Infrastructure/ansible
1
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions
ansible/roles/distgit/pagure/templates/pagure.cfg
Pierre-Yves Chibon 850d3dc4b6 distgit/pagure: Add the tag_project ACL 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
2020-04-24 21:34:28 +02:00

304 lines
9.8 KiB
INI
Raw Blame History

from datetime import timedelta
import os
os.umask(0o002)
### Set the time after which the admin session expires
# There are two sessions on pagure, login that holds for 31 days and
# the session defined here after which an user has to re-login.
# This session is used when accessing all administrative parts of pagure
# (ie: changing a project's or a user's settings)
ADMIN_SESSION_LIFETIME = timedelta(minutes=20)
### Secret key for the Flask application
SECRET_KEY='{{ distgit_pagure_secret_key }}'
SALT_EMAIL='{{ distgit_pagure_secret_salt_email }}'
{% if env == 'staging' %}
EMAIL_SEND = False
{% else %}
EMAIL_SEND = True
{% endif %}
# This is required so that login specifies https
PREFERRED_URL_SCHEME='https'
### url to the database server:
#DB_URL=mysql://user:pass@host/db_name
#DB_URL=postgres://user:pass@host/db_name
DB_URL = 'postgresql://{{ distgit_pagure_db_user }}:{{ distgit_pagure_db_pass }}@{{ distgit_pagure_db_host }}/{{ distgit_pagure_db_name }}'
### FAS groups of pagure admins
ADMIN_GROUP = ['cvsadmin', 'sysadmin-main']
# The publicly visible admin email address
ADMIN_EMAIL = 'admin@fedoraproject.org'
### The email address to which the flask.log will send the errors (tracebacks)
EMAIL_ERROR = 'pingou@pingoured.fr'
### Default SMTP server to use for sending emails
SMTP_SERVER = 'bastion'
### Email used to sent emails
{% if env == 'staging' %}
FROM_EMAIL = 'pagure@pkgs.stg.fedoraproject.org'
DOMAIN_EMAIL_NOTIFICATIONS = 'src.stg.fedoraproject.org'
{% else %}
FROM_EMAIL = 'pagure@pkgs.fedoraproject.org'
DOMAIN_EMAIL_NOTIFICATIONS = 'src.fedoraproject.org'
{% endif %}
### Datagrepper info for the user profile
{% if env == 'staging' %}
DATAGREPPER_URL = 'https://apps.stg.fedoraproject.org/datagrepper'
{% else %}
DATAGREPPER_URL = 'https://apps.fedoraproject.org/datagrepper'
{% endif %}
DATAGREPPER_CATEGORY = 'pagure'
### The URL to use to clone git repositories.
{% if env == 'staging' %}
GIT_URL_SSH = 'ssh://{username}@pkgs.stg.fedoraproject.org/'
GIT_URL_GIT = 'https://src.stg.fedoraproject.org/'
{% else %}
GIT_URL_SSH = 'ssh://{username}@pkgs.fedoraproject.org/'
GIT_URL_GIT = 'https://src.fedoraproject.org/'
{% endif %}
### The IP addresses allowed for the internal endpoints
{% if env == 'staging' %}
IP_ALLOWED_INTERNAL = ['127.0.0.1', 'localhost', '::1', '10.5.128.177']
{% else %}
IP_ALLOWED_INTERNAL = ['127.0.0.1', 'localhost', '::1', '10.5.126.51', '10.5.126.52']
{% endif %}
# Redis configuration
{% if env == 'staging' %}
#EVENTSOURCE_SOURCE = 'https://src.stg.fedoraproject.org:8088'
{% else %}
#EVENTSOURCE_SOURCE = 'https://src.stg.fedoraproject.org:8088'
{% endif %}
# Optional configuration
### Number of items displayed per page
# Used when listing items
ITEM_PER_PAGE = 48
### Maximum size of the uploaded content
# Used to limit the size of file attached to a ticket for example
MAX_CONTENT_LENGTH = 2 * 1024 * 1024 # 2 megabytes
### Lenght for short commits ids or file hex
SHORT_LENGTH = 6
# Authentication related configuration option
### Switch the authentication method
# Specify which authentication method to use, defaults to `fas` can be or
# `local`
# Default: ``fas``.
PAGURE_AUTH = 'fas'
# When this is set to True, the session cookie will only be returned to the
# server via ssl (https). If you connect to the server via plain http, the
# cookie will not be sent. This prevents sniffing of the cookie contents.
# This may be set to False when testing your application but should always
# be set to True in production.
# Default: ``True``.
SESSION_COOKIE_SECURE = True
# The name of the cookie used to store the session id.
# Default: ``.pagure``.
SESSION_COOKIE_NAME = 'disgit_pagure'
# Boolean specifying wether to check the user's IP address when retrieving
# its session. This make things more secure (thus is on by default) but
# under certain setup it might not work (for example is there are proxies
# in front of the application).
CHECK_SESSION_IP = True
# Used by SESSION_COOKIE_PATH
APPLICATION_ROOT = '/'
# Set the SSH certs/keys
{% if env == 'staging' %}
SSH_KEYS = {
'RSA': {
'fingerprint': '2048 ce:e8:a7:2b:7a:6a:9c:6f:f0:e7:ab:bb:a0:c4:f3:f2 (RSA)',
'pubkey': 'pkgs.stg.fedoraproject.org ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7kE4Zst3uYFPdoJN341v+annUShkcu+ODT93JX95OfOwbqQP3ZeCG3Nl1+mHOcRg8mRqxmf8FadzjSVoGKf8rWdAQA4vawS8b98XyHp7oCIS6Ydv+wVtFy1ecGHn9yEvuiVLU6G2nn9LJ5rVbNa/dtLUZp9VA+zxQo/wmVGON/XdH9i3pGzCzQb+aRr2xW0uEGJAnLQd04URi7skpsX9EhZcc/aPgrOH5A/jacECN1c/6bS/J+ReNoohqaoj0JZB+4sPX71YoaMOgEZz7z9o7qmKQhSC6iH08nLY53kcy+geSMoFxbokFupnrvof5Ck5MHIYucPnuj7EUrB2srAyD',
'SHA256': 'SHA256:+WoPGFGoQqGMYdT4wc4T8XFr2ounR4dHNfdmNEI9Dfo',
}
}
{% else %}
SSH_KEYS = {
'RSA': {
'fingerprint': '2048 fe:2e:6a:86:f3:41:e7:03:95:ea:9c:7f:75:9c:ce:9d (RSA)',
'pubkey': 'pkgs.fedoraproject.org ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAnhQyqu6oY5g01SOEbtrgrlCk3/eoLVZl2oh6c+Xq2oJg5ppPCtvmdWgU9rEltS+jgAYTH3LG4lGd02boMk8mmV5QvzGGRA9HmN991Phm7y4EN5r84A0gibf2O5QzhU2IMBQuOkEMwqZC+wc7pGGFJeXQjzBAVidjacxXtVJyfFOhAIYoHerIYq3VbJrTzEGkHmcJ8o3ZnP8Mt35aBESNsHdIaCOpvZzK1NVHdUHwRGcXIjG6t06mNVG4DVbdpB6xmMbAD5bemPoPVG0oYVs9wmhSHC0LmOZbvv8CDO2Z0DJ8q25FwVlTjo1Eq2A8VJc4LnHTDHZbtDZiKGTo/UMvvQ==',
'SHA256': 'SHA256:Q12OTyTeOHWlS54dTzy2BNu7wB8UKNf18+7WHIDsORc',
}
}
{% endif %}
from pagure.mail_logging import ContextInjector, MSG_FORMAT
LOGGING = {
'version': 1,
'disable_existing_loggers': False,
'formatters': {
'standard': {
'format': '%(asctime)s [%(levelname)s] %(name)s: %(message)s'
},
'email_format': {
'format': MSG_FORMAT
}
},
'filters': {
'myfilter': {
'()': ContextInjector,
}
},
'handlers': {
'console': {
'formatter': 'standard',
'class': 'logging.StreamHandler',
'stream': 'ext://sys.stdout',
},
'email': {
'level': 'ERROR',
'formatter': 'email_format',
'class': 'logging.handlers.SMTPHandler',
'mailhost': 'bastion',
'fromaddr': 'pagure@src.fedoraproject.org',
'toaddrs': 'pingou@pingoured.fr',
'subject': 'ERROR on pagure - dist-git',
'filters': ['myfilter'],
},
},
# The root logger configuration; this is a catch-all configuration
# that applies to all log messages not handled by a different logger
'root': {
'level': 'INFO',
'handlers': ['console', 'email'],
},
'loggers': {
'pagure': {
'handlers': ['console'],
'level': 'DEBUG',
'propagate': True
},
'flask': {
'handlers': ['console'],
'level': 'INFO',
'propagate': False
},
'sqlalchemy': {
'handlers': ['console'],
'level': 'WARN',
'propagate': False
},
'binaryornot': {
'handlers': ['console'],
'level': 'WARN',
'propagate': True
},
'pagure.lib.encoding_utils': {
'handlers': ['console'],
'level': 'WARN',
'propagate': False
},
}
}
# Configuration item that are specific for this odd pagure instance
ENABLE_UI_NEW_PROJECTS = False
ALLOWED_PREFIX = ['rpms', 'modules', 'flatpaks', 'container', 'tests']
EXCLUDE_GROUP_INDEX = ['packager']
PRIVATE_PROJECTS = False
PR_TARGET_MATCHING_BRANCH = True
ACLS = {
'create_branch': 'Create a git branch on a project',
'create_project': 'Create a new project',
'fork_project': 'Fork a project',
'pull_request_create': 'Open a new pull-request',
'pull_request_close': 'Close a pull-request of this project',
'pull_request_comment': 'Comment on a pull-request of this project',
'pull_request_flag': 'Flag a pull-request of this project',
'pull_request_merge': 'Merge a pull-request of this project',
'modify_project': 'Modify an existing project',
'generate_acls_project': 'Generate the Gitolite ACLs on a project',
'commit_flag': 'Flag a commit',
"update_watch_status": "Update the watch status on a project",
"tag_project": "Allows adding git tags to a project",
}
REQUIRED_GROUPS = {
'container/*': ['packager'],
'flatpaks/*': ['packager'],
'modules/*': ['packager'],
'rpms/*': ['packager'],
}
{% if env == 'staging' %}
RESULTSDB_URL = 'https://taskotron.stg.fedoraproject.org/resultsdb_api/'
FAS_URL = 'https://admin.stg.fedoraproject.org/accounts'
FAS_OPENID_ENDPOINT = 'https://id.stg.fedoraproject.org/openid/'
{% else %}
RESULTSDB_URL = 'https://taskotron.fedoraproject.org/resultsdb_api/'
FAS_URL = 'https://admin.fedoraproject.org/accounts'
{% endif %}
THEME_TEMPLATE_FOLDER = '/usr/share/pagure_dist_git/template/'
THEME = 'srcfpo'
USER_ACLS = [
'fork_project',
'pull_request_create',
'pull_request_close',
'pull_request_comment',
'pull_request_flag',
'pull_request_merge',
'modify_project',
'update_watch_status',
]
CROSS_PROJECT_ACLS = [
'fork_project',
'modify_project',
'pull_request_create',
'pull_request_comment',
'pull_request_merge',
'pull_request_flag',
'update_watch_status',
]
ADMIN_API_ACLS = [
'pull_request_flag',
'pull_request_comment',
'pull_request_merge',
'create_project',
'modify_project',
'generate_acls_project',
'commit_flag',
'create_branch',
'tag_project',
]
PROJECT_NAME_REGEX = '^[a-zA-z0-9_][a-zA-Z0-9-_\.+]*$'
HTTP_REPO_ACCESS_GITOLITE = None
CSP_HEADERS = (
"default-src 'self'; "
"script-src 'self' '{nonce_script}' https://apps.fedoraproject.org https://mdapi.fedoraproject.org; "
"style-src 'self' '{nonce_style}'; "
"object-src 'none'; "
"base-uri 'self'; "
"img-src 'self' https:; "
"connect-src 'self' https://pdc.fedoraproject.org https://apps.fedoraproject.org https://mdapi.fedoraproject.org;"
)
{% include "pagure_shared.cfg" %}
Reference in a new issue View git blame Copy permalink