Skip to content
local_settings.py.example 8.6 KiB
Newer Older
# See https://docs.djangoproject.com/en/dev/howto/deployment/checklist/

# {{{ database and site

SECRET_KEY = '<CHANGE ME TO SOME RANDOM STRING ONCE IN PRODUCTION>'
Andreas Klöckner's avatar
Andreas Klöckner committed

ALLOWED_HOSTS = [
Andreas Klöckner's avatar
Andreas Klöckner committed
        "relate.example.com",
Andreas Klöckner's avatar
Andreas Klöckner committed
        ]

# Uncomment this to use a real database. If left commented out, a local SQLite3
# database will be used, which is not recommended for production use.
#
# DATABASES = {
#     'default': {
Dong Zhuang's avatar
Dong Zhuang committed
#         'ENGINE': 'django.db.backends.postgresql_psycopg2',
Andreas Klöckner's avatar
Andreas Klöckner committed
#         'NAME': 'relate',
#         'USER': 'relate',
#         'PASSWORD': '<PASSWORD>',
#         'HOST': '127.0.0.1',
#         'PORT': '5432',
#     }
# }
Andreas Klöckner's avatar
Andreas Klöckner committed

Andreas Klöckner's avatar
Andreas Klöckner committed
# Recommended, because dulwich is kind of slow in retrieving stuff.
#
# Also, progress bars for long-running operations will only work
# properly if you enable this. (or a similar out-of-process cache
# backend)
#
Andreas Klöckner's avatar
Andreas Klöckner committed
# CACHES = {
#     'default': {
#         'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
#         'LOCATION': '127.0.0.1:11211',
#     }
Andreas Klöckner's avatar
Andreas Klöckner committed
# }

# SECURITY WARNING: don't run with debug turned on in production!
DEBUG = True
TEMPLATE_DEBUG = DEBUG

TIME_ZONE = "America/Chicago"

# }}}

# {{{ git storage

# Your course git repositories will be stored under this directory.
# Make sure it's writable by your web user.
Andreas Klöckner's avatar
Andreas Klöckner committed
# The default below makes them sit side-by-side with your relate checkout,
# which makes sense for development, but you probably want to change this
# in production.
#
# The 'course identifiers' you enter will be directory names below this root.

#GIT_ROOT = "/some/where"
GIT_ROOT = ".."
EMAIL_HOST = '127.0.0.1'
EMAIL_HOST_USER = ''
EMAIL_HOST_PASSWORD = ''
EMAIL_PORT = 25
EMAIL_USE_TLS = False
ROBOT_EMAIL_FROM = "Example Admin <admin@example.com>"
RELATE_ADMIN_EMAIL_LOCALE = "en_US"
# Cool down time (seconds) required before another new session of a flow
# is allowed to be started.
RELATE_SESSION_RESTART_COOLDOWN_SECONDS = 10
SERVER_EMAIL = ROBOT_EMAIL_FROM

ADMINS = (
    ("Example Admin", "admin@example.com"),
    )
# }}}

# {{{ sign-in methods
RELATE_SIGN_IN_BY_EMAIL_ENABLED = True
RELATE_REGISTRATION_ENABLED = False
RELATE_SIGN_IN_BY_EXAM_TICKETS_ENABLED = True
Andreas Klöckner's avatar
Andreas Klöckner committed
# If you enable this, you must also have saml_config.py in this directory.
# See saml_config.py.example for help.
RELATE_SIGN_IN_BY_SAML2_ENABLED = False
# }}}

# {{{ docker

# A string containing the image ID of the docker image to be used to run
# student Python code. Docker should download the image on first run.
Andreas Klöckner's avatar
Andreas Klöckner committed
RELATE_DOCKER_RUNPY_IMAGE = "inducer/relate-runpy-i386"
# A URL pointing to the Docker command interface which RELATE should use
# to spawn containers for student code.
RELATE_DOCKER_URL = "unix://var/run/docker.sock"

RELATE_DOCKER_TLS_CONFIG = None

# Example setup for targeting remote Docker instances
# with TLS authentication:

# RELATE_DOCKER_URL = "https://relate.cs.illinois.edu:2375"
#
# import os.path
# pki_base_dir = os.path.dirname(__file__)
#
# import docker.tls
# RELATE_DOCKER_TLS_CONFIG = docker.tls.TLSConfig(
#     client_cert=(
#         os.path.join(pki_base_dir, "client-cert.pem"),
#         os.path.join(pki_base_dir, "client-key.pem"),
#     ca_cert=os.path.join(pki_base_dir, "ca.pem"),
# }}}

# {{{ maintenance and announcements

Andreas Klöckner's avatar
Andreas Klöckner committed
RELATE_MAINTENANCE_MODE = False
# May be set to a string to set a sitewide announcement visible on every page.
RELATE_SITE_ANNOUNCEMENT = None

Andreas Klöckner's avatar
Andreas Klöckner committed
# }}}

# Uncomment this to enable i18n, change 'en-us' to locale name your language.
Andreas Klöckner's avatar
Andreas Klöckner committed
# Make sure you have generated, translate and compile the message file of your
# language. If commented, RELATE will use default language 'en-us'.

#LANGUAGE_CODE='en-us'
# {{{ exams and testing

RELATE_FACILITIES = {
    "test_center": {
        "ip_ranges": [
            "192.168.192.0/24",
            ],
# For how many minutes is an exam ticket still usable for login after its first
# use?
RELATE_TICKET_MINUTES_VALID_AFTER_USE = 12*60

Andreas Klöckner's avatar
Andreas Klöckner committed
# {{{ saml2 (optional)

if RELATE_SIGN_IN_BY_SAML2_ENABLED:
    from os import path
    import saml2.saml
    _BASEDIR = path.dirname(path.abspath(__file__))

    _BASE_URL = 'https://relate.cs.illinois.edu'

    SAML_CONFIG = {
        # full path to the xmlsec1 binary programm
        'xmlsec_binary': '/usr/bin/xmlsec1',

        # your entity id, usually your subdomain plus the url to the metadata view
        # (usually no need to change)
        'entityid': _BASE_URL + '/saml2/metadata/',

        # directory with attribute mapping
        # (already populated with samples from djangosaml2, usually no need to
        # change)
        'attribute_map_dir': path.join(_BASEDIR, 'saml-config', 'attribute-maps'),

        # this block states what services we provide
        'service': {
            'sp': {
                'name': 'RELATE SAML2 SP',
                'name_id_format': saml2.saml.NAMEID_FORMAT_PERSISTENT,
                'endpoints': {
                    # url and binding to the assertion consumer service view
                    # do not change the binding or service name
                    'assertion_consumer_service': [
                        (_BASE_URL + '/saml2/acs/',
                         saml2.BINDING_HTTP_POST),
                        ],
                    # url and binding to the single logout service view
                    # do not change the binding or service name
                    'single_logout_service': [
                        (_BASE_URL + '/saml2/ls/',
                         saml2.BINDING_HTTP_REDIRECT),
                        (_BASE_URL + '/saml2/ls/post',
                         saml2.BINDING_HTTP_POST),
                        ],
                    },

                # attributes that this project needs to identify a user
                'required_attributes': ['uid'],

                # attributes that may be useful to have but not required
                'optional_attributes': ['eduPersonAffiliation'],

                # in this section the list of IdPs we talk to are defined
                'idp': {
                    # Find the entity ID of your IdP and make this the key here:
                    'urn:mace:incommon:uiuc.edu': {
                        'single_sign_on_service': {
                            # Add the POST and REDIRECT bindings for the sign on service here:
                            saml2.BINDING_HTTP_POST:
                                'https://shibboleth.illinois.edu/idp/profile/SAML2/POST/SSO',
                            saml2.BINDING_HTTP_REDIRECT:
                                'https://shibboleth.illinois.edu/idp/profile/SAML2/Redirect/SSO',
                            },
                        'single_logout_service': {
                            # And the REDIRECT binding for the logout service here:
                            saml2.BINDING_HTTP_REDIRECT:
                            'https://shibboleth.illinois.edu/idp/logout.jsp',  # noqa
                            },
                        },
                    },
                },
            },

        # You will get this XML file from your institution. It has finite validity
        # and will need to be re-downloaded periodically.
        #
        # "itrust" is an example name that's valid for the University of Illinois.
        # This particular file is public and lives at
        # https://discovery.itrust.illinois.edu/itrust-metadata/itrust-metadata.xml

        'metadata': {
            'local': [path.join(_BASEDIR, 'saml-config', 'itrust-metadata.xml')],
            },

        # set to 1 to output debugging information
        'debug': 1,

        # certificate
        # see saml2-keygen.sh in this directory
        'key_file': path.join(_BASEDIR, 'saml-config', 'sp-key.pem'),  # private part
        'cert_file': path.join(_BASEDIR, 'saml-config', 'sp-cert.pem'),  # public part

        # own metadata settings
        'contact_person': [
            {'given_name': 'Andreas',
             'sur_name': 'Kloeckner',
             'company': 'CS - University of Illinois',
             'email_address': 'andreask@illinois.edu',
             'contact_type': 'technical'},
            {'given_name': 'Andreas',
             'sur_name': 'Kloeckner',
             'company': 'CS - University of Illinois',
             'email_address': 'andreask@illinois.edu',
             'contact_type': 'administrative'},
            ],
        # you can set multilanguage information here
        'organization': {
            'name': [('RELATE', 'en')],
            'display_name': [('RELATE', 'en')],
            'url': [(_BASE_URL, 'en')],
            },
        'valid_for': 24,  # how long is our metadata valid
        }

# }}}

# vim: filetype=python:foldmethod=marker