config.ini.tmpl (5154B)
1 # https://git.sr.ht/~sircmpwn/todo.sr.ht/tree/master/item/config.example.ini 2 3 [sr.ht] 4 # 5 # The name of your network of sr.ht-based sites 6 site-name=p0c 7 # 8 # The top-level info page for your site 9 site-info=https://p0c.ch 10 # 11 # site-name, site-blurb 12 site-blurb=proof of concepts for fun and profit 13 # 14 # If this != production, we add a banner to each page 15 environment=production 16 # 17 # Contact information for the site owners 18 owner-name=Andreas Gruhler 19 owner-email=contact@p0c.ch 20 # 21 # The source code for your fork of sr.ht 22 source-url=https://git.sr.ht/~sircmpwn/srht 23 # 24 # A key used for encrypting session cookies. Use `srht-keygen service` to 25 # generate the service key. This must be shared between each node of the same 26 # service (e.g. git1.sr.ht and git2.sr.ht), but different services may use 27 # different keys. If you configure all of your services with the same 28 # config.ini, you may use the same service-key for all of them. 29 service-key={{with secret "kv/todo"}}{{index .Data.data.service_key}}{{end}} 30 # 31 # A secret key to encrypt internal messages with. Use `srht-keygen network` to 32 # generate this key. It must be consistent between all services and nodes. 33 network-key={{with secret "kv/todo"}}{{index .Data.data.network_key}}{{end}} 34 # 35 # The redis host URL. This is used for caching and temporary storage, and must 36 # be shared between nodes (e.g. git1.sr.ht and git2.sr.ht), but need not be 37 # shared between services. It may be shared between services, however, with no 38 # ill effect, if this better suits your infrastructure. 39 redis-host=redis://{{ env "NOMAD_ADDR_redis" }} 40 # 41 # Path to static asses (default PREFIX from make installation) 42 # https://git.sr.ht/~sircmpwn/core.sr.ht/tree/master/item/Makefile 43 assets=/usr/local/share/sourcehut 44 45 [mail] 46 # 47 # Outgoing SMTP settings 48 smtp-host={{with secret "kv/todo"}}{{index .Data.data.smtp_host}}{{end}} 49 smtp-port={{with secret "kv/todo"}}{{index .Data.data.smtp_port}}{{end}} 50 smtp-from={{with secret "kv/todo"}}{{index .Data.data.smtp_from}}{{end}} 51 # 52 # Default: starttls 53 # Options: starttls, tls, insecure 54 smtp-encryption=starttls 55 # 56 # Default: plain 57 # Options: plain, none 58 smtp-auth=plain 59 # user is required as it is used in Sender e-mail header 60 smtp-user={{with secret "kv/todo"}}{{index .Data.data.smtp_user}}{{end}} 61 # password is required if smtp-auth is plain 62 smtp-password={{with secret "kv/todo"}}{{index .Data.data.smtp_password}}{{end}} 63 # 64 # Application exceptions are emailed to this address 65 error-to=contact@p0c.ch 66 error-from=contact@p0c.ch 67 # 68 # You should generate a PGP key to allow users to authenticate emails received 69 # from your services. Use `gpg --edit-key [key id]` to remove the password from 70 # your private key, then export it to a file and set pgp-privkey to the path to 71 # that file. pgp-pubkey should be set to the path to your public key, and 72 # pgp-key-id should be set to the key ID string. Outgoing emails are signed with 73 # this PGP key. 74 pgp-privkey={{ env "NOMAD_SECRETS_DIR" }}/pgp_privkey.pem 75 pgp-pubkey={{ env "NOMAD_SECRETS_DIR" }}/pgp_pubkey.pem 76 pgp-key-id={{with secret "kv/todo"}}{{index .Data.data.pgp_key_id}}{{end}} 77 78 [webhooks] 79 # 80 # base64-encoded Ed25519 key for signing webhook payloads. This should be 81 # consistent between all services. 82 # 83 # Use the `srht-keygen webhook` command to generate this key. Put the private 84 # key here and distribute the public key to anyone who would want to verify 85 # webhook payloads from your service. 86 private-key={{with secret "kv/todo"}}{{index .Data.data.webhook_private_key}}{{end}} 87 88 [todo.sr.ht] 89 # 90 # URL todo.sr.ht is being served at (protocol://domain) 91 origin=https://todo.p0c.ch 92 # 93 # Address and port to bind the debug server to 94 #debug-host=0.0.0.0 95 #debug-port={{ env "NOMAD_PORT_web" }} 96 # 97 # Configures the SQLAlchemy connection string for the database. 98 connection-string=postgresql://todo:{{with secret "kv/todo"}}{{index .Data.data.postgresql_password}}{{end}}@postgres.lan/todo 99 # 100 # Set to "yes" to automatically run migrations on package upgrade. 101 migrate-on-upgrade=yes 102 # 103 # todo.sr.ht's OAuth client ID and secret for meta.sr.ht 104 # Register your client at meta.example.org/oauth 105 oauth-client-id={{with secret "kv/todo"}}{{index .Data.data.oauth_client_id}}{{end}} 106 oauth-client-secret={{with secret "kv/todo"}}{{index .Data.data.oauth_client_secret}}{{end}} 107 # 108 # Outgoing email for notifications generated by users 109 notify-from=no-reply@p0c.ch 110 # 111 # The redis connection used for the webhooks worker 112 webhooks=redis://{{ env "NOMAD_ADDR_redis" }}/1 113 # 114 # Origin URL for the API 115 # Only needed if not run behind a reverse proxy, e.g. for local development. 116 # By default, the API port is 100 more than the web port 117 #api-origin=http://{{ env "NOMAD_ADDR_api" }} 118 119 [todo.sr.ht::mail] 120 # 121 # Path for the lmtp daemon's unix socket. Direct incoming mail to this socket. 122 # Alternatively, specify IP:PORT and an SMTP server will be run instead. 123 sock=/tmp/todo.sr.ht-lmtp.sock 124 # 125 # The lmtp daemon will make the unix socket group-read/write for users in this 126 # group. 127 sock-group=postfix 128 # 129 # Fill this in with the name of the domain to which emails should be sent. 130 # Leave blank to disable email submission. 131 posting-domain= 132 133 [meta.sr.ht] 134 origin=https://meta.p0c.ch