1
0

config.ini.template 16 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547
  1. [sr.ht]
  2. #
  3. # The name of your network of sr.ht-based sites
  4. site-name=sourcehut
  5. #
  6. # The top-level info page for your site
  7. site-info=https://sourcehut.org
  8. #
  9. # {{ site-name }}, {{ site-blurb }}
  10. site-blurb=the hacker's forge
  11. #
  12. # If this != production, we add a banner to each page
  13. environment=production
  14. #
  15. # Contact information for the site owners
  16. owner-name=Drew DeVault
  17. owner-email=sir@cmpwn.com
  18. #
  19. # The source code for your fork of sr.ht
  20. source-url=https://git.sr.ht/~sircmpwn/srht
  21. #
  22. # A key used for encrypting session cookies. Use `srht-keygen service` to
  23. # generate the service key. This must be shared between each node of the same
  24. # service (e.g. git1.sr.ht and git2.sr.ht), but different services may use
  25. # different keys. If you configure all of your services with the same
  26. # config.ini, you may use the same service-key for all of them.
  27. service-key={{SERVICE_KEY}}
  28. #
  29. # A secret key to encrypt internal messages with. Use `srht-keygen network` to
  30. # generate this key. It must be consistent between all services and nodes.
  31. network-key={{NETWORK_KEY}}
  32. #
  33. # The redis host URL. This is used for caching and temporary storage, and must
  34. # be shared between nodes (e.g. git1.sr.ht and git2.sr.ht), but need not be
  35. # shared between services. It may be shared between services, however, with no
  36. # ill effect, if this better suits your infrastructure.
  37. redis-host=redis://127.0.0.1:6379
  38. #
  39. # The Prometheus Pushgateway instance to deliver gitsrht-periodic metrics to (http[s]://host:port)
  40. pushgateway=
  41. [objects]
  42. # Configure the S3-compatible object storage service. Leave empty to disable
  43. # object storage.
  44. #
  45. # Minio is recommended as a FOSS solution over AWS: https://min.io
  46. s3-upstream=
  47. s3-access-key=
  48. s3-secret-key=
  49. [mail]
  50. #
  51. # Outgoing SMTP settings
  52. smtp-host=
  53. smtp-port=
  54. smtp-from=
  55. #
  56. # Default: starttls
  57. # Options: starttls, tls, insecure
  58. smtp-encryption=starttls
  59. #
  60. # Default: plain
  61. # Options: plain, none
  62. smtp-auth=plain
  63. # user / password are required if smtp-auth is plain
  64. smtp-user=
  65. smtp-password=
  66. #
  67. # Application exceptions are emailed to this address
  68. error-to=
  69. error-from=
  70. #
  71. # You should generate a PGP key to allow users to authenticate emails received
  72. # from your services. Use `gpg --edit-key [key id]` to remove the password from
  73. # your private key, then export it to a file and set pgp-privkey to the path to
  74. # that file. pgp-pubkey should be set to the path to your public key, and
  75. # pgp-key-id should be set to the key ID string. Outgoing emails are signed with
  76. # this PGP key.
  77. pgp-privkey=
  78. pgp-pubkey=
  79. pgp-key-id=
  80. [webhooks]
  81. #
  82. # base64-encoded Ed25519 key for signing webhook payloads. This should be
  83. # consistent between all services.
  84. #
  85. # Use the `srht-keygen webhook` command to generate this key. Put the private
  86. # key here and distribute the public key to anyone who would want to verify
  87. # webhook payloads from your service.
  88. private-key={{WEBHOOK_KEY}}
  89. [git.sr.ht]
  90. #
  91. # URL git.sr.ht is being served at (protocol://domain)
  92. origin={{gitsrht_domain}}
  93. #
  94. # Address and port to bind the debug server to
  95. debug-host=0.0.0.0
  96. debug-port=5001
  97. #
  98. # Configures the SQLAlchemy connection string for the database.
  99. connection-string=postgresql://sourcehut:sourcehut@database/sourcehut
  100. #
  101. # Set to "yes" to automatically run migrations on package upgrade.
  102. migrate-on-upgrade=yes
  103. #
  104. # The redis connection used for the webhooks worker
  105. webhooks=redis://localhost:6379/1
  106. #
  107. # A post-update script which is installed in every git repo.
  108. post-update-script=/usr/bin/gitsrht-update-hook
  109. #
  110. # git.sr.ht's OAuth client ID and secret for meta.sr.ht
  111. # Register your client at meta.example.org/oauth
  112. oauth-client-id=CHANGEME
  113. oauth-client-secret=CHANGEME
  114. #
  115. # Path to git repositories on disk
  116. repos=/var/lib/git/
  117. #
  118. # Configure the S3 bucket and prefix for object storage. Leave empty to disable
  119. # object storage. Bucket is required to enable object storage; prefix is
  120. # optional.
  121. s3-bucket=
  122. s3-prefix=
  123. #
  124. # Required for preparing and sending patchsets from git.sr.ht
  125. outgoing-domain=
  126. #
  127. # Origin URL for the API
  128. # Only needed if not run behind a reverse proxy, e.g. for local development.
  129. # By default, the API port is 100 more than the web port
  130. #api-origin=http://localhost:5101
  131. [git.sr.ht::api]
  132. #
  133. # Maximum complexity of GraphQL queries. The higher this number, the more work
  134. # that API clients can burden the API backend with. Complexity is equal to the
  135. # number of discrete fields which would be returned to the user. 200 is a good
  136. # default.
  137. max-complexity=200
  138. #
  139. # The maximum time the API backend will spend processing a single API request.
  140. #
  141. # See https://golang.org/pkg/time/#ParseDuration
  142. max-duration=3s
  143. #
  144. # Set of IP subnets which are permitted to utilize internal API
  145. # authentication. This should be limited to the subnets from which your
  146. # *.sr.ht services are running.
  147. #
  148. # Comma-separated, CIDR notation.
  149. internal-ipnet=127.0.0.0/8,::1/128,192.168.0.0/16,10.0.0.0/8
  150. [git.sr.ht::dispatch]
  151. #
  152. # The authorized keys hook uses this to dispatch to various handlers
  153. # The format is a program to exec into as the key, and the user to match as the
  154. # value. When someone tries to log in as this user, this program is executed
  155. # and is expected to omit an AuthorizedKeys file.
  156. #
  157. # Uncomment the relevant lines to enable the various sr.ht dispatchers.
  158. /usr/bin/gitsrht-keys=git:git
  159. #/usr/bin/buildsrht-keys=builds:builds
  160. [meta.sr.ht]
  161. origin={{metasrht_domain}}
  162. #
  163. # Address and port to bind the debug server to
  164. debug-host=0.0.0.0
  165. debug-port=5000
  166. #
  167. # Configures the SQLAlchemy connection string for the database.
  168. connection-string=postgresql://sourcehut:sourcehut@database/sourcehut
  169. #
  170. # Set to "yes" to automatically run migrations on package upgrade.
  171. migrate-on-upgrade=yes
  172. [meta.sr.ht::settings]
  173. #
  174. # If "no", public registration will not be permitted.
  175. registration=yes
  176. #
  177. # Where to redirect new users upon registration
  178. onboarding-redirect={{DOMAIN}}:5000
  179. #
  180. # How many invites each user is issued upon registration (only applicable if
  181. # open registration is disabled)
  182. user-invites=5
  183. [meta.sr.ht::aliases]
  184. #
  185. # You can add aliases for the client IDs of commonly used OAuth clients here.
  186. #
  187. # Example:
  188. # git.sr.ht=12345
  189. # Uncomment this to provide optional builds.sr.ht integration
  190. [meta.sr.ht::billing]
  191. #
  192. # "yes" to enable the billing system
  193. enabled=no
  194. #
  195. # Get your keys at https://dashboard.stripe.com/account/apikeys
  196. stripe-public-key=
  197. stripe-secret-key=
  198. [paste.sr.ht]
  199. #
  200. # URL paste.sr.ht is being served at (protocol://domain)
  201. origin={{pastesrht_domain}}
  202. #
  203. # Address and port to bind the debug server to
  204. debug-host=0.0.0.0
  205. debug-port=5011
  206. #
  207. # Configures the SQLAlchemy connection string for the database.
  208. connection-string=postgresql://sourcehut:sourcehut@database/sourcehut
  209. #
  210. # Set to "yes" to automatically run migrations on package upgrade.
  211. migrate-on-upgrade=yes
  212. #
  213. # paste.sr.ht's OAuth client ID and secret for meta.sr.ht
  214. # Register your client at meta.example.org/oauth
  215. oauth-client-id=
  216. oauth-client-secret=
  217. #
  218. # Origin URL for the API
  219. # Only needed if not run behind a reverse proxy, e.g. for local development.
  220. # By default, the API port is 100 more than the web port
  221. #api-origin=http://localhost:5111
  222. [lists.sr.ht]
  223. #
  224. # URL lists.sr.ht is being served at (protocol://domain)
  225. origin={{listssrht_domain}}
  226. #
  227. # Address and port to bind the debug server to
  228. debug-host=0.0.0.0
  229. debug-port=5006
  230. #
  231. # Configures the SQLAlchemy connection string for the database.
  232. connection-string=postgresql://sourcehut:sourcehut@database/sourcehut
  233. #
  234. # Set to "yes" to automatically run migrations on package upgrade.
  235. migrate-on-upgrade=yes
  236. #
  237. # The redis connection used for the webhooks worker
  238. webhooks=redis://localhost:6379/1
  239. #
  240. # The redis connection used for the Celery worker (configure this on both the
  241. # master and workers)
  242. redis=redis://localhost:6379/0
  243. #
  244. # The domain that incoming email should be sent to. Forward mail sent here to
  245. # the LTMP socket.
  246. posting-domain={{listsrht_domain}}
  247. #
  248. # lists.sr.ht's OAuth client ID and secret for meta.sr.ht
  249. # Register your client at meta.example.org/oauth
  250. oauth-client-id=
  251. oauth-client-secret=
  252. #
  253. # Trusted upstream SMTP server generating Authentication-Results header fields
  254. msgauth-server=mail.sr.ht.local
  255. #
  256. # If "no", prevents non-admins from creating new lists
  257. allow-new-lists=yes
  258. #
  259. # Origin URL for the API
  260. # Only needed if not run behind a reverse proxy, e.g. for local development.
  261. # By default, the API port is 100 more than the web port
  262. #api-origin=http://localhost:5106
  263. [lists.sr.ht::worker]
  264. # Protocol used by the daemon. Either lmtp or smtp. By default ltmp if using
  265. # unix socket and smtp if using tcp socket.
  266. protocol=lmtp
  267. #
  268. # Path for the lmtp daemon's unix socket. Direct incoming mail to this socket.
  269. # Alternatively, specify IP:PORT will run the server using tcp.
  270. sock=/tmp/lists.sr.ht-lmtp.sock
  271. #
  272. # The lmtp daemon will make the unix socket group-read/write for users in this
  273. # group.
  274. sock-group=postfix
  275. #
  276. # Comma-delimited list of Content-Types to reject. Messages with Content-Types
  277. # included in this list are rejected. Multipart messages are always supported,
  278. # and each part is checked against this list.
  279. #
  280. # Uses fnmatch for wildcard expansion.
  281. reject-mimetypes=text/html
  282. #
  283. # Link to include in the rejection message where senders can get help
  284. # correcting their email.
  285. reject-url=https://man.sr.ht/lists.sr.ht/etiquette.md
  286. [lists.sr.ht::api]
  287. #
  288. # Maximum complexity of GraphQL queries. The higher this number, the more work
  289. # that API clients can burden the API backend with. Complexity is equal to the
  290. # number of discrete fields which would be returned to the user. 200 is a good
  291. # default.
  292. max-complexity=200
  293. #
  294. # The maximum time the API backend will spend processing a single API request.
  295. #
  296. # See https://golang.org/pkg/time/#ParseDuration
  297. max-duration=90s
  298. #
  299. # Set of IP subnets which are permitted to utilize internal API
  300. # authentication. This should be limited to the subnets from which your
  301. # *.sr.ht services are running.
  302. #
  303. # Comma-separated, CIDR notation.
  304. internal-ipnet=127.0.0.0/8,::1/128,192.168.0.0/16,10.0.0.0/8
  305. [lists.sr.ht::redirects]
  306. #
  307. # Redirects for migrating old mailing lists to new ones. This just sets up the
  308. # redirect for incoming emails.
  309. #
  310. # old-address=~example/new-name
  311. [todo.sr.ht]
  312. #
  313. # URL todo.sr.ht is being served at (protocol://domain)
  314. origin={{todosrht_domain}}
  315. #
  316. # Address and port to bind the debug server to
  317. debug-host=0.0.0.0
  318. debug-port=5003
  319. #
  320. # Configures the SQLAlchemy connection string for the database.
  321. connection-string=postgresql://sourcehut:sourcehut@database/sourcehut
  322. #
  323. # Set to "yes" to automatically run migrations on package upgrade.
  324. migrate-on-upgrade=yes
  325. #
  326. # todo.sr.ht's OAuth client ID and secret for meta.sr.ht
  327. # Register your client at meta.example.org/oauth
  328. oauth-client-id=CHANGEME
  329. oauth-client-secret=CHANGEME
  330. #
  331. # Outgoing email for notifications generated by users
  332. notify-from=CHANGEME@example.org
  333. #
  334. # The redis connection used for the webhooks worker
  335. webhooks=redis://localhost:6379/1
  336. #
  337. # Origin URL for the API
  338. # Only needed if not run behind a reverse proxy, e.g. for local development.
  339. # By default, the API port is 100 more than the web port
  340. #api-origin=http://localhost:5103
  341. [todo.sr.ht::mail]
  342. #
  343. # Path for the lmtp daemon's unix socket. Direct incoming mail to this socket.
  344. # Alternatively, specify IP:PORT and an SMTP server will be run instead.
  345. sock=/tmp/todo.sr.ht-lmtp.sock
  346. #
  347. # The lmtp daemon will make the unix socket group-read/write for users in this
  348. # group.
  349. sock-group=postfix
  350. #
  351. # Fill this in with the name of the domain to which emails should be sent.
  352. # Leave blank to disable email submission.
  353. posting-domain=
  354. [builds.sr.ht]
  355. #
  356. # URL builds.sr.ht is being served at (protocol://domain)
  357. origin={{buildssrht_domain}}
  358. #
  359. # Address and port to bind the debug server to
  360. debug-host=0.0.0.0
  361. debug-port=5002
  362. #
  363. # Configures the SQLAlchemy connection string for the database.
  364. connection-string=postgresql://sourcehut:sourcehut@database/sourcehut
  365. #
  366. # Set to "yes" to automatically run migrations on package upgrade.
  367. migrate-on-upgrade=yes
  368. #
  369. # The redis connection used for the Celery worker (configure this on both the
  370. # master and workers)
  371. redis=redis://localhost:6379/0
  372. #
  373. # builds.sr.ht's OAuth client ID and secret for meta.sr.ht
  374. # Register your client at meta.example.org/oauth
  375. oauth-client-id=
  376. oauth-client-secret=
  377. #
  378. # Script used to launch on ssh connnection. /usr/bin/master-shell on master,
  379. # /usr/bin/runner-shell for workers.
  380. # If master and worker are on the same system set to /usr/bin/runner-shell
  381. shell=/usr/bin/master-shell
  382. #
  383. # Set to "yes" to allow nonpaying users to submit builds
  384. allow-free=yes
  385. #
  386. # Origin URL for the API
  387. # Only needed if not run behind a reverse proxy, e.g. for local development.
  388. # By default, the API port is 100 more than the web port
  389. #api-origin=http://localhost:5102
  390. #
  391. # These config options are only necessary for systems running a build runner
  392. [builds.sr.ht::worker]
  393. #
  394. # Name of this build runner (with HTTP port if not 80)
  395. name=runner.sr.ht.local
  396. #
  397. # Path to write build logs
  398. buildlogs=./logs
  399. #
  400. # Path to the build images
  401. images=./images
  402. #
  403. # In production you should NOT put the build user in the docker group. Instead,
  404. # make a scratch user who is and write a sudoers or doas.conf file that allows
  405. # them to execute just the control command, then update this config option. For
  406. # example:
  407. #
  408. # doas -u docker /var/lib/images/control
  409. #
  410. # Assuming doas.conf looks something like this:
  411. #
  412. # permit nopass builds as docker cmd /var/lib/images/control
  413. #
  414. # For more information about the security model of builds.sr.ht, visit the wiki:
  415. #
  416. # https://man.sr.ht/builds.sr.ht/installation.md
  417. controlcmd=./images/control
  418. #
  419. # Max build duration. See https://golang.org/pkg/time/#ParseDuration
  420. timeout=45m
  421. #
  422. # Http bind address for serving local build information/monitoring
  423. bind-address=0.0.0.0:8080
  424. #
  425. # Build trigger email
  426. trigger-from=
  427. #
  428. # Configure the S3 bucket and prefix for object storage. Leave empty to disable
  429. # object storage. Bucket is required to enable object storage; prefix is
  430. # optional.
  431. s3-bucket=
  432. s3-prefix=
  433. [hg.sr.ht]
  434. #
  435. # URL hg.sr.ht is being served at (protocol://domain)
  436. origin={{hgsrht_domain}}
  437. #
  438. # Address and port to bind the debug server to
  439. debug-host=0.0.0.0
  440. debug-port=5010
  441. #
  442. # Configures the SQLAlchemy connection string for the database.
  443. connection-string=postgresql://sourcehut:sourcehut@database/sourcehut
  444. #
  445. # The redis connection used for the webhooks worker
  446. webhooks=redis://localhost:6379/1
  447. #
  448. # Disable server "publishing" for new repositories.
  449. # When 'true', this sets the phases.publish configuration option to 'false' on
  450. # newly created Mercurial repositories.
  451. disable-publishing=false
  452. #
  453. # A post-update script which is installed in every mercurial repo.
  454. changegroup-script=/usr/bin/hgsrht-hook-changegroup
  455. #
  456. # hg.sr.ht's OAuth client ID and secret for meta.sr.ht
  457. # Register your client at meta.example.org/oauth
  458. oauth-client-id=CHANGEME
  459. oauth-client-secret=CHANGEME
  460. #
  461. # Path to mercurial repositories on disk
  462. repos=/var/lib/mercurial/
  463. #
  464. # Path to the srht mercurial extension
  465. # (defaults to where the hgsrht code is)
  466. #srhtext=
  467. #
  468. # .hg/store size (in MB) past which the nightly job generates clone bundles.
  469. #clone_bundle_threshold=50
  470. #
  471. # Path to hg (if not in $PATH or if you want sourcehut to use a custom one)
  472. # hg_path=/path/to/hg
  473. [hg.sr.ht::api]
  474. #
  475. # Number of mercurial server processes to spawn
  476. # server-pool-size=4
  477. #
  478. # Maximum complexity of GraphQL queries. The higher this number, the more work
  479. # that API clients can burden the API backend with. Complexity is equal to the
  480. # number of discrete fields which would be returned to the user. 200 is a good
  481. # default.
  482. max-complexity=200
  483. #
  484. # The maximum time the API backend will spend processing a single API request.
  485. #
  486. # See https://golang.org/pkg/time/#ParseDuration
  487. max-duration=3s
  488. #
  489. # Set of IP subnets which are permitted to utilize internal API
  490. # authentication. This should be limited to the subnets from which your
  491. # *.sr.ht services are running.
  492. #
  493. # Comma-separated, CIDR notation.
  494. internal-ipnet=127.0.0.0/8,::1/128,192.168.0.0/16,10.0.0.0/8
  495. # NOTE: this is not a typo. It goes into the git dispatch section because
  496. # that script actually handles all the dispatching (git, hg, man, etc.)
  497. [man.sr.ht]
  498. #
  499. # URL man.sr.ht is being served at (protocol://domain)
  500. origin={{mansrht_domain}}
  501. #
  502. # Address and port to bind the debug server to
  503. debug-host=0.0.0.0
  504. debug-port=5004
  505. #
  506. # Configures the SQLAlchemy connection string for the database.
  507. connection-string=postgresql://sourcehut:sourcehut@database/sourcehut
  508. #
  509. # Set to "yes" to automatically run migrations on package upgrade.
  510. migrate-on-upgrade=yes
  511. #
  512. # man.sr.ht's OAuth client ID and secret for meta.sr.ht
  513. # Register your client at meta.example.org/oauth
  514. oauth-client-id=CHANGEME
  515. oauth-client-secret=CHANGEME