config.ini.template 16 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539
  1. [sr.ht]
  2. #
  3. # The name of your network of sr.ht-based sites
  4. site-name=sourcehut
  5. #
  6. # The top-level info page for your site
  7. site-info=https://sourcehut.org
  8. #
  9. # {{ site-name }}, {{ site-blurb }}
  10. site-blurb=the hacker's forge
  11. #
  12. # If this != production, we add a banner to each page
  13. environment=production
  14. #
  15. # Contact information for the site owners
  16. owner-name=Drew DeVault
  17. owner-email=sir@cmpwn.com
  18. #
  19. # The source code for your fork of sr.ht
  20. source-url=https://git.sr.ht/~sircmpwn/srht
  21. #
  22. # A key used for encrypting session cookies. Use `srht-keygen service` to
  23. # generate the service key. This must be shared between each node of the same
  24. # service (e.g. git1.sr.ht and git2.sr.ht), but different services may use
  25. # different keys. If you configure all of your services with the same
  26. # config.ini, you may use the same service-key for all of them.
  27. service-key={{SERVICE_KEY}}
  28. #
  29. # A secret key to encrypt internal messages with. Use `srht-keygen network` to
  30. # generate this key. It must be consistent between all services and nodes.
  31. network-key={{NETWORK_KEY}}
  32. #
  33. # The redis host URL. This is used for caching and temporary storage, and must
  34. # be shared between nodes (e.g. git1.sr.ht and git2.sr.ht), but need not be
  35. # shared between services. It may be shared between services, however, with no
  36. # ill effect, if this better suits your infrastructure.
  37. redis-host=redis://127.0.0.1:6379
  38. #
  39. # The Prometheus Pushgateway instance to deliver gitsrht-periodic metrics to (http[s]://host:port)
  40. pushgateway=
  41. [objects]
  42. # Configure the S3-compatible object storage service. Leave empty to disable
  43. # object storage.
  44. #
  45. # Minio is recommended as a FOSS solution over AWS: https://min.io
  46. s3-upstream=
  47. s3-access-key=
  48. s3-secret-key=
  49. [mail]
  50. #
  51. # Outgoing SMTP settings
  52. smtp-host=
  53. smtp-port=
  54. smtp-from=
  55. #
  56. # Default: starttls
  57. # Options: starttls, tls, insecure
  58. smtp-encryption=starttls
  59. #
  60. # Default: plain
  61. # Options: plain, none
  62. smtp-auth=plain
  63. # user / password are required if smtp-auth is plain
  64. smtp-user=
  65. smtp-password=
  66. #
  67. # Application exceptions are emailed to this address
  68. error-to=
  69. error-from=
  70. #
  71. # You should generate a PGP key to allow users to authenticate emails received
  72. # from your services. Use `gpg --edit-key [key id]` to remove the password from
  73. # your private key, then export it to a file and set pgp-privkey to the path to
  74. # that file. pgp-pubkey should be set to the path to your public key, and
  75. # pgp-key-id should be set to the key ID string. Outgoing emails are signed with
  76. # this PGP key.
  77. pgp-privkey=
  78. pgp-pubkey=
  79. pgp-key-id=
  80. [webhooks]
  81. #
  82. # base64-encoded Ed25519 key for signing webhook payloads. This should be
  83. # consistent between all services.
  84. #
  85. # Use the `srht-keygen webhook` command to generate this key. Put the private
  86. # key here and distribute the public key to anyone who would want to verify
  87. # webhook payloads from your service.
  88. private-key={{WEBHOOK_KEY}}
  89. [git.sr.ht]
  90. #
  91. # URL git.sr.ht is being served at (protocol://domain)
  92. origin={{gitsrht_domain}}
  93. #
  94. # Address and port to bind the debug server to
  95. debug-host=0.0.0.0
  96. debug-port=5001
  97. #
  98. # Configures the SQLAlchemy connection string for the database.
  99. connection-string=postgresql://postgres@localhost/git.sr.ht
  100. #
  101. # Set to "yes" to automatically run migrations on package upgrade.
  102. migrate-on-upgrade=yes
  103. #
  104. # The redis connection used for the webhooks worker
  105. webhooks=redis://localhost:6379/1
  106. #
  107. # A post-update script which is installed in every git repo.
  108. post-update-script=/usr/bin/gitsrht-update-hook
  109. #
  110. # git.sr.ht's OAuth client ID and secret for meta.sr.ht
  111. # Register your client at meta.example.org/oauth
  112. oauth-client-id=CHANGEME
  113. oauth-client-secret=CHANGEME
  114. #
  115. # Path to git repositories on disk
  116. repos=/var/lib/git/
  117. #
  118. # Configure the S3 bucket and prefix for object storage. Leave empty to disable
  119. # object storage. Bucket is required to enable object storage; prefix is
  120. # optional.
  121. s3-bucket=
  122. s3-prefix=
  123. #
  124. # Required for preparing and sending patchsets from git.sr.ht
  125. outgoing-domain=
  126. #
  127. # Origin URL for the API
  128. # Only needed if not run behind a reverse proxy, e.g. for local development.
  129. # By default, the API port is 100 more than the web port
  130. #api-origin=http://localhost:5101
  131. [git.sr.ht::api]
  132. #
  133. # Maximum complexity of GraphQL queries. The higher this number, the more work
  134. # that API clients can burden the API backend with. Complexity is equal to the
  135. # number of discrete fields which would be returned to the user. 200 is a good
  136. # default.
  137. max-complexity=200
  138. #
  139. # The maximum time the API backend will spend processing a single API request.
  140. #
  141. # See https://golang.org/pkg/time/#ParseDuration
  142. max-duration=3s
  143. #
  144. # Set of IP subnets which are permitted to utilize internal API
  145. # authentication. This should be limited to the subnets from which your
  146. # *.sr.ht services are running.
  147. #
  148. # Comma-separated, CIDR notation.
  149. internal-ipnet=127.0.0.0/8,::1/128,192.168.0.0/16,10.0.0.0/8
  150. [git.sr.ht::dispatch]
  151. #
  152. # The authorized keys hook uses this to dispatch to various handlers
  153. # The format is a program to exec into as the key, and the user to match as the
  154. # value. When someone tries to log in as this user, this program is executed
  155. # and is expected to omit an AuthorizedKeys file.
  156. #
  157. # Uncomment the relevant lines to enable the various sr.ht dispatchers.
  158. /usr/bin/gitsrht-keys=git:git
  159. #/usr/bin/buildsrht-keys=builds:builds
  160. [meta.sr.ht]
  161. origin={{metasrht_domain}}
  162. #
  163. # Address and port to bind the debug server to
  164. debug-host=0.0.0.0
  165. debug-port=5000
  166. #
  167. # Configures the SQLAlchemy connection string for the database.
  168. connection-string=postgresql://postgres@localhost/meta.sr.ht
  169. #
  170. # Set to "yes" to automatically run migrations on package upgrade.
  171. migrate-on-upgrade=yes
  172. [meta.sr.ht::settings]
  173. #
  174. # If "no", public registration will not be permitted.
  175. registration=yes
  176. #
  177. # Where to redirect new users upon registration
  178. onboarding-redirect={{DOMAIN}}:5000
  179. #
  180. # How many invites each user is issued upon registration (only applicable if
  181. # open registration is disabled)
  182. user-invites=5
  183. [meta.sr.ht::aliases]
  184. #
  185. # You can add aliases for the client IDs of commonly used OAuth clients here.
  186. #
  187. # Example:
  188. # git.sr.ht=12345
  189. # Uncomment this to provide optional builds.sr.ht integration
  190. #[builds.sr.ht]
  191. #origin=http://builds.sr.ht.local
  192. #oauth-client-id=CHANGEME
  193. [meta.sr.ht::billing]
  194. #
  195. # "yes" to enable the billing system
  196. enabled=no
  197. #
  198. # Get your keys at https://dashboard.stripe.com/account/apikeys
  199. stripe-public-key=
  200. stripe-secret-key=
  201. [paste.sr.ht]
  202. #
  203. # URL paste.sr.ht is being served at (protocol://domain)
  204. origin={{pastesrht_domain}}
  205. #
  206. # Address and port to bind the debug server to
  207. debug-host=0.0.0.0
  208. debug-port=5011
  209. #
  210. # Configures the SQLAlchemy connection string for the database.
  211. connection-string=postgresql://postgres@localhost/paste.sr.ht
  212. #
  213. # Set to "yes" to automatically run migrations on package upgrade.
  214. migrate-on-upgrade=yes
  215. #
  216. # paste.sr.ht's OAuth client ID and secret for meta.sr.ht
  217. # Register your client at meta.example.org/oauth
  218. oauth-client-id=
  219. oauth-client-secret=
  220. #
  221. # Origin URL for the API
  222. # Only needed if not run behind a reverse proxy, e.g. for local development.
  223. # By default, the API port is 100 more than the web port
  224. #api-origin=http://localhost:5111
  225. [lists.sr.ht]
  226. #
  227. # URL lists.sr.ht is being served at (protocol://domain)
  228. origin={{listsrht_domain}}
  229. #
  230. # Address and port to bind the debug server to
  231. debug-host=0.0.0.0
  232. debug-port=5006
  233. #
  234. # Configures the SQLAlchemy connection string for the database.
  235. connection-string=postgresql://postgres@localhost/lists.sr.ht
  236. #
  237. # Set to "yes" to automatically run migrations on package upgrade.
  238. migrate-on-upgrade=yes
  239. #
  240. # The redis connection used for the webhooks worker
  241. webhooks=redis://localhost:6379/1
  242. #
  243. # The redis connection used for the Celery worker (configure this on both the
  244. # master and workers)
  245. redis=redis://localhost:6379/0
  246. #
  247. # The domain that incoming email should be sent to. Forward mail sent here to
  248. # the LTMP socket.
  249. posting-domain={{listsrht_domain}}
  250. #
  251. # lists.sr.ht's OAuth client ID and secret for meta.sr.ht
  252. # Register your client at meta.example.org/oauth
  253. oauth-client-id=
  254. oauth-client-secret=
  255. #
  256. # Trusted upstream SMTP server generating Authentication-Results header fields
  257. msgauth-server=mail.sr.ht.local
  258. #
  259. # If "no", prevents non-admins from creating new lists
  260. allow-new-lists=yes
  261. #
  262. # Origin URL for the API
  263. # Only needed if not run behind a reverse proxy, e.g. for local development.
  264. # By default, the API port is 100 more than the web port
  265. #api-origin=http://localhost:5106
  266. [lists.sr.ht::worker]
  267. # Protocol used by the daemon. Either lmtp or smtp. By default ltmp if using
  268. # unix socket and smtp if using tcp socket.
  269. protocol=lmtp
  270. #
  271. # Path for the lmtp daemon's unix socket. Direct incoming mail to this socket.
  272. # Alternatively, specify IP:PORT will run the server using tcp.
  273. sock=/tmp/lists.sr.ht-lmtp.sock
  274. #
  275. # The lmtp daemon will make the unix socket group-read/write for users in this
  276. # group.
  277. sock-group=postfix
  278. #
  279. # Comma-delimited list of Content-Types to reject. Messages with Content-Types
  280. # included in this list are rejected. Multipart messages are always supported,
  281. # and each part is checked against this list.
  282. #
  283. # Uses fnmatch for wildcard expansion.
  284. reject-mimetypes=text/html
  285. #
  286. # Link to include in the rejection message where senders can get help
  287. # correcting their email.
  288. reject-url=https://man.sr.ht/lists.sr.ht/etiquette.md
  289. [lists.sr.ht::api]
  290. #
  291. # Maximum complexity of GraphQL queries. The higher this number, the more work
  292. # that API clients can burden the API backend with. Complexity is equal to the
  293. # number of discrete fields which would be returned to the user. 200 is a good
  294. # default.
  295. max-complexity=200
  296. #
  297. # The maximum time the API backend will spend processing a single API request.
  298. #
  299. # See https://golang.org/pkg/time/#ParseDuration
  300. max-duration=90s
  301. #
  302. # Set of IP subnets which are permitted to utilize internal API
  303. # authentication. This should be limited to the subnets from which your
  304. # *.sr.ht services are running.
  305. #
  306. # Comma-separated, CIDR notation.
  307. internal-ipnet=127.0.0.0/8,::1/128,192.168.0.0/16,10.0.0.0/8
  308. [lists.sr.ht::redirects]
  309. #
  310. # Redirects for migrating old mailing lists to new ones. This just sets up the
  311. # redirect for incoming emails.
  312. #
  313. # old-address=~example/new-name
  314. [todo.sr.ht]
  315. #
  316. # URL todo.sr.ht is being served at (protocol://domain)
  317. origin={{todosrht_domain}}
  318. #
  319. # Address and port to bind the debug server to
  320. debug-host=0.0.0.0
  321. debug-port=5003
  322. #
  323. # Configures the SQLAlchemy connection string for the database.
  324. connection-string=postgresql://postgres@localhost/todo.sr.ht
  325. #
  326. # Set to "yes" to automatically run migrations on package upgrade.
  327. migrate-on-upgrade=yes
  328. #
  329. # todo.sr.ht's OAuth client ID and secret for meta.sr.ht
  330. # Register your client at meta.example.org/oauth
  331. oauth-client-id=CHANGEME
  332. oauth-client-secret=CHANGEME
  333. #
  334. # Outgoing email for notifications generated by users
  335. notify-from=CHANGEME@example.org
  336. #
  337. # The redis connection used for the webhooks worker
  338. webhooks=redis://localhost:6379/1
  339. #
  340. # Origin URL for the API
  341. # Only needed if not run behind a reverse proxy, e.g. for local development.
  342. # By default, the API port is 100 more than the web port
  343. #api-origin=http://localhost:5103
  344. [todo.sr.ht::mail]
  345. #
  346. # Path for the lmtp daemon's unix socket. Direct incoming mail to this socket.
  347. # Alternatively, specify IP:PORT and an SMTP server will be run instead.
  348. sock=/tmp/todo.sr.ht-lmtp.sock
  349. #
  350. # The lmtp daemon will make the unix socket group-read/write for users in this
  351. # group.
  352. sock-group=postfix
  353. #
  354. # Fill this in with the name of the domain to which emails should be sent.
  355. # Leave blank to disable email submission.
  356. posting-domain=
  357. [builds.sr.ht]
  358. #
  359. # URL builds.sr.ht is being served at (protocol://domain)
  360. origin={{buildsrht_domain}}
  361. #
  362. # Address and port to bind the debug server to
  363. debug-host=0.0.0.0
  364. debug-port=5002
  365. #
  366. # Configures the SQLAlchemy connection string for the database.
  367. connection-string=postgresql://postgres@localhost/builds.sr.ht
  368. #
  369. # Set to "yes" to automatically run migrations on package upgrade.
  370. migrate-on-upgrade=yes
  371. #
  372. # The redis connection used for the Celery worker (configure this on both the
  373. # master and workers)
  374. redis=redis://localhost:6379/0
  375. #
  376. # builds.sr.ht's OAuth client ID and secret for meta.sr.ht
  377. # Register your client at meta.example.org/oauth
  378. oauth-client-id=
  379. oauth-client-secret=
  380. #
  381. # Script used to launch on ssh connnection. /usr/bin/master-shell on master,
  382. # /usr/bin/runner-shell for workers.
  383. # If master and worker are on the same system set to /usr/bin/runner-shell
  384. shell=/usr/bin/master-shell
  385. #
  386. # Set to "yes" to allow nonpaying users to submit builds
  387. allow-free=yes
  388. #
  389. # Origin URL for the API
  390. # Only needed if not run behind a reverse proxy, e.g. for local development.
  391. # By default, the API port is 100 more than the web port
  392. #api-origin=http://localhost:5102
  393. #
  394. # These config options are only necessary for systems running a build runner
  395. [builds.sr.ht::worker]
  396. #
  397. # Name of this build runner (with HTTP port if not 80)
  398. name=runner.sr.ht.local
  399. #
  400. # Path to write build logs
  401. buildlogs=./logs
  402. #
  403. # Path to the build images
  404. images=./images
  405. #
  406. # In production you should NOT put the build user in the docker group. Instead,
  407. # make a scratch user who is and write a sudoers or doas.conf file that allows
  408. # them to execute just the control command, then update this config option. For
  409. # example:
  410. #
  411. # doas -u docker /var/lib/images/control
  412. #
  413. # Assuming doas.conf looks something like this:
  414. #
  415. # permit nopass builds as docker cmd /var/lib/images/control
  416. #
  417. # For more information about the security model of builds.sr.ht, visit the wiki:
  418. #
  419. # https://man.sr.ht/builds.sr.ht/installation.md
  420. controlcmd=./images/control
  421. #
  422. # Max build duration. See https://golang.org/pkg/time/#ParseDuration
  423. timeout=45m
  424. #
  425. # Http bind address for serving local build information/monitoring
  426. bind-address=0.0.0.0:8080
  427. #
  428. # Build trigger email
  429. trigger-from=
  430. #
  431. # Configure the S3 bucket and prefix for object storage. Leave empty to disable
  432. # object storage. Bucket is required to enable object storage; prefix is
  433. # optional.
  434. s3-bucket=
  435. s3-prefix=
  436. [hg.sr.ht]
  437. #
  438. # URL hg.sr.ht is being served at (protocol://domain)
  439. origin={{hgsrht_domain}}
  440. #
  441. # Address and port to bind the debug server to
  442. debug-host=0.0.0.0
  443. debug-port=5010
  444. #
  445. # Configures the SQLAlchemy connection string for the database.
  446. connection-string=postgresql://postgres@localhost/hg.sr.ht
  447. #
  448. # The redis connection used for the webhooks worker
  449. webhooks=redis://localhost:6379/1
  450. #
  451. # Disable server "publishing" for new repositories.
  452. # When 'true', this sets the phases.publish configuration option to 'false' on
  453. # newly created Mercurial repositories.
  454. disable-publishing=false
  455. #
  456. # A post-update script which is installed in every mercurial repo.
  457. changegroup-script=/usr/bin/hgsrht-hook-changegroup
  458. #
  459. # hg.sr.ht's OAuth client ID and secret for meta.sr.ht
  460. # Register your client at meta.example.org/oauth
  461. oauth-client-id=CHANGEME
  462. oauth-client-secret=CHANGEME
  463. #
  464. # Path to mercurial repositories on disk
  465. repos=/var/lib/mercurial/
  466. #
  467. # Path to the srht mercurial extension
  468. # (defaults to where the hgsrht code is)
  469. #srhtext=
  470. #
  471. # .hg/store size (in MB) past which the nightly job generates clone bundles.
  472. #clone_bundle_threshold=50
  473. #
  474. # Path to hg (if not in $PATH or if you want sourcehut to use a custom one)
  475. # hg_path=/path/to/hg
  476. [hg.sr.ht::api]
  477. #
  478. # Number of mercurial server processes to spawn
  479. # server-pool-size=4
  480. #
  481. # Maximum complexity of GraphQL queries. The higher this number, the more work
  482. # that API clients can burden the API backend with. Complexity is equal to the
  483. # number of discrete fields which would be returned to the user. 200 is a good
  484. # default.
  485. max-complexity=200
  486. #
  487. # The maximum time the API backend will spend processing a single API request.
  488. #
  489. # See https://golang.org/pkg/time/#ParseDuration
  490. max-duration=3s
  491. #
  492. # Set of IP subnets which are permitted to utilize internal API
  493. # authentication. This should be limited to the subnets from which your
  494. # *.sr.ht services are running.
  495. #
  496. # Comma-separated, CIDR notation.
  497. internal-ipnet=127.0.0.0/8,::1/128,192.168.0.0/16,10.0.0.0/8
  498. # NOTE: this is not a typo. It goes into the git dispatch section because
  499. # that script actually handles all the dispatching (git, hg, man, etc.)
  500. [git.sr.ht::dispatch]
  501. #
  502. # The authorized keys hook uses this to dispatch to various handlers
  503. # The format is a program to exec into as the key, and the user to match as the
  504. # value. When someone tries to log in as this user, this program is executed
  505. # and is expected to emit an AuthorizedKeys file.
  506. #
  507. # Uncomment the relevant lines to enable the various sr.ht dispatchers.
  508. /usr/bin/hgsrht-keys=hg:hg