# Beware that the quotes around the values are mandatory # GENERAL CONFIGURATION {% if env == 'staging' %} SQLALCHEMY_DATABASE_URI="postgresql://{{ fedoauth_db_user }}:{{ fedoauth_db_pass }}@{{ fedoauth_db_host }}.stg/{{ fedoauth_db_name }}" {% else %} SQLALCHEMY_DATABASE_URI="postgresql://{{ fedoauth_db_user }}:{{ fedoauth_db_pass }}@{{ fedoauth_db_host }}/{{ fedoauth_db_name }}" {% endif %} GLOBAL = {'reverse_proxied': True, 'cookies_secure': True, 'transactions_timeout': 5, 'global_template_dir': '/usr/share/fedoauth/templates/global/', 'template_dir': '/usr/share/fedoauth/templates/fedora/', 'logging_config_location': '/etc/fedoauth/fedoauth.log.cfg', 'secret_key': '{{ fedoauth_secret_key }}', {% if env == 'staging' %} 'url_root': 'https://id.stg.fedoraproject.org', 'static_content_root': 'https://id.stg.fedoraproject.org/static', 'enable_test_endpoint': True, {% else %} 'url_root': 'https://id.fedoraproject.org', 'static_content_root': 'https://id.fedoraproject.org/static', 'enable_test_endpoint': False, {% endif %} } AUTH_MODULE_CONFIGURATION = { # This module authenticates against the Fedora Account System # (https://admin.fedoraproject.org/accounts/) 'fedoauth.auth.fas.Auth_FAS': {'enabled': True, 'listed': True, 'select_image': '/static/fedora/fedora-authn-logo-white.png', 'reauth_timeout': 15, 'email_alias_when_cla': True, 'user_agent': 'FedOAuth', 'check_cert': True, {% if env == 'staging' %} 'email_auth_domains': ['stg.fedoraproject.org'], 'base_url': 'https://admin.stg.fedoraproject.org/accounts/', {% else %} 'email_auth_domains': ['fedoraproject.org'], 'base_url': 'https://admin.fedoraproject.org/accounts/', {% endif %} } } AUTH_PROVIDER_CONFIGURATION = { 'fedoauth.provider.persona': {'enabled': True, {% if env == 'staging' %} 'domains': ['id.stg.fedoraproject.org', 'stg.fedoraproject.org'], 'private_key': {'path': '/etc/fedoauth/persona.stg.key', 'passphrase': '{{ fedoauth_persona_key_passphrase }}'}, {% else %} 'domains': ['id.fedoraproject.org', 'fedoraproject.org'], 'private_key': {'path': '/etc/fedoauth/persona.key', 'passphrase': '{{ fedoauth_persona_key_passphrase }}'}, {% endif %} }, 'fedoauth.provider.openid': {'enabled': True, {% if env == 'staging' %} 'identity_url_pattern': 'http://%(username)s.id.stg.fedoraproject.org/', 'trusted_roots': [], {% else %} 'identity_url_pattern': 'http://%(username)s.id.fedoraproject.org/', 'trusted_roots': ['http://jenkins.cloud.fedoraproject.org/securityRealm/finishLogin', 'https://ask.fedoraproject.org/', 'https://fedorahosted.org/', 'https://badges.fedoraproject.org', 'https://apps.fedoraproject.org/tagger/', 'https://apps.fedoraproject.org/nuancier/', 'https://apps.fedoraproject.org/datagrepper/', 'https://apps.fedoraproject.org/calendar/', 'http://apps.fedoraproject.org/notifications/', 'http://copr.fedoraproject.org/', 'http://copr-fe.cloud.fedoraproject.org/', 'https://admin.fedoraproject.org/pkgdb/', 'https://admin.fedoraproject.org/voting/', 'https://apps.fedoraproject.org/github2fedmsg', 'https://admin.fedoraproject.org', # Nagios 'https://apps.fedoraproject.org/'], # FMN {% endif %} 'non_trusted_roots': [], 'handle_magic_groups_value': True } }