forked from ucphhpc/docker-migrid
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathdevelopment.env
200 lines (184 loc) · 6.57 KB
/
development.env
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
# IMPORTANT: this is a sample env file with the setup used for the default simple
# docker build. To adjust the build settings you can copy it to ./.env and
# make your desired changes before running
# make init && make build
# Optionally use DOCKER_MIGRID_ROOT to point to another root location than PWD,
# which might be useful e.g. when automating deployment with ansible.
DOCKER_MIGRID_ROOT=.
# Set to override container user and group IDs
#UID=1000
#GID=1000
#USER=mig
# The domain in which the instance should be accessible
DOMAIN=migrid.test
WILDCARD_DOMAIN=*.migrid.test
PUBLIC_DOMAIN=www.migrid.test
MIGCERT_DOMAIN=
EXTCERT_DOMAIN=
MIGOID_DOMAIN=ext.migrid.test
EXTOID_DOMAIN=
EXTOIDC_DOMAIN=
SID_DOMAIN=sid.migrid.test
IO_DOMAIN=io.migrid.test
OPENID_DOMAIN=openid.migrid.test
FTPS_DOMAIN=ftps.migrid.test
SFTP_DOMAIN=sftp.migrid.test
WEBDAVS_DOMAIN=webdavs.migrid.test
MIG_OID_PROVIDER=https://ext.migrid.test/openid/
EXT_OID_PROVIDER=unset
EXT_OIDC_PROVIDER_META_URL=unset
EXT_OIDC_CLIENT_NAME=unset
EXT_OIDC_CLIENT_ID=unset
EXT_OIDC_SCOPE="profile email"
EXT_OIDC_REMOTE_USER_CLAIM=sub
# Uncomment to enable workaround for OpenID Connect sign up with accented chars
#EXT_OIDC_PASS_CLAIM_AS="both latin1"
PUBLIC_HTTP_PORT=80
PUBLIC_HTTPS_PORT=444
MIGCERT_HTTPS_PORT=446
EXTCERT_HTTPS_PORT=447
MIGOID_HTTPS_PORT=443
EXTOID_HTTPS_PORT=445
EXTOIDC_HTTPS_PORT=449
SID_HTTPS_PORT=448
SFTP_PORT=2222
SFTP_SUBSYS_PORT=22222
SFTP_SHOW_PORT=2222
DAVS_PORT=4443
DAVS_SHOW_PORT=4443
OPENID_PORT=8443
OPENID_SHOW_PORT=443
FTPS_CTRL_PORT=8021
FTPS_CTRL_SHOW_PORT=21
FTPS_PASSIVE_PORTS=8100-8399
# Various helpers
ADMIN_EMAIL="MiG Info <[email protected]>"
ADMIN_LIST=
SMTP_SENDER=
SMTP_SERVER=mail.migrid.test
SMTP_LISTEN_PORT=25
LOG_LEVEL=info
TITLE="Minimum intrusion Grid"
SHORT_TITLE=MiG
MIG_OID_TITLE="MiG"
EXT_OID_TITLE="External"
PEERS_PERMIT="distinguished_name:.*"
VGRID_CREATORS="distinguished_name:.*"
VGRID_MANAGERS="distinguished_name:.*"
# Which site setup flavor to emulate regarding skin, etc.
# {migrid, idmc, erda, sif}
EMULATE_FLAVOR=migrid
# and the corresponding FQDN used e.g. in that flavor index-FQDN.html
EMULATE_FQDN=migrid.org
SKIN_SUFFIX=basic
# Site settings
ENABLE_OPENID=True
ENABLE_SFTP=True
ENABLE_SFTP_SUBSYS=True
ENABLE_DAVS=True
ENABLE_FTPS=True
ENABLE_SHARELINKS=True
ENABLE_TRANSFERS=True
ENABLE_DUPLICATI=True
ENABLE_SEAFILE=False
ENABLE_SANDBOXES=False
ENABLE_VMACHINES=False
ENABLE_CRONTAB=True
ENABLE_JOBS=True
ENABLE_RESOURCES=True
ENABLE_EVENTS=True
ENABLE_FREEZE=False
ENABLE_CRACKLIB=True
ENABLE_IMNOTIFY=False
ENABLE_NOTIFY=True
ENABLE_PREVIEW=False
ENABLE_WORKFLOWS=False
ENABLE_VERIFY_CERTS=True
ENABLE_JUPYTER=True
ENABLE_TWOFACTOR=True
ENABLE_TWOFACTOR_STRICT_ADDRESS=False
ENABLE_PEERS=True
# NOTE: one should adjust any test user credentials with this policy
MIG_PASSWORD_POLICY="MEDIUM"
ENABLE_LOGROTATE=False
LOGROTATE_MIGRID=False
PEERS_MANDATORY=False
PEERS_EXPLICIT_FIELDS=""
PEERS_CONTACT_HINT="authorized to invite you as peer"
ENABLE_MIGADMIN=True
ENABLE_GDP=False
GDP_EMAIL_NOTIFY=False
# NOTE: one could consider this option to mig.shared.configuration and use in mig.shared.url.urlopen
# https://www.tutorialexample.com/best-practice-to-urllib-request-ignore-ssl-verification-in-python-3-x-py
# but using self-signed certs is already a bad hack.
ENABLE_SELF_SIGNED_CERTS=True
UPGRADE_MOD_AUTH_OPENIDC=False
UPGRADE_PARAMIKO=False
PUBKEY_FROM_DNS=False
MODERN_WSGIDAV=False
PREFER_PYTHON3=False
SIGNUP_METHODS=migoid
LOGIN_METHODS=migoid
USER_INTERFACES=V3
AUTO_ADD_CERT_USER=False
AUTO_ADD_OID_USER=True
AUTO_ADD_OIDC_USER=False
CERT_VALID_DAYS=365
OID_VALID_DAYS=365
GENERIC_VALID_DAYS=365
OPENSSH_VERSION=7.4
VGRID_LABEL=VGrid
# Menu options override default and available extra Apps on personal Home page
#DEFAULT_MENU=
#USER_MENU=
# Site-specific javascript and stylesheets to inject on user pages
EXTRA_USERPAGE_SCRIPTS=""
EXTRA_USERPAGE_STYLES=""
# The containers can take advantage of a fast shared scratch space e.g. in
# memory for caching various internal state helpers. If not set local disk will
# be used by default.
# NOTE: a shared mig_system_run scratch space on tmpfs can be made with
# something like:
# tmpfs /storage/tmpfs/mig_system_run tmpfs nosuid,nodev,noatime,noexec,uid=1000,gid=1000,mode=0770,size=128m 0 0
# in /etc/fstab. Manual mount can be done with:
# sudo mount /storage/tmpfs/mig_system_run
# NOTE: toggle commenting on next two lines if you have such a tmpfs set up in the given path
#MIG_SYSTEM_RUN=/storage/tmpfs/mig_system_run
MIG_SYSTEM_RUN=${DOCKER_MIGRID_ROOT}/state/mig_system_run
# The apache auth openid module performs and scales better if the associated
# internal openid store directory runs from fast storage. It's a volatile data
# store, which allows more concurrent OpenID 2.0 clients if it e.g. uses tmpfs.
# If you have migoid or extoid in LOGIN_METHODS you likely want to look into
# that. The instructions for mig_system_run can be mostly reused in that case.
# Otherwise you can safely ignore the OPENID_STORE setting.
# NOTE: toggle commenting on next two lines if you have such a tmpfs set up in the given path
#OPENID_STORE=/storage/tmpfs/openid_store
OPENID_STORE=${DOCKER_MIGRID_ROOT}/state/openid_store
# We need a read-only bind mounted version of the vgrid_files_writable
# directory and the underlying location can be configured here.
VGRID_FILES_WRITABLE=${DOCKER_MIGRID_ROOT}/state/vgrid_files_writable
# Which svn repo and version of migrid should be used
#MIG_SVN_REPO=https://svn.code.sf.net/p/migrid/code/trunk
#MIG_SVN_REV=5977
# NOTE: use 'git edge' here for tried and tested python2 version
# Which git repo and version of migrid should be used
MIG_GIT_REPO=https://github.com/ucphhpc/migrid-sync.git
MIG_GIT_BRANCH=edge
#MIG_GIT_REV=eae76c147016a95c794b7d4ca04a0ad1ba4b6247
CONTAINER_TAG=":${MIG_GIT_BRANCH}"
# Toggle future Python3 support
WITH_PY3=False
# Toggle git support - effectively switches from SVN to GIT options above
WITH_GIT=True
# Which timezone should the service use
TZ=Europe/Copenhagen
# The URL of the of designated jupyter services
# The url is prefixed by the name of the service itself
JUPYTER_SERVICES="DAG.https://dag.test"
# The description associated with each jupyter service
# The key is the name of the service it describes
JUPYTER_SERVICES_DESC="{'DAG': '/home/mig/state/wwwpublic/dag_desc.html'}"
# User that is created inside migrid for testing purposes
# Must be explicitly used in docker-compose.yml
MIG_TEST_USER_PASSWORD=TestPw0rd