123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539 |
- [sr.ht]
- #
- # The name of your network of sr.ht-based sites
- site-name=sourcehut
- #
- # The top-level info page for your site
- site-info=https://sourcehut.org
- #
- # {{ site-name }}, {{ site-blurb }}
- site-blurb=the hacker's forge
- #
- # If this != production, we add a banner to each page
- environment=production
- #
- # Contact information for the site owners
- owner-name=Drew DeVault
- owner-email=sir@cmpwn.com
- #
- # The source code for your fork of sr.ht
- source-url=https://git.sr.ht/~sircmpwn/srht
- #
- # A key used for encrypting session cookies. Use `srht-keygen service` to
- # generate the service key. This must be shared between each node of the same
- # service (e.g. git1.sr.ht and git2.sr.ht), but different services may use
- # different keys. If you configure all of your services with the same
- # config.ini, you may use the same service-key for all of them.
- service-key={{SERVICE_KEY}}
- #
- # A secret key to encrypt internal messages with. Use `srht-keygen network` to
- # generate this key. It must be consistent between all services and nodes.
- network-key={{NETWORK_KEY}}
- #
- # The redis host URL. This is used for caching and temporary storage, and must
- # be shared between nodes (e.g. git1.sr.ht and git2.sr.ht), but need not be
- # shared between services. It may be shared between services, however, with no
- # ill effect, if this better suits your infrastructure.
- redis-host=redis://127.0.0.1:6379
- #
- # The Prometheus Pushgateway instance to deliver gitsrht-periodic metrics to (http[s]://host:port)
- pushgateway=
- [objects]
- # Configure the S3-compatible object storage service. Leave empty to disable
- # object storage.
- #
- # Minio is recommended as a FOSS solution over AWS: https://min.io
- s3-upstream=
- s3-access-key=
- s3-secret-key=
- [mail]
- #
- # Outgoing SMTP settings
- smtp-host=
- smtp-port=
- smtp-from=
- #
- # Default: starttls
- # Options: starttls, tls, insecure
- smtp-encryption=starttls
- #
- # Default: plain
- # Options: plain, none
- smtp-auth=plain
- # user / password are required if smtp-auth is plain
- smtp-user=
- smtp-password=
- #
- # Application exceptions are emailed to this address
- error-to=
- error-from=
- #
- # You should generate a PGP key to allow users to authenticate emails received
- # from your services. Use `gpg --edit-key [key id]` to remove the password from
- # your private key, then export it to a file and set pgp-privkey to the path to
- # that file. pgp-pubkey should be set to the path to your public key, and
- # pgp-key-id should be set to the key ID string. Outgoing emails are signed with
- # this PGP key.
- pgp-privkey=
- pgp-pubkey=
- pgp-key-id=
- [webhooks]
- #
- # base64-encoded Ed25519 key for signing webhook payloads. This should be
- # consistent between all services.
- #
- # Use the `srht-keygen webhook` command to generate this key. Put the private
- # key here and distribute the public key to anyone who would want to verify
- # webhook payloads from your service.
- private-key={{WEBHOOK_KEY}}
- [git.sr.ht]
- #
- # URL git.sr.ht is being served at (protocol://domain)
- origin={{gitsrht_domain}}
- #
- # Address and port to bind the debug server to
- debug-host=0.0.0.0
- debug-port=5001
- #
- # Configures the SQLAlchemy connection string for the database.
- connection-string=postgresql://postgres@localhost/git.sr.ht
- #
- # Set to "yes" to automatically run migrations on package upgrade.
- migrate-on-upgrade=yes
- #
- # The redis connection used for the webhooks worker
- webhooks=redis://localhost:6379/1
- #
- # A post-update script which is installed in every git repo.
- post-update-script=/usr/bin/gitsrht-update-hook
- #
- # git.sr.ht's OAuth client ID and secret for meta.sr.ht
- # Register your client at meta.example.org/oauth
- oauth-client-id=CHANGEME
- oauth-client-secret=CHANGEME
- #
- # Path to git repositories on disk
- repos=/var/lib/git/
- #
- # Configure the S3 bucket and prefix for object storage. Leave empty to disable
- # object storage. Bucket is required to enable object storage; prefix is
- # optional.
- s3-bucket=
- s3-prefix=
- #
- # Required for preparing and sending patchsets from git.sr.ht
- outgoing-domain=
- #
- # Origin URL for the API
- # Only needed if not run behind a reverse proxy, e.g. for local development.
- # By default, the API port is 100 more than the web port
- #api-origin=http://localhost:5101
- [git.sr.ht::api]
- #
- # Maximum complexity of GraphQL queries. The higher this number, the more work
- # that API clients can burden the API backend with. Complexity is equal to the
- # number of discrete fields which would be returned to the user. 200 is a good
- # default.
- max-complexity=200
- #
- # The maximum time the API backend will spend processing a single API request.
- #
- # See https://golang.org/pkg/time/#ParseDuration
- max-duration=3s
- #
- # Set of IP subnets which are permitted to utilize internal API
- # authentication. This should be limited to the subnets from which your
- # *.sr.ht services are running.
- #
- # Comma-separated, CIDR notation.
- internal-ipnet=127.0.0.0/8,::1/128,192.168.0.0/16,10.0.0.0/8
- [git.sr.ht::dispatch]
- #
- # The authorized keys hook uses this to dispatch to various handlers
- # The format is a program to exec into as the key, and the user to match as the
- # value. When someone tries to log in as this user, this program is executed
- # and is expected to omit an AuthorizedKeys file.
- #
- # Uncomment the relevant lines to enable the various sr.ht dispatchers.
- /usr/bin/gitsrht-keys=git:git
- #/usr/bin/buildsrht-keys=builds:builds
- [meta.sr.ht]
- origin={{metasrht_domain}}
- #
- # Address and port to bind the debug server to
- debug-host=0.0.0.0
- debug-port=5000
- #
- # Configures the SQLAlchemy connection string for the database.
- connection-string=postgresql://postgres@localhost/meta.sr.ht
- #
- # Set to "yes" to automatically run migrations on package upgrade.
- migrate-on-upgrade=yes
- [meta.sr.ht::settings]
- #
- # If "no", public registration will not be permitted.
- registration=yes
- #
- # Where to redirect new users upon registration
- onboarding-redirect={{DOMAIN}}:5000
- #
- # How many invites each user is issued upon registration (only applicable if
- # open registration is disabled)
- user-invites=5
- [meta.sr.ht::aliases]
- #
- # You can add aliases for the client IDs of commonly used OAuth clients here.
- #
- # Example:
- # git.sr.ht=12345
- # Uncomment this to provide optional builds.sr.ht integration
- #[builds.sr.ht]
- #origin=http://builds.sr.ht.local
- #oauth-client-id=CHANGEME
- [meta.sr.ht::billing]
- #
- # "yes" to enable the billing system
- enabled=no
- #
- # Get your keys at https://dashboard.stripe.com/account/apikeys
- stripe-public-key=
- stripe-secret-key=
- [paste.sr.ht]
- #
- # URL paste.sr.ht is being served at (protocol://domain)
- origin={{pastesrht_domain}}
- #
- # Address and port to bind the debug server to
- debug-host=0.0.0.0
- debug-port=5011
- #
- # Configures the SQLAlchemy connection string for the database.
- connection-string=postgresql://postgres@localhost/paste.sr.ht
- #
- # Set to "yes" to automatically run migrations on package upgrade.
- migrate-on-upgrade=yes
- #
- # paste.sr.ht's OAuth client ID and secret for meta.sr.ht
- # Register your client at meta.example.org/oauth
- oauth-client-id=
- oauth-client-secret=
- #
- # Origin URL for the API
- # Only needed if not run behind a reverse proxy, e.g. for local development.
- # By default, the API port is 100 more than the web port
- #api-origin=http://localhost:5111
- [lists.sr.ht]
- #
- # URL lists.sr.ht is being served at (protocol://domain)
- origin={{listsrht_domain}}
- #
- # Address and port to bind the debug server to
- debug-host=0.0.0.0
- debug-port=5006
- #
- # Configures the SQLAlchemy connection string for the database.
- connection-string=postgresql://postgres@localhost/lists.sr.ht
- #
- # Set to "yes" to automatically run migrations on package upgrade.
- migrate-on-upgrade=yes
- #
- # The redis connection used for the webhooks worker
- webhooks=redis://localhost:6379/1
- #
- # The redis connection used for the Celery worker (configure this on both the
- # master and workers)
- redis=redis://localhost:6379/0
- #
- # The domain that incoming email should be sent to. Forward mail sent here to
- # the LTMP socket.
- posting-domain={{listsrht_domain}}
- #
- # lists.sr.ht's OAuth client ID and secret for meta.sr.ht
- # Register your client at meta.example.org/oauth
- oauth-client-id=
- oauth-client-secret=
- #
- # Trusted upstream SMTP server generating Authentication-Results header fields
- msgauth-server=mail.sr.ht.local
- #
- # If "no", prevents non-admins from creating new lists
- allow-new-lists=yes
- #
- # Origin URL for the API
- # Only needed if not run behind a reverse proxy, e.g. for local development.
- # By default, the API port is 100 more than the web port
- #api-origin=http://localhost:5106
- [lists.sr.ht::worker]
- # Protocol used by the daemon. Either lmtp or smtp. By default ltmp if using
- # unix socket and smtp if using tcp socket.
- protocol=lmtp
- #
- # Path for the lmtp daemon's unix socket. Direct incoming mail to this socket.
- # Alternatively, specify IP:PORT will run the server using tcp.
- sock=/tmp/lists.sr.ht-lmtp.sock
- #
- # The lmtp daemon will make the unix socket group-read/write for users in this
- # group.
- sock-group=postfix
- #
- # Comma-delimited list of Content-Types to reject. Messages with Content-Types
- # included in this list are rejected. Multipart messages are always supported,
- # and each part is checked against this list.
- #
- # Uses fnmatch for wildcard expansion.
- reject-mimetypes=text/html
- #
- # Link to include in the rejection message where senders can get help
- # correcting their email.
- reject-url=https://man.sr.ht/lists.sr.ht/etiquette.md
- [lists.sr.ht::api]
- #
- # Maximum complexity of GraphQL queries. The higher this number, the more work
- # that API clients can burden the API backend with. Complexity is equal to the
- # number of discrete fields which would be returned to the user. 200 is a good
- # default.
- max-complexity=200
- #
- # The maximum time the API backend will spend processing a single API request.
- #
- # See https://golang.org/pkg/time/#ParseDuration
- max-duration=90s
- #
- # Set of IP subnets which are permitted to utilize internal API
- # authentication. This should be limited to the subnets from which your
- # *.sr.ht services are running.
- #
- # Comma-separated, CIDR notation.
- internal-ipnet=127.0.0.0/8,::1/128,192.168.0.0/16,10.0.0.0/8
- [lists.sr.ht::redirects]
- #
- # Redirects for migrating old mailing lists to new ones. This just sets up the
- # redirect for incoming emails.
- #
- # old-address=~example/new-name
- [todo.sr.ht]
- #
- # URL todo.sr.ht is being served at (protocol://domain)
- origin={{todosrht_domain}}
- #
- # Address and port to bind the debug server to
- debug-host=0.0.0.0
- debug-port=5003
- #
- # Configures the SQLAlchemy connection string for the database.
- connection-string=postgresql://postgres@localhost/todo.sr.ht
- #
- # Set to "yes" to automatically run migrations on package upgrade.
- migrate-on-upgrade=yes
- #
- # todo.sr.ht's OAuth client ID and secret for meta.sr.ht
- # Register your client at meta.example.org/oauth
- oauth-client-id=CHANGEME
- oauth-client-secret=CHANGEME
- #
- # Outgoing email for notifications generated by users
- notify-from=CHANGEME@example.org
- #
- # The redis connection used for the webhooks worker
- webhooks=redis://localhost:6379/1
- #
- # Origin URL for the API
- # Only needed if not run behind a reverse proxy, e.g. for local development.
- # By default, the API port is 100 more than the web port
- #api-origin=http://localhost:5103
- [todo.sr.ht::mail]
- #
- # Path for the lmtp daemon's unix socket. Direct incoming mail to this socket.
- # Alternatively, specify IP:PORT and an SMTP server will be run instead.
- sock=/tmp/todo.sr.ht-lmtp.sock
- #
- # The lmtp daemon will make the unix socket group-read/write for users in this
- # group.
- sock-group=postfix
- #
- # Fill this in with the name of the domain to which emails should be sent.
- # Leave blank to disable email submission.
- posting-domain=
- [builds.sr.ht]
- #
- # URL builds.sr.ht is being served at (protocol://domain)
- origin={{buildsrht_domain}}
- #
- # Address and port to bind the debug server to
- debug-host=0.0.0.0
- debug-port=5002
- #
- # Configures the SQLAlchemy connection string for the database.
- connection-string=postgresql://postgres@localhost/builds.sr.ht
- #
- # Set to "yes" to automatically run migrations on package upgrade.
- migrate-on-upgrade=yes
- #
- # The redis connection used for the Celery worker (configure this on both the
- # master and workers)
- redis=redis://localhost:6379/0
- #
- # builds.sr.ht's OAuth client ID and secret for meta.sr.ht
- # Register your client at meta.example.org/oauth
- oauth-client-id=
- oauth-client-secret=
- #
- # Script used to launch on ssh connnection. /usr/bin/master-shell on master,
- # /usr/bin/runner-shell for workers.
- # If master and worker are on the same system set to /usr/bin/runner-shell
- shell=/usr/bin/master-shell
- #
- # Set to "yes" to allow nonpaying users to submit builds
- allow-free=yes
- #
- # Origin URL for the API
- # Only needed if not run behind a reverse proxy, e.g. for local development.
- # By default, the API port is 100 more than the web port
- #api-origin=http://localhost:5102
- #
- # These config options are only necessary for systems running a build runner
- [builds.sr.ht::worker]
- #
- # Name of this build runner (with HTTP port if not 80)
- name=runner.sr.ht.local
- #
- # Path to write build logs
- buildlogs=./logs
- #
- # Path to the build images
- images=./images
- #
- # In production you should NOT put the build user in the docker group. Instead,
- # make a scratch user who is and write a sudoers or doas.conf file that allows
- # them to execute just the control command, then update this config option. For
- # example:
- #
- # doas -u docker /var/lib/images/control
- #
- # Assuming doas.conf looks something like this:
- #
- # permit nopass builds as docker cmd /var/lib/images/control
- #
- # For more information about the security model of builds.sr.ht, visit the wiki:
- #
- # https://man.sr.ht/builds.sr.ht/installation.md
- controlcmd=./images/control
- #
- # Max build duration. See https://golang.org/pkg/time/#ParseDuration
- timeout=45m
- #
- # Http bind address for serving local build information/monitoring
- bind-address=0.0.0.0:8080
- #
- # Build trigger email
- trigger-from=
- #
- # Configure the S3 bucket and prefix for object storage. Leave empty to disable
- # object storage. Bucket is required to enable object storage; prefix is
- # optional.
- s3-bucket=
- s3-prefix=
- [hg.sr.ht]
- #
- # URL hg.sr.ht is being served at (protocol://domain)
- origin={{hgsrht_domain}}
- #
- # Address and port to bind the debug server to
- debug-host=0.0.0.0
- debug-port=5010
- #
- # Configures the SQLAlchemy connection string for the database.
- connection-string=postgresql://postgres@localhost/hg.sr.ht
- #
- # The redis connection used for the webhooks worker
- webhooks=redis://localhost:6379/1
- #
- # Disable server "publishing" for new repositories.
- # When 'true', this sets the phases.publish configuration option to 'false' on
- # newly created Mercurial repositories.
- disable-publishing=false
- #
- # A post-update script which is installed in every mercurial repo.
- changegroup-script=/usr/bin/hgsrht-hook-changegroup
- #
- # hg.sr.ht's OAuth client ID and secret for meta.sr.ht
- # Register your client at meta.example.org/oauth
- oauth-client-id=CHANGEME
- oauth-client-secret=CHANGEME
- #
- # Path to mercurial repositories on disk
- repos=/var/lib/mercurial/
- #
- # Path to the srht mercurial extension
- # (defaults to where the hgsrht code is)
- #srhtext=
- #
- # .hg/store size (in MB) past which the nightly job generates clone bundles.
- #clone_bundle_threshold=50
- #
- # Path to hg (if not in $PATH or if you want sourcehut to use a custom one)
- # hg_path=/path/to/hg
- [hg.sr.ht::api]
- #
- # Number of mercurial server processes to spawn
- # server-pool-size=4
- #
- # Maximum complexity of GraphQL queries. The higher this number, the more work
- # that API clients can burden the API backend with. Complexity is equal to the
- # number of discrete fields which would be returned to the user. 200 is a good
- # default.
- max-complexity=200
- #
- # The maximum time the API backend will spend processing a single API request.
- #
- # See https://golang.org/pkg/time/#ParseDuration
- max-duration=3s
- #
- # Set of IP subnets which are permitted to utilize internal API
- # authentication. This should be limited to the subnets from which your
- # *.sr.ht services are running.
- #
- # Comma-separated, CIDR notation.
- internal-ipnet=127.0.0.0/8,::1/128,192.168.0.0/16,10.0.0.0/8
- # NOTE: this is not a typo. It goes into the git dispatch section because
- # that script actually handles all the dispatching (git, hg, man, etc.)
- [git.sr.ht::dispatch]
- #
- # The authorized keys hook uses this to dispatch to various handlers
- # The format is a program to exec into as the key, and the user to match as the
- # value. When someone tries to log in as this user, this program is executed
- # and is expected to emit an AuthorizedKeys file.
- #
- # Uncomment the relevant lines to enable the various sr.ht dispatchers.
- /usr/bin/hgsrht-keys=hg:hg
|