224 lines
6.6 KiB
INI
224 lines
6.6 KiB
INI
[sr.ht]
|
|
#
|
|
# The name of your network of sr.ht-based sites
|
|
site-name=sourcehut
|
|
#
|
|
# The top-level info page for your site
|
|
site-info=https://sourcehut.org
|
|
#
|
|
# {{ site-name }}, {{ site-blurb }}
|
|
site-blurb=the hacker's forge
|
|
#
|
|
# If this != production, we add a banner to each page
|
|
environment=development
|
|
#
|
|
# Contact information for the site owners
|
|
owner-name=Drew DeVault
|
|
owner-email=sir@cmpwn.com
|
|
#
|
|
# The source code for your fork of sr.ht
|
|
source-url=https://git.sr.ht/~sircmpwn/srht
|
|
#
|
|
# Link to your instance's privacy policy. Uses the sr.ht privacy policy as the
|
|
# default, which describes the information collected by the upstream SourceHut
|
|
# code.
|
|
privacy-policy=
|
|
#
|
|
# A key used for encrypting session cookies. Use `srht-keygen service` to
|
|
# generate the service key. This must be shared between each node of the same
|
|
# service (e.g. git1.sr.ht and git2.sr.ht), but different services may use
|
|
# different keys. If you configure all of your services with the same
|
|
# config.ini, you may use the same service-key for all of them.
|
|
service-key=
|
|
#
|
|
# A secret key to encrypt internal messages with. Use `srht-keygen network` to
|
|
# generate this key. It must be consistent between all services and nodes.
|
|
network-key=
|
|
#
|
|
# The redis host URL. This is used for caching and temporary storage, and must
|
|
# be shared between nodes (e.g. git1.sr.ht and git2.sr.ht), but need not be
|
|
# shared between services. It may be shared between services, however, with no
|
|
# ill effect, if this better suits your infrastructure.
|
|
redis-host=
|
|
#
|
|
# Optional email address for reporting security-related issues.
|
|
security-address=
|
|
#
|
|
# The global domain of the site. If unset, the global domain will be determined
|
|
# from the service URL: each service is assumed to be a sub-domain of the global
|
|
# domain, i.e. of the form `meta.globaldomain.com`.
|
|
global-domain=
|
|
|
|
[abused]
|
|
#
|
|
# Optional abused configuration for mitigating abusive traffic & usage
|
|
#
|
|
# See https://sr.ht/~sircmpwn/abused/
|
|
endpoint=
|
|
token=
|
|
|
|
[objects]
|
|
#
|
|
# Configure S3-compatible object storage for services. Optional.
|
|
#
|
|
# Minio is recommended as a FOSS solution over AWS: https://min.io
|
|
s3-upstream=
|
|
s3-access-key=
|
|
s3-secret-key=
|
|
|
|
[mail]
|
|
#
|
|
# Outgoing SMTP settings
|
|
smtp-host=
|
|
smtp-port=
|
|
smtp-from=
|
|
#
|
|
# Default: starttls
|
|
# Options: starttls, tls, insecure
|
|
smtp-encryption=starttls
|
|
#
|
|
# Default: plain
|
|
# Options: plain, none
|
|
smtp-auth=plain
|
|
# user / password are required if smtp-auth is plain
|
|
smtp-user=
|
|
smtp-password=
|
|
#
|
|
# Application exceptions are emailed to this address
|
|
error-to=
|
|
error-from=
|
|
#
|
|
# You should generate a PGP key to allow users to authenticate emails received
|
|
# from your services. Use `gpg --edit-key [key id]` to remove the password from
|
|
# your private key, then export it to a file and set pgp-privkey to the path to
|
|
# that file. pgp-pubkey should be set to the path to your public key, and
|
|
# pgp-key-id should be set to the key ID string. Outgoing emails are signed with
|
|
# this PGP key.
|
|
pgp-privkey=
|
|
pgp-pubkey=
|
|
pgp-key-id=
|
|
|
|
[webhooks]
|
|
#
|
|
# base64-encoded Ed25519 key for signing webhook payloads. This should be
|
|
# consistent between all services.
|
|
#
|
|
# Use the `srht-keygen webhook` command to generate this key. Put the private
|
|
# key here and distribute the public key to anyone who would want to verify
|
|
# webhook payloads from your service.
|
|
private-key=
|
|
|
|
[meta.sr.ht]
|
|
#
|
|
# URL meta.sr.ht is being served at (protocol://domain)
|
|
origin=http://meta.sr.ht.local
|
|
#
|
|
# Address and port to bind the debug server to
|
|
debug-host=0.0.0.0
|
|
debug-port=5000
|
|
#
|
|
# Configures the SQLAlchemy connection string for the database.
|
|
connection-string=postgresql://postgres@localhost/meta.sr.ht
|
|
#
|
|
# Set to "yes" to automatically run migrations on package upgrade.
|
|
migrate-on-upgrade=yes
|
|
#
|
|
# The redis connection used for the webhooks worker
|
|
webhooks=redis://localhost:6379/1
|
|
|
|
#
|
|
# Origin URL for the API
|
|
# By default, the API port is 100 more than the web port
|
|
api-origin=http://localhost:5100
|
|
|
|
[meta.sr.ht::api]
|
|
#
|
|
# Maximum complexity of GraphQL queries. The higher this number, the more work
|
|
# that API clients can burden the API backend with. Complexity is equal to the
|
|
# number of discrete fields which would be returned to the user. 200 is a good
|
|
# default.
|
|
max-complexity=200
|
|
|
|
#
|
|
# The maximum time the API backend will spend processing a single API request.
|
|
#
|
|
# See https://golang.org/pkg/time/#ParseDuration
|
|
max-duration=3s
|
|
|
|
#
|
|
# Set of IP subnets which are permitted to utilize internal API
|
|
# authentication. This should be limited to the subnets from which your
|
|
# *.sr.ht services are running.
|
|
#
|
|
# Comma-separated, CIDR notation.
|
|
internal-ipnet=127.0.0.0/8,::1/128,192.168.0.0/16,10.0.0.0/8
|
|
|
|
[meta.sr.ht::settings]
|
|
#
|
|
# If "no", public registration will not be permitted.
|
|
registration=no
|
|
#
|
|
# Where to redirect new users upon registration
|
|
onboarding-redirect=http://example.org
|
|
#
|
|
# If "yes", the user will be sent the stock sourcehut welcome emails after
|
|
# signup (requires cron to be configured properly). These are specific to the
|
|
# sr.ht instance so you probably want to patch these before enabling this.
|
|
welcome-emails=no
|
|
#
|
|
# If "yes", the user will be sent an email reminder if their registered PGP key
|
|
# will expire soon (requires cron to be configured properly).
|
|
key-expiration-emails=no
|
|
|
|
[meta.sr.ht::aliases]
|
|
#
|
|
# You can add aliases for the client IDs of commonly used OAuth clients here.
|
|
#
|
|
# Example:
|
|
# git.sr.ht=12345
|
|
|
|
[meta.sr.ht::billing]
|
|
#
|
|
# "yes" to enable the billing system
|
|
enabled=no
|
|
#
|
|
# Get your keys at https://dashboard.stripe.com/account/apikeys
|
|
stripe-public-key=
|
|
stripe-secret-key=
|
|
|
|
[meta.sr.ht::auth]
|
|
#
|
|
# What authentication method to use.
|
|
# builtin: use sr.ht builtin authentication
|
|
# unix-pam: use Unix PAM authentication
|
|
#auth-method=builtin
|
|
|
|
[meta.sr.ht::auth::unix-pam]
|
|
#
|
|
# The default email domain to assign to newly created users when they first log
|
|
# in.
|
|
# User's email will be set to <username>@<email-default-domain>
|
|
email-default-domain=example.com
|
|
#
|
|
# The PAM service to use for logging in.
|
|
#service=sshd
|
|
#
|
|
# Whether to automatically create new users when authentication succeeds but the
|
|
# user is not in the database.
|
|
create-users=yes
|
|
#
|
|
# The UNIX group users need to belong to to have access to sourcehut.
|
|
# If set,
|
|
# only users belonging to this group will be able to log into the site.
|
|
# If unset, any user on the system is able to log in if PAM authentication
|
|
# succeeds.
|
|
user-group=
|
|
#
|
|
# The UNIX group users need to belong to to have administrator permissions.
|
|
# If set, administrator status on the site will be synced with group
|
|
# association. Additionally, any user of this group will also be able to access
|
|
# sourcehut even if they are not in the group specified in user-group.
|
|
# If unset, administrator status can be manually assigned from the web
|
|
# interface.
|
|
admin-group=wheel
|