key to point to the CA cert to use.
  1210. Defaults to: ``None``
  1211. MQTT_CERTFILE
  1212. ~~~~~~~~~~~~~
  1213. When using SSL-based authentication to the MQTT server, use this
  1214. configuration key to point to the cert file to use.
  1215. Defaults to: ``None``
  1216. MQTT_KEYFILE
  1217. ~~~~~~~~~~~~~
  1218. When using SSL-based authentication to the MQTT server, use this
  1219. configuration key to point to the key file to use.
  1220. Defaults to: ``None``
  1221. MQTT_CERT_REQS
  1222. ~~~~~~~~~~~~~~
  1223. When using SSL-based authentication to the MQTT server, use this
  1224. configuration key to specify if the CERT is required.
  1225. Defaults to: ``ssl.CERT_REQUIRED`` (from python's ssl library)
  1226. MQTT_TLS_VERSION
  1227. ~~~~~~~~~~~~~~~~
  1228. When using SSL-based authentication to the MQTT server, use this
  1229. configuration key to specify the TLS protocols to support/use.
  1230. Defaults to: ``ssl.PROTOCOL_TLSv1_2`` (from python's ssl library)
  1231. MQTT_CIPHERS
  1232. ~~~~~~~~~~~~
  1233. When using SSL-based authentication to the MQTT server, use this
  1234. configuration key to specify the ciphers.
  1235. Defaults to: ``None``
  1236. MQTT_TOPIC_PREFIX
  1237. ~~~~~~~~~~~~~~~~~
  1238. This configuration key can be used to specify a prefix to the mqtt messages sent.
  1239. This prefix will be added to the topic used by pagure thus allowing the mqtt
  1240. admins to specify a parent topic for all pagure-related messages.
  1241. Defaults to: ``None``
  1242. ALWAYS_MQTT_ON_COMMITS
  1243. ~~~~~~~~~~~~~~~~~~~~~~
  1244. This configuration key can be used to enforce `mqtt <https://mqtt.org/>`_
  1245. notifications on commits made on all projects in a pagure instance.
  1246. Defaults to: ``False``.
  1247. NOGITHOOKS
  1248. ~~~~~~~~~~
  1249. This configuration key should not be touched. It is used in the test suite as a
  1250. way to prevent all the git hooks from running (which includes checking if the
  1251. user is allowed to push). Using this mechanism we are able to check some
  1252. behavior in the test suite that in a deployed pagure instance are happening in
  1253. a different process.
  1254. **Do not change this option in production**
  1255. Defaults to: ``None``.
  1256. Deprecated configuration keys
  1257. -----------------------------
  1258. FORK_FOLDER
  1259. ~~~~~~~~~~~
  1260. This configuration key used to be use to specify the folder where the forks
  1261. are placed. Since the release 2.0 of pagure, it has been deprecated, forks
  1262. are now automatically placed in a sub-folder of the folder containing the
  1263. mains git repositories (ie ``GIT_FOLDER``).
  1264. See the ``UPGRADING.rst`` file for more information about this change and
  1265. how to handle it.
  1266. UPLOAD_FOLDER
  1267. ~~~~~~~~~~~~~
  1268. This configuration key used to be use to specify where the uploaded releases
  1269. are available. It has been replaced by `UPLOAD_FOLDER_PATH` in the release
  1270. 2.10 of pagure.
  1271. DOCS_FOLDER, REQUESTS_FOLDER, TICKETS_FOLDER
  1272. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  1273. These configuration values were removed. These must have
  1274. fixed paths relative to `GIT_FOLDER`. Specifically, they
  1275. must occupy subdirectories `docs`, `requests` and `tickets` under `GIT_FOLDER`.
  1276. They are now computed automatically based on value of `GIT_FOLDER`.
  1277. Usage of docs and tickets can be triggered by setting `ENABLE_DOCS` and
  1278. `ENABLE_TICKETS` to `True` (this is the default).
  1279. FILE_SIZE_HIGHLIGHT
  1280. ~~~~~~~~~~~~~~~~~~~
  1281. This configuration key can be used to specify the maximum number of characters a file
  1282. or diff should have to have syntax highlighting. Everything above this limit
  1283. will not have syntax highlighting as this is a memory intensive procedure that
  1284. easily leads to out of memory error on large files or diff.
  1285. Defaults to: ``5000``
  1286. BOOTSTRAP_URLS_CSS
  1287. ~~~~~~~~~~~~~~~~~~
  1288. This configuration key can be used to specify the URL where are hosted the bootstrap
  1289. CSS file since the files hosted on apps.fedoraproject.org used in pagure.io
  1290. are not restricted in browser access.
  1291. Defaults to: ``'https://apps.fedoraproject.org/global/fedora-bootstrap-1.1.1/fedora-bootstrap.css'``
  1292. This has been deprecated by the new way of theming pagure, see the `theming
  1293. documentation <https://docs.pagure.org/pagure/usage/theming.html>`_
  1294. BOOTSTRAP_URLS_JS
  1295. ~~~~~~~~~~~~~~~~~
  1296. This configuration key can be used to specify the URL where are hosted the bootstrap
  1297. JS file since the files hosted on apps.fedoraproject.org used in pagure.io
  1298. are not restricted in browser access.
  1299. Defaults to: ``'https://apps.fedoraproject.org/global/fedora-bootstrap-1.1.1/fedora-bootstrap.js'``
  1300. This has been deprecated by the new way of theming pagure, see the `theming
  1301. documentation <https://docs.pagure.org/pagure/usage/theming.html>`_
  1302. HTML_TITLE
  1303. ~~~~~~~~~~
  1304. This configuration key allows you to customize the HTML title of all the
  1305. pages, from ``... - pagure`` (default) to ``... - <your value>``.
  1306. Defaults to: ``Pagure``
  1307. This has been deprecated by the new way of theming pagure, see the `theming
  1308. documentation <https://docs.pagure.org/pagure/usage/theming.html>`_
  1309. PAGURE_PLUGIN
  1310. ~~~~~~~~~~~~~
  1311. This configuration key allows to specify the path to the plugins configuration
  1312. file. It is set as an environment variable. It has been replaced by
  1313. PAGURE_PLUGINS_CONFIG. The new variable does not modify the behavior of the old
  1314. variable, however unlike PAGURE_PLUGIN it can be set in the main Pagure
  1315. configuration.