1
0

config.ini.template 18 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582
  1. [sr.ht]
  2. #
  3. # The name of your network of sr.ht-based sites
  4. site-name=sourcehut
  5. #
  6. # The top-level info page for your site
  7. site-info=https://sourcehut.org
  8. #
  9. # {{ site-name }}, {{ site-blurb }}
  10. site-blurb=the hacker's forge
  11. #
  12. # If this != production, we add a banner to each page
  13. environment=production
  14. #
  15. # Contact information for the site owners
  16. owner-name=Drew DeVault
  17. owner-email=sir@cmpwn.com
  18. #
  19. # The source code for your fork of sr.ht
  20. source-url=https://git.sr.ht/~sircmpwn/srht
  21. #
  22. # A key used for encrypting session cookies. Use `srht-keygen service` to
  23. # generate the service key. This must be shared between each node of the same
  24. # service (e.g. git1.sr.ht and git2.sr.ht), but different services may use
  25. # different keys. If you configure all of your services with the same
  26. # config.ini, you may use the same service-key for all of them.
  27. service-key={{SERVICE_KEY}}
  28. #
  29. # A secret key to encrypt internal messages with. Use `srht-keygen network` to
  30. # generate this key. It must be consistent between all services and nodes.
  31. network-key={{NETWORK_KEY}}
  32. #
  33. # The redis host URL. This is used for caching and temporary storage, and must
  34. # be shared between nodes (e.g. git1.sr.ht and git2.sr.ht), but need not be
  35. # shared between services. It may be shared between services, however, with no
  36. # ill effect, if this better suits your infrastructure.
  37. redis-host=redis://redis-kv:6379
  38. #
  39. # The Prometheus Pushgateway instance to deliver gitsrht-periodic metrics to (http[s]://host:port)
  40. pushgateway=
  41. [objects]
  42. # Configure the S3-compatible object storage service. Leave empty to disable
  43. # object storage.
  44. #
  45. # Minio is recommended as a FOSS solution over AWS: https://min.io
  46. s3-upstream=
  47. s3-access-key=
  48. s3-secret-key=
  49. [mail]
  50. #
  51. # Outgoing SMTP settings
  52. smtp-host=
  53. smtp-port=
  54. smtp-from=
  55. #
  56. # Default: starttls
  57. # Options: starttls, tls, insecure
  58. smtp-encryption=starttls
  59. #
  60. # Default: plain
  61. # Options: plain, none
  62. smtp-auth=plain
  63. # user / password are required if smtp-auth is plain
  64. smtp-user=
  65. smtp-password=
  66. #
  67. # Application exceptions are emailed to this address
  68. error-to=
  69. error-from=
  70. #
  71. # You should generate a PGP key to allow users to authenticate emails received
  72. # from your services. Use `gpg --edit-key [key id]` to remove the password from
  73. # your private key, then export it to a file and set pgp-privkey to the path to
  74. # that file. pgp-pubkey should be set to the path to your public key, and
  75. # pgp-key-id should be set to the key ID string. Outgoing emails are signed with
  76. # this PGP key.
  77. pgp-privkey=
  78. pgp-pubkey=
  79. pgp-key-id=
  80. [webhooks]
  81. #
  82. # base64-encoded Ed25519 key for signing webhook payloads. This should be
  83. # consistent between all services.
  84. #
  85. # Use the `srht-keygen webhook` command to generate this key. Put the private
  86. # key here and distribute the public key to anyone who would want to verify
  87. # webhook payloads from your service.
  88. private-key={{WEBHOOK_KEY}}
  89. [git.sr.ht]
  90. #
  91. # URL git.sr.ht is being served at (protocol://domain)
  92. origin=http://git.localtest.me
  93. #
  94. # Address and port to bind the debug server to
  95. debug-host=0.0.0.0
  96. debug-port=5001
  97. #
  98. # Configures the SQLAlchemy connection string for the database.
  99. connection-string=postgresql://sourcehut:sourcehut@database/gitsrht?sslmode=disable
  100. #
  101. # Set to "yes" to automatically run migrations on package upgrade.
  102. migrate-on-upgrade=yes
  103. #
  104. # The redis connection used for the webhooks worker
  105. webhooks=redis://redis-kv:6379/1
  106. #
  107. # A post-update script which is installed in every git repo.
  108. post-update-script=/usr/bin/gitsrht-update-hook
  109. #
  110. # git.sr.ht's OAuth client ID and secret for meta.sr.ht
  111. # Register your client at meta.example.org/oauth
  112. oauth-client-id=CHANGEME
  113. oauth-client-secret=CHANGEME
  114. #
  115. # Path to git repositories on disk
  116. repos=/var/lib/git/
  117. #
  118. # Configure the S3 bucket and prefix for object storage. Leave empty to disable
  119. # object storage. Bucket is required to enable object storage; prefix is
  120. # optional.
  121. s3-bucket=
  122. s3-prefix=
  123. #
  124. # Required for preparing and sending patchsets from git.sr.ht
  125. outgoing-domain=
  126. #
  127. # Origin URL for the API
  128. # Only needed if not run behind a reverse proxy, e.g. for local development.
  129. # By default, the API port is 100 more than the web port
  130. #api-origin=http://localhost:5101
  131. [git.sr.ht::api]
  132. #
  133. # Maximum complexity of GraphQL queries. The higher this number, the more work
  134. # that API clients can burden the API backend with. Complexity is equal to the
  135. # number of discrete fields which would be returned to the user. 200 is a good
  136. # default.
  137. max-complexity=200
  138. #
  139. # The maximum time the API backend will spend processing a single API request.
  140. #
  141. # See https://golang.org/pkg/time/#ParseDuration
  142. max-duration=3s
  143. #
  144. # Set of IP subnets which are permitted to utilize internal API
  145. # authentication. This should be limited to the subnets from which your
  146. # *.sr.ht services are running.
  147. #
  148. # Comma-separated, CIDR notation.
  149. internal-ipnet=127.0.0.0/8,::1/128,192.168.0.0/16,10.0.0.0/8
  150. [git.sr.ht::dispatch]
  151. #
  152. # The authorized keys hook uses this to dispatch to various handlers
  153. # The format is a program to exec into as the key, and the user to match as the
  154. # value. When someone tries to log in as this user, this program is executed
  155. # and is expected to omit an AuthorizedKeys file.
  156. #
  157. # Uncomment the relevant lines to enable the various sr.ht dispatchers.
  158. /usr/bin/gitsrht-keys=git:git
  159. #/usr/bin/buildsrht-keys=builds:builds
  160. [meta.sr.ht]
  161. origin=http://meta.localtest.me
  162. #
  163. # Address and port to bind the debug server to
  164. debug-host=0.0.0.0
  165. debug-port=5000
  166. #
  167. # Configures the SQLAlchemy connection string for the database.
  168. connection-string=postgresql://sourcehut:sourcehut@database/metasrht?sslmode=disable
  169. #
  170. # Set to "yes" to automatically run migrations on package upgrade.
  171. migrate-on-upgrade=yes
  172. # The redis connection used for the webhooks worker
  173. webhooks=redis://redis-kv:6379/1
  174. #
  175. # If "yes", the user will be sent the stock sourcehut welcome emails after
  176. # signup (requires cron to be configured properly). These are specific to the
  177. # sr.ht instance so you probably want to patch these before enabling this.
  178. welcome-emails=no
  179. #
  180. # Origin URL for the API
  181. # By default, the API port is 100 more than the web port
  182. # api-origin=http://localhost:5100
  183. [meta.sr.ht::api]
  184. #
  185. # Maximum complexity of GraphQL queries. The higher this number, the more work
  186. # that API clients can burden the API backend with. Complexity is equal to the
  187. # number of discrete fields which would be returned to the user. 200 is a good
  188. # default.
  189. max-complexity=200
  190. #
  191. # The maximum time the API backend will spend processing a single API request.
  192. #
  193. # See https://golang.org/pkg/time/#ParseDuration
  194. max-duration=3s
  195. #
  196. # Set of IP subnets which are permitted to utilize internal API
  197. # authentication. This should be limited to the subnets from which your
  198. # *.sr.ht services are running.
  199. #
  200. # Comma-separated, CIDR notation.
  201. internal-ipnet=127.0.0.0/8,::1/128,192.168.0.0/16,10.0.0.0/8
  202. [meta.sr.ht::settings]
  203. #
  204. # If "no", public registration will not be permitted.
  205. registration=yes
  206. #
  207. # Where to redirect new users upon registration
  208. onboarding-redirect=http://git.localtest.me/
  209. #
  210. # How many invites each user is issued upon registration (only applicable if
  211. # open registration is disabled)
  212. user-invites=5
  213. [meta.sr.ht::aliases]
  214. #
  215. # You can add aliases for the client IDs of commonly used OAuth clients here.
  216. #
  217. # Example:
  218. # git.sr.ht=12345
  219. # Uncomment this to provide optional builds.sr.ht integration
  220. [meta.sr.ht::billing]
  221. #
  222. # "yes" to enable the billing system
  223. enabled=no
  224. #
  225. # Get your keys at https://dashboard.stripe.com/account/apikeys
  226. stripe-public-key=
  227. stripe-secret-key=
  228. [paste.sr.ht]
  229. #
  230. # URL paste.sr.ht is being served at (protocol://domain)
  231. origin=http://paste.localtest.me
  232. #
  233. # Address and port to bind the debug server to
  234. debug-host=0.0.0.0
  235. debug-port=5011
  236. #
  237. # Configures the SQLAlchemy connection string for the database.
  238. connection-string=postgresql://sourcehut:sourcehut@database/pastesrht?sslmode=disable
  239. #
  240. # Set to "yes" to automatically run migrations on package upgrade.
  241. migrate-on-upgrade=yes
  242. #
  243. # paste.sr.ht's OAuth client ID and secret for meta.sr.ht
  244. # Register your client at meta.example.org/oauth
  245. oauth-client-id=
  246. oauth-client-secret=
  247. #
  248. # Origin URL for the API
  249. # Only needed if not run behind a reverse proxy, e.g. for local development.
  250. # By default, the API port is 100 more than the web port
  251. #api-origin=http://localhost:5111
  252. [lists.sr.ht]
  253. #
  254. # URL lists.sr.ht is being served at (protocol://domain)
  255. origin=http://lists.localtest.me
  256. #
  257. # Address and port to bind the debug server to
  258. debug-host=0.0.0.0
  259. debug-port=5006
  260. #
  261. # Configures the SQLAlchemy connection string for the database.
  262. connection-string=postgresql://sourcehut:sourcehut@database/listssrht?sslmode=disable
  263. #
  264. # Set to "yes" to automatically run migrations on package upgrade.
  265. migrate-on-upgrade=yes
  266. #
  267. # The redis connection used for the webhooks worker
  268. webhooks=redis://redis-kv:6379/1
  269. #
  270. # The redis connection used for the Celery worker (configure this on both the
  271. # master and workers)
  272. redis=redis://redis-kv:6379/0
  273. #
  274. # The domain that incoming email should be sent to. Forward mail sent here to
  275. # the LTMP socket.
  276. posting-domain=http://lists.localtest.me
  277. #
  278. # lists.sr.ht's OAuth client ID and secret for meta.sr.ht
  279. # Register your client at meta.example.org/oauth
  280. oauth-client-id=
  281. oauth-client-secret=
  282. #
  283. # Trusted upstream SMTP server generating Authentication-Results header fields
  284. msgauth-server=mail.sr.ht.local
  285. #
  286. # If "no", prevents non-admins from creating new lists
  287. allow-new-lists=yes
  288. #
  289. # Origin URL for the API
  290. # Only needed if not run behind a reverse proxy, e.g. for local development.
  291. # By default, the API port is 100 more than the web port
  292. #api-origin=http://localhost:5106
  293. [lists.sr.ht::worker]
  294. # Protocol used by the daemon. Either lmtp or smtp. By default ltmp if using
  295. # unix socket and smtp if using tcp socket.
  296. protocol=lmtp
  297. #
  298. # Path for the lmtp daemon's unix socket. Direct incoming mail to this socket.
  299. # Alternatively, specify IP:PORT will run the server using tcp.
  300. sock=/tmp/lists.sr.ht-lmtp.sock
  301. #
  302. # The lmtp daemon will make the unix socket group-read/write for users in this
  303. # group.
  304. sock-group=postfix
  305. #
  306. # Comma-delimited list of Content-Types to reject. Messages with Content-Types
  307. # included in this list are rejected. Multipart messages are always supported,
  308. # and each part is checked against this list.
  309. #
  310. # Uses fnmatch for wildcard expansion.
  311. reject-mimetypes=text/html
  312. #
  313. # Link to include in the rejection message where senders can get help
  314. # correcting their email.
  315. reject-url=https://man.sr.ht/lists.sr.ht/etiquette.md
  316. [lists.sr.ht::api]
  317. #
  318. # Maximum complexity of GraphQL queries. The higher this number, the more work
  319. # that API clients can burden the API backend with. Complexity is equal to the
  320. # number of discrete fields which would be returned to the user. 200 is a good
  321. # default.
  322. max-complexity=200
  323. #
  324. # The maximum time the API backend will spend processing a single API request.
  325. #
  326. # See https://golang.org/pkg/time/#ParseDuration
  327. max-duration=90s
  328. #
  329. # Set of IP subnets which are permitted to utilize internal API
  330. # authentication. This should be limited to the subnets from which your
  331. # *.sr.ht services are running.
  332. #
  333. # Comma-separated, CIDR notation.
  334. internal-ipnet=127.0.0.0/8,::1/128,192.168.0.0/16,10.0.0.0/8
  335. [lists.sr.ht::redirects]
  336. #
  337. # Redirects for migrating old mailing lists to new ones. This just sets up the
  338. # redirect for incoming emails.
  339. #
  340. # old-address=~example/new-name
  341. [todo.sr.ht]
  342. #
  343. # URL todo.sr.ht is being served at (protocol://domain)
  344. origin=http://todo.localtest.me
  345. #
  346. # Address and port to bind the debug server to
  347. debug-host=0.0.0.0
  348. debug-port=5003
  349. #
  350. # Configures the SQLAlchemy connection string for the database.
  351. connection-string=postgresql://sourcehut:sourcehut@database/todosrht?sslmode=disable
  352. #
  353. # Set to "yes" to automatically run migrations on package upgrade.
  354. migrate-on-upgrade=yes
  355. #
  356. # todo.sr.ht's OAuth client ID and secret for meta.sr.ht
  357. # Register your client at meta.example.org/oauth
  358. oauth-client-id=CHANGEME
  359. oauth-client-secret=CHANGEME
  360. #
  361. # Outgoing email for notifications generated by users
  362. notify-from=CHANGEME@example.org
  363. #
  364. # The redis connection used for the webhooks worker
  365. webhooks=redis://redis-kv:6379/1
  366. #
  367. # Origin URL for the API
  368. # Only needed if not run behind a reverse proxy, e.g. for local development.
  369. # By default, the API port is 100 more than the web port
  370. #api-origin=http://localhost:5103
  371. [todo.sr.ht::mail]
  372. #
  373. # Path for the lmtp daemon's unix socket. Direct incoming mail to this socket.
  374. # Alternatively, specify IP:PORT and an SMTP server will be run instead.
  375. sock=/tmp/todo.sr.ht-lmtp.sock
  376. #
  377. # The lmtp daemon will make the unix socket group-read/write for users in this
  378. # group.
  379. sock-group=postfix
  380. #
  381. # Fill this in with the name of the domain to which emails should be sent.
  382. # Leave blank to disable email submission.
  383. posting-domain=
  384. [builds.sr.ht]
  385. #
  386. # URL builds.sr.ht is being served at (protocol://domain)
  387. origin=http://builds.localtest.me
  388. #
  389. # Address and port to bind the debug server to
  390. debug-host=0.0.0.0
  391. debug-port=5002
  392. #
  393. # Configures the SQLAlchemy connection string for the database.
  394. connection-string=postgresql://sourcehut:sourcehut@database/buildssrht?sslmode=disable
  395. #
  396. # Set to "yes" to automatically run migrations on package upgrade.
  397. migrate-on-upgrade=yes
  398. #
  399. # The redis connection used for the Celery worker (configure this on both the
  400. # master and workers)
  401. redis=redis://redis-kv:6379/0
  402. #
  403. # builds.sr.ht's OAuth client ID and secret for meta.sr.ht
  404. # Register your client at meta.example.org/oauth
  405. oauth-client-id=
  406. oauth-client-secret=
  407. #
  408. # Script used to launch on ssh connnection. /usr/bin/master-shell on master,
  409. # /usr/bin/runner-shell for workers.
  410. # If master and worker are on the same system set to /usr/bin/runner-shell
  411. shell=/usr/bin/master-shell
  412. #
  413. # Set to "yes" to allow nonpaying users to submit builds
  414. allow-free=yes
  415. #
  416. # Origin URL for the API
  417. # Only needed if not run behind a reverse proxy, e.g. for local development.
  418. # By default, the API port is 100 more than the web port
  419. #api-origin=http://localhost:5102
  420. #
  421. # These config options are only necessary for systems running a build runner
  422. [builds.sr.ht::worker]
  423. #
  424. # Name of this build runner (with HTTP port if not 80)
  425. name=runner.sr.ht.local
  426. #
  427. # Path to write build logs
  428. buildlogs=./logs
  429. #
  430. # Path to the build images
  431. images=./images
  432. #
  433. # In production you should NOT put the build user in the docker group. Instead,
  434. # make a scratch user who is and write a sudoers or doas.conf file that allows
  435. # them to execute just the control command, then update this config option. For
  436. # example:
  437. #
  438. # doas -u docker /var/lib/images/control
  439. #
  440. # Assuming doas.conf looks something like this:
  441. #
  442. # permit nopass builds as docker cmd /var/lib/images/control
  443. #
  444. # For more information about the security model of builds.sr.ht, visit the wiki:
  445. #
  446. # https://man.sr.ht/builds.sr.ht/installation.md
  447. controlcmd=./images/control
  448. #
  449. # Max build duration. See https://golang.org/pkg/time/#ParseDuration
  450. timeout=45m
  451. #
  452. # Http bind address for serving local build information/monitoring
  453. bind-address=0.0.0.0:8080
  454. #
  455. # Build trigger email
  456. trigger-from=
  457. #
  458. # Configure the S3 bucket and prefix for object storage. Leave empty to disable
  459. # object storage. Bucket is required to enable object storage; prefix is
  460. # optional.
  461. s3-bucket=
  462. s3-prefix=
  463. [hg.sr.ht]
  464. #
  465. # URL hg.sr.ht is being served at (protocol://domain)
  466. origin=http://hg.localtest.me
  467. #
  468. # Address and port to bind the debug server to
  469. debug-host=0.0.0.0
  470. debug-port=5010
  471. #
  472. # Configures the SQLAlchemy connection string for the database.
  473. connection-string=postgresql://sourcehut:sourcehut@database/hgsrht?sslmode=disable
  474. #
  475. # The redis connection used for the webhooks worker
  476. webhooks=redis://redis-kv:6379/1
  477. #
  478. # Disable server "publishing" for new repositories.
  479. # When 'true', this sets the phases.publish configuration option to 'false' on
  480. # newly created Mercurial repositories.
  481. disable-publishing=false
  482. #
  483. # A post-update script which is installed in every mercurial repo.
  484. changegroup-script=/usr/bin/hgsrht-hook-changegroup
  485. #
  486. # hg.sr.ht's OAuth client ID and secret for meta.sr.ht
  487. # Register your client at meta.example.org/oauth
  488. oauth-client-id=CHANGEME
  489. oauth-client-secret=CHANGEME
  490. #
  491. # Path to mercurial repositories on disk
  492. repos=/var/lib/mercurial/
  493. #
  494. # Path to the srht mercurial extension
  495. # (defaults to where the hgsrht code is)
  496. #srhtext=
  497. #
  498. # .hg/store size (in MB) past which the nightly job generates clone bundles.
  499. #clone_bundle_threshold=50
  500. #
  501. # Path to hg (if not in $PATH or if you want sourcehut to use a custom one)
  502. # hg_path=/path/to/hg
  503. [hg.sr.ht::api]
  504. #
  505. # Number of mercurial server processes to spawn
  506. # server-pool-size=4
  507. #
  508. # Maximum complexity of GraphQL queries. The higher this number, the more work
  509. # that API clients can burden the API backend with. Complexity is equal to the
  510. # number of discrete fields which would be returned to the user. 200 is a good
  511. # default.
  512. max-complexity=200
  513. #
  514. # The maximum time the API backend will spend processing a single API request.
  515. #
  516. # See https://golang.org/pkg/time/#ParseDuration
  517. max-duration=3s
  518. #
  519. # Set of IP subnets which are permitted to utilize internal API
  520. # authentication. This should be limited to the subnets from which your
  521. # *.sr.ht services are running.
  522. #
  523. # Comma-separated, CIDR notation.
  524. internal-ipnet=127.0.0.0/8,::1/128,192.168.0.0/16,10.0.0.0/8
  525. # NOTE: this is not a typo. It goes into the git dispatch section because
  526. # that script actually handles all the dispatching (git, hg, man, etc.)
  527. [man.sr.ht]
  528. #
  529. # URL man.sr.ht is being served at (protocol://domain)
  530. origin=http://man.localtest.me
  531. #
  532. # Address and port to bind the debug server to
  533. debug-host=0.0.0.0
  534. debug-port=5004
  535. #
  536. # Configures the SQLAlchemy connection string for the database.
  537. connection-string=postgresql://sourcehut:sourcehut@database/mansrht?sslmode=disable
  538. #
  539. # Set to "yes" to automatically run migrations on package upgrade.
  540. migrate-on-upgrade=yes
  541. #
  542. # man.sr.ht's OAuth client ID and secret for meta.sr.ht
  543. # Register your client at meta.example.org/oauth
  544. oauth-client-id=CHANGEME
  545. oauth-client-secret=CHANGEME