[sr.ht] # # The name of your network of sr.ht-based sites site-name=sourcehut # # The top-level info page for your site site-info=https://sourcehut.org # # {{ site-name }}, {{ site-blurb }} site-blurb=the hacker's forge # # If this != production, we add a banner to each page environment=production # # Contact information for the site owners owner-name=Drew DeVault owner-email=sir@cmpwn.com # # The source code for your fork of sr.ht source-url=https://git.sr.ht/~sircmpwn/srht # # A key used for encrypting session cookies. Use `srht-keygen service` to # generate the service key. This must be shared between each node of the same # service (e.g. git1.sr.ht and git2.sr.ht), but different services may use # different keys. If you configure all of your services with the same # config.ini, you may use the same service-key for all of them. service-key={{SERVICE_KEY}} # # A secret key to encrypt internal messages with. Use `srht-keygen network` to # generate this key. It must be consistent between all services and nodes. network-key={{NETWORK_KEY}} # # The redis host URL. This is used for caching and temporary storage, and must # be shared between nodes (e.g. git1.sr.ht and git2.sr.ht), but need not be # shared between services. It may be shared between services, however, with no # ill effect, if this better suits your infrastructure. redis-host=redis://redis-kv:6379 # # The Prometheus Pushgateway instance to deliver gitsrht-periodic metrics to (http[s]://host:port) pushgateway= [objects] # Configure the S3-compatible object storage service. Leave empty to disable # object storage. # # Minio is recommended as a FOSS solution over AWS: https://min.io s3-upstream= s3-access-key= s3-secret-key= [mail] # # Outgoing SMTP settings smtp-host= smtp-port= smtp-from= # # Default: starttls # Options: starttls, tls, insecure smtp-encryption=starttls # # Default: plain # Options: plain, none smtp-auth=plain # user / password are required if smtp-auth is plain smtp-user= smtp-password= # # Application exceptions are emailed to this address error-to= error-from= # # You should generate a PGP key to allow users to authenticate emails received # from your services. Use `gpg --edit-key [key id]` to remove the password from # your private key, then export it to a file and set pgp-privkey to the path to # that file. pgp-pubkey should be set to the path to your public key, and # pgp-key-id should be set to the key ID string. Outgoing emails are signed with # this PGP key. pgp-privkey= pgp-pubkey= pgp-key-id= [webhooks] # # base64-encoded Ed25519 key for signing webhook payloads. This should be # consistent between all services. # # Use the `srht-keygen webhook` command to generate this key. Put the private # key here and distribute the public key to anyone who would want to verify # webhook payloads from your service. private-key={{WEBHOOK_KEY}} [git.sr.ht] # # URL git.sr.ht is being served at (protocol://domain) origin=http://git.localtest.me # # Address and port to bind the debug server to debug-host=0.0.0.0 debug-port=5001 # # Configures the SQLAlchemy connection string for the database. connection-string=postgresql://sourcehut:sourcehut@database/gitsrht?sslmode=disable # # Set to "yes" to automatically run migrations on package upgrade. migrate-on-upgrade=yes # # The redis connection used for the webhooks worker webhooks=redis://redis-kv:6379/1 # # A post-update script which is installed in every git repo. post-update-script=/usr/bin/gitsrht-update-hook # # git.sr.ht's OAuth client ID and secret for meta.sr.ht # Register your client at meta.example.org/oauth oauth-client-id=CHANGEME oauth-client-secret=CHANGEME # # Path to git repositories on disk repos=/var/lib/git/ # # Configure the S3 bucket and prefix for object storage. Leave empty to disable # object storage. Bucket is required to enable object storage; prefix is # optional. s3-bucket= s3-prefix= # # Required for preparing and sending patchsets from git.sr.ht outgoing-domain= # # Origin URL for the API # Only needed if not run behind a reverse proxy, e.g. for local development. # By default, the API port is 100 more than the web port #api-origin=http://localhost:5101 [git.sr.ht::api] # # Maximum complexity of GraphQL queries. The higher this number, the more work # that API clients can burden the API backend with. Complexity is equal to the # number of discrete fields which would be returned to the user. 200 is a good # default. max-complexity=200 # # The maximum time the API backend will spend processing a single API request. # # See https://golang.org/pkg/time/#ParseDuration max-duration=3s # # Set of IP subnets which are permitted to utilize internal API # authentication. This should be limited to the subnets from which your # *.sr.ht services are running. # # Comma-separated, CIDR notation. internal-ipnet=127.0.0.0/8,::1/128,192.168.0.0/16,10.0.0.0/8 [git.sr.ht::dispatch] # # The authorized keys hook uses this to dispatch to various handlers # The format is a program to exec into as the key, and the user to match as the # value. When someone tries to log in as this user, this program is executed # and is expected to omit an AuthorizedKeys file. # # Uncomment the relevant lines to enable the various sr.ht dispatchers. /usr/bin/gitsrht-keys=git:git #/usr/bin/buildsrht-keys=builds:builds [meta.sr.ht] origin=http://meta.localtest.me # # Address and port to bind the debug server to debug-host=0.0.0.0 debug-port=5000 # # Configures the SQLAlchemy connection string for the database. connection-string=postgresql://sourcehut:sourcehut@database/metasrht?sslmode=disable # # Set to "yes" to automatically run migrations on package upgrade. migrate-on-upgrade=yes # The redis connection used for the webhooks worker webhooks=redis://redis-kv:6379/1 # # If "yes", the user will be sent the stock sourcehut welcome emails after # signup (requires cron to be configured properly). These are specific to the # sr.ht instance so you probably want to patch these before enabling this. welcome-emails=no # # Origin URL for the API # By default, the API port is 100 more than the web port # api-origin=http://localhost:5100 [meta.sr.ht::api] # # Maximum complexity of GraphQL queries. The higher this number, the more work # that API clients can burden the API backend with. Complexity is equal to the # number of discrete fields which would be returned to the user. 200 is a good # default. max-complexity=200 # # The maximum time the API backend will spend processing a single API request. # # See https://golang.org/pkg/time/#ParseDuration max-duration=3s # # Set of IP subnets which are permitted to utilize internal API # authentication. This should be limited to the subnets from which your # *.sr.ht services are running. # # Comma-separated, CIDR notation. internal-ipnet=127.0.0.0/8,::1/128,192.168.0.0/16,10.0.0.0/8 [meta.sr.ht::settings] # # If "no", public registration will not be permitted. registration=yes # # Where to redirect new users upon registration onboarding-redirect=http://git.localtest.me/ # # How many invites each user is issued upon registration (only applicable if # open registration is disabled) user-invites=5 [meta.sr.ht::aliases] # # You can add aliases for the client IDs of commonly used OAuth clients here. # # Example: # git.sr.ht=12345 # Uncomment this to provide optional builds.sr.ht integration [meta.sr.ht::billing] # # "yes" to enable the billing system enabled=no # # Get your keys at https://dashboard.stripe.com/account/apikeys stripe-public-key= stripe-secret-key= [paste.sr.ht] # # URL paste.sr.ht is being served at (protocol://domain) origin=http://paste.localtest.me # # Address and port to bind the debug server to debug-host=0.0.0.0 debug-port=5011 # # Configures the SQLAlchemy connection string for the database. connection-string=postgresql://sourcehut:sourcehut@database/pastesrht?sslmode=disable # # Set to "yes" to automatically run migrations on package upgrade. migrate-on-upgrade=yes # # paste.sr.ht's OAuth client ID and secret for meta.sr.ht # Register your client at meta.example.org/oauth oauth-client-id= oauth-client-secret= # # Origin URL for the API # Only needed if not run behind a reverse proxy, e.g. for local development. # By default, the API port is 100 more than the web port #api-origin=http://localhost:5111 [lists.sr.ht] # # URL lists.sr.ht is being served at (protocol://domain) origin=http://lists.localtest.me # # Address and port to bind the debug server to debug-host=0.0.0.0 debug-port=5006 # # Configures the SQLAlchemy connection string for the database. connection-string=postgresql://sourcehut:sourcehut@database/listssrht?sslmode=disable # # Set to "yes" to automatically run migrations on package upgrade. migrate-on-upgrade=yes # # The redis connection used for the webhooks worker webhooks=redis://redis-kv:6379/1 # # The redis connection used for the Celery worker (configure this on both the # master and workers) redis=redis://redis-kv:6379/0 # # The domain that incoming email should be sent to. Forward mail sent here to # the LTMP socket. posting-domain=http://lists.localtest.me # # lists.sr.ht's OAuth client ID and secret for meta.sr.ht # Register your client at meta.example.org/oauth oauth-client-id= oauth-client-secret= # # Trusted upstream SMTP server generating Authentication-Results header fields msgauth-server=mail.sr.ht.local # # If "no", prevents non-admins from creating new lists allow-new-lists=yes # # Origin URL for the API # Only needed if not run behind a reverse proxy, e.g. for local development. # By default, the API port is 100 more than the web port #api-origin=http://localhost:5106 [lists.sr.ht::worker] # Protocol used by the daemon. Either lmtp or smtp. By default ltmp if using # unix socket and smtp if using tcp socket. protocol=lmtp # # Path for the lmtp daemon's unix socket. Direct incoming mail to this socket. # Alternatively, specify IP:PORT will run the server using tcp. sock=/tmp/lists.sr.ht-lmtp.sock # # The lmtp daemon will make the unix socket group-read/write for users in this # group. sock-group=postfix # # Comma-delimited list of Content-Types to reject. Messages with Content-Types # included in this list are rejected. Multipart messages are always supported, # and each part is checked against this list. # # Uses fnmatch for wildcard expansion. reject-mimetypes=text/html # # Link to include in the rejection message where senders can get help # correcting their email. reject-url=https://man.sr.ht/lists.sr.ht/etiquette.md [lists.sr.ht::api] # # Maximum complexity of GraphQL queries. The higher this number, the more work # that API clients can burden the API backend with. Complexity is equal to the # number of discrete fields which would be returned to the user. 200 is a good # default. max-complexity=200 # # The maximum time the API backend will spend processing a single API request. # # See https://golang.org/pkg/time/#ParseDuration max-duration=90s # # Set of IP subnets which are permitted to utilize internal API # authentication. This should be limited to the subnets from which your # *.sr.ht services are running. # # Comma-separated, CIDR notation. internal-ipnet=127.0.0.0/8,::1/128,192.168.0.0/16,10.0.0.0/8 [lists.sr.ht::redirects] # # Redirects for migrating old mailing lists to new ones. This just sets up the # redirect for incoming emails. # # old-address=~example/new-name [todo.sr.ht] # # URL todo.sr.ht is being served at (protocol://domain) origin=http://todo.localtest.me # # Address and port to bind the debug server to debug-host=0.0.0.0 debug-port=5003 # # Configures the SQLAlchemy connection string for the database. connection-string=postgresql://sourcehut:sourcehut@database/todosrht?sslmode=disable # # Set to "yes" to automatically run migrations on package upgrade. migrate-on-upgrade=yes # # todo.sr.ht's OAuth client ID and secret for meta.sr.ht # Register your client at meta.example.org/oauth oauth-client-id=CHANGEME oauth-client-secret=CHANGEME # # Outgoing email for notifications generated by users notify-from=CHANGEME@example.org # # The redis connection used for the webhooks worker webhooks=redis://redis-kv:6379/1 # # Origin URL for the API # Only needed if not run behind a reverse proxy, e.g. for local development. # By default, the API port is 100 more than the web port #api-origin=http://localhost:5103 [todo.sr.ht::mail] # # Path for the lmtp daemon's unix socket. Direct incoming mail to this socket. # Alternatively, specify IP:PORT and an SMTP server will be run instead. sock=/tmp/todo.sr.ht-lmtp.sock # # The lmtp daemon will make the unix socket group-read/write for users in this # group. sock-group=postfix # # Fill this in with the name of the domain to which emails should be sent. # Leave blank to disable email submission. posting-domain= [builds.sr.ht] # # URL builds.sr.ht is being served at (protocol://domain) origin=http://builds.localtest.me # # Address and port to bind the debug server to debug-host=0.0.0.0 debug-port=5002 # # Configures the SQLAlchemy connection string for the database. connection-string=postgresql://sourcehut:sourcehut@database/buildssrht?sslmode=disable # # Set to "yes" to automatically run migrations on package upgrade. migrate-on-upgrade=yes # # The redis connection used for the Celery worker (configure this on both the # master and workers) redis=redis://redis-kv:6379/0 # # builds.sr.ht's OAuth client ID and secret for meta.sr.ht # Register your client at meta.example.org/oauth oauth-client-id= oauth-client-secret= # # Script used to launch on ssh connnection. /usr/bin/master-shell on master, # /usr/bin/runner-shell for workers. # If master and worker are on the same system set to /usr/bin/runner-shell shell=/usr/bin/master-shell # # Set to "yes" to allow nonpaying users to submit builds allow-free=yes # # Origin URL for the API # Only needed if not run behind a reverse proxy, e.g. for local development. # By default, the API port is 100 more than the web port #api-origin=http://localhost:5102 # # These config options are only necessary for systems running a build runner [builds.sr.ht::worker] # # Name of this build runner (with HTTP port if not 80) name=runner.sr.ht.local # # Path to write build logs buildlogs=./logs # # Path to the build images images=./images # # In production you should NOT put the build user in the docker group. Instead, # make a scratch user who is and write a sudoers or doas.conf file that allows # them to execute just the control command, then update this config option. For # example: # # doas -u docker /var/lib/images/control # # Assuming doas.conf looks something like this: # # permit nopass builds as docker cmd /var/lib/images/control # # For more information about the security model of builds.sr.ht, visit the wiki: # # https://man.sr.ht/builds.sr.ht/installation.md controlcmd=./images/control # # Max build duration. See https://golang.org/pkg/time/#ParseDuration timeout=45m # # Http bind address for serving local build information/monitoring bind-address=0.0.0.0:8080 # # Build trigger email trigger-from= # # Configure the S3 bucket and prefix for object storage. Leave empty to disable # object storage. Bucket is required to enable object storage; prefix is # optional. s3-bucket= s3-prefix= [hg.sr.ht] # # URL hg.sr.ht is being served at (protocol://domain) origin=http://hg.localtest.me # # Address and port to bind the debug server to debug-host=0.0.0.0 debug-port=5010 # # Configures the SQLAlchemy connection string for the database. connection-string=postgresql://sourcehut:sourcehut@database/hgsrht?sslmode=disable # # The redis connection used for the webhooks worker webhooks=redis://redis-kv:6379/1 # # Disable server "publishing" for new repositories. # When 'true', this sets the phases.publish configuration option to 'false' on # newly created Mercurial repositories. disable-publishing=false # # A post-update script which is installed in every mercurial repo. changegroup-script=/usr/bin/hgsrht-hook-changegroup # # hg.sr.ht's OAuth client ID and secret for meta.sr.ht # Register your client at meta.example.org/oauth oauth-client-id=CHANGEME oauth-client-secret=CHANGEME # # Path to mercurial repositories on disk repos=/var/lib/mercurial/ # # Path to the srht mercurial extension # (defaults to where the hgsrht code is) #srhtext= # # .hg/store size (in MB) past which the nightly job generates clone bundles. #clone_bundle_threshold=50 # # Path to hg (if not in $PATH or if you want sourcehut to use a custom one) # hg_path=/path/to/hg [hg.sr.ht::api] # # Number of mercurial server processes to spawn # server-pool-size=4 # # Maximum complexity of GraphQL queries. The higher this number, the more work # that API clients can burden the API backend with. Complexity is equal to the # number of discrete fields which would be returned to the user. 200 is a good # default. max-complexity=200 # # The maximum time the API backend will spend processing a single API request. # # See https://golang.org/pkg/time/#ParseDuration max-duration=3s # # Set of IP subnets which are permitted to utilize internal API # authentication. This should be limited to the subnets from which your # *.sr.ht services are running. # # Comma-separated, CIDR notation. internal-ipnet=127.0.0.0/8,::1/128,192.168.0.0/16,10.0.0.0/8 # NOTE: this is not a typo. It goes into the git dispatch section because # that script actually handles all the dispatching (git, hg, man, etc.) [man.sr.ht] # # URL man.sr.ht is being served at (protocol://domain) origin=http://man.localtest.me # # Address and port to bind the debug server to debug-host=0.0.0.0 debug-port=5004 # # Configures the SQLAlchemy connection string for the database. connection-string=postgresql://sourcehut:sourcehut@database/mansrht?sslmode=disable # # Set to "yes" to automatically run migrations on package upgrade. migrate-on-upgrade=yes # # man.sr.ht's OAuth client ID and secret for meta.sr.ht # Register your client at meta.example.org/oauth oauth-client-id=CHANGEME oauth-client-secret=CHANGEME