aboutsummaryrefslogtreecommitdiffstats
path: root/roles/srht/templates/config.ini.j2
blob: 26e167af3b83370089d910d127b5ed6a4ffcf9a4 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279

# srht ~~ /etc/sr.ht/config.ini
# managed by Ansible

[sr.ht]
#
# The name of your network of sr.ht-based sites
site-name=hacker's hut
#
# The top-level info page for your site
site-info=http://{{ global.domain_name }}
#
#
site-blurb=hack the planet!
#
# If this != production, we add a banner to each page
environment=development
#
# Contact information for the site owners
owner-name={{ global.domain_name }}
owner-email=support@{{ global.domain_name }}
#
# The source code for your fork of sr.ht
source-url=https://git.sr.ht/~sircmpwn/srht
#
# Link to your instance's privacy policy. Uses the sr.ht privacy policy as the
# default, which describes the information collected by the upstream SourceHut
# code.
privacy-policy=
#
# A key used for encrypting session cookies. Use `srht-keygen service` to
# generate the service key. This must be shared between each node of the same
# service (e.g. git1.sr.ht and git2.sr.ht), but different services may use
# different keys. If you configure all of your services with the same
# config.ini, you may use the same service-key for all of them.
service-key={{ srht_key_service.stdout_lines[0] }}
#
# A secret key to encrypt internal messages with. Use `srht-keygen network` to
# generate this key. It must be consistent between all services and nodes.
network-key={{ srht_key_network.stdout_lines[0] }}
#
# The redis host URL. This is used for caching and temporary storage, and must
# be shared between nodes (e.g. git1.sr.ht and git2.sr.ht), but need not be
# shared between services. It may be shared between services, however, with no
# ill effect, if this better suits your infrastructure.
redis-host=

[objects]
#
# Configure S3-compatible object storage for services. Optional.
#
# Minio is recommended as a FOSS solution over AWS: https://min.io
s3-upstream=
s3-access-key=
s3-secret-key=

[mail]
#
# Outgoing SMTP settings
smtp-host=
smtp-port=
smtp-user=
smtp-password=
smtp-from=
#
# Application exceptions are emailed to this address
error-to=
error-from=
#
# You should generate a PGP key to allow users to authenticate emails received
# from your services. Use `gpg --edit-key [key id]` to remove the password from
# your private key, then export it to a file and set pgp-privkey to the path to
# that file. pgp-pubkey should be set to the path to your public key, and
# pgp-key-id should be set to the key ID string. Outgoing emails are signed with
# this PGP key.
pgp-privkey=
pgp-pubkey=
pgp-key-id=

[webhooks]
#
# base64-encoded Ed25519 key for signing webhook payloads. This should be
# consistent between all services.
#
# Use the `srht-keygen webhook` command to generate this key. Put the private
# key here and distribute the public key to anyone who would want to verify
# webhook payloads from your service.
private-key={{ srht_key_webhook.stdout_lines[0] }}
#public-key={{ srht_key_webhook.stdout_lines[1] }}

[meta.sr.ht]
# 
# URL meta.sr.ht is being served at (protocol://domain)
#origin=http://meta.git.{{ global.domain_name }}
origin=http://192.168.5.61:81
#
# Address and port to bind the debug server to
debug-host=0.0.0.0
debug-port=5000
#
# Configures the SQLAlchemy connection string for the database.
connection-string=postgresql://postgres@localhost/meta.sr.ht?sslmode=disable
#
# Set to "yes" to automatically run migrations on package upgrade.
migrate-on-upgrade=yes
#
# The redis connection used for the webhooks worker
webhooks=redis://localhost:6379/1
#
# If "yes", the user will be sent the stock sourcehut welcome emails after
# signup (requires cron to be configured properly). These are specific to the
# sr.ht instance so you probably want to patch these before enabling this.
welcome-emails=no

[meta.sr.ht::api]
#
# Maximum complexity of GraphQL queries. The higher this number, the more work
# that API clients can burden the API backend with. Complexity is equal to the
# number of discrete fields which would be returned to the user. 200 is a good
# default.
max-complexity=200

#
# The maximum time the API backend will spend processing a single API request.
#
# See https://golang.org/pkg/time/#ParseDuration
max-duration=3s

#
# Set of IP subnets which are permitted to utilize internal API
# authentication. This should be limited to the subnets from which your
# *.sr.ht services are running.
#
# Comma-separated, CIDR notation.
internal-ipnet=127.0.0.0/8,::1/128,192.168.0.0/16,10.0.0.0/8

[meta.sr.ht::settings]
# 
# If "no", public registration will not be permitted.
registration=no
#
# Where to redirect new users upon registration
onboarding-redirect=http://example.org
#
# How many invites each user is issued upon registration (only applicable if
# open registration is disabled)
user-invites=5

[meta.sr.ht::aliases]
#
# You can add aliases for the client IDs of commonly used OAuth clients here.
#
# Example:
# git.sr.ht=12345

[meta.sr.ht::billing]
#
# "yes" to enable the billing system
enabled=no
#
# Get your keys at https://dashboard.stripe.com/account/apikeys
stripe-public-key=
stripe-secret-key=

[meta.sr.ht::auth]
#
# What authentication method to use.
#   builtin:  use sr.ht builtin authentication
#   unix-pam: use Unix PAM authentication
auth-method=builtin

[meta.sr.ht::auth::unix-pam]
#
# The default email domain to assign to newly created users when they first log
# in.
# User's email will be set to <username>@<email-default-domain>
email-default-domain=srht.{{ global.domain_name }}
#
# The PAM service to use for logging in.
#service=sshd
#
# Whether to automatically create new users when authentication succeeds but the
# user is not in the database.
create-users=yes
#
# The UNIX group users need to belong to to have access to sourcehut.
# If set,
# only users belonging to this group will be able to log into the site.
# If unset, any user on the system is able to log in if PAM authentication
# succeeds.
user-group=
#
# The UNIX group users need to belong to to have administrator permissions.
# If set, administrator status on the site will be synced with group
# association. Additionally, any user of this group will also be able to access
# sourcehut even if they are not in the group specified in user-group.
# If unset, administrator status can be manually assigned from the web
# interface.
#admin-group={{ group_root }}
admin-group=

[git.sr.ht]
#
# URL git.sr.ht is being served at (protocol://domain)
#origin=http://git.{{ global.domain_name }}
origin=http://192.168.5.61:82
#
# Address and port to bind the debug server to
debug-host=0.0.0.0
debug-port=5001
#
# Configures the SQLAlchemy connection string for the database.
connection-string=postgresql://postgres@localhost/git.sr.ht?sslmode=disable
#
# Set to "yes" to automatically run migrations on package upgrade.
migrate-on-upgrade=yes
#
# The redis connection used for the webhooks worker
webhooks=redis://localhost:6379/1
#
# A post-update script which is installed in every git repo.
post-update-script=/usr/bin/gitsrht-update-hook
#
# git.sr.ht's OAuth client ID and secret for meta.sr.ht
# Register your client at meta.example.org/oauth
oauth-client-id=CHANGEME
oauth-client-secret=CHANGEME
#
# Path to git repositories on disk
repos=/var/lib/git/
#
# Configure the S3 bucket and prefix for object storage. Leave empty to disable
# object storage. Bucket is required to enable object storage; prefix is
# optional.
s3-bucket=
s3-prefix=
#
# Required for preparing and sending patchsets from git.sr.ht
outgoing-domain=

[git.sr.ht::api]
#
# Maximum complexity of GraphQL queries. The higher this number, the more work
# that API clients can burden the API backend with. Complexity is equal to the
# number of discrete fields which would be returned to the user. 200 is a good
# default.
max-complexity=200

#
# The maximum time the API backend will spend processing a single API request.
#
# See https://golang.org/pkg/time/#ParseDuration
max-duration=3s

#
# Set of IP subnets which are permitted to utilize internal API
# authentication. This should be limited to the subnets from which your
# *.sr.ht services are running.
#
# Comma-separated, CIDR notation.
internal-ipnet=127.0.0.0/8,::1/128,192.168.0.0/16,10.0.0.0/8

[git.sr.ht::dispatch]
#
# The authorized keys hook uses this to dispatch to various handlers
# The format is a program to exec into as the key, and the user to match as the
# value. When someone tries to log in as this user, this program is executed
# and is expected to omit an AuthorizedKeys file.
#
# Uncomment the relevant lines to enable the various sr.ht dispatchers.
/usr/bin/gitsrht-keys=git:git
#/usr/bin/buildsrht-keys=builds:builds

[hub.sr.ht]
#origin=http://git.{{ global.domain_name }}
origin=http://192.168.5.61:80
oauth-client-id=CHANGEME
oauth-client-secret=CHANGEME
connection-string=postgresql://postgres@localhost/hub.sr.ht?sslmode=disable
remember that computers suck.