production.ini

[pipeline:main]
pipeline =
    raven
    assembl

[app:assembl]
use = egg:assembl

pyramid.reload_templates = false
pyramid.debug_authorization = false
pyramid.debug_notfound = false
pyramid.debug_routematch = false
sqltap = false
pyramid.includes =
    pyramid_tm

# Don't let cornice handle exceptions
handle_exceptions = 
# Should we show our own view for exceptions? true for production.
assembl_handle_exceptions = true

# Ensure to have the same url scheme as Assembl and Sentry's (http or https)
raven_url = %(sentry_scheme)s://%(sentry_key)s@%(sentry_host)s/%(sentry_id)s

tm.attempts=3

# Assembl will strip countries if needed, so you should provide a proper locale
# including country.  If you don't you may have problems with facebook and other
# For some reason de, ar, es should not have countries, because for some reason
# facebook doesn't like it.
# Note that currently, only en, fr, and de variants are fully supported
# If you contribute an additional translation, be sure to update
# initLocale() in context.js Otherwise, date localisations using moment.js will
# revert to english
available_languages = fr_CA en_CA de
pyramid.default_locale_name = en_CA

# Should requirejs defeat browser caching?  Useful in development
requirejs.cache_bust = false

sqlalchemy.url = postgresql+psycopg2://%(db_user)s:%(db_password)s@%(db_host)s/%(db_database)s?sslmode=disable
# Unnessary to set this true in development, as logger_sqlalchemy DEBUG
# below will also output sql statements
sqlalchemy.echo = False
sqlalchemy.strategy = atexit_cleanup

# Do we use elastic_search indexing
use_elasticsearch = true

jinja2.directories = assembl:templates

#If false, every user will be immediately validated
assembl.validate_registration_emails = true
mail.host = %(smtp_host)s
mail.tls = true
assembl.admin_email = assembl@%(public_hostname)s

# Set a discussion slug here so root redirects to a that discussion.
# TODO: Replace with a host router.
# default_discussion = sandbox

# Offline mode: if true, the application will avoid making calls to other websites (e.g. gravatar)
#offline_mode = false

#The default theme.  If unset, will be set to "default"
#The themes must be stored in a folder assembl/static/css/themes/name_of_theme
#default_theme = default

# Each of these providers requires us to register a client app ID.
# Also, we must give a visible callback URL.
# Please contact maparent@acm.org for details.


# Python Social Auth settings

SOCIAL_AUTH_LOGIN_URL = /login
SOCIAL_AUTH_LOGIN_REDIRECT_URL = /
SOCIAL_AUTH_USER_MODEL = assembl.models.auth.User
# SOCIAL_AUTH_LOGIN_FUNCTION = assembl.views.auth.views.velruse_login_complete_view
SOCIAL_AUTH_LOGIN_FUNCTION = assembl.auth.social_auth.login_user
SOCIAL_AUTH_LOGGEDIN_FUNCTION = assembl.auth.social_auth.login_required
SOCIAL_AUTH_STORAGE = assembl.models.social_auth.AssemblStorage
SOCIAL_AUTH_STRATEGY = assembl.auth.social_auth.AssemblStrategy
SOCIAL_AUTH_USER_FIELDS = email
    fullname
SOCIAL_AUTH_PROTECTED_USER_FIELDS = fullname
USE_UNIQUE_USER_ID=True
IGNORE_DEFAULT_SCOPE = True
SOCIAL_AUTH_FACEBOOK_SCOPE = public_profile
    email
SOCIAL_AUTH_GOOGLE_OAUTH2_SCOPE = profile email
SOCIAL_AUTH_GITHUB_SCOPE = repo
SOCIAL_AUTH_FIELDS_STORED_IN_SESSION = next_view

SOCIAL_AUTH_AUTHENTICATION_BACKENDS = assembl.auth.wordpress.WordPressServerOAuth2
    social.backends.twitter.TwitterOAuth
    social.backends.open_id.OpenIdAuth
    social.backends.google.GoogleOpenId
    social.backends.google.GoogleOAuth2
    social.backends.google.GoogleOAuth
    social.backends.yammer.YammerOAuth2
    social.backends.yahoo.YahooOpenId
    social.backends.stripe.StripeOAuth2
    social.backends.persona.PersonaAuth
    social.backends.facebook.FacebookOAuth2
    social.backends.facebook.FacebookAppOAuth2
    social.backends.yahoo.YahooOAuth
    social.backends.angel.AngelOAuth2
    social.backends.behance.BehanceOAuth2
    social.backends.bitbucket.BitbucketOAuth
    social.backends.box.BoxOAuth2
    social.backends.linkedin.LinkedinOAuth
    social.backends.github.GithubOAuth2
    social.backends.foursquare.FoursquareOAuth2
    social.backends.instagram.InstagramOAuth2
    social.backends.live.LiveOAuth2
    social.backends.vk.VKOAuth2
    social.backends.dailymotion.DailymotionOAuth2
    social.backends.disqus.DisqusOAuth2
    social.backends.dropbox.DropboxOAuth
    social.backends.eveonline.EVEOnlineOAuth2
    social.backends.evernote.EvernoteSandboxOAuth
    social.backends.flickr.FlickrOAuth
    social.backends.livejournal.LiveJournalOpenId
    social.backends.soundcloud.SoundcloudOAuth2
    social.backends.thisismyjam.ThisIsMyJamOAuth1
    social.backends.stocktwits.StocktwitsOAuth2
    social.backends.tripit.TripItOAuth
    social.backends.twilio.TwilioAuth
    social.backends.clef.ClefOAuth2
    social.backends.xing.XingOAuth
    social.backends.yandex.YandexOAuth2
    social.backends.podio.PodioOAuth2
    social.backends.reddit.RedditOAuth2
    social.backends.mineid.MineIDOAuth2
    social.backends.wunderlist.WunderlistOAuth2
    social.backends.saml.SAMLAuth


# Those will be shown in the login page
login_providers =
    # facebook
    # twitter
    # google-oauth2

# Users from these providers (if enabled in login_providers) will not need
# to verify their email
trusted_login_providers = facebook
 google-oauth2
 twitter
 saml

# https://developers.facebook.com/docs/facebook-login/getting-started-web/
# https://developers.facebook.com/apps/
#
SOCIAL_AUTH_FACEBOOK_KEY = ...
SOCIAL_AUTH_FACEBOOK_SECRET = ...
SOCIAL_AUTH_FACEBOOK_SCOPE = public_profile
    email

# Further parameters for facebook import/export
# facebook.consumer_key =
# facebook.consumer_secret =
# facebook.app_access_token =
facebook.export_permissions = public_profile, email, publish_actions, user_posts, user_likes, manage_pages, publish_pages, user_groups, user_managed_groups
facebook.debug_mode = false
# facebook.api_version =
supported_exports_list =

# https://dev.twitter.com/apps/new
#
SOCIAL_AUTH_TWITTER_KEY = ...
SOCIAL_AUTH_TWITTER_SECRET = ...

# http://developer.github.com/v3/oauth/
# https://github.com/settings/applications
SOCIAL_AUTH_GITHUB_KEY = ...
SOCIAL_AUTH_GITHUB_SECRET = ...
SOCIAL_AUTH_GITHUB_SCOPE = repo

# https://code.google.com/apis/console/ ; API & auth; Credentials; Create Client ID for web application
# API & auth; APIs; Google+ API: Activate
SOCIAL_AUTH_GOOGLE_OAUTH2_KEY = ...
SOCIAL_AUTH_GOOGLE_OAUTH2_SECRET = ...

# Based on https://wp-oauth.com/
SOCIAL_AUTH_WORDPRESS_OAUTH2_KEY = ....
SOCIAL_AUTH_WORDPRESS_OAUTH2_SECRET = ....

SOCIAL_AUTH_SAML_SP_ENTITY_ID = http://saml.%(public_hostname)s

# Absolute url of image to show for users that do not have an avatar.
# If not present, assembl default will be used.
# Conflicts with avatar.gravatar_default, you cannot define both.
# Gravatar caches the image aggressively; change the filename to change the image.
#avatar.default_image_url = none

# What gravatar will use if email isn't found.
# If not present, the image above will be used.
# Typical values are: 
# identicon: a geometric pattern based on an email hash
# monsterid: a generated 'monster' with different colors, faces, etc
# wavatar: generated faces with differing features and backgrounds
# retro: generated, 8-bit arcade-style pixelated faces
# mm: only show avatars for people who have one on gravatar
avatar.gravatar_default = mm

# Beaker settings
beaker.session.type = ext:memcached
beaker.session.url = %(memcached_host)s:11211
beaker.session.data_dir = %(here)s/var/sessions/data
beaker.session.lock_dir = %(here)s/var/sessions/lock
beaker.session.key = assembl_session
session.secret = CHANGEME_enter_a_secret
beaker.session.cookie_on_exception = true
#security.hash_algorithm = sha256
security.email_token_salt = CHANGEME_enter_a_salt
beaker.session.session_class = assembl.auth.upgradable_session.AssemblUpgradableSession
# Set to false on an entreprise server
beaker.session.cookie_expires = true
beaker.session.elevated_expires = 2635200

new_frontend = true

# Anykeystore settings for Velruse
store = sqlalchemy
store.url = sqlite:///%(here)s/assembl.db

# Dogpile cache
dogpile_cache.backend = file
dogpile_cache.expiration_time = 10000
dogpile_cache.arguments.filename = var/dogpile_cache.dbm

# Change this to the hostname visible from outside
public_hostname = localhost
# Change this to the port visible from the outside
# Typically 80 for prod, 6543 for dev
public_port = 80

# Do we accept https? If so we'll force it in some cases.
accept_secure_connection = true
# Do we force https?
require_secure_connection = true

# ZMQ Websockets are used for frontend to backend communication

# ZMQ model changes local socket (backend will connect to this)
# UNIQUE_PER_SERVER
# Convention:
# /0 thru /2: reserved for development
# /3 thru /4: reserved for automated testing
# /5-: production
changes.socket = ipc:///tmp/assembl_changes/5
changes.multiplex = true

# The port to use for the websocket (client frontends will connect to this)
# In prod, your firewall needs to allow this through or proxy it through nginx
# UNIQUE_PER_SERVER
# Convention:
# 8085 thru 8087: reserved for development
# 8088 thru 8089: reserved for automated testing
# 8090-: production
changes.websocket.port = 8090
# Whether the websocket is proxied by nginx, and exposed through the public_port
changes.websocket.proxied = true
changes.prefix = /socket
# This may use another port than above, in case of reverse proxying.
changes.websocket.url = //%(public_hostname)s:%(public_port)s%(changes.prefix)s/

# Notification broker. possible configurations:

# Noop configurations: Just print.
# assembl.imodeleventwatcher = assembl.lib.model_watcher.ModelEventWatcherPrinter
# celery_tasks.notification_dispatch.imodeleventwatcher = assembl.lib.model_watcher.ModelEventWatcherPrinter
# celery_tasks.imap.imodeleventwatcher = assembl.lib.model_watcher.ModelEventWatcherPrinter

# Direct configuration
# assembl.imodeleventwatcher = assembl.models.notification.ModelEventWatcherNotificationSubscriptionDispatcher
# celery_tasks.notification_dispatch.imodeleventwatcher = assembl.lib.model_watcher.ModelEventWatcherPrinter
# celery_tasks.imap.imodeleventwatcher = assembl.lib.model_watcher.ModelEventWatcherPrinter

# Threaded configurations: Send to thread, thread acts.
# assembl.imodeleventwatcher = assembl.tasks.threaded_model_watcher.ThreadedModelEventWatcher
# celery_tasks.notification_dispatch.imodeleventwatcher = assembl.lib.model_watcher.ModelEventWatcherPrinter
# assembl.threadedmodelwatcher = assembl.models.notification.ModelEventWatcherNotificationSubscriptionDispatcher
# celery_tasks.imap.imodeleventwatcher = assembl.tasks.threaded_model_watcher.ThreadedModelEventWatcher
# celery_tasks.imap.threadedmodelwatcher = assembl.models.notification.ModelEventWatcherNotificationSubscriptionDispatcher

# Broker configurations: send to celery, celery task acts.
assembl.imodeleventwatcher = assembl.tasks.notification_dispatch.ModelEventWatcherCelerySender
celery_tasks.notification_dispatch.imodeleventwatcher = assembl.models.notification.ModelEventWatcherNotificationSubscriptionDispatcher
celery_tasks.imap.imodeleventwatcher = assembl.tasks.notification_dispatch.ModelEventWatcherCelerySender
celery_tasks.source_reader.imodeleventwatcher = assembl.tasks.notification_dispatch.ModelEventWatcherCelerySender

# ZMQ model changes local socket (backend will connect to this)
# UNIQUE_PER_SERVER
# Convention:
# /0 - /3: reserved for development
# /4: reserved for automated testing
# /5 - /12: production
redis_socket = 5
celery_tasks.broker = redis://%(redis_host)s:6379/%(redis_socket)s
celery_tasks.imap.num_workers = 1
celery_tasks.notification_dispatch.num_workers = 1
celery_tasks.notify.num_workers = 2
celery_tasks.translate.num_workers = 2

# Uncomment this if you want a delay (seconds, float) between outgoing notifications
# celery_tasks.notify.smtp_delay. = 0.1
# You can also specify a delay for a specific server, thus:
# celery_tasks.notify.smtp_delay.smtp.example.com = 1.1


# Has to be defined as noop.
celery_tasks.notify.imodeleventwatcher = assembl.lib.model_watcher.ModelEventWatcherPrinter
celery_tasks.translate.imodeleventwatcher = assembl.lib.model_watcher.ModelEventWatcherPrinter

cache_viewdefs = true
activate_tour = false
# minified_js = debug builds with map, which is much slower.
minified_js = false

use_webpack_server = false

# Default subscriptions
subscriptions.participant.default = FOLLOW_SYNTHESES
    EMAIL_BOUNCED
    EMAIL_VALIDATE
    PARTICIPATED_FOR_FIRST_TIME_WELCOME
    SUBSCRIPTION_WELCOME

# Default URL of the Help page. Each discussion can set a custom URL. You can use "%s" for user interface language
help_url = http://assembl.org/user-guides/

# Paste here the Piwik script corresponding to your server, and replace the site id with "%d".
# So this gives _paq.push(['setSiteId', %d]);
# And ...<img src="//.../piwik.php?idsite=%d"...
# Then, a piwik site id can be set in the administration panel of each discussion.
# If web_analytics_piwik_script or the discussion's piwik site id is empty, the Assembl server does not integrate the Piwik tracking code in the web pages it delivers. 
web_analytics_piwik_script = <!-- Piwik -->
    <script type="text/javascript">
      var _paq = _paq || [];

      _paq.push([function() {
        var self = this;
        function getOriginalVisitorCookieTimeout() {
          var now = new Date(),
          nowTs = Math.round(now.getTime() / 1000),
          visitorInfo = self.getVisitorInfo();
          var createTs = parseInt(visitorInfo[2]);
          var cookieTimeout = 33696000; // 13 mois en secondes
          var originalTimeout = createTs + cookieTimeout - nowTs;
          return originalTimeout;
        }
        this.setVisitorCookieTimeout( getOriginalVisitorCookieTimeout() );
      }]);

      _paq.push(['trackPageView']);
      _paq.push(['enableLinkTracking']);
      (function() {
        var u="//%(piwik_host)s/";
        _paq.push(['setTrackerUrl', u+'piwik.php']);
        _paq.push(['setSiteId', %%d]);
        var d=document, g=d.createElement('script'), s=d.getElementsByTagName('script')[0];
        g.type='text/javascript'; g.async=true; g.defer=true; g.src=u+'piwik.js'; s.parentNode.insertBefore(g,s);
      })();
    </script>
    <noscript><p><img src="//%(piwik_host)s/piwik.php?idsite=%%d" style="border:0;" alt="" /></p></noscript>
    <!-- End Piwik Code -->

# URL of your Piwik server. For example: https://stats.bluenove.com . This token is required when the automatic discussion creation process is run.
web_analytics_piwik_url = https://%(piwik_host)s
# API token of a Piwik Super User. This token is required when the automatic discussion creation process is run: a Piwik user and website are created and associated to the discussion.
# For more information, see http://developer.piwik.org/api-reference/reporting-api#authenticate-to-the-api-via-token_auth-parameter
web_analytics_piwik_api_token = 


# When a discussion is created, those callbacks will be invoked
# If any of these callbacks throws an exception, the database transaction fails and so the Discussion object will not be added into the database (Discussion is not created).
# Each callback must be indempotent: Calling it once or several times should produce the same result.
discussion_callbacks =
    assembl.lib.discussion_creation.DiscussionCreationPrinter
#    assembl.tasks.piwik.AutomaticPiwikBindingAtDiscussionCreation


[pshell]
db = assembl.lib.pshell_session.db
models = assembl.models
transaction = transaction

[alembic]
# Path to migration scripts
script_location = assembl/alembic
sqlalchemy.url = postgresql+psycopg2://%(db_user)s:%(db_password)s@%(db_host)s/%(db_database)s?sslmode=disable
transaction_per_migration = true

# Template used to generate migration files
# file_template = %%(rev)s_%%(slug)s

# Set to 'true' to run the environment during
# the 'revision' command, regardless of autogenerate
# revision_environment = false

[server:main]
use = egg:waitress#main
host = 0.0.0.0
# If not proxied by nginx or something, public_port in app:main needs to match
# this value
# UNIQUE_PER_SERVER
# Default port is 6543.  
# Convention:
# 6543 thru 6545: reserved for development
# 6546 thru 6547: reserved for automated testing
# 6548-: production
port = 6548
threads = 10

# Begin logging configuration

[loggers]
keys = root, assembl, sqlalchemy, alembic, sentry

[handlers]
keys = console, sentry

[formatters]
keys = generic

[logger_root]
level = WARN
handlers = console, sentry

[logger_assembl]
level = WARN
handlers = console, sentry
qualname = assembl

[logger_sqlalchemy]
level = WARN
handlers = console, sentry
qualname = sqlalchemy.engine
# "level = INFO" logs SQL queries.
# "level = DEBUG" logs SQL queries and results.
# "level = WARN" logs neither.  (Recommended for production systems.)

[logger_alembic]
level = WARN
handlers = console, sentry
qualname = alembic

[logger_sentry]
level = WARN
handlers = console
qualname = sentry.errors
propagate = 0

[handler_console]
class = StreamHandler
args = (sys.stderr,)
level = NOTSET
formatter = generic

[handler_sentry]
class = raven.handlers.logging.SentryHandler
args = ('%(sentry_scheme)s://%(sentry_key)s:%(sentry_secret)s@%(sentry_host)s/%(sentry_id)s',)
level = WARNING
formatter = generic


[formatter_generic]
format = %(asctime)s %(levelname)-5.5s [%(name)s][%(threadName)s] %(message)s

# End logging configuration

[filter:raven]
use = egg:raven#raven
dsn = %(sentry_scheme)s://%(sentry_key)s:%(sentry_secret)s@%(sentry_host)s/%(sentry_id)s
include_paths = assembl
exclude_paths = 

[supervisor]

autostart_celery_imap = true
autostart_celery_notification_dispatch = true
autostart_celery_notify = true
autostart_celery_notify_beat = true
autostart_celery_translate = false
autostart_source_reader = true
autostart_changes_router = true
autostart_pserve = false
autostart_nodesass = false
autostart_gulp = false
autostart_webpack = false
autostart_uwsgi = true
autostart_metrics_server = false
autostart_metrics_server = false
autostart_edgesense_server = false

[uwsgi]
# Set this dangerous umask if uwsgi is not the same user as nginx. Alternately, use proper uid/gid and run as root.
#umask = 000
umask = 007
uid = %U
gid = www-data
master = 1
processes = 8
lazy = 1
die-on-term = 1
# Do NOT use threads here, there are problems with pyodbc
# Defining the threads variable with any value enables threading
# threads = DO NOT USE
buffer-size = 65535
socket = %d/var/run/uwsgi.sock
stats = %d/var/run/uwsgi_stats.sock
plugin=python
virtualenv=%dvenv
pythonpath=%d
paste=config://%d%s
# Thunder-lock is only relevant in multiprocess+multithread mode
# thunder-lock = true