2017-05-23 23:04:54 +02:00
|
|
|
from typing import Optional
|
|
|
|
|
2018-04-06 03:00:51 +02:00
|
|
|
################################################################
|
|
|
|
# Zulip Server settings.
|
2018-02-19 18:49:49 +01:00
|
|
|
#
|
2018-04-06 03:00:51 +02:00
|
|
|
# This file controls settings that affect the whole Zulip server.
|
|
|
|
# See our documentation at:
|
2018-02-19 18:49:49 +01:00
|
|
|
# https://zulip.readthedocs.io/en/latest/production/settings.html
|
|
|
|
#
|
2018-04-06 03:00:51 +02:00
|
|
|
# For developer documentation on the Zulip settings system, see:
|
2018-02-19 18:49:49 +01:00
|
|
|
# https://zulip.readthedocs.io/en/latest/subsystems/settings.html
|
2018-04-06 03:00:51 +02:00
|
|
|
#
|
|
|
|
# Remember to restart the server after making changes here!
|
|
|
|
# su zulip -c /home/zulip/deployments/current/scripts/restart-server
|
2018-04-06 01:58:13 +02:00
|
|
|
|
2018-04-06 03:01:19 +02:00
|
|
|
|
|
|
|
################################
|
|
|
|
# Mandatory settings.
|
2015-08-21 05:40:53 +02:00
|
|
|
#
|
|
|
|
# These settings MUST be set in production. In a development environment,
|
|
|
|
# sensible default values will be used.
|
2013-10-23 23:28:03 +02:00
|
|
|
|
2013-11-14 05:25:45 +01:00
|
|
|
# The user-accessible Zulip hostname for this installation, e.g.
|
2017-02-16 23:03:14 +01:00
|
|
|
# zulip.example.com. This should match what users will put in their
|
|
|
|
# web browser. If you want to allow multiple hostnames, add the rest
|
|
|
|
# to ALLOWED_HOSTS.
|
2017-05-12 23:14:23 +02:00
|
|
|
#
|
|
|
|
# If you need to access the server on a specific port, you should set
|
|
|
|
# EXTERNAL_HOST to e.g. zulip.example.com:1234 here.
|
2015-08-21 05:40:53 +02:00
|
|
|
EXTERNAL_HOST = 'zulip.example.com'
|
2013-10-17 16:33:04 +02:00
|
|
|
|
2017-06-28 06:03:17 +02:00
|
|
|
# The email address for the person or team who maintains the Zulip
|
|
|
|
# installation. Note that this is a public-facing email address; it may
|
|
|
|
# appear on 404 pages, is used as the sender's address for many automated
|
|
|
|
# emails, and is advertised as a support address. An email address like
|
|
|
|
# support@example.com is totally reasonable, as is admin@example.com.
|
2017-06-26 19:43:32 +02:00
|
|
|
# Do not put a display name; e.g. 'support@example.com', not
|
|
|
|
# 'Zulip Support <support@example.com>'.
|
2015-08-21 08:07:52 +02:00
|
|
|
ZULIP_ADMINISTRATOR = 'zulip-admin@example.com'
|
2013-11-13 15:59:59 +01:00
|
|
|
|
2018-04-06 01:58:13 +02:00
|
|
|
|
2018-04-06 03:01:19 +02:00
|
|
|
################
|
|
|
|
# Outgoing email (SMTP) settings.
|
2017-02-16 23:04:57 +01:00
|
|
|
#
|
2018-04-06 01:58:13 +02:00
|
|
|
# Zulip needs to be able to send email (that is, use SMTP) so it can
|
|
|
|
# confirm new users' email addresses and send notifications.
|
2017-02-16 23:04:57 +01:00
|
|
|
#
|
2018-04-06 01:58:13 +02:00
|
|
|
# If you don't already have an SMTP provider, free ones are available.
|
2018-01-24 23:18:50 +01:00
|
|
|
#
|
2018-04-06 01:58:13 +02:00
|
|
|
# For more details, including a list of free SMTP providers and
|
|
|
|
# advice for troubleshooting, see the Zulip documentation:
|
|
|
|
# https://zulip.readthedocs.io/en/latest/production/email.html
|
|
|
|
|
|
|
|
# EMAIL_HOST and EMAIL_HOST_USER are generally required.
|
2018-01-24 23:53:06 +01:00
|
|
|
#EMAIL_HOST = 'smtp.example.com'
|
2018-01-24 23:18:50 +01:00
|
|
|
#EMAIL_HOST_USER = ''
|
2018-04-06 01:58:13 +02:00
|
|
|
|
|
|
|
# Passwords and secrets are not stored in this file. The password
|
|
|
|
# for user EMAIL_HOST_USER goes in `/etc/zulip/zulip-secrets.conf`.
|
|
|
|
# In that file, set `email_password`. For example:
|
|
|
|
# email_password = abcd1234
|
|
|
|
|
|
|
|
# EMAIL_USE_TLS and EMAIL_PORT are required for most SMTP providers.
|
2018-01-24 23:18:50 +01:00
|
|
|
#EMAIL_USE_TLS = True
|
2018-04-06 01:58:13 +02:00
|
|
|
#EMAIL_PORT = 587
|
|
|
|
|
2017-02-16 23:04:57 +01:00
|
|
|
|
2018-04-06 03:01:19 +02:00
|
|
|
################################
|
|
|
|
# Optional settings.
|
2017-06-09 05:59:07 +02:00
|
|
|
|
2017-08-16 01:51:05 +02:00
|
|
|
# The noreply address to be used as the sender for certain generated
|
|
|
|
# emails. Messages sent to this address could contain sensitive user
|
|
|
|
# data and should not be delivered anywhere. The default is
|
2018-11-09 00:25:39 +01:00
|
|
|
# e.g. noreply-{random_token}@zulip.example.com (if EXTERNAL_HOST is
|
|
|
|
# zulip.example.com). There are potential security issues if you set
|
|
|
|
# ADD_TOKENS_TO_NOREPLY_ADDRESS=False to remove the token; see
|
|
|
|
# https://zulip.readthedocs.io/en/latest/production/email.html for details.
|
|
|
|
#ADD_TOKENS_TO_NOREPLY_ADDRESS = True
|
|
|
|
#TOKENIZED_NOREPLY_EMAIL_ADDRESS = "noreply-{token}@example.com"
|
|
|
|
# Used for noreply emails only if ADD_TOKENS_TO_NOREPLY_ADDRESS=False
|
2017-08-16 01:51:05 +02:00
|
|
|
#NOREPLY_EMAIL_ADDRESS = 'noreply@example.com'
|
2017-06-09 05:59:07 +02:00
|
|
|
|
2017-10-19 04:09:53 +02:00
|
|
|
# Many countries and bulk mailers require certain types of email to display
|
|
|
|
# a physical mailing address to comply with anti-spam legislation.
|
|
|
|
# Non-commercial and non-public-facing installations are unlikely to need
|
|
|
|
# this setting.
|
|
|
|
# The address should have no newlines.
|
|
|
|
#PHYSICAL_ADDRESS = ''
|
|
|
|
|
2017-10-31 01:40:18 +01:00
|
|
|
# A comma-separated list of strings representing the host/domain names
|
|
|
|
# that your users can enter in their browsers to access Zulip.
|
|
|
|
# This is a security measure; for details, see the Django documentation:
|
|
|
|
# https://docs.djangoproject.com/en/1.11/ref/settings/#allowed-hosts
|
|
|
|
#
|
|
|
|
# Zulip automatically adds to this list 'localhost', '127.0.0.1', and
|
|
|
|
# patterns representing EXTERNAL_HOST and subdomains of it. If you are
|
|
|
|
# accessing your server by other hostnames, list them here.
|
|
|
|
#
|
|
|
|
# Note that these should just be hostnames, without port numbers.
|
2018-02-05 19:18:01 +01:00
|
|
|
#ALLOWED_HOSTS = ['zulip-alias.example.com', '192.0.2.1']
|
2017-10-31 01:40:18 +01:00
|
|
|
|
2018-04-06 03:01:19 +02:00
|
|
|
|
|
|
|
################
|
|
|
|
# Authentication settings.
|
|
|
|
|
2013-11-13 15:59:59 +01:00
|
|
|
# Enable at least one of the following authentication backends.
|
2017-11-16 19:51:44 +01:00
|
|
|
# See https://zulip.readthedocs.io/en/latest/production/authentication-methods.html
|
2016-07-13 01:17:16 +02:00
|
|
|
# for documentation on our authentication backends.
|
2017-10-18 01:58:24 +02:00
|
|
|
#
|
|
|
|
# The install process requires EmailAuthBackend (the default) to be
|
|
|
|
# enabled. If you want to disable it, do so after creating the
|
|
|
|
# initial realm and user.
|
2013-11-13 15:59:59 +01:00
|
|
|
AUTHENTICATION_BACKENDS = (
|
2017-07-09 01:54:38 +02:00
|
|
|
'zproject.backends.EmailAuthBackend', # Email and password; just requires SMTP setup
|
|
|
|
# 'zproject.backends.GoogleMobileOauth2Backend', # Google Apps, setup below
|
|
|
|
# 'zproject.backends.GitHubAuthBackend', # GitHub auth, setup below
|
|
|
|
# 'zproject.backends.ZulipLDAPAuthBackend', # LDAP, setup below
|
|
|
|
# 'zproject.backends.ZulipRemoteUserBackend', # Local SSO, setup docs on readthedocs
|
2017-01-24 06:34:26 +01:00
|
|
|
)
|
2013-11-13 15:59:59 +01:00
|
|
|
|
2018-04-06 03:05:13 +02:00
|
|
|
########
|
|
|
|
# Google OAuth.
|
|
|
|
#
|
2017-11-02 21:21:38 +01:00
|
|
|
# To set up Google authentication, you'll need to do the following:
|
2015-09-28 19:05:58 +02:00
|
|
|
#
|
2017-11-02 21:21:38 +01:00
|
|
|
# (1) Visit https://console.developers.google.com/ , navigate to
|
|
|
|
# "APIs & Services" > "Credentials", and create a "Project" which will
|
|
|
|
# correspond to your Zulip instance.
|
2015-09-28 19:05:58 +02:00
|
|
|
#
|
2017-11-02 21:21:38 +01:00
|
|
|
# (2) Navigate to "APIs & services" > "Library", and find the
|
|
|
|
# "Google+ API". Choose "Enable".
|
2015-09-28 19:05:58 +02:00
|
|
|
#
|
2017-11-02 21:21:38 +01:00
|
|
|
# (3) Return to "Credentials", and select "Create credentials".
|
|
|
|
# Choose "OAuth client ID", and follow prompts to create a consent
|
|
|
|
# screen. Fill in "Authorized redirect URIs" with a value like
|
|
|
|
# https://zulip.example.com/accounts/login/google/done/
|
|
|
|
# based on your value for EXTERNAL_HOST.
|
|
|
|
#
|
|
|
|
# (4) You should get a client ID and a client secret. Copy them.
|
|
|
|
# Use the client ID as `GOOGLE_OAUTH2_CLIENT_ID` here, and put the
|
|
|
|
# client secret in zulip-secrets.conf as `google_oauth2_client_secret`.
|
|
|
|
#GOOGLE_OAUTH2_CLIENT_ID = <your client ID from Google>
|
2016-07-29 21:34:17 +02:00
|
|
|
|
2018-04-06 03:05:13 +02:00
|
|
|
########
|
|
|
|
# GitHub OAuth.
|
|
|
|
#
|
2017-11-02 21:21:38 +01:00
|
|
|
# To set up GitHub authentication, you'll need to do the following:
|
2016-07-29 21:34:17 +02:00
|
|
|
#
|
|
|
|
# (1) Register an OAuth2 application with GitHub at one of:
|
2017-07-24 11:29:59 +02:00
|
|
|
# https://github.com/settings/developers
|
|
|
|
# https://github.com/organizations/ORGNAME/settings/developers
|
2017-11-02 21:21:38 +01:00
|
|
|
# Fill in "Callback URL" with a value like
|
|
|
|
# https://zulip.example.com/complete/github/ as
|
2018-07-10 08:07:23 +02:00
|
|
|
# based on your values for EXTERNAL_HOST and SOCIAL_AUTH_SUBDOMAIN.
|
2017-11-02 21:21:38 +01:00
|
|
|
#
|
|
|
|
# (2) You should get a page with settings for your new application,
|
|
|
|
# showing a client ID and a client secret. Use the client ID as
|
|
|
|
# `SOCIAL_AUTH_GITHUB_KEY` here, and put the client secret in
|
|
|
|
# zulip-secrets.conf as `social_auth_github_secret`.
|
|
|
|
#SOCIAL_AUTH_GITHUB_KEY = <your client ID from GitHub>
|
|
|
|
|
|
|
|
# (3) Optionally, you can configure the GitHub integration to only
|
|
|
|
# allow members of a particular GitHub team or organization to log
|
|
|
|
# into your Zulip server through GitHub authentication. To enable
|
|
|
|
# this, set one of the two parameters below:
|
|
|
|
#SOCIAL_AUTH_GITHUB_TEAM_ID = <your team id>
|
|
|
|
#SOCIAL_AUTH_GITHUB_ORG_NAME = <your org name>
|
2016-08-03 09:28:38 +02:00
|
|
|
|
2018-07-10 08:07:23 +02:00
|
|
|
# (4) If you are serving multiple Zulip organizations on different
|
|
|
|
# subdomains, you need to set SOCIAL_AUTH_SUBDOMAIN. You can set it
|
|
|
|
# to any subdomain on which you do not plan to host a Zulip
|
|
|
|
# organization. The default recommendation, `auth`, is a reserved
|
|
|
|
# subdomain; if you're using this setting, the "Callback URL" should be e.g.:
|
|
|
|
# https://auth.zulip.example.com/complete/github/
|
|
|
|
#
|
2018-08-01 09:48:52 +02:00
|
|
|
# If you end up using a subdomain other then the default
|
|
|
|
# recommendation, you must also set the 'ROOT_SUBDOMAIN_ALIASES' list
|
|
|
|
# to include this subdomain.
|
|
|
|
#
|
2018-07-10 08:07:23 +02:00
|
|
|
#SOCIAL_AUTH_SUBDOMAIN = 'auth'
|
|
|
|
|
2018-04-06 03:05:13 +02:00
|
|
|
########
|
|
|
|
# SSO via REMOTE_USER.
|
|
|
|
#
|
2013-11-14 05:25:45 +01:00
|
|
|
# If you are using the ZulipRemoteUserBackend authentication backend,
|
|
|
|
# set this to your domain (e.g. if REMOTE_USER is "username" and the
|
|
|
|
# corresponding email address is "username@example.com", set
|
|
|
|
# SSO_APPEND_DOMAIN = "example.com")
|
2017-07-09 01:54:38 +02:00
|
|
|
SSO_APPEND_DOMAIN = None # type: Optional[str]
|
2013-11-13 15:59:59 +01:00
|
|
|
|
2013-11-16 00:47:17 +01:00
|
|
|
|
2018-04-06 03:01:19 +02:00
|
|
|
################
|
2018-04-06 03:05:13 +02:00
|
|
|
# Miscellaneous settings.
|
2018-04-06 03:01:19 +02:00
|
|
|
|
2017-05-16 22:28:15 +02:00
|
|
|
# Support for mobile push notifications. Setting controls whether
|
|
|
|
# push notifications will be forwarded through a Zulip push
|
|
|
|
# notification bouncer server to the mobile apps. See
|
2017-11-16 19:51:44 +01:00
|
|
|
# https://zulip.readthedocs.io/en/latest/production/mobile-push-notifications.html
|
2017-05-16 22:28:15 +02:00
|
|
|
# for information on how to sign up for and configure this.
|
2017-07-25 22:53:04 +02:00
|
|
|
#PUSH_NOTIFICATION_BOUNCER_URL = 'https://push.zulipchat.com'
|
2017-05-16 22:28:15 +02:00
|
|
|
|
2017-10-10 11:14:10 +02:00
|
|
|
# Whether to redact the content of push notifications. This is less
|
|
|
|
# usable, but avoids sending message content over the wire. In the
|
|
|
|
# future, we're likely to replace this with an end-to-end push
|
|
|
|
# notification encryption feature.
|
|
|
|
#PUSH_NOTIFICATION_REDACT_CONTENT = False
|
|
|
|
|
2013-11-14 05:25:45 +01:00
|
|
|
# Controls whether session cookies expire when the browser closes
|
2013-11-14 05:14:18 +01:00
|
|
|
SESSION_EXPIRE_AT_BROWSER_CLOSE = False
|
|
|
|
|
|
|
|
# Session cookie expiry in seconds after the last page load
|
2017-07-09 01:54:38 +02:00
|
|
|
SESSION_COOKIE_AGE = 60 * 60 * 24 * 7 * 2 # 2 weeks
|
2013-11-14 05:14:18 +01:00
|
|
|
|
2017-01-18 05:52:52 +01:00
|
|
|
# Password strength requirements; learn about configuration at
|
2017-11-16 19:51:44 +01:00
|
|
|
# https://zulip.readthedocs.io/en/latest/production/security-model.html.
|
2017-01-18 05:52:52 +01:00
|
|
|
# PASSWORD_MIN_LENGTH = 6
|
2017-10-03 20:45:49 +02:00
|
|
|
# PASSWORD_MIN_GUESSES = 10000
|
2017-01-09 18:04:23 +01:00
|
|
|
|
2017-09-30 07:39:58 +02:00
|
|
|
# Controls whether Zulip sends "new login" email notifications.
|
|
|
|
#SEND_LOGIN_EMAILS = True
|
|
|
|
|
2013-11-25 22:07:37 +01:00
|
|
|
# Controls whether or not there is a feedback button in the UI.
|
2015-08-21 04:42:04 +02:00
|
|
|
ENABLE_FEEDBACK = False
|
2013-11-13 16:59:03 +01:00
|
|
|
|
2017-07-02 03:59:03 +02:00
|
|
|
# Feedback sent by your users will be sent to this email address.
|
2015-08-21 04:42:04 +02:00
|
|
|
FEEDBACK_EMAIL = ZULIP_ADMINISTRATOR
|
2013-11-25 22:07:37 +01:00
|
|
|
|
2017-01-24 07:54:18 +01:00
|
|
|
# Controls whether or not error reports (tracebacks) are emailed to the
|
|
|
|
# server administrators.
|
|
|
|
#ERROR_REPORTING = True
|
|
|
|
# For frontend (JavaScript) tracebacks
|
|
|
|
#BROWSER_ERROR_REPORTING = False
|
2013-11-13 21:35:04 +01:00
|
|
|
|
2017-09-27 03:08:43 +02:00
|
|
|
# If True, each log message in the server logs will identify the
|
|
|
|
# Python module where it came from. Useful for tracking down a
|
|
|
|
# mysterious log message, but a little verbose.
|
|
|
|
#LOGGING_SHOW_MODULE = False
|
|
|
|
|
2017-10-05 01:41:00 +02:00
|
|
|
# If True, each log message in the server logs will identify the
|
|
|
|
# process ID. Useful for correlating logs with information from
|
|
|
|
# system-level monitoring tools.
|
|
|
|
#LOGGING_SHOW_PID = False
|
|
|
|
|
2013-11-14 14:37:39 +01:00
|
|
|
# Controls whether or not Zulip will provide inline image preview when
|
2017-07-29 15:06:52 +02:00
|
|
|
# a link to an image is referenced in a message. Note: this feature
|
|
|
|
# can also be disabled in a realm's organization settings.
|
|
|
|
#INLINE_IMAGE_PREVIEW = True
|
|
|
|
|
|
|
|
# Controls whether or not Zulip will provide inline previews of
|
|
|
|
# websites that are referenced in links in messages. Note: this feature
|
|
|
|
# can also be disabled in a realm's organization settings.
|
|
|
|
#INLINE_URL_EMBED_PREVIEW = False
|
2013-11-14 14:37:39 +01:00
|
|
|
|
2016-03-10 17:17:40 +01:00
|
|
|
# Controls whether or not Zulip will parse links starting with
|
|
|
|
# "file:///" as a hyperlink (useful if you have e.g. an NFS share).
|
|
|
|
ENABLE_FILE_LINKS = False
|
|
|
|
|
2013-11-14 05:25:45 +01:00
|
|
|
# By default, files uploaded by users and user avatars are stored
|
2018-05-16 23:34:34 +02:00
|
|
|
# directly on the Zulip server. You can configure files being instead
|
|
|
|
# stored in Amazon S3 or another scalable data store here. See docs at:
|
2015-11-15 22:48:36 +01:00
|
|
|
#
|
2018-05-16 23:34:34 +02:00
|
|
|
# https://zulip.readthedocs.io/en/latest/production/upload-backends.html
|
2016-09-02 21:27:35 +02:00
|
|
|
LOCAL_UPLOADS_DIR = "/home/zulip/uploads"
|
2015-11-15 22:48:36 +01:00
|
|
|
#S3_AUTH_UPLOADS_BUCKET = ""
|
|
|
|
#S3_AVATAR_BUCKET = ""
|
2018-07-14 18:15:22 +02:00
|
|
|
#S3_REGION = ""
|
2013-10-23 23:28:03 +02:00
|
|
|
|
2015-11-21 04:08:53 +01:00
|
|
|
# Maximum allowed size of uploaded files, in megabytes. DO NOT SET
|
|
|
|
# ABOVE 80MB. The file upload implementation doesn't support chunked
|
|
|
|
# uploads, so browsers will crash if you try uploading larger files.
|
|
|
|
MAX_FILE_UPLOAD_SIZE = 25
|
|
|
|
|
2013-11-15 16:52:31 +01:00
|
|
|
# Controls whether name changes are completely disabled for this installation
|
|
|
|
# This is useful in settings where you're syncing names from an integrated LDAP/Active Directory
|
|
|
|
NAME_CHANGES_DISABLED = False
|
|
|
|
|
2013-11-15 22:25:02 +01:00
|
|
|
# Controls whether users who have not uploaded an avatar will receive an avatar
|
|
|
|
# from gravatar.com.
|
|
|
|
ENABLE_GRAVATAR = True
|
|
|
|
|
2013-11-18 16:58:39 +01:00
|
|
|
# To override the default avatar image if ENABLE_GRAVATAR is False, place your
|
|
|
|
# custom default avatar image at /home/zulip/local-static/default-avatar.png
|
|
|
|
# and uncomment the following line.
|
|
|
|
#DEFAULT_AVATAR_URI = '/local-static/default-avatar.png'
|
|
|
|
|
2015-12-10 23:52:52 +01:00
|
|
|
# To access an external postgres database you should define the host name in
|
|
|
|
# REMOTE_POSTGRES_HOST, you can define the password in the secrets file in the
|
|
|
|
# property postgres_password, and the SSL connection mode in REMOTE_POSTGRES_SSLMODE
|
2017-11-08 01:55:32 +01:00
|
|
|
# Valid values for REMOTE_POSTGRES_SSLMODE are documented in the
|
|
|
|
# "SSL Mode Descriptions" table in
|
|
|
|
# https://www.postgresql.org/docs/9.5/static/libpq-ssl.html
|
2015-12-10 23:52:52 +01:00
|
|
|
#REMOTE_POSTGRES_HOST = 'dbserver.example.com'
|
|
|
|
#REMOTE_POSTGRES_SSLMODE = 'require'
|
|
|
|
|
2017-09-30 07:36:57 +02:00
|
|
|
# If you want to set a Terms of Service for your server, set the path
|
|
|
|
# to your markdown file, and uncomment the following line.
|
|
|
|
#TERMS_OF_SERVICE = '/etc/zulip/terms.md'
|
|
|
|
|
|
|
|
# Similarly if you want to set a Privacy Policy.
|
|
|
|
#PRIVACY_POLICY = '/etc/zulip/privacy.md'
|
2016-05-11 19:01:53 +02:00
|
|
|
|
2018-04-06 03:01:19 +02:00
|
|
|
|
|
|
|
################
|
|
|
|
# Twitter integration.
|
2013-11-14 05:25:45 +01:00
|
|
|
|
|
|
|
# Zulip supports showing inline Tweet previews when a tweet is linked
|
|
|
|
# to in a message. To support this, Zulip must have access to the
|
|
|
|
# Twitter API via OAuth. To obtain the various access tokens needed
|
|
|
|
# below, you must register a new application under your Twitter
|
|
|
|
# account by doing the following:
|
2013-10-25 21:19:30 +02:00
|
|
|
#
|
|
|
|
# 1. Log in to http://dev.twitter.com.
|
|
|
|
# 2. In the menu under your username, click My Applications. From this page, create a new application.
|
2015-09-29 20:26:34 +02:00
|
|
|
# 3. Click on the application you created and click "create my access token".
|
|
|
|
# 4. Fill in the values for twitter_consumer_key, twitter_consumer_secret, twitter_access_token_key,
|
|
|
|
# and twitter_access_token_secret in /etc/zulip/zulip-secrets.conf.
|
2013-10-25 21:19:30 +02:00
|
|
|
|
2013-11-14 05:25:45 +01:00
|
|
|
|
2018-04-06 03:01:19 +02:00
|
|
|
################
|
|
|
|
# Email gateway integration.
|
|
|
|
#
|
2015-10-15 21:51:40 +02:00
|
|
|
# The Email gateway integration supports sending messages into Zulip
|
|
|
|
# by sending an email. This is useful for receiving notifications
|
|
|
|
# from third-party services that only send outgoing notifications via
|
|
|
|
# email. Once this integration is configured, each stream will have
|
2018-01-16 14:24:15 +01:00
|
|
|
# an email address documented on the stream settings page and emails
|
2015-10-15 21:51:40 +02:00
|
|
|
# sent to that address will be delivered into the stream.
|
|
|
|
#
|
|
|
|
# There are two ways to configure email mirroring in Zulip:
|
2014-02-03 20:22:56 +01:00
|
|
|
# 1. Local delivery: A MTA runs locally and passes mail directly to Zulip
|
|
|
|
# 2. Polling: Checks an IMAP inbox every minute for new messages.
|
|
|
|
#
|
2015-10-15 21:51:40 +02:00
|
|
|
# The local delivery configuration is preferred for production because
|
|
|
|
# it supports nicer looking email addresses and has no cron delay,
|
|
|
|
# while the polling mechanism is better for testing/developing this
|
|
|
|
# feature because it doesn't require a public-facing IP/DNS setup.
|
2013-11-14 05:25:45 +01:00
|
|
|
#
|
2015-10-15 21:51:40 +02:00
|
|
|
# The main email mirror setting is the email address pattern, where
|
|
|
|
# you specify the email address format you'd like the integration to
|
|
|
|
# use. It should be one of the following:
|
|
|
|
# %s@zulip.example.com (for local delivery)
|
|
|
|
# username+%s@example.com (for polling if EMAIL_GATEWAY_LOGIN=username@example.com)
|
2013-11-12 16:19:38 +01:00
|
|
|
EMAIL_GATEWAY_PATTERN = ""
|
2014-02-03 20:22:56 +01:00
|
|
|
#
|
2015-10-15 21:51:40 +02:00
|
|
|
# If you are using local delivery, EMAIL_GATEWAY_PATTERN is all you need
|
|
|
|
# to change in this file. You will also need to enable the Zulip postfix
|
|
|
|
# configuration to support local delivery by adding
|
|
|
|
# , zulip::postfix_localmail
|
2015-11-23 22:18:26 +01:00
|
|
|
# to puppet_classes in /etc/zulip/zulip.conf and then running
|
|
|
|
# `scripts/zulip-puppet-apply -f` to do the installation.
|
2015-10-15 21:51:40 +02:00
|
|
|
#
|
2018-10-25 00:02:08 +02:00
|
|
|
# You will also need to setup DNS MX records to ensure emails sent to
|
|
|
|
# the hostname configured in EMAIL_GATEWAY_PATTERN will be delivered
|
|
|
|
# to the Zulip postfix server you installed above.
|
|
|
|
#
|
2015-10-15 21:51:40 +02:00
|
|
|
# If you are using polling, you will need to setup an IMAP email
|
|
|
|
# account dedicated to Zulip email gateway messages. The model is
|
|
|
|
# that users will send emails to that account via an address of the
|
|
|
|
# form username+%s@example.com (which is what you will set as
|
|
|
|
# EMAIL_GATEWAY_PATTERN); your email provider should deliver those
|
|
|
|
# emails to the username@example.com inbox. Then you run in a cron
|
2016-07-28 16:08:52 +02:00
|
|
|
# job `./manage.py email_mirror` (see puppet/zulip/files/cron.d/email-mirror),
|
2015-10-15 21:51:40 +02:00
|
|
|
# which will check that inbox and batch-process any new messages.
|
|
|
|
#
|
|
|
|
# You will need to configure authentication for the email mirror
|
2015-11-23 22:20:32 +01:00
|
|
|
# command to access the IMAP mailbox below and in zulip-secrets.conf.
|
2014-02-03 20:22:56 +01:00
|
|
|
#
|
2016-07-25 14:16:59 +02:00
|
|
|
# The IMAP login; username here and password as email_gateway_password in
|
2015-11-23 22:20:32 +01:00
|
|
|
# zulip-secrets.conf.
|
2013-11-12 16:19:38 +01:00
|
|
|
EMAIL_GATEWAY_LOGIN = ""
|
|
|
|
# The IMAP server & port to connect to
|
|
|
|
EMAIL_GATEWAY_IMAP_SERVER = ""
|
|
|
|
EMAIL_GATEWAY_IMAP_PORT = 993
|
|
|
|
# The IMAP folder name to check for emails. All emails sent to EMAIL_GATEWAY_PATTERN above
|
|
|
|
# must be delivered to this folder
|
|
|
|
EMAIL_GATEWAY_IMAP_FOLDER = "INBOX"
|
|
|
|
|
2018-04-06 03:01:19 +02:00
|
|
|
|
|
|
|
################
|
2018-04-06 03:05:13 +02:00
|
|
|
# LDAP integration.
|
2018-04-06 03:01:19 +02:00
|
|
|
#
|
2015-09-30 08:12:48 +02:00
|
|
|
# Zulip supports retrieving information about users via LDAP, and
|
2015-10-13 22:22:27 +02:00
|
|
|
# optionally using LDAP as an authentication mechanism.
|
2018-09-25 23:29:03 +02:00
|
|
|
|
2013-11-21 01:30:20 +01:00
|
|
|
import ldap
|
2018-09-17 17:35:06 +02:00
|
|
|
from django_auth_ldap.config import LDAPSearch, GroupOfNamesType, LDAPSearchUnion
|
2013-11-21 01:30:20 +01:00
|
|
|
|
2018-09-25 23:29:03 +02:00
|
|
|
########
|
|
|
|
# LDAP integration, part 1: Connecting to the LDAP server.
|
2018-09-26 00:55:51 +02:00
|
|
|
#
|
|
|
|
# For detailed instructions, see the Zulip documentation:
|
|
|
|
# https://zulip.readthedocs.io/en/latest/production/authentication-methods.html#ldap
|
2018-09-25 23:29:03 +02:00
|
|
|
|
2018-09-26 00:05:58 +02:00
|
|
|
# The LDAP server to connect to. Setting this enables Zulip
|
|
|
|
# automatically fetching each new user's name from LDAP.
|
|
|
|
# Example: "ldaps://ldap.example.com"
|
2013-11-21 01:30:20 +01:00
|
|
|
AUTH_LDAP_SERVER_URI = ""
|
|
|
|
|
2018-09-26 00:05:58 +02:00
|
|
|
# The DN of the user to bind as (i.e., authenticate as) in order to
|
|
|
|
# query LDAP. If unset, Zulip does an anonymous bind.
|
2013-11-21 01:30:20 +01:00
|
|
|
AUTH_LDAP_BIND_DN = ""
|
|
|
|
|
2018-09-25 23:29:03 +02:00
|
|
|
# Passwords and secrets are not stored in this file. The password
|
|
|
|
# corresponding to AUTH_LDAP_BIND_DN goes in `/etc/zulip/zulip-secrets.conf`.
|
|
|
|
# In that file, set `auth_ldap_bind_password`. For example:
|
|
|
|
# auth_ldap_bind_password = abcd1234
|
|
|
|
|
|
|
|
|
|
|
|
########
|
|
|
|
# LDAP integration, part 2: Mapping user info from LDAP to Zulip.
|
2018-09-26 00:55:51 +02:00
|
|
|
#
|
|
|
|
# For detailed instructions, see the Zulip documentation:
|
|
|
|
# https://zulip.readthedocs.io/en/latest/production/authentication-methods.html#ldap
|
2018-09-25 23:29:03 +02:00
|
|
|
|
2018-09-26 00:05:58 +02:00
|
|
|
# The LDAP search query to find a given user.
|
|
|
|
#
|
|
|
|
# The arguments to `LDAPSearch` are (base DN, scope, filter). In the
|
2018-09-26 00:55:51 +02:00
|
|
|
# filter, the string `%(user)s` is a Python placeholder. The Zulip
|
|
|
|
# server will replace this with the user's Zulip username, i.e. the
|
|
|
|
# name they type into the Zulip login form.
|
|
|
|
#
|
|
|
|
# For more details and alternatives, see the documentation linked above.
|
2013-11-21 01:30:20 +01:00
|
|
|
AUTH_LDAP_USER_SEARCH = LDAPSearch("ou=users,dc=example,dc=com",
|
2016-12-03 00:04:17 +01:00
|
|
|
ldap.SCOPE_SUBTREE, "(uid=%(user)s)")
|
2013-11-21 01:30:20 +01:00
|
|
|
|
2018-09-26 00:55:51 +02:00
|
|
|
# Domain to combine with a user's username to figure out their email address.
|
|
|
|
#
|
|
|
|
# If users log in as e.g. "sam" when their email address is "sam@example.com",
|
|
|
|
# set this to "example.com". If users log in with their full email addresses,
|
|
|
|
# leave as None; if the username -> email address mapping isn't so simple,
|
|
|
|
# leave as None and see LDAP_EMAIL_ATTR.
|
2017-07-09 01:54:38 +02:00
|
|
|
LDAP_APPEND_DOMAIN = None # type: Optional[str]
|
2013-11-21 01:30:20 +01:00
|
|
|
|
2018-09-26 00:55:51 +02:00
|
|
|
# LDAP attribute to find a user's email address.
|
|
|
|
#
|
|
|
|
# Leave as None if users log in with their email addresses,
|
|
|
|
# or if using LDAP_APPEND_DOMAIN.
|
2017-09-10 17:25:24 +02:00
|
|
|
LDAP_EMAIL_ATTR = None # type: Optional[str]
|
|
|
|
|
2013-11-22 22:58:22 +01:00
|
|
|
# This map defines how to populate attributes of a Zulip user from LDAP.
|
2018-09-26 00:05:58 +02:00
|
|
|
#
|
|
|
|
# The format is `zulip_name: ldap_name`; each entry maps a Zulip
|
|
|
|
# concept (on the left) to the LDAP attribute name (on the right) your
|
|
|
|
# LDAP database uses for the same concept.
|
2013-11-21 01:30:20 +01:00
|
|
|
AUTH_LDAP_USER_ATTR_MAP = {
|
2018-02-13 20:11:52 +01:00
|
|
|
# full_name is required; common values include "cn" or "displayName".
|
2013-11-21 01:30:20 +01:00
|
|
|
"full_name": "cn",
|
2018-12-12 19:46:37 +01:00
|
|
|
# User avatars can be pulled from the LDAP "thumbnailPhoto"/"jpegPhoto" field.
|
|
|
|
# "avatar": "thumbnailPhoto",
|
2013-11-21 01:30:20 +01:00
|
|
|
}
|
2015-08-21 01:27:35 +02:00
|
|
|
|
2018-04-06 03:01:19 +02:00
|
|
|
|
|
|
|
################
|
2018-04-06 03:05:13 +02:00
|
|
|
# Miscellaneous settings.
|
2018-04-06 03:01:19 +02:00
|
|
|
|
2016-04-28 07:32:27 +02:00
|
|
|
# The default CAMO_URI of '/external_content/' is served by the camo
|
|
|
|
# setup in the default Voyager nginx configuration. Setting CAMO_URI
|
|
|
|
# to '' will disable the Camo integration.
|
|
|
|
CAMO_URI = '/external_content/'
|
2016-01-21 12:52:24 +01:00
|
|
|
|
|
|
|
# RabbitMQ configuration
|
|
|
|
#
|
|
|
|
# By default, Zulip connects to rabbitmq running locally on the machine,
|
|
|
|
# but Zulip also supports connecting to RabbitMQ over the network;
|
|
|
|
# to use a remote RabbitMQ instance, set RABBITMQ_HOST here.
|
|
|
|
# RABBITMQ_HOST = "localhost"
|
|
|
|
# To use another rabbitmq user than the default 'zulip', set RABBITMQ_USERNAME here.
|
|
|
|
# RABBITMQ_USERNAME = 'zulip'
|
|
|
|
|
|
|
|
# Memcached configuration
|
|
|
|
#
|
|
|
|
# By default, Zulip connects to memcached running locally on the machine,
|
|
|
|
# but Zulip also supports connecting to memcached over the network;
|
|
|
|
# to use a remote Memcached instance, set MEMCACHED_LOCATION here.
|
|
|
|
# Format HOST:PORT
|
|
|
|
# MEMCACHED_LOCATION = 127.0.0.1:11211
|
|
|
|
|
|
|
|
# Redis configuration
|
|
|
|
#
|
|
|
|
# By default, Zulip connects to redis running locally on the machine,
|
|
|
|
# but Zulip also supports connecting to redis over the network;
|
2016-08-01 04:45:53 +02:00
|
|
|
# to use a remote Redis instance, set REDIS_HOST here.
|
2016-01-21 12:52:24 +01:00
|
|
|
# REDIS_HOST = '127.0.0.1'
|
|
|
|
# For a different redis port set the REDIS_PORT here.
|
|
|
|
# REDIS_PORT = 6379
|
2016-08-01 04:51:00 +02:00
|
|
|
# If you set redis_password in zulip-secrets.conf, Zulip will use that password
|
|
|
|
# to connect to the redis server.
|
2016-01-21 12:52:24 +01:00
|
|
|
|
|
|
|
# Controls whether Zulip will rate-limit user requests.
|
|
|
|
# RATE_LIMITING = True
|
2018-04-03 01:46:55 +02:00
|
|
|
|
2017-05-24 02:46:52 +02:00
|
|
|
# By default, Zulip connects to the thumbor (the thumbnailing software
|
|
|
|
# we use) service running locally on the machine. If you're running
|
|
|
|
# thumbor on a different server, you can configure that by setting
|
2018-03-08 09:37:09 +01:00
|
|
|
# THUMBOR_URL here. Setting THUMBOR_URL='' will disable
|
2017-05-24 02:46:52 +02:00
|
|
|
# thumbnailing in Zulip.
|
2018-03-08 09:37:09 +01:00
|
|
|
#THUMBOR_URL = 'http://127.0.0.1:9995'
|
2017-05-24 02:46:52 +02:00
|
|
|
|
2018-04-03 01:46:55 +02:00
|
|
|
# Controls the Jitsi video call integration. By default, the
|
|
|
|
# integration uses the SaaS meet.jit.si server. You can specify
|
|
|
|
# your own Jitsi Meet server, or if you'd like to disable the
|
|
|
|
# integration, set JITSI_SERVER_URL = None.
|
|
|
|
#JITSI_SERVER_URL = 'jitsi.example.com'
|