forked from GSA/catalog.data.gov
-
Notifications
You must be signed in to change notification settings - Fork 0
/
.env
150 lines (117 loc) · 5.5 KB
/
.env
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
# DB image settings
POSTGRES_PASSWORD=ckan
DATASTORE_READONLY_PASSWORD=datastore
# Basic
CKAN_SITE_ID=default
PORT=5000
CKAN_SITE_URL=http://ckan:5000
CKAN_SYSADMIN_NAME=admin
CKAN_SYSADMIN_PASSWORD=password
TZ=UTC
# CKAN_INI=/app/ckan/setup/ckan.ini
# Database connections (TODO: avoid duplication)
CKAN_SQLALCHEMY_URL=postgresql://ckan:ckan@db/ckan
CKAN_DATASTORE_WRITE_URL=postgresql://ckan:ckan@db/datastore
CKAN_DATASTORE_READ_URL=postgresql://datastore_ro:datastore@db/datastore
CKAN___BEAKER__SESSION__URL=postgresql://ckan:ckan@db/ckan
# Test database connections
TEST_CKAN_SQLALCHEMY_URL=postgres://ckan:ckan@db/ckan_test
TEST_CKAN_DATASTORE_WRITE_URL=postgresql://ckan:ckan@db/datastore_test
TEST_CKAN_DATASTORE_READ_URL=postgresql://datastore_ro:datastore@db/datastore_test
# Other services connections
COLLECTION_NAME=ckan_local
CKAN_SOLR_URL=http://solr:8983/solr/${COLLECTION_NAME}
CKAN_REDIS_URL=redis://redis:6379/1
CKAN_SOLR_BASE_URL=http://solr:8983
CKAN_SOLR_USER=admin
CKAN_SOLR_PASSWORD=pass
TEST_CKAN_SOLR_URL=http://solr:8983/solr/${COLLECTION_NAME}
TEST_CKAN_REDIS_URL=redis://redis:6379/1
# Core settings
CKAN__STORAGE_PATH=/var/lib/ckan
CKAN_SMTP_SERVER=smtp.corporateict.domain:25
CKAN_SMTP_STARTTLS=True
CKAN_SMTP_USER=user
CKAN_SMTP_PASSWORD=pass
CKAN_SMTP_MAIL_FROM=ckan@localhost
# Extensions
# To re-integrate: report qa archiver
CKAN__PLUGINS=envvars image_view text_view recline_view ckan_harvester datajson_harvest datagovtheme datagov_harvest geodatagov geodatagov_miscs z3950_harvester arcgis_harvester geodatagov_geoportal_harvester waf_harvester_collection geodatagov_csw_harvester geodatagov_doc_harvester geodatagov_waf_harvester spatial_metadata spatial_query spatial_harvest_metadata_api googleanalyticsbasic dcat dcat_json_interface structured_data datagovcatalog
# Extensions that exist but are not used in dev:
# - ckanext-saml2
#
# Enable ckanext-saml2 in local development
# add "saml2auth" to CKAN__PLUGINS list
# Harvest settings
CKAN__HARVEST__MQ__TYPE=redis
CKAN__HARVEST__MQ__HOSTNAME=redis
CKAN__HARVEST__MQ__PORT=6379
CKAN__HARVEST__MQ__REDIS_DB=1
CKAN__HARVEST__LOG_LEVEL=info
CKAN__HARVEST__LOG_SCOPE=0
CKAN__HARVEST__STATUS_MAIL__ALL=True
CKANEXT__GEODATAGOV__BUREAU_CSV__URL=https://resources.data.gov/schemas/dcat-us/v1.1/omb_bureau_codes.csv
CKANEXT__GEODATAGOV__BUREAU_CSV__URL_DEFAULT=https://resources.data.gov/schemas/dcat-us/v1.1/omb_bureau_codes.csv
CKAN__SPATIAL__SRID=4326
CKAN__SPATIAL__VALIDATOR__PROFILES=iso19139ngdc
CKANEXT__SPATIAL__SEARCH_BACKEND=solr
CKAN___GOOGLEANALYTICS__IDS=UA-1010101-1 UA-1010101-2
CKAN__TRACKING_ENABLED=true
CKAN___BROKER_BACKEND=redis
CKAN___BROKER_HOST=redis://redis/1
CKAN___CELERY_RESULT_BACKEND=redis
CKAN___REDIS_HOST=redis
CKAN___REDIS_PORT=6379
CKAN___REDIS_DB=0
CKAN___REDIS_CONNECT_RETRY=True
# New Relic
NEW_RELIC_LICENSE_KEY=
NEW_RELIC_APP_NAME=catalog-next
NEW_RELIC_MONITOR_MODE=false
NEW_RELIC_LOG=/var/log/new_relic.log
NEW_RELIC_LOG_LEVEL=info
NEW_RELIC_HOST=gov-collector.newrelic.com
# saml2
# Specifies the metadata location type
# Options: local or remote
CKANEXT__SAML2AUTH__IDP_METADATA__LOCATION=local
# Path to a local file accessible on the server the service runs on
# Ignore this config if the idp metadata location is set to: remote
CKANEXT__SAML2AUTH__IDP_METADATA__LOCAL_PATH=/srv/app/saml2/idp.xml
# A remote URL serving aggregate metadata
# Ignore this config if the idp metadata location is set to: local
# CKANEXT__SAML2AUTH__IDP_METADATA__REMOTE_URL=
# Path to a local file accessible on the server the service runs on
# Ignore this config if the idp metadata location is set to: local
# CKANEXT__SAML2AUTH__IDP_METADATA__REMOTE_CERT=
# Corresponding SAML user field for firstname
CKANEXT__SAML2AUTH__USER_FIRSTNAME=first_name
# Corresponding SAML user field for lastname
CKANEXT__SAML2AUTH__USER_LASTNAME=last_name
# Corresponding SAML user field for email
CKANEXT__SAML2AUTH__USER_EMAIL=email
### saml2 Optional:
# List of email addresses from users that should be created as sysadmins (system administrators)
# Indicates that attributes that are not recognized (they are not configured in attribute-mapping),
# will not be discarded.
# Default: True
CKANEXT__SAML2AUTH__ALLOW_UNKNOWN_ATTRIBUTES=true
# A list of string values that will be used to set the <NameIDFormat> element of the metadata of an entity.
# Default: urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
CKANEXT__SAML2AUTH__SP__NAME_ID_FORMAT=urn:oasis:names:tc:SAML:2.0:nameid-format:persistent urn:oasis:names:tc:SAML:2.0:nameid-format:transient urn:oasis:names:tc:SAML:2.0:nameid-format:emailAddress
CKANEXT__SAML2AUTH__ENTITY_ID=urn:gov:gsa:SAML:2.0.profiles:sp:sso:gsa:catalog-dev
CKANEXT__SAML2AUTH__WANT_RESPONSE_SIGNED=false
CKANEXT__SAML2AUTH__WANT_ASSERTIONS_SIGNED=false
CKANEXT__SAML2AUTH__WANT_ASSERTIONS_OR_RESPONSE_SIGNED=true
CKANEXT__SAML2AUTH__KEY_FILE_PATH=/srv/app/saml2/pki/mykey.pem
CKANEXT__SAML2AUTH__CERT_FILE_PATH=/srv/app/saml2/pki/mycert.pem
# CKANEXT__SAML2AUTH__ATTRIBUTE_MAP_DIR=/srv/app/saml2/attributemaps
CKANEXT__SAML2AUTH__ENABLE_CKAN_INTERNAL_LOGIN=true
# Ask for a PIV card https://developers.login.gov/oidc/#aal-values
CKANEXT__SAML2AUTH__REQUESTED_AUTHN_CONTEXT=http://idmanagement.gov/ns/assurance/aal/3?hspd12=true
# Comparison could be one of this: exact, minimum, maximum or better
CKANEXT__SAML2AUTH__REQUESTED_AUTHN_CONTEXT_COMPARISON=exact
# Avoid double package_show call to add tracking info
CKANEXT__DATAGOVCATALOG__ADD_PACKAGES_TRACKING_INFO=false