-
Notifications
You must be signed in to change notification settings - Fork 3
/
mprweb.cfg
140 lines (131 loc) · 7.05 KB
/
mprweb.cfg
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
# The documentation of this configuration file is a work-in-progress.
# TODO: Make it not work-in-progress :P.
#
# Boolean entries are configured with a value of 0 for false, and 1 for true.
# Values such as strings must be typed unquoted in order to work.
#
# Database configuration.
# host (mandatory): The hostname/IP of the MySQL instance.
# port (optional): The port of the MySQL instance (defaults to 3306).
# name (mandatory): The database for mprweb to store data in.
# user (mandatory): The user to connect to the MySQL instance with.
# password (optional): The password to connect to the MySQL instance with. Connects with no password if unset.
[database]
host = mariadb
;port = 3306
name = mprweb
user = mprweb
password = a_very_strong_database_password
backend = mysql
# General configuration.
# username_min_len (mandatory): The minimum length of user's usernames.
# username_max_len (mandatory): The maximum length of user's usernames.
# passwd_min_len (mandatory): The minimum length of user's passwords.
# default_lang (mandatory): The default language for new users.
# default_timezone (mandatory): The default timezone for new users.
# login_timeout (mandatory): The amount of time new logins in the web interface is valid for.
# persistent_cookie_timeout (mandatory): Haven't found out yet (TODO!).
# disable_http_login (mandatory): Boolean to disable logins via HTTP, and to require HTTPS. You should probably leave this off and put a TLS-capable reverse proxy in front of your instance.
# aur_location (mandatory): The URL to your instance.
# git_clone_uri_anon (mandatory): The URL used for HTTP Git clones.
# git_clone_uri_priv (mandatory): The URL used for SSH Git clones.
# max_rpc_results (mandatory): To be deprecated. Don't modify (TODO!).
# max_search_results (mandatory): The maximum amount of results to return on routes such as '/packages'.
# aur_request_ml (mandatory): To be deprecated. Don't modify (TODO!).
# request_idle_time (mandatory): The amount of time that must pass before a TU is allowed to orphan a package via an orphan request.
# auto_orphan_age (mandatory): The amount of time that must pass before a package marked as out of date can be automatically orphaned via an orphan request.
# auto_delete_age (mandatory): The amount of time that must pass before a package marked as out of date can be automatically deleted via a deletion request.
# enable-maintenance (mandatory): Whether the instance is put into maintenance mode. This disables actions that can cause changes on an instance (only the SSH Git interface behaves this way currently). Certain IPs can be whitelisted from maintenance from via the 'maintenance-exceptions' key.
# maintenance-exceptions (optional): A space-separated list of IPs to allow normal functionality on the instance when 'enable-maintenance' is on.
# redis_address (mandatory): The address to the redis instance to use on the instance.
# salt_rounds (mandatory): The number of rounds a password is salted before being stored in the databases. (TODO: I don't know too much about cryptography, and I need to figure out how this works in practice).
# traceback (mandatory): Whether to show Python tracebacks when processing a request via the web interface. This is useful for local testing, but you **SHOULD** turn this off in a production instance, as it can leak sensitive user information.
# bot-user (mandatory): The username of a user to perform automated actions by the system. Currently this is used when reporting out of date notifications for Repology checks, though this may be expanded upon in the future.
[options]
username_min_len = 3
username_max_len = 16
passwd_min_len = 8
default_lang = en
default_timezone = UTC
login_timeout = 7200
persistent_cookie_timeout = 2592000
disable_http_login = 0
aur_location = http://localhost:8080
git_clone_uri_anon = http://localhost:8080/%s.git
git_clone_uri_priv = ssh://mpr@localhost:2222/%s.git
max_rpc_results = 5000
max_search_results = 2500
aur_request_ml = [email protected]
request_idle_time = 1209600
auto_orphan_age = 15552000
auto_delete_age = 86400
enable-maintenance = 0
#maintenance-exceptions = 127.0.0.1
redis_address = redis://redis
salt_rounds = 12
traceback = 1
bot-user = kavplex
# Sentry configuration.
# dsn (optional): The Sentry DSN to report information to.
# traces_sample_rate (optional): What percentage of requests (as a float from 0 to 1) to report for Sentry performance monitoring.
[sentry]
#dsn =
#traces_sample_rate = 1.0
# Ratelimit configuration.
# This section will be removed in the future once the RPC interface is removed.
# request_limit (mandatory): The amount of requests allowed every period of 'window_length' in the RPC interface.
# window_length (mandatory): The period of time that 'request_limit' lasts before getting reset.
# cache (mandatory): I have no clue, nor do I care enough to figure it out. It's something for the RPC interface, which I plan on removing in the future anyway. We'll document this if it starts to pose any issues before getting removed.
[ratelimit]
request_limit = 4000
window_length = 86400
cache = 1
# Email notifications configuration.
# smtp-server (mandatory): The FQDN of the SMTP mail server.
# smtp-port (mandatory): The port to connect to the mail server on.
# smtp-use-ssl (mandatory): Whether to use SSL for connection encryption.
# smtp-use-starttls (mandatory): Whether to use TLS for connection encryption.
# smtp-user (optional): The username to authenticate to the mail server with.
# smtp-password (optional): The password to authenticate to the mail server with.
# sender (mandatory): The email address the instance will send emails under.
# reply-to (mandatory): The email address to set the 'Reply-To' header in emails to.
[notifications]
smtp-server = localhost
smtp-port = 25
smtp-use-ssl = 0
smtp-use-starttls = 0
smtp-user =
smtp-password =
sender = [email protected]
reply-to = [email protected]
# SSH fingerprint configuration.
# Ed25519 (mandatory): The Ed25519 SSH key fingerprint.
# ECDSA (mandatory): The ECDSA SSH key fingerprint.
# RSA (mandatory): The RSA SSH key fingerprint.
[fingerprints]
Ed25519 = SHA256:HQ03dn6EasJHNDlt51KpQpFkT3yBX83x7BoIkA1iv2k
ECDSA = SHA256:L71Q91yHwmHPYYkJMDgj0xmUuw16qFOhJbBr1mzsiOI
RSA = SHA256:Ju+yWiMb/2O+gKQ9RJCDqvRg7l+Q95KFAeqM5sr6l2s
# FastAPI instance configuration.
# session_secret (mandatory): The secret used for things like user sessions.
[fastapi]
session_secret = secret
# Git repository package update configuration.
# max-blox-size (mandatory): The maximum blob size allowed in Git repositories.
[update]
max-blob-size = 256000
# Instance source code information.
# commit_url (mandatory): The URL to the source code of this instance.
# commit_hash (mandatory): The current commit used for this instance.
[devel]
commit_url = https://github.com/makedeb/mprweb/commit/%s
commit_hash = HEAD
# Offsets used to determine when TUs should be reminded about
# votes that they should make.
# Reminders will be sent out for all votes that a TU has not yet
# voted on if the following are true:
# - End >= now + range_start
# - End <= now + range_end
[tuvotereminder]
range_start = 500
range_end = 172800