-
Notifications
You must be signed in to change notification settings - Fork 6
/
.env
184 lines (152 loc) · 7.52 KB
/
.env
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
# Used by docker compose directly
COMPOSE_HTTP_TIMEOUT=120
# CKAN admin config options
CKAN_SYSADMIN_NAME=admin
CKAN_SYSADMIN_PASSWORD=password
# New Relic
NEW_RELIC_LICENSE_KEY=
NEW_RELIC_APP_NAME=inventory-local
NEW_RELIC_MONITOR_MODE=false
NEW_RELIC_LOG_LEVEL=info
NEW_RELIC_HOST=gov-collector.newrelic.com
# CKAN
DB_CKAN_HOST=db
DB_CKAN_USER=ckan
DB_CKAN_PASSWORD=pass
DB_CKAN_DB=ckan
CKAN___BEAKER__SESSION__URL=postgresql://ckan:ckan@db/ckan
CKAN___BEAKER__SESSION__SECRET=CHANGE_ME
CKAN___WTF_CSRF_SECRET_KEY=CHANGE_ME
# See https://docs.ckan.org/en/latest/maintaining/configuration.html#api-token-settings
CKAN___API_TOKEN__JWT__ENCODE__SECRET=string:CHANGE_ME
CKAN___API_TOKEN__JWT__DECODE__SECRET=string:CHANGE_ME
# Put envvars last per envvars doc, https://github.com/okfn/ckanext-envvars#requirements
# Not including saml2auth
CKAN__PLUGINS=datagov_inventory datastore xloader stats text_view recline_view googleanalyticsbasic s3filestore dcat_usmetadata usmetadata datajson envvars
CKAN__SITE_TITLE=Inventory
CKAN__SITE_LOGO=/base/images/inventory-logo.png
CKAN__SITE_DESCRIPTION=Inventory is a Metadata Repository for Government Agencies
CKAN__SITE_INTRO_TEXT=Inventory is a Metadata Repository for Government Agencies
CKAN__DISPLAY_TIMEZONE=UTC
CKAN_SQLALCHEMY_URL=postgresql://ckan:pass@db/ckan
# CKAN_INI=/app/config/ckan.ini
CKAN_HOME=/srv/app
CKAN_CONFIG=/app/config
PORT=5000
CKAN_DATASTORE_WRITE_URL=postgresql://datastore:pass@datastore/datastore
CKAN_DATASTORE_READ_URL=postgresql://datastore_ro:pass@datastore/datastore
## Search Settings
CKAN_SITE_ID=inventory
CKAN_SOLR_URL=http://solr:8983/solr/ckan
CKAN_SOLR_BASE_URL=http://solr:8983
CKAN_SOLR_USER=catalog
CKAN_SOLR_PASSWORD='Bleeding-Edge'
## Redis settings
CKAN_REDIS_URL=redis://redis:6379/0
## Authorization Settings
CKAN__AUTH__ANON_CREATE_DATASET=false
CKAN__AUTH__CREATE_UNOWNED_DATASET=false
CKAN__AUTH__CREATE_DATASET_IF_NOT_IN_ORGANIZATION=false
CKAN__AUTH__USER_CREATE_GROUPS=false
CKAN__AUTH__USER_CREATE_ORGANIZATIONS=false
CKAN__AUTH__USER_DELETE_GROUPS=false
CKAN__AUTH__USER_DELETE_ORGANIZATIONS=false
CKAN__AUTH__CREATE_USER_VIA_API=false
CKAN__AUTH__CREATE_USER_VIA_WEB=false
CKAN__AUTH__ROLES_THAT_CASCADE_TO_SUB_GROUPS=admin
CKAN__AUTH__PUBLIC_USER_DETAILS=false
# Xloader Settings
# Even though datapusher is ignored, we still have to include a URL in the config?
CKAN__DATAPUSHER__URL=http://empty.com
CKAN__DATAPUSHER__API_TOKEN=xxx
CKANEXT__XLOADER__JOBS_DB__URI=postgresql://datastore:pass@datastore/datastore
CKANEXT__XLOADER__FORMATS=csv application/csv xls xlsx application/vnd.ms-excel
# The maximum size of files to load into DataStore. In bytes. Default is 1 GB.
CKANEXT__XLOADER__MAX_CONTENT_LENGTH=1000000000
# To always use messytables to load data, instead of attempting a direct
# PostgreSQL COPY, set this to True. This more closely matches the
# DataPusher's behavior. It has the advantage that the column types
# are guessed. However it is more error prone, far slower and you can't run
# the CPU-intensive queue on a separate machine.
CKANEXT__XLOADER__JUST_LOAD_WITH_MESSYTABLES=False
# The maximum time for the loading of a resource before it is aborted.
# Give an amount in seconds. Default is 60 minutes
CKANEXT__XLOADER__JOB_TIMEOUT=3600
# Ignore the file hash when submitting to the DataStore, if set to True
# resources are always submitted (if their format matches), if set to
# False (default), resources are only submitted if their hash has changed.
# CKANEXT__XLOADER__IGNORE_HASH = False
# When loading a file that is bigger than `max_content_length`, xloader can
# still try and load some of the file, which is useful to display a
# preview. Set this option to the desired number of lines/rows that it
# loads in this case.
# If the file-type is supported (CSV, TSV) an excerpt with the number of
# `max_excerpt_lines` lines will be submitted while the `max_content_length`
# is not exceeded.
# If set to 0 (default) files that exceed the `max_content_length` will
# not be loaded into the datastore.
CKANEXT__XLOADER__MAX_EXCERPT_LINES=100
## google analytics ids
CKANEXT___GOOGLEANALYTICS__IDS=google-analytics-fake-key-testing-87654321
## S3Filestore setttings
# The maximum content size, in bytes, for uploads
CKAN__STORAGE__MAX_CONTENT_LENGTH=650000000
CKAN_STORAGE_PATH=/var/lib/ckan/files
CKANEXT__S3FILESTORE__AWS_BUCKET_NAME=inventory
CKANEXT__S3FILESTORE__AWS_STORAGE_PATH=local
CKANEXT__S3FILESTORE__REGION_NAME=us-east-1
CKANEXT__S3FILESTORE__HOST_NAME=http://localstack-container:4566
CKANEXT__S3FILESTORE__PUBLIC_HOST_NAME=http://localhost:4566
CKANEXT__S3FILESTORE__AWS_ACCESS_KEY_ID=_placeholder
CKANEXT__S3FILESTORE__AWS_SECRET_ACCESS_KEY=_placeholder
CKANEXT__S3FILESTORE__SIGNATURE_VERSION=s3v4
## Data.json settings
CKANEXT__DATAJSON__INVENTORY_LINKS_ENABLED=True
CKANEXT__DATAJSON__EXPORT_MAP_FILENAME=export.inventory.map.sample.json
# saml2
# Specifies the metadata location type
# Options: local or remote
CKANEXT__SAML2AUTH__IDP_METADATA__LOCATION=local
# Path to a local file accessible on the server the service runs on
# Ignore this config if the idp metadata location is set to: remote
CKANEXT__SAML2AUTH__IDP_METADATA__LOCAL_PATH=/srv/app/saml2/idp.xml
# A remote URL serving aggregate metadata
# Ignore this config if the idp metadata location is set to: local
# CKANEXT__SAML2AUTH__IDP_METADATA__REMOTE_URL=
# Path to a local file accessible on the server the service runs on
# Ignore this config if the idp metadata location is set to: local
# CKANEXT__SAML2AUTH__IDP_METADATA__REMOTE_CERT=
# Corresponding SAML user field for firstname
CKANEXT__SAML2AUTH__USER_FIRSTNAME=first_name
# Corresponding SAML user field for lastname
CKANEXT__SAML2AUTH__USER_LASTNAME=last_name
# Corresponding SAML user field for email
CKANEXT__SAML2AUTH__USER_EMAIL=email
### saml2 Optional:
# List of email addresses from users that should be created as sysadmins (system administrators)
# Indicates that attributes that are not recognized (they are not configured in attribute-mapping),
# will not be discarded.
# Default: True
CKANEXT__SAML2AUTH__ALLOW_UNKNOWN_ATTRIBUTES=true
# Indicates if CKAN should auto create a user for a new SAML login
# If set False, a new user must be manually created in CKAN before they can log in using SAML
# If set False, existing user must be in active state to able to log in.
# Default: True
CKANEXT__SAML2AUTH__CREATE_USER_VIA_SAML=false
# A list of string values that will be used to set the <NameIDFormat> element of the metadata of an entity.
# Default: urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
CKANEXT__SAML2AUTH__SP__NAME_ID_FORMAT=urn:oasis:names:tc:SAML:2.0:nameid-format:persistent urn:oasis:names:tc:SAML:2.0:nameid-format:transient urn:oasis:names:tc:SAML:2.0:nameid-format:emailAddress
CKANEXT__SAML2AUTH__ENTITY_ID=urn:gov:gsa:SAML:2.0.profiles:sp:sso:gsa:inventory-dev
CKANEXT__SAML2AUTH__WANT_RESPONSE_SIGNED=false
CKANEXT__SAML2AUTH__WANT_ASSERTIONS_SIGNED=false
CKANEXT__SAML2AUTH__WANT_ASSERTIONS_OR_RESPONSE_SIGNED=true
CKANEXT__SAML2AUTH__KEY_FILE_PATH=/srv/app/saml2/pki/mykey.pem
CKANEXT__SAML2AUTH__CERT_FILE_PATH=/srv/app/saml2/pki/mycert.pem
# CKANEXT__SAML2AUTH__ATTRIBUTE_MAP_DIR=/srv/app/saml2/attributemaps
CKANEXT__SAML2AUTH__ENABLE_CKAN_INTERNAL_LOGIN=true
# Ask for a PIV card https://developers.login.gov/oidc/#aal-values
CKANEXT__SAML2AUTH__REQUESTED_AUTHN_CONTEXT=http://idmanagement.gov/ns/assurance/aal/3?hspd12=true
# Comparison could be one of this: exact, minimum, maximum or better
CKANEXT__SAML2AUTH__REQUESTED_AUTHN_CONTEXT_COMPARISON=exact