-
Notifications
You must be signed in to change notification settings - Fork 16
/
config_dev.toml.example
203 lines (167 loc) · 9.83 KB
/
config_dev.toml.example
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
# Kerrokantasi environment configuration
# This file defines a set of (environment) variables that configure
# Kerrokantasi. In order for Kerrokantasi to read this file, rename
# it to `config_dev.toml`. As the name implies, this
# file is supposed to be used only in development. For production use
# we recommend setting the environment variables using the facilities
# of your runtime environment. We recommend this separation of mechanisms
# having shot ourselves into feet a few times too often.
# Note that although this file has the extension .toml, it is actually
# read by a parser only capable of reading key=value pairs + comments.
# We use the .toml extension to indicate that it is readable by TOML
# parser.
# Following are the settings and their explanations, with useful values
# for development:
#### entrypoint.sh settings ####
# Boolean. Whether to run Django development server when launching the container.
DEV_SERVER=true
# Boolean. Whether to apply migrations when launching the container.
APPLY_MIGRATIONS=true
# Boolean. Whether to compile translations when launching the container.
COMPILE_TRANSLATIONS=true
# List of host:ports (separated by spaces) that the container will wait for before starting up.
WAIT_FOR_IT_HOSTS=postgis:5432
#### Django settings ####
# Whether to run Django in debug mode
# Django setting: DEBUG https://docs.djangoproject.com/en/2.2/ref/settings/#debug
DEBUG=true
# Secret used for various functions within Django. This setting is
# mandatory for Django, but Kerrokantasi will generate a key, if it is not
# defined here. Kerrokantasi uses this for generating HMAC authenticated
# preview links. Ie. if this leaks, anyone can generate such links.
# Django setting: SECRET_KEY https://docs.djangoproject.com/en/2.2/ref/settings/#secret-key
#SECRET_KEY=mD0lDi30t3IJ83utHW8yFzV4p3J9SKv0VDSiZQ6wHhdbXPIeHNX2O0YRaPqC8utuDpZpcTAxnZ3n3e6q
# List of Host-values, that Kerrokantasi will accept in requests.
# This setting is a Django protection measure against HTTP Host-header attacks
# https://docs.djangoproject.com/en/2.2/topics/security/#host-headers-virtual-hosting
# Specified as a comma separated list of allowed values
# Django setting: ALLOWED_HOSTS https://docs.djangoproject.com/en/2.2/ref/settings/#allowed-hosts
#ALLOWED_HOSTS=api.hel.ninja,kerrokantasi-api.hel.ninja
# List of tuples (or just e-mail addresses) specifying Administrators of this
# Kerrokantasi instance. Django uses this only when logging is configured to
# send exceptions to admins. Kerrokantasi does not do this. Still you may want
# to set this for documentation
# Django setting: ADMINS https://docs.djangoproject.com/en/2.2/ref/settings/#admins
# Url where to redirect users after logout. Can be full url or url path.
# Default setting is "/" if no value is given.
#LOGOUT_REDIRECT_URL=/admin
# Configures database for Kerrokantasi using URL style. Format is:
# postgis://USER:PASSWORD@HOST:PORT/NAME
# Unused components may be left out, only Postgis is supported
# The example below configures Kerrokantasi to use local PostgreSQL database
# called "kerrokantasi", connecting with same username as Django is running as.
# Django setting: DATABASES (but not directly) https://docs.djangoproject.com/en/2.2/ref/settings/#databases
#DATABASE_URL=postgis:///kerrokantasi
# Media root is the place in file system where Django and, by extension
# Kerrokantasi stores "uploaded" files. For kerrokantasi this means only
# images belonging to hearings. Everything else goes to PROTECTED_ROOT
# which is access controlled by kerrokantasi.
# Django setting: MEDIA_ROOT https://docs.djangoproject.com/en/2.2/ref/settings/#media-root
#MEDIA_ROOT=/home/kerrokantasi/media
# Static root is the place where linkedevents will install any static
# files that need to be served to clients. For linkedevents this is mostly
# JS and CSS for the API exploration interface + admin
# Django setting: STATIC_ROOT
#STATIC_ROOT=/home/kerrokantasi/static
# Media URL is address (URL) where users can access files in MEDIA_ROOT
# through http. Ie. where your uploaded files are publicly accessible.
# In the simple case this is a relative URL to same server as API
# Django setting: MEDIA_URL https://docs.djangoproject.com/en/2.2/ref/settings/#media-url
MEDIA_URL=/media/
# Static URL is address (URL) where users can access files in STATIC_ROOT
# through http. Same factors apply as to MEDIA_URL
# Django setting: STATIC_URL https://docs.djangoproject.com/en/2.2/ref/settings/#static-url
STATIC_URL=/static/
# Specifies that Django is to use `X-Forwarded-Host` as it would normally
# use the `Host`-header. This is necessary when `Host`-header is used for
# routing the requests in a network of reverse proxies. `X-Forwarded-Host`
# is then used to carry the Host-header value supplied by the origin client.
# This affects how ALLOWED_HOSTS behaves, as well.
# Django setting: https://docs.djangoproject.com/en/2.2/ref/settings/#use-x-forwarded-host
# TRUST_X_FORWARDED_HOST=False
# Specifies a header that is trusted to indicate that the request was using
# https while traversing over the Internet at large. This is used when
# a proxy terminates the TLS connection and forwards the request over
# a secure network. Specified using a tuple
# Django setting: SECURE_PROXY_SSL_HEADER https://docs.djangoproject.com/en/2.2/ref/settings/#secure-proxy-ssl-header
#SECURE_PROXY_SSL_HEADER=('HTTP_X_FORWARDED_PROTO', 'https')
# Django INTERNAL_IPS setting allows some debugging aids for the addresses
# specified here
# DJango setting: INTERNAL_IPS https://docs.djangoproject.com/en/2.2/ref/settings/#internal-ips
INTERNAL_IPS=127.0.0.1
############# Helsinki specific Django app settings #################
# Sentry is an error tracking sentry (sentry.io) that can be self hosted
# or purchased as PaaS. SENTRY_DSN setting specifies the URL where reports
# for this Linkedevents instance should be sent. You can find this in
# your Sentry interface (or through its API)
#SENTRY_DSN=http://your.sentry.here/fsdafads/13
# Sentry environment is an optional tag that can be included in sentry
# reports. It is used to separate deployments within Sentry UI
SENTRY_ENVIRONMENT=local-development-unconfigured
# Cookie prefix is added to the every cookie set by Kerrokantasi. These are
# mostly used when accessing the internal Django admin site. This applies
# to django session cookie and csrf cookie. The prefix is a convenience
# thing to make it easy find the cookies.
# Django setting: prepended to CSRF_COOKIE_NAME and SESSION_COOKIE_NAME
COOKIE_PREFIX=kkdev
# Settings needed to configure django-helusers to use Tunnistamo as a auth
# provider and API authentication. More information can be found from Github
# https://github.com/City-of-Helsinki/django-helusers
# But in short these configuration can be found from Tunnistamo or are related
# to Tunnistamo instance.
OIDC_API_AUDIENCE=https://auth.example.com/kerrokantasi
OIDC_API_SCOPE_PREFIX=kerrokantasi
OIDC_API_REQUIRE_SCOPE_FOR_AUTHENTICATION=False
OIDC_API_ISSUER=https://tunnistamo.example.com/openid
OIDC_API_AUTHORIZATION_FIELD=https://auth.example.com
SOCIAL_AUTH_TUNNISTAMO_KEY=https://auth.example.com/kerrokantasi
SOCIAL_AUTH_TUNNISTAMO_SECRET=your-tunnistamo-secret
SOCIAL_AUTH_TUNNISTAMO_OIDC_ENDPOINT=https://tunnistamo.example.com/openid
# Comma separated list of authentication providers which provide strong
# authentication e.g. Suomi.fi. User's auth provider name comes from oidc
# api token's amr (authentication methods references) field.
STRONG_AUTH_PROVIDERS=
# URL prefix for this Kerrokantasi installation. This can be used when
# Kerrokantasi is made available at a sub-path of domain
# (eg. api.yourorg.org/kerrokantasi). sub-paths are mostly handled
# automatically by Django and WSGI. This setting only adds a path
# restriction to cookies preventing them from being sent to other services
# on the same host
# Django setting: appended to SESSION_COOKIE_PATH and CSRF_COOKIE_PATH
# https://docs.djangoproject.com/en/2.2/ref/settings/#session-cookie-path
# URL_PREFIX=kerrokantasi
################## Kerrokantasi specific settings ###################
# Kerrrokantasi Django-admin user for low level maintenance needs to
# generate links to an UI instance for preview purposes. This setting
# specifies the root URL of that UI
# Default setting is the directs to local instance of kerrokantasi-UI
# running with default settings
#DEMOCRACY_UI_BASE_URL=http://localhost:8086
# Kerrokantasi needs to control access some files stored in the backend
# the typical use case for these controlled files are files that are part
# of unpublished hearing. Low level part of this is implemented using
# sendfile library. Useful values for simple uses casese are
# "sendfile.backends.development" for working with runserver (the default)
# and "sendfile.backends.simple" when running a single instance
# See: https://github.com/johnsensible/django-sendfile for more options
# SENDFILE_BACKEND='sendfile.backends.simple'
# Access controlled files (see above) are stored in this directory.
# This is relative to the working directory, thus the example below
# would save the files in dev_protected directory below your working
# directory.
# (default is "protected_media" in project root)
# PROTECTED_ROOT=/srv/kerrokantasi/user_uploads
# Access controlled files are made available from this URL prefix
# PROTECTED_URL=/protected_media
# Default map settings
DEFAULT_MAP_COORDINATES=(60.192059, 24.945831)
DEFAULT_MAP_ZOOM=11
# Should comment author name column be included in the hearing report excel file
HEARING_REPORT_PUBLIC_AUTHOR_NAMES=False
# Hearing report theming. Default is whitelabel
# HEARING_REPORT_THEME=whitelabel
# The numeric mode to apply to directories created in the process of uploading files.
# String representation of an octal number. Default is 0o644
# https://docs.djangoproject.com/en/4.2/ref/settings/#file-upload-permissions
# FILE_UPLOAD_PERMISSIONS=0o644