forked from fedora-infra/fas
-
Notifications
You must be signed in to change notification settings - Fork 0
/
fas.cfg.sample
241 lines (197 loc) · 8.75 KB
/
fas.cfg.sample
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
[global]
#
# Deployment type
# Determines which color of the header is being used
# Valid options:
# - "dev": Development
# - "stg": Staging
# - "prod": Production
#
deployment_type = "dev"
# TODO: better namespacing (maybe a [fas] section)
# admingroup is for humans that can see and do anything
###
### GPG Keys for specific operations
###
# This is the GPG Key ID used to encrypt the answer to the user's security question.
# The private key should be known to the admins to verify that the user supplied the correct answer.
key_securityquestion = '00000000'
###
### UI
###
theme = 'fas'
# Personal Info / Form availability
# Select/deselect items in the form
show_postal_address = 0
# Language support
available_languages = ['en', 'en_GB', 'ar', 'as', 'ast', 'bg', 'bn', 'bn_IN', 'bo', 'bs', 'ca', 'cs', 'da', 'de', 'el', 'es', 'eu', 'fa', 'fi', 'fr', 'ga', 'gl', 'he', 'hi', 'hu', 'id', 'is', 'it', 'ja', 'kn', 'ko', 'lv', 'mai', 'ml', 'mr', 'nb', 'nl', 'nn', 'pa', 'pl', 'pt_BR', 'pt', 'ru', 'si', 'sk', 'sl', 'sq', 'sr', 'sv', 'ta', 'te', 'tg', 'tr', 'uk', 'vi', 'zh_CN', 'zh_HK', 'zh_TW']
default_language = 'en'
# Country codes from GEOIP that we don't want to display in
# country selection boxes
country_blacklist = ["--", "A1", "A2", "AN", "AS", "AX", "BI", "BL", "BV", "CC", "CU", "CV", "CX", "DM", "FK", "FO", "GF", "GG", "GP", "GS", "GW", "HM", "IO", "IR", "IQ", "JE", "KI", "KP", "MF", "MP", "MS", "MW", "NF", "NR", "NU", "PM", "PN", "RE", "SB", "SD", "SH", "SJ", "SY", "TC", "TF", "TK", "TL", "TV", "UM", "VC", "VG", "WF", "YT"]
# Captcha
tgcaptcha2.key = 'Cx{$<_1W@]\Zv}*On;z]e'
tgcaptcha2.jpeg_generator = 'mcdermott'
tgcaptcha2.audio = True
###
### Administrative settings
###
# Usernames that are unavailable for fas allocation
username_blacklist = "abuse,accounts,adm,admin,amanda,apache,askfedora,asterisk,bin,board,bodhi2,canna,chair,chairman,cvsdirsec,cvsdocs,cvseclipse,cvsextras,cvsfont,daemon,dbus,decode,desktop,dgilmore,directors,dovecot,dumper,fama,famsco,fax,fedora,fedorarewards,fesco,freemedia,ftbfs,ftp,ftpadm,ftpadmin,games,gdm,gopher,gregdek,halt,hostmaster,ident,info,ingres,jaboutboul,jan,keys,kojiadmin,ldap,legal,logo,lp,mail,mailnull,manager,marketing,mysql,nagios,named,netdump,news,newsadm,newsadmin,nfsnobody,nobody,noc,nrpe,nscd,ntp,nut,openvideo,operator,packager,pcap,pkgdb,pkgsigner,postfix,postgres,postmaster,press,privoxy,pvm,quagga,radiusd,radvd,relnotes,root,rpc,rpcuser,rpm,sales,scholarship,secalert,security,shutdown,smmsp,squid,sshd,support,sync,system,tickets,toor,updates,usenet,uucp,vcsa,vendors,voting,webalizer,webmaster,wikiadmin,wnn,www,xfs,zabbix"
# admingroup has powers to change anything in the fas UI
admingroup = 'accounts'
# systemgroup is for automated systems that can read any info from the FAS db
systemgroup = 'fas-system'
# Moderator group provides its members restricted admin power
# allowed by defined action below.
# Valid action :
# modo.allow.update_status, allow approved member to do related action.
modo.group = 'accounts-moderators'
modo.allow.update_status = False
# thirdpartygroup is for thirdparties that also need group management
# via fas, but maintain their own actual account systems
thirdpartygroup = 'thirdparty'
# Placing a group into privileged_view_group protects the information in it
# only admins of the group can view the group
privileged_view_groups = "(^fas-.*)"
# Who should we say is sending email from fas and get email
# when fas sends a message about something?
accounts_email = "[email protected]"
# Who should be listed as the legal contact for the Contributor Agreement?
legal_cla_email = "[email protected]"
# Who should be listed as the webmaster contact for the site?
webmaster_email = "[email protected]"
# All groups and some users get email aliases created for them via a cron
# job. This setting is appended to group names when sending email to members
# of a group. Be sure to set up a cron job for your site for this to work
email_host = "fedoraproject.org" # as in, web-members@email_host
# Settings for Contributor Agreements
# Meta group for anyone who's satisfied the contributor agreement requirement
cla_done_group = "cla_done"
# The standard group is what you're placed in when you sign the contributor
# agreement via fas
cla_standard_group = "cla_fpca"
# If you have a contributor agreement that you're getting rid of but want
# to give people a transition period to sign a new one, you can put the
# deprecated group in here for now.
cla_deprecated_groups = ['cla_fedora']
# Groups that automatically grant membership to other groups
# Format: 'group1:a,b,c|group2:d,e,f'
auto_approve_groups = 'packager:fedorabugs|triagers:fedorabugs|docs-writers:fedorabugs|cla_fpca:cla_done|cla_redhat:cla_done|cla_dell:cla_done|cla_ibm:cla_done|cla_intel:cla_done'
# Some server parameters that you may want to tweak
server.socket_port=8088
server.thread_pool=50
server.socket_queue_size=30
# Needed for translations
### Q for ricky: Should this move to app.cfg?
session_filter.on = True
# Set to True if you'd like to abort execution if a controller gets an
# unexpected parameter. False by default
tg.strict_parameters = True
server.webpath='/accounts'
base_url_filter.on = True
base_url_filter.use_x_forwarded_host = False
base_url_filter.base_url = "http://localhost:8088/"
fas.url = "http://localhost:8088/accounts/"
# Knobs to tweak for debugging
# Enable the debug output at the end on pages.
# log_debug_info_filter.on = False
debug = 'on'
server.environment="development"
autoreload.package="fas"
autoreload.on = True
server.throw_errors = True
server.log_to_screen = True
# Make the session cookie only return to the host over an SSL link
# Disabled for testing only (Uncomment when deployed)
#visit.cookie.secure = True
#session_filter.cookie_secure = True
###
### Communicating to other services
###
# Database
sqlalchemy.dburi="postgres://fedora:fedora@localhost/fas2"
sqlalchemy.echo=False
# When using wsgi, we want the pool to be very low (as a separate instance is
# run in each apache mod_wsgi thread. So each one is going to have very few
# concurrent db connections.
sqlalchemy.pool_size=1
sqlalchemy.max_overflow=2
# If you're serving standalone (cherrypy), since FAS2 is much busier than
# other servers due to serving visit and auth via JSON you want higher values
#sqlalchemy.pool_size=10
#sqlalchemy.max_overflow=25
memcached_server = "127.0.0.1:11211"
# Sending of email via TurboMail
mail.on = False
mail.smtp.server = 'localhost'
#mail.testmode = True
mail.smtp.debug = False
mail.encoding = 'utf-8'
mail.transport = 'smtp'
mail.manager = 'demand'
# Enable yubikeys
yubi_server_prefix='http://localhost/yk-val/verify?id='
ykksm_db="postgres://ykksmimporter:ykksmimporter@localhost/ykksm"
ykval_db="postgres://ykval_verifier:ykval_verifier@localhost/ykval"
# Enable or disable generation of SSL certificates for users
# In a load balanced environment, you likely only want one server to set
# this to true
gencert = True
makeexec = "/usr/bin/make"
openssl_lockdir = "/var/lock/fas-openssl"
openssl_digest = "md5"
openssl_expire = 15552000 # 60*60*24*180 = 6 months
openssl_ca_dir = "/home/ricky/work/fedora/fas/ca"
openssl_ca_newcerts = "/home/ricky/work/fedora/fas/ca/newcerts"
openssl_ca_index = "/home/ricky/work/fedora/fas/ca/index"
openssl_c = "US"
openssl_st = "North Carolina"
openssl_l = "Raleigh"
openssl_o = "Fedora Project"
openssl_ou = "Fedora User Cert"
# These determine where FAS will read the public keyring from used in all GPG operations
gpgexec = "/usr/bin/gpg"
gpghome = "/home/ricky/work/fedora/fas/gnupg"
# Note: gpg_fingerprint and gpg_passphrase are for encrypting password reset mail if the user has
# a gpg key registered. It's currently broken
gpg_fingerprint = "C199 1E25 D00A D200 2D2E 54D1 BF7F 1647 C54E 8410"
# If you were wondering, this isn't a real passphrase :)
gpg_passphrase = "m00!s@ysth3c0w"
gpg_keyserver = "hkp://subkeys.pgp.net"
[/fedora-server-ca.cert]
static_filter.on = True
static_filter.file = "/etc/pki/fas/fedora-server-ca.cert"
[/fedora-upload-ca.cert]
static_filter.on = True
static_filter.file = "/etc/pki/fas/fedora-upload-ca.cert"
# LOGGING
# Logging configuration generally follows the style of the standard
# Python logging module configuration. Note that when specifying
# log format messages, you need to use *() for formatting variables.
# Deployment independent log configuration is in fas/config/log.cfg
[logging]
[[loggers]]
[[[fas]]]
level='DEBUG'
qualname='fas'
handlers=['debug_out']
[[[allinfo]]]
level='INFO'
handlers=['debug_out']
[[[access]]]
level='INFO'
qualname='turbogears.access'
handlers=['access_out']
propagate=0
[[[identity]]]
level='INFO'
qualname='turbogears.identity'
handlers=['access_out']
propagate=0
[[[database]]]
# Set to INFO to make SQLAlchemy display SQL commands
level='ERROR'
qualname='sqlalchemy.engine'
handlers=['debug_out']
propagate=0