## use poll instead of select, fixes fd limits, may not work on old

## windows systems.

#asyncore_use_poll = True

## middleware for hosting the WSGI application under a URL prefix

#[filter:proxy-prefix]

#use = egg:PasteDeploy#prefix

#prefix = /<your-prefix>

[app:main]

use = egg:kallithea

## enable proxy prefix middleware

#filter-with = proxy-prefix

full_stack = true

static_files = true

## Internationalization (see setup documentation for details)

## By default, the language requested by the browser is used if available.

#i18n.enable = false

## Fallback language, empty for English (valid values are the names of subdirectories in kallithea/i18n):

i18n.lang =

cache_dir = %(here)s/data

index_dir = %(here)s/data/index

## perform a full repository scan on each server start, this should be

## set to false after first startup, to allow faster server restarts.

#initial_repo_scan = false

initial_repo_scan = true

## uncomment and set this path to use archive download cache

archive_cache_dir = %(here)s/tarballcache

## change this to unique ID for security

#app_instance_uuid = VERY-SECRET

app_instance_uuid = development-not-secret

## cut off limit for large diffs (size in bytes)

cut_off_limit = 256000

## force https in Kallithea, fixes https redirects, assumes it's always https

force_https = false

## use Strict-Transport-Security headers

use_htsts = false

## number of commits stats will parse on each iteration

commit_parse_limit = 25

## path to git executable

git_path = git

## git rev filter option, --all is the default filter, if you need to

## hide all refs in changelog switch this to --branches --tags

#git_rev_filter = --branches --tags

## RSS feed options

rss_cut_off_limit = 256000

rss_items_per_page = 10

rss_include_diff = false

## options for showing and identifying changesets

show_sha_length = 12

show_revision_number = false

## Canonical URL to use when creating full URLs in UI and texts.

## Useful when the site is available under different names or protocols.

## Defaults to what is provided in the WSGI environment.

#canonical_url = https://kallithea.example.com/repos

## gist URL alias, used to create nicer urls for gist. This should be an

## url that does rewrites to _admin/gists/<gistid>.

## example: http://gist.example.com/{gistid}. Empty means use the internal

## Kallithea url, ie. http[s]://kallithea.example.com/_admin/gists/<gistid>

gist_alias_url =

## white list of API enabled controllers. This allows to add list of

## controllers to which access will be enabled by api_key. eg: to enable

## api access to raw_files put `FilesController:raw`, to enable access to patches

## add `ChangesetController:changeset_patch`. This list should be "," separated

## Syntax is <ControllerClass>:<function>. Check debug logs for generated names

## Recommended settings below are commented out:

api_access_controllers_whitelist =

#    ChangesetController:changeset_patch,

#    ChangesetController:changeset_raw,

#    FilesController:raw,

#    FilesController:archivefile

## default encoding used to convert from and to unicode

## can be also a comma separated list of encoding in case of mixed encodings

default_encoding = utf8

## issue tracker for Kallithea (leave blank to disable, absent for default)

#bugtracker = https://bitbucket.org/conservancy/kallithea/issues

issue_pat = #(\d+)

## multiple patterns, to other issues server, wiki or others

## below an example how to create a wiki pattern

# wiki-some-id -> https://wiki.example.com/some-id

## alternative return HTTP header for failed authentication. Default HTTP

## response is 401 HTTPUnauthorized. Currently Mercurial clients have trouble with

## handling that. Set this variable to 403 to return HTTPForbidden

auth_ret_code =

## locking return code. When repository is locked return this HTTP code. 2XX

## codes don't break the transactions while 4XX codes do

lock_ret_code = 423

## allows to change the repository location in settings page

allow_repo_location_change = True

## allows to setup custom hooks in settings page

allow_custom_hooks_settings = True

## extra extensions for indexing, space separated and without the leading '.'.

# index.extensions =

#    gemfile

#    lock

## extra filenames for indexing, space separated

# index.filenames =

#    .dockerignore

#    .editorconfig

#    INSTALL

#    CHANGELOG

####################################

###        CELERY CONFIG        ####

####################################

use_celery = false

## Example: connect to the virtual host 'rabbitmqhost' on localhost as rabbitmq:

broker.url = amqp://rabbitmq:qewqew@localhost:5672/rabbitmqhost

celery.imports = kallithea.lib.celerylib.tasks

celery.accept.content = pickle

celery.result.backend = amqp

celery.result.dburi = amqp://

celery.result.serialier = json

#celery.send.task.error.emails = true

#celery.amqp.task.result.expires = 18000

celeryd.concurrency = 2

celeryd.max.tasks.per.child = 1

## If true, tasks will never be sent to the queue, but executed locally instead.

celery.always.eager = false

####################################

###         BEAKER CACHE        ####

####################################

beaker.cache.data_dir = %(here)s/data/cache/data

beaker.cache.lock_dir = %(here)s/data/cache/lock

beaker.cache.regions = short_term,long_term,sql_cache_short

beaker.cache.short_term.type = memory

beaker.cache.short_term.expire = 60

beaker.cache.short_term.key_length = 256

beaker.cache.long_term.type = memory

beaker.cache.long_term.expire = 36000

beaker.cache.long_term.key_length = 256

beaker.cache.sql_cache_short.type = memory

beaker.cache.sql_cache_short.expire = 10

beaker.cache.sql_cache_short.key_length = 256

####################################

###       BEAKER SESSION        ####

####################################

## Name of session cookie. Should be unique for a given host and path, even when running

## on different ports. Otherwise, cookie sessions will be shared and messed up.

beaker.session.key = kallithea

## Sessions should always only be accessible by the browser, not directly by JavaScript.

beaker.session.httponly = true

## Session lifetime. 2592000 seconds is 30 days.

beaker.session.timeout = 2592000

## Server secret used with HMAC to ensure integrity of cookies.

#beaker.session.secret = VERY-SECRET

beaker.session.secret = development-not-secret

## Further, encrypt the data with AES.

#beaker.session.encrypt_key = <key_for_encryption>

#beaker.session.validate_key = <validation_key>

## Type of storage used for the session, current types are

## dbm, file, memcached, database, and memory.

## File system storage of session data. (default)

      ProxyPass http://127.0.0.1:5000/someprefix

      ProxyPassReverse http://127.0.0.1:5000/someprefix

      SetEnvIf X-Url-Scheme https HTTPS=1

      AuthType Basic

      AuthName "Kallithea authentication"

      AuthUserFile /srv/kallithea/.htpasswd

      Require valid-user

      RequestHeader unset X-Forwarded-User

      RewriteEngine On

      RewriteCond %{LA-U:REMOTE_USER} (.+)

      RewriteRule .* - [E=RU:%1]

      RequestHeader set X-Forwarded-User %{RU}e

    </Location>

Setting metadata in container/reverse-proxy

"""""""""""""""""""""""""""""""""""""""""""

When a new user account is created on the first login, Kallithea has no information about

the user's email and full name. So you can set some additional request headers like in the

example below. In this example the user is authenticated via Kerberos and an Apache

mod_python fixup handler is used to get the user information from a LDAP server. But you

could set the request headers however you want.

.. code-block:: apache

    <Location /someprefix>

      ProxyPass http://127.0.0.1:5000/someprefix

      ProxyPassReverse http://127.0.0.1:5000/someprefix

      SetEnvIf X-Url-Scheme https HTTPS=1

      AuthName "Kerberos Login"

      AuthType Kerberos

      Krb5Keytab /etc/apache2/http.keytab

      KrbMethodK5Passwd off

      KrbVerifyKDC on

      Require valid-user

      PythonFixupHandler ldapmetadata

      RequestHeader set X_REMOTE_USER %{X_REMOTE_USER}e

      RequestHeader set X_REMOTE_EMAIL %{X_REMOTE_EMAIL}e

      RequestHeader set X_REMOTE_FIRSTNAME %{X_REMOTE_FIRSTNAME}e

      RequestHeader set X_REMOTE_LASTNAME %{X_REMOTE_LASTNAME}e

    </Location>

.. code-block:: python

    from mod_python import apache

    import ldap

    LDAP_SERVER = "ldaps://server.mydomain.com:636"

    LDAP_USER = ""

    LDAP_PASS = ""

    LDAP_ROOT = "dc=mydomain,dc=com"

    LDAP_FILTER = "sAMAccountName=%s"

    LDAP_ATTR_LIST = ['sAMAccountName','givenname','sn','mail']

    def fixuphandler(req):

        if req.user is None:

            # no user to search for

            return apache.OK

        else:

            try:

                if('\\' in req.user):

                    username = req.user.split('\\')[1]

                elif('@' in req.user):

                    username = req.user.split('@')[0]

                else:

                    username = req.user

                l = ldap.initialize(LDAP_SERVER)

                l.simple_bind_s(LDAP_USER, LDAP_PASS)

                r = l.search_s(LDAP_ROOT, ldap.SCOPE_SUBTREE, LDAP_FILTER % username, attrlist=LDAP_ATTR_LIST)

                req.subprocess_env['X_REMOTE_USER'] = username

                req.subprocess_env['X_REMOTE_EMAIL'] = r[0][1]['mail'][0].lower()

                req.subprocess_env['X_REMOTE_FIRSTNAME'] = "%s" % r[0][1]['givenname'][0]

                req.subprocess_env['X_REMOTE_LASTNAME'] = "%s" % r[0][1]['sn'][0]

            except Exception, e:

                apache.log_error("error getting data from ldap %s" % str(e), apache.APLOG_ERR)

            return apache.OK

.. note::

   If you enable proxy pass-through authentication, make sure your server is

   only accessible through the proxy. Otherwise, any client would be able to

   forge the authentication header and could effectively become authenticated

   using any account of their liking.

Integration with issue trackers

-------------------------------

Kallithea provides a simple integration with issue trackers. It's possible

to define a regular expression that will match an issue ID in commit messages,

``issue_pat`` is the regular expression describing which strings in

Matched issue references are replaced with the link specified in

.. code-block:: html

If needed, more than one pattern can be specified by appending a unique suffix to

With these settings, wiki pages can be referenced as wiki-some-id, and every

such reference will be transformed into:

.. code-block:: html

  <a href="https://wiki.example.com/some-id">WIKI-some-id</a>

Hook management

---------------

Hooks can be managed in similar way to that used in ``.hgrc`` files.

To manage hooks, choose *Admin > Settings > Hooks*.

The built-in hooks cannot be modified, though they can be enabled or disabled in the *VCS* section.

To add another custom hook simply fill in the first textbox with

``<name>.<hook_type>`` and the second with the hook path. Example hooks

can be found in ``kallithea.lib.hooks``.

Changing default encoding

-------------------------

By default, Kallithea uses UTF-8 encoding.

This is configurable as ``default_encoding`` in the .ini file.

This affects many parts in Kallithea including user names, filenames, and

encoding of commit messages. In addition Kallithea can detect if the ``chardet``

library is installed. If ``chardet`` is detected Kallithea will fallback to it

when there are encode/decode errors.

Celery configuration

--------------------

Kallithea can use the distributed task queue system Celery_ to run tasks like

cloning repositories or sending emails.

Kallithea will in most setups work perfectly fine out of the box (without

Celery), executing all tasks in the web server process. Some tasks can however

take some time to run and it can be better to run such tasks asynchronously in

a separate process so the web server can focus on serving web requests.

For installation and configuration of Celery, see the `Celery documentation`_.

Note that Celery requires a message broker service like RabbitMQ_ (recommended)

or Redis_.

The use of Celery is configured in the Kallithea ini configuration file.

To enable it, simply set::

  use_celery = true

and add or change the ``celery.*`` and ``broker.*`` configuration variables.

Remember that the ini files use the format with '.' and not with '_' like

Celery. So for example setting `BROKER_HOST` in Celery means setting

`broker.host` in the configuration file.

To start the Celery process, run::

 gearbox celeryd -c <configfile.ini>

Extra options to the Celery worker can be passed after ``--`` - see ``-- -h``

for more info.

.. note::

   Make sure you run this command from the same virtualenv, and with the same

   user that Kallithea runs.

HTTPS support

-------------

Kallithea will by default generate URLs based on the WSGI environment.

Alternatively, you can use some special configuration settings to control

directly which scheme/protocol Kallithea will use when generating URLs:

- With ``https_fixup = true``, the scheme will be taken from the

  ``X-Url-Scheme``, ``X-Forwarded-Scheme`` or ``X-Forwarded-Proto`` HTTP header

  (default ``http``).

- With ``force_https = true`` the default will be ``https``.

- With ``use_htsts = true``, Kallithea will set ``Strict-Transport-Security`` when using https.

Nginx virtual host example

--------------------------

Sample config for Nginx using proxy:

.. code-block:: nginx

    upstream kallithea {

        server 127.0.0.1:5000;

        # add more instances for load balancing

        #server 127.0.0.1:5001;

        #server 127.0.0.1:5002;

    }

    ## gist alias

    server {

       listen          443;

       server_name     gist.example.com;

that, you'll need to:

- Install mod_wsgi. If using a Debian-based distro, you can install

  the package libapache2-mod-wsgi::

    aptitude install libapache2-mod-wsgi

- Enable mod_wsgi::

    a2enmod wsgi

- Add global Apache configuration to tell mod_wsgi that Python only will be

  used in the WSGI processes and shouldn't be initialized in the Apache

  processes::

    WSGIRestrictEmbedded On

- Create a wsgi dispatch script, like the one below. Make sure you

  check that the paths correctly point to where you installed Kallithea

  and its Python Virtual Environment.

- Enable the ``WSGIScriptAlias`` directive for the WSGI dispatch script,

  as in the following example. Once again, check the paths are

  correctly specified.

Here is a sample excerpt from an Apache Virtual Host configuration file:

.. code-block:: apache

    WSGIDaemonProcess kallithea processes=5 threads=1 maximum-requests=100 \

        python-home=/srv/kallithea/venv

    WSGIProcessGroup kallithea

    WSGIScriptAlias / /srv/kallithea/dispatch.wsgi

    WSGIPassAuthorization On

Or if using a dispatcher WSGI script with proper virtualenv activation:

.. code-block:: apache

    WSGIDaemonProcess kallithea processes=5 threads=1 maximum-requests=100

    WSGIProcessGroup kallithea

    WSGIScriptAlias / /srv/kallithea/dispatch.wsgi

    WSGIPassAuthorization On

Apache will by default run as a special Apache user, on Linux systems

usually ``www-data`` or ``apache``. If you need to have the repositories

directory owned by a different user, use the user and group options to

WSGIDaemonProcess to set the name of the user and group.

Example WSGI dispatch script:

.. code-block:: python

    import os

    os.environ["HGENCODING"] = "UTF-8"

    os.environ['PYTHON_EGG_CACHE'] = '/srv/kallithea/.egg-cache'

    # sometimes it's needed to set the current dir

    os.chdir('/srv/kallithea/')

    import site

    site.addsitedir("/srv/kallithea/venv/lib/python2.7/site-packages")

    ini = '/srv/kallithea/my.ini'

    from paste.script.util.logging_config import fileConfig

    fileConfig(ini)

    from paste.deploy import loadapp

    application = loadapp('config:' + ini)

Or using proper virtualenv activation:

.. code-block:: python

    activate_this = '/srv/kallithea/venv/bin/activate_this.py'

    execfile(activate_this, dict(__file__=activate_this))

    import os

    os.environ['HOME'] = '/srv/kallithea'

    ini = '/srv/kallithea/kallithea.ini'

    from paste.script.util.logging_config import fileConfig

    fileConfig(ini)

    from paste.deploy import loadapp

    application = loadapp('config:' + ini)

Other configuration files

-------------------------

A number of `example init.d scripts`__ can be found in

the ``init.d`` directory of the Kallithea source.

.. __: https://kallithea-scm.org/repos/kallithea/files/tip/init.d/ .

.. _virtualenv: http://pypi.python.org/pypi/virtualenv

.. _python: http://www.python.org/

.. _Mercurial: https://www.mercurial-scm.org/

.. _Celery: http://celeryproject.org/

.. _Celery documentation: http://docs.celeryproject.org/en/latest/getting-started/index.html

.. _RabbitMQ: http://www.rabbitmq.com/

.. _Redis: http://redis.io/

.. _python-ldap: http://www.python-ldap.org/

.. _mercurial-server: http://www.lshift.net/mercurial-server.html

.. _PublishingRepositories: https://www.mercurial-scm.org/wiki/PublishingRepositories

            return '<b>%s</b>' % mention

        hash_ = match_obj.group('hash')

        if hash_ is not None and repo_name is not None:

            from kallithea.config.routing import url  # doh, we need to re-import url to mock it later

            return '<a class="changeset_hash" href="%(url)s">%(hash)s</a>' % {

                 'url': url('changeset_home', repo_name=repo_name, revision=hash_),

                 'hash': hash_,

                }

        bold = match_obj.group('bold')

        if bold is not None:

            return '<b>*%s*</b>' % _urlify(bold[1:-1])

        if stylize:

            seen = match_obj.group('seen')

            if seen:

                return '<div class="label label-meta" data-tag="see">see =&gt; %s</div>' % seen

            license = match_obj.group('license')

            if license:

                return '<div class="label label-meta" data-tag="license"><a href="http:\/\/www.opensource.org/licenses/%s">%s</a></div>' % (license, license)

            tagtype = match_obj.group('tagtype')

            if tagtype:

                tagvalue = match_obj.group('tagvalue')

                return '<div class="label label-meta" data-tag="%s">%s =&gt; <a href="/%s">%s</a></div>' % (tagtype, tagtype, tagvalue, tagvalue)

            lang = match_obj.group('lang')

            if lang:

                return '<div class="label label-meta" data-tag="lang">%s</div>' % lang

            tag = match_obj.group('tag')

            if tag:

                return '<div class="label label-meta" data-tag="%s">%s</div>' % (tag, tag)

        return match_obj.group(0)

    def _urlify(s):

        """

        Extract urls from text and make html links out of them

        """

        return _URLIFY_RE.sub(_replace, s)

    if truncate is None:

        s = s.rstrip()

    else:

        s = truncatef(s, truncate, whole_word=True)

    s = html_escape(s)

    s = _urlify(s)

    if repo_name is not None:

        s = urlify_issues(s, repo_name)

    if link_ is not None:

        # make href around everything that isn't a href already

        s = linkify_others(s, link_)

    s = s.replace('\r\n', '<br/>').replace('\n', '<br/>')

    # Turn HTML5 into more valid HTML4 as required by some mail readers.

    # (This is not done in one step in html_escape, because character codes like

    # { risk to be seen as an issue reference due to the presence of '#'.)

    s = s.replace("'", "'")

    return literal(s)

def linkify_others(t, l):

    """Add a default link to html with links.

    HTML doesn't allow nesting of links, so the outer link must be broken up

    in pieces and give space for other links.

    """

    urls = re.compile(r'(\<a.*?\<\/a\>)',)

    links = []

    for e in urls.split(t):

        if e.strip() and not urls.match(e):

            links.append('<a class="message-link" href="%s">%s</a>' % (l, e))

        else:

            links.append(e)

    return ''.join(links)

# Global variable that will hold the actual urlify_issues function body.

# Will be set on first use when the global configuration has been read.

_urlify_issues_f = None

def urlify_issues(newtext, repo_name):

    """Urlify issue references according to .ini configuration"""

    global _urlify_issues_f

    if _urlify_issues_f is None:

        from kallithea import CONFIG

        from kallithea.model.db import URL_SEP

        assert CONFIG['sqlalchemy.url'] # make sure config has been loaded

        # Build chain of urlify functions, starting with not doing any transformation

        tmp_urlify_issues_f = lambda s: s

        issue_pat_re = re.compile(r'issue_pat(.*)')

        for k in CONFIG.keys():

            # Find all issue_pat* settings that also have corresponding server_link and prefix configuration

            m = issue_pat_re.match(k)

            if m is None:

                continue

            suffix = m.group(1)

            issue_pat = CONFIG.get(k)

            issue_server_link = CONFIG.get('issue_server_link%s' % suffix)

                continue

            # Wrap tmp_urlify_issues_f with substitution of this pattern, while making sure all loop variables (and compiled regexpes) are bound

            try:

                issue_re = re.compile(issue_pat)

            except re.error as e:

                continue

            def issues_replace(match_obj,

                issue_url = issue_url.replace('{repo}', repo_name)

                issue_url = issue_url.replace('{repo_name}', repo_name.split(URL_SEP)[-1])

                return (

                    '<a class="issue-tracker-link" href="%(url)s">'

                    '</a>'

                    ) % {

                     'url': issue_url,

                    }

            tmp_urlify_issues_f = (lambda s,

                                          issue_re=issue_re, issues_replace=issues_replace, chain_f=tmp_urlify_issues_f:

                                   issue_re.sub(issues_replace, chain_f(s)))

        # Set tmp function globally - atomically

        _urlify_issues_f = tmp_urlify_issues_f

    return _urlify_issues_f(newtext)

def render_w_mentions(source, repo_name=None):

    """

    Render plain text with revision hashes and issue references urlified

    and with @mention highlighting.

    """

    s = safe_unicode(source)

    s = urlify_text(s, repo_name=repo_name)

    return literal('<div class="formatted-fixed">%s</div>' % s)

def short_ref(ref_type, ref_name):

    if ref_type == 'rev':

        return short_id(ref_name)

    return ref_name

def link_to_ref(repo_name, ref_type, ref_name, rev=None):

    """

    Return full markup for a href to changeset_home for a changeset.

    If ref_type is branch it will link to changelog.

    ref_name is shortened if ref_type is 'rev'.

    if rev is specified show it too, explicitly linking to that revision.

    """

    txt = short_ref(ref_type, ref_name)

    if ref_type == 'branch':

        u = url('changelog_home', repo_name=repo_name, branch=ref_name)

    else:

        u = url('changeset_home', repo_name=repo_name, revision=ref_name)

    l = link_to(repo_name + '#' + txt, u)

    if rev and ref_type != 'rev':

        l = literal('%s (%s)' % (l, link_to(short_id(rev), url('changeset_home', repo_name=repo_name, revision=rev))))

    return l

def changeset_status(repo, revision):

    from kallithea.model.changeset_status import ChangesetStatusModel

    return ChangesetStatusModel().get_status(repo, revision)

def changeset_status_lbl(changeset_status):

    from kallithea.model.db import ChangesetStatus

    return ChangesetStatus.get_status_lbl(changeset_status)

def get_permission_name(key):

    from kallithea.model.db import Permission

    return dict(Permission.PERMS).get(key)

def journal_filter_help():

    return _(textwrap.dedent('''

        Example filter terms:

            repository:vcs

            username:developer

            action:*push*

            ip:127.0.0.1

            date:20120101

            date:[20120101100000 TO 20120102]

        Generate wildcards using '*' character:

            "repository:vcs*" - search everything starting with 'vcs'

            "repository:*vcs*" - search for repository containing 'vcs'

        Optional AND / OR operators in queries

            "repository:vcs OR repository:test"

            "username:test AND repository:test*"

    '''))