## Canonical URL to use when creating full URLs in UI and texts.

## Useful when the site is available under different names or protocols.

## Defaults to what is provided in the WSGI environment.

#canonical_url = https://kallithea.example.com/repos

## gist URL alias, used to create nicer urls for gist. This should be an

## url that does rewrites to _admin/gists/<gistid>.

## example: http://gist.example.com/{gistid}. Empty means use the internal

## Kallithea url, ie. http[s]://kallithea.example.com/_admin/gists/<gistid>

gist_alias_url =

## default encoding used to convert from and to unicode

## can be also a comma separated list of encoding in case of mixed encodings

default_encoding = utf-8

## Set Mercurial encoding, similar to setting HGENCODING before launching Kallithea

hgencoding = utf-8

## issue tracker for Kallithea (leave blank to disable, absent for default)

#bugtracker = https://bitbucket.org/conservancy/kallithea/issues

## issue tracking mapping for commit messages, comments, PR descriptions, ...

## Refer to the documentation ("Integration with issue trackers") for more details.

## regular expression to match issue references

## This pattern may/should contain parenthesized groups, that can

## be referred to in issue_server_link or issue_sub using Python backreferences

## (e.g. \1, \2, ...). You can also create named groups with '(?P<groupname>)'.

## To require mandatory whitespace before the issue pattern, use:

## (?:^|(?<=\s)) before the actual pattern, and for mandatory whitespace

## behind the issue pattern, use (?:$|(?=\s)) after the actual pattern.

issue_pat = #(\d+)

## server url to the issue

## This pattern may/should contain backreferences to parenthesized groups in issue_pat.

## A backreference can be \1, \2, ... or \g<groupname> if you specified a named group

## called 'groupname' in issue_pat.

## The special token {repo} is replaced with the full repository name

## including repository groups, while {repo_name} is replaced with just

## the name of the repository.

issue_server_link = https://issues.example.com/{repo}/issue/\1

## substitution pattern to use as the link text

## If issue_sub is empty, the text matched by issue_pat is retained verbatim

## for the link text. Otherwise, the link text is that of issue_sub, with any

## backreferences to groups in issue_pat replaced.

issue_sub =

## issue_pat, issue_server_link and issue_sub can have suffixes to specify

## multiple patterns, to other issues server, wiki or others

## below an example how to create a wiki pattern

# wiki-some-id -> https://wiki.example.com/some-id

#issue_pat_wiki = wiki-(\S+)

#issue_server_link_wiki = https://wiki.example.com/\1

#issue_sub_wiki = WIKI-\1

## alternative return HTTP header for failed authentication. Default HTTP

## response is 401 HTTPUnauthorized. Currently Mercurial clients have trouble with

## handling that. Set this variable to 403 to return HTTPForbidden

auth_ret_code =

## allows to change the repository location in settings page

allow_repo_location_change = True

## allows to setup custom hooks in settings page

allow_custom_hooks_settings = True

## extra extensions for indexing, space separated and without the leading '.'.

# index.extensions =

#    gemfile

#    lock

## extra filenames for indexing, space separated

# index.filenames =

#    .dockerignore

#    .editorconfig

#    INSTALL

#    CHANGELOG

####################################

###           SSH CONFIG        ####

####################################

## SSH is disabled by default, until an Administrator decides to enable it.

ssh_enabled = false

## File where users' SSH keys will be stored *if* ssh_enabled is true.

#ssh_authorized_keys = /home/kallithea/.ssh/authorized_keys

## Path to be used in ssh_authorized_keys file to invoke kallithea-cli with ssh-serve.

#kallithea_cli_path = /srv/kallithea/venv/bin/kallithea-cli

####################################

###        CELERY CONFIG        ####

####################################

use_celery = false

## Example: connect to the virtual host 'rabbitmqhost' on localhost as rabbitmq:

broker.url = amqp://rabbitmq:qewqew@localhost:5672/rabbitmqhost

celery.imports = kallithea.lib.celerylib.tasks

celery.accept.content = pickle

celery.result.backend = amqp

celery.result.dburi = amqp://

celery.result.serialier = json

#celery.send.task.error.emails = true

#celery.amqp.task.result.expires = 18000

celeryd.concurrency = 2

celeryd.max.tasks.per.child = 1

## If true, tasks will never be sent to the queue, but executed locally instead.

celery.always.eager = false

####################################

###         BEAKER CACHE        ####

####################################

beaker.cache.data_dir = %(here)s/data/cache/data

beaker.cache.lock_dir = %(here)s/data/cache/lock

beaker.cache.regions = short_term,long_term,sql_cache_short

beaker.cache.short_term.type = memory

beaker.cache.short_term.expire = 60

beaker.cache.short_term.key_length = 256

beaker.cache.long_term.type = memory

beaker.cache.long_term.expire = 36000

beaker.cache.long_term.key_length = 256

beaker.cache.sql_cache_short.type = memory

beaker.cache.sql_cache_short.expire = 10

beaker.cache.sql_cache_short.key_length = 256

####################################

###       BEAKER SESSION        ####

####################################

## Name of session cookie. Should be unique for a given host and path, even when running

## on different ports. Otherwise, cookie sessions will be shared and messed up.

session.key = kallithea

## Sessions should always only be accessible by the browser, not directly by JavaScript.

session.httponly = true

## Session lifetime. 2592000 seconds is 30 days.

session.timeout = 2592000

## Server secret used with HMAC to ensure integrity of cookies.

#session.secret = VERY-SECRET

session.secret = development-not-secret

## Further, encrypt the data with AES.

#session.encrypt_key = <key_for_encryption>

#session.validate_key = <validation_key>

## Type of storage used for the session, current types are

## dbm, file, memcached, database, and memory.

## File system storage of session data. (default)

#session.type = file

## Cookie only, store all session data inside the cookie. Requires secure secrets.

#session.type = cookie

## Database storage of session data.

#session.type = ext:database

#session.sa.url = postgresql://postgres:qwe@localhost/kallithea

#session.table_name = db_session

############################

## ERROR HANDLING SYSTEMS ##

############################

# Propagate email settings to ErrorReporter of TurboGears2

# You do not normally need to change these lines

get trace_errors.error_email = email_to

get trace_errors.smtp_server = smtp_server

get trace_errors.smtp_port = smtp_port

get trace_errors.from_address = error_email_from

################################################################################

## WARNING: *DEBUG MODE MUST BE OFF IN A PRODUCTION ENVIRONMENT*              ##

## Debug mode will enable the interactive debugging tool, allowing ANYONE to  ##

## execute malicious code after an exception is raised.                       ##

################################################################################

#debug = false

debug = true

# -*- coding: utf-8 -*-

# This program is free software: you can redistribute it and/or modify

# it under the terms of the GNU General Public License as published by

# the Free Software Foundation, either version 3 of the License, or

# (at your option) any later version.

#

# This program is distributed in the hope that it will be useful,

# but WITHOUT ANY WARRANTY; without even the implied warranty of

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

# GNU General Public License for more details.

#

# You should have received a copy of the GNU General Public License

# along with this program.  If not, see <http://www.gnu.org/licenses/>.

import click

import kallithea.bin.kallithea_cli_base as cli_base

import os

import sys

import re

import logging

import shlex

import kallithea

from kallithea.lib.utils2 import str2bool

from kallithea.lib.vcs.backends.git.ssh import GitSshHandler

from kallithea.lib.vcs.backends.hg.ssh import MercurialSshHandler

from kallithea.model.ssh_key import SshKeyModel

log = logging.getLogger(__name__)

@cli_base.register_command(config_file_initialize_app=True, hidden=True)

@click.argument('user-id', type=click.INT, required=True)

@click.argument('key-id', type=click.INT, required=True)

def ssh_serve(user_id, key_id):

    """Serve SSH repository protocol access.

    The trusted command that is invoked from .ssh/authorized_keys to serve SSH

    protocol access. The access will be granted as the specified user ID, and

    logged as using the specified key ID.

    """

    ssh_enabled = kallithea.CONFIG.get('ssh_enabled', False)

    if not str2bool(ssh_enabled):

        sys.stderr.write("SSH access is disabled.\n")

        return sys.exit(1)

    ssh_original_command = os.environ.get('SSH_ORIGINAL_COMMAND', '')

    connection = re.search('^([\d\.]+)', os.environ.get('SSH_CONNECTION', ''))

    client_ip = connection.group(1) if connection else '0.0.0.0'

    log.debug('ssh-serve was invoked for SSH command %r from %s', ssh_original_command, client_ip)

    if not ssh_original_command:

        if os.environ.get('SSH_CONNECTION'):

            sys.stderr.write("'kallithea-cli ssh-serve' can only provide protocol access over SSH. Interactive SSH login for this user is disabled.\n")

        else:

            sys.stderr.write("'kallithea-cli ssh-serve' cannot be called directly. It must be specified as command in an SSH authorized_keys file.\n")

        return sys.exit(1)

    try:

        ssh_command_parts = shlex.split(ssh_original_command)

    except ValueError as e:

        sys.stderr.write('Error parsing SSH command %r: %s\n' % (ssh_original_command, e))

        sys.exit(1)

    for VcsHandler in [MercurialSshHandler, GitSshHandler]:

        vcs_handler = VcsHandler.make(ssh_command_parts)

        if vcs_handler is not None:

            vcs_handler.serve(user_id, key_id, client_ip)

            assert False # serve is written so it never will terminate

    sys.stderr.write("This account can only be used for repository access. SSH command %r is not supported.\n" % ssh_original_command)

    sys.exit(1)

@cli_base.register_command(config_file_initialize_app=True)

def ssh_update_authorized_keys():

    """Update .ssh/authorized_keys file.

    The file is usually maintained automatically, but this command will also re-write it.

    """

    SshKeyModel().write_authorized_keys()

<%text>## url that does rewrites to _admin/gists/<gistid>.</%text>

<%text>## example: http://gist.example.com/{gistid}. Empty means use the internal</%text>

<%text>## Kallithea url, ie. http[s]://kallithea.example.com/_admin/gists/<gistid></%text>

gist_alias_url =

<%text>## default encoding used to convert from and to unicode</%text>

<%text>## can be also a comma separated list of encoding in case of mixed encodings</%text>

default_encoding = utf-8

<%text>## Set Mercurial encoding, similar to setting HGENCODING before launching Kallithea</%text>

hgencoding = utf-8

<%text>## issue tracker for Kallithea (leave blank to disable, absent for default)</%text>

#bugtracker = https://bitbucket.org/conservancy/kallithea/issues

<%text>## issue tracking mapping for commit messages, comments, PR descriptions, ...</%text>

<%text>## Refer to the documentation ("Integration with issue trackers") for more details.</%text>

<%text>## regular expression to match issue references</%text>

<%text>## This pattern may/should contain parenthesized groups, that can</%text>

<%text>## be referred to in issue_server_link or issue_sub using Python backreferences</%text>

<%text>## (e.g. \1, \2, ...). You can also create named groups with '(?P<groupname>)'.</%text>

<%text>## To require mandatory whitespace before the issue pattern, use:</%text>

<%text>## (?:^|(?<=\s)) before the actual pattern, and for mandatory whitespace</%text>

<%text>## behind the issue pattern, use (?:$|(?=\s)) after the actual pattern.</%text>

issue_pat = #(\d+)

<%text>## server url to the issue</%text>

<%text>## This pattern may/should contain backreferences to parenthesized groups in issue_pat.</%text>

<%text>## A backreference can be \1, \2, ... or \g<groupname> if you specified a named group</%text>

<%text>## called 'groupname' in issue_pat.</%text>

<%text>## The special token {repo} is replaced with the full repository name</%text>

<%text>## including repository groups, while {repo_name} is replaced with just</%text>

<%text>## the name of the repository.</%text>

issue_server_link = https://issues.example.com/{repo}/issue/\1

<%text>## substitution pattern to use as the link text</%text>

<%text>## If issue_sub is empty, the text matched by issue_pat is retained verbatim</%text>

<%text>## for the link text. Otherwise, the link text is that of issue_sub, with any</%text>

<%text>## backreferences to groups in issue_pat replaced.</%text>

issue_sub =

<%text>## issue_pat, issue_server_link and issue_sub can have suffixes to specify</%text>

<%text>## multiple patterns, to other issues server, wiki or others</%text>

<%text>## below an example how to create a wiki pattern</%text>

# wiki-some-id -> https://wiki.example.com/some-id

#issue_pat_wiki = wiki-(\S+)

#issue_server_link_wiki = https://wiki.example.com/\1

#issue_sub_wiki = WIKI-\1

<%text>## alternative return HTTP header for failed authentication. Default HTTP</%text>

<%text>## response is 401 HTTPUnauthorized. Currently Mercurial clients have trouble with</%text>

<%text>## handling that. Set this variable to 403 to return HTTPForbidden</%text>

auth_ret_code =

<%text>## allows to change the repository location in settings page</%text>

allow_repo_location_change = True

<%text>## allows to setup custom hooks in settings page</%text>

allow_custom_hooks_settings = True

<%text>## extra extensions for indexing, space separated and without the leading '.'.</%text>

# index.extensions =

#    gemfile

#    lock

<%text>## extra filenames for indexing, space separated</%text>

# index.filenames =

#    .dockerignore

#    .editorconfig

#    INSTALL

#    CHANGELOG

<%text>####################################</%text>

<%text>###           SSH CONFIG        ####</%text>

<%text>####################################</%text>

<%text>## SSH is disabled by default, until an Administrator decides to enable it.</%text>

ssh_enabled = false

<%text>## File where users' SSH keys will be stored *if* ssh_enabled is true.</%text>

#ssh_authorized_keys = /home/kallithea/.ssh/authorized_keys

%if user_home_path:

ssh_authorized_keys = ${user_home_path}/.ssh/authorized_keys

%endif

<%text>## Path to be used in ssh_authorized_keys file to invoke kallithea-cli with ssh-serve.</%text>

#kallithea_cli_path = /srv/kallithea/venv/bin/kallithea-cli

%if kallithea_cli_path:

kallithea_cli_path = ${kallithea_cli_path}

%endif

<%text>####################################</%text>

<%text>###        CELERY CONFIG        ####</%text>

<%text>####################################</%text>

use_celery = false

<%text>## Example: connect to the virtual host 'rabbitmqhost' on localhost as rabbitmq:</%text>

broker.url = amqp://rabbitmq:qewqew@localhost:5672/rabbitmqhost

celery.imports = kallithea.lib.celerylib.tasks

celery.accept.content = pickle

celery.result.backend = amqp

celery.result.dburi = amqp://

celery.result.serialier = json

#celery.send.task.error.emails = true

#celery.amqp.task.result.expires = 18000

celeryd.concurrency = 2

celeryd.max.tasks.per.child = 1

<%text>## If true, tasks will never be sent to the queue, but executed locally instead.</%text>

celery.always.eager = false

<%text>####################################</%text>

<%text>###         BEAKER CACHE        ####</%text>

<%text>####################################</%text>

beaker.cache.data_dir = %(here)s/data/cache/data

beaker.cache.lock_dir = %(here)s/data/cache/lock

beaker.cache.regions = short_term,long_term,sql_cache_short

beaker.cache.short_term.type = memory

beaker.cache.short_term.expire = 60

beaker.cache.short_term.key_length = 256

beaker.cache.long_term.type = memory

beaker.cache.long_term.expire = 36000

beaker.cache.long_term.key_length = 256

beaker.cache.sql_cache_short.type = memory

beaker.cache.sql_cache_short.expire = 10

beaker.cache.sql_cache_short.key_length = 256

<%text>####################################</%text>

<%text>###       BEAKER SESSION        ####</%text>

<%text>####################################</%text>

<%text>## Name of session cookie. Should be unique for a given host and path, even when running</%text>

<%text>## on different ports. Otherwise, cookie sessions will be shared and messed up.</%text>

session.key = kallithea

<%text>## Sessions should always only be accessible by the browser, not directly by JavaScript.</%text>

session.httponly = true

<%text>## Session lifetime. 2592000 seconds is 30 days.</%text>

session.timeout = 2592000

<%text>## Server secret used with HMAC to ensure integrity of cookies.</%text>

session.secret = ${uuid()}

<%text>## Further, encrypt the data with AES.</%text>

#session.encrypt_key = <key_for_encryption>

#session.validate_key = <validation_key>

<%text>## Type of storage used for the session, current types are</%text>

<%text>## dbm, file, memcached, database, and memory.</%text>

<%text>## File system storage of session data. (default)</%text>

#session.type = file

<%text>## Cookie only, store all session data inside the cookie. Requires secure secrets.</%text>

#session.type = cookie

<%text>## Database storage of session data.</%text>

#session.type = ext:database

#session.sa.url = postgresql://postgres:qwe@localhost/kallithea

#session.table_name = db_session

<%text>############################</%text>

<%text>## ERROR HANDLING SYSTEMS ##</%text>

<%text>############################</%text>

# Propagate email settings to ErrorReporter of TurboGears2

# You do not normally need to change these lines

get trace_errors.error_email = email_to

get trace_errors.smtp_server = smtp_server

get trace_errors.smtp_port = smtp_port

get trace_errors.from_address = error_email_from

%if error_aggregation_service == 'appenlight':

<%text>####################</%text>

<%text>### [appenlight] ###</%text>

<%text>####################</%text>

<%text>## AppEnlight is tailored to work with Kallithea, see</%text>

<%text>## http://appenlight.com for details how to obtain an account</%text>

<%text>## you must install python package `appenlight_client` to make it work</%text>