advanced_dev-sif.erda.dk_full.env

# IMPORTANT: this is a sample env file with the setup used for the default simple
#            docker build. To adjust the build settings you can copy it to ./.env and
#            make your desired changes before running
#            make init && make build

# This can be used to specify custom upstream registries
# from where to pull/push the docker-migrid stack images
CONTAINER_REGISTRY=${CONTAINER_REGISTRY:-docker.io}

# Optionally use DOCKER_MIGRID_ROOT to point to another root location than PWD,
# which might be useful e.g. when automating deployment with ansible.
# IMPORTANT: with docker on centos7 RO-mounts may fail unless we use an abs path
DOCKER_MIGRID_ROOT=.

# Set to override container user and group IDs
#UID=1000
#GID=1000
#USER=mig

# The domain in which the instance should be accessible
DOMAIN=dev.erda.dk
WILDCARD_DOMAIN=dev*.erda.dk
PUBLIC_DOMAIN=dev-www.erda.dk
MIGCERT_DOMAIN=
EXTCERT_DOMAIN=dev-cert.erda.dk
MIGOID_DOMAIN=dev-ext.erda.dk
EXTOID_DOMAIN=dev-oid.erda.dk
# NOTE: uncoment next domain for testing external OpenID Connect provider
#EXTOIDC_DOMAIN=dev-oidc.erda.dk
EXTOIDC_DOMAIN=
SID_DOMAIN=dev-sid.erda.dk
IO_DOMAIN=dev-io.erda.dk
OPENID_DOMAIN=dev-ext.erda.dk
FTPS_DOMAIN=dev-io.erda.dk
SFTP_DOMAIN=dev-io.erda.dk
WEBDAVS_DOMAIN=dev-io.erda.dk
MIG_OID_PROVIDER=https://dev-ext.erda.dk/openid/
EXT_OID_PROVIDER=https://openid.ku.dk/
EXT_OIDC_PROVIDER_META_URL=unset
EXT_OIDC_CLIENT_NAME=unset
EXT_OIDC_CLIENT_ID=unset
EXT_OIDC_SCOPE="profile email"
EXT_OIDC_REMOTE_USER_CLAIM=sub
# Uncomment to enable workaround for OpenID Connect sign up with accented chars
#EXT_OIDC_PASS_CLAIM_AS="both latin1"
EXT_OIDC_PASS_CLAIM_AS="both"
PUBLIC_HTTP_PORT=80
PUBLIC_HTTPS_PORT=443
MIGCERT_HTTPS_PORT=443
EXTCERT_HTTPS_PORT=443
MIGOID_HTTPS_PORT=443
EXTOID_HTTPS_PORT=443
EXTOIDC_HTTPS_PORT=443
SID_HTTPS_PORT=443
SFTP_PORT=2222
SFTP_SUBSYS_PORT=22222
SFTP_SHOW_PORT=2222
DAVS_PORT=4443
DAVS_SHOW_PORT=4443
OPENID_PORT=8443
OPENID_SHOW_PORT=443
FTPS_CTRL_PORT=8021
FTPS_CTRL_SHOW_PORT=21
FTPS_PASSIVE_PORTS=8100-8200

# Various helpers
ADMIN_EMAIL="SIF Info <mig@dev.erda.dk>"
ADMIN_LIST=
SMTP_SENDER="Do Not Reply <no-reply@dev.erda.dk>"
LOG_LEVEL=info
TITLE="Sensitive Information Facility"
SHORT_TITLE="Dev SIF"
MIG_OID_TITLE="Non-KU/UCPH"
EXT_OID_TITLE="KU/UCPH"
PEERS_PERMIT="role:.*(vip|tap)"
VGRID_CREATORS="role:.*(vip|tap)"
VGRID_MANAGERS="distinguished_name:.*"

# Which site setup flavor to emulate regarding skin, etc.
# {migrid, idmc, erda, sif}
EMULATE_FLAVOR=sif
# and the corresponding FQDN used e.g. in that flavor index-FQDN.html
EMULATE_FQDN=sif.erda.dk
#SKIN_SUFFIX=basic
SKIN_SUFFIX=ucph-science

# Site settings
ENABLE_OPENID=True
ENABLE_SFTP=True
ENABLE_SFTP_SUBSYS=False
ENABLE_DAVS=True
ENABLE_FTPS=False
ENABLE_SHARELINKS=False
ENABLE_TRANSFERS=False
ENABLE_DUPLICATI=False
ENABLE_SEAFILE=False
ENABLE_SANDBOXES=False
ENABLE_VMACHINES=False
ENABLE_CRONTAB=False
ENABLE_JOBS=False
ENABLE_RESOURCES=False
ENABLE_EVENTS=False
ENABLE_FREEZE=False
ENABLE_CRACKLIB=True
ENABLE_IMNOTIFY=False
ENABLE_NOTIFY=True
ENABLE_PREVIEW=False
ENABLE_WORKFLOWS=False
ENABLE_VERIFY_CERTS=True
ENABLE_JUPYTER=False
ENABLE_TWOFACTOR=True
ENABLE_TWOFACTOR_STRICT_ADDRESS=True
ENABLE_PEERS=True
MIG_PASSWORD_POLICY="MODERN:12"
ENABLE_LOGROTATE=False
LOGROTATE_MIGRID=False
PEERS_MANDATORY=True
PEERS_EXPLICIT_FIELDS="full_name email"
PEERS_CONTACT_HINT="employed at UCPH and authorized to invite you as peer"
ENABLE_MIGADMIN=False
ENABLE_GDP=True
# Disable GDP email notifications as no mail setup present in default
GDP_EMAIL_NOTIFY=False
#GDP_ID_SCRAMBLE=safe_hash
#GDP_PATH_SCRAMBLE=safe_encrypt
ENABLE_SELF_SIGNED_CERTS=False
#BUILD_MOD_AUTH_OPENID=False
UPGRADE_MOD_AUTH_OPENIDC=True
# Use a recent paramiko for modern host key algo support in grid_sftp (ENABLE_SFTP)
UPGRADE_PARAMIKO=True
PUBKEY_FROM_DNS=False
MODERN_WSGIDAV=False
PREFER_PYTHON3=False

SIGNUP_METHODS="migoid extcert extoid"
LOGIN_METHODS="migoid extcert extoid"
USER_INTERFACES="V2"
AUTO_ADD_CERT_USER=True
AUTO_ADD_OID_USER=True
AUTO_ADD_OIDC_USER=True
CERT_VALID_DAYS=180
OID_VALID_DAYS=180
GENERIC_VALID_DAYS=180
OPENSSH_VERSION=7.3
VGRID_LABEL=Project
# Menu options override default and available extra Apps on personal Home page
DEFAULT_MENU="files settings setup logout"
USER_MENU=""
# Use persistent salt for storing various sensitive data
# NOTE: the two files were manually created in ./state/secrets/ using initial
#       corresponding generated X_salt values from mig/server/MiGserver.conf
DIGEST_SALT="FILE::/home/mig/state/secrets/digest-salt.hex"
CRYPTO_SALT="FILE::/home/mig/state/secrets/crypto-salt.hex"
# Site-specific javascript and stylesheets to inject on user pages
EXTRA_USERPAGE_SCRIPTS=""
EXTRA_USERPAGE_STYLES=""

# The containers can take advantage of a fast shared scratch space e.g. in
# memory for caching various internal state helpers. If not set local disk will
# be used by default.
# NOTE: a shared mig_system_run scratch space on tmpfs can be made with
#       something like:                                                                             
# tmpfs   /storage/tmpfs/mig_system_run  tmpfs   nosuid,nodev,noatime,noexec,uid=1000,gid=1000,mode=0770,size=128m   0 0
# in /etc/fstab. Manual mount can be done with:                                                     
# sudo mount /storage/tmpfs/mig_system_run
# NOTE: toggle commenting on  next two lines if you have such a tmpfs set up in the given path
#MIG_SYSTEM_RUN=/storage/tmpfs/mig_system_run
MIG_SYSTEM_RUN=${DOCKER_MIGRID_ROOT}/state/mig_system_run
# The apache auth openid module performs and scales better if the associated
# internal openid store directory runs from fast storage. It's a volatile data
# store, which allows more concurrent OpenID 2.0 clients if it e.g. uses tmpfs.
# If you have migoid or extoid in LOGIN_METHODS you likely want to look into
# that. The instructions for mig_system_run can be mostly reused in that case.
# Otherwise you can safely ignore the OPENID_STORE setting.
# NOTE: toggle commenting on next two lines if you have such a tmpfs set up in the given path
#OPENID_STORE=/storage/tmpfs/openid_store
OPENID_STORE=${DOCKER_MIGRID_ROOT}/state/openid_store
# We need a read-only bind mounted version of the vgrid_files_writable
# directory and the underlying location can be configured here.
VGRID_FILES_WRITABLE=${DOCKER_MIGRID_ROOT}/state/vgrid_files_writable

# Which svn repo and version of migrid should be used
MIG_SVN_REPO=https://svn.code.sf.net/p/migrid/code/trunk
#MIG_SVN_REV=5787
MIG_SVN_REV=HEAD

# NOTE: use 'git edge' here for tried and tested python2 version
# Which git repo and version of migrid should be used
MIG_GIT_REPO=https://github.com/ucphhpc/migrid-sync.git
MIG_GIT_BRANCH=edge
#MIG_GIT_REV=97626ff1d7bbf37c96ee67c53b60bc1520cb7915
MIG_GIT_REV=HEAD

# Toggle future Python3 support
#WITH_PY3=True
WITH_PY3=False

# Toggle git support - effectively switches from SVN to GIT options above
WITH_GIT=True

# Which timezone should the service use
TZ=Europe/Copenhagen

# We already run an SMTP server on the host
SMTP_SERVER=localhost

# The URL of the of designated jupyter services
# The url is prefixed by the name of the service itself
JUPYTER_SERVICES="dag.http://dag.test"

# The description associated with each jupyter service
# The key is the name of the service it describes
JUPYTER_SERVICES_DESC="{'dag': '/home/mig/state/wwwpublic/dag_desc.html'}"