[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[taler-deployment] branch master updated: weblate setup docs and support
|
From: |
gnunet |
|
Subject: |
[taler-deployment] branch master updated: weblate setup docs and supporting files |
|
Date: |
Fri, 01 May 2020 03:16:44 +0200 |
This is an automated email from the git hooks/post-receive script.
buck pushed a commit to branch master
in repository deployment.
The following commit(s) were added to refs/heads/master by this push:
new b4b2db6 weblate setup docs and supporting files
b4b2db6 is described below
commit b4b2db62b3d236f6a35f8eb882c93de50ca0e046
Author: buckE <address@hidden>
AuthorDate: Fri May 1 01:15:56 2020 +0000
weblate setup docs and supporting files
---
weblate/SETUP.md | 121 ++++
weblate/settings.py | 865 +++++++++++++++++++++++++
weblate/systemd-nonpriv/README | 3 +
weblate/systemd-nonpriv/celery-weblate.service | 24 +
weblate/systemd-nonpriv/uwsgi-weblate.service | 17 +
5 files changed, 1030 insertions(+)
diff --git a/weblate/SETUP.md b/weblate/SETUP.md
new file mode 100644
index 0000000..7a698b4
--- /dev/null
+++ b/weblate/SETUP.md
@@ -0,0 +1,121 @@
+## Weblate.taler.net Setup Notes
+
+### The purpose of this is to document how the weblate.taler.net service was
built, in the event that it needs to be repaired, changed, reproduced, etc.
+
+Always refer to https://docs.weblate.org/ if necessary, or just for a good
laugh.
+
+### Upgrading
+
+See latest recommendations:
+https://docs.weblate.org/en/latest/admin/upgrade.html?highlight=upgrade#generic-upgrade-instructions
+
+### Basic structure:
+
+This weblate instance runs as a python3 virtualenv under non-priv
`/home/weblate`.
+
+The generic instructions used to build the site are here, and were followed
closely:
+https://docs.weblate.org/en/latest/admin/install/venv-debian.html
+
+#### Notes on general installation:
+
+* settings document is in
`~/weblate-env/lib/python3.8/site-packages/weblate/settings.py` (see symlink in
~)
+* "data directory" or "DATA_DIR" is
`~/weblate-env/lib/python3.8/site-packages/data/` (see symlink to `DATA_DIR/`
in ~)
+* virtualenv is invoked anytime with `. ~/weblate-env/bin/activate`. This
activates the weblate path to access weblate binaries without full paths.
+
+### Configuration
+
+#### `/home/weblate` shell account
+
+ non-priv user with access via SSH key
+ celery and uwsgi services run under this user (see *systemd* below)
+
+#### postgres
+
+ configured for `localhost` access only (ie - `$ psql`)
+ no password
+ Unix `weblate` user has full control over psql 'weblate' user
+ Must manually create 'weblate' database
+ DB Credentials added to `settings.py` "DATABASES" section
+
+#### e-mail
+
+ address@hidden
+ * no password
+ * available via localhost using SMTP
+ * info added to `settings.py` in Django format:
+ `EMAIL_HOST_USER = 'weblate'`
+ (`EMAIL_HOST` and `EMAIL_PORT` not required re: defaults to localhost and
25)
+ * Test E-mail from `/home/weblate`:
+
+ ```
+ # telnet localhost 25
+ Trying 127.0.0.1...
+ Connected to localhost.
+ Escape character is '^]'.
+ 220 gv.taler.net ESMTP Postfix
+ HELO localhost
+ 250 gv.taler.net
+ MAIL From: address@hidden
+ 250 2.1.0 Ok
+ RCPT To: address@hidden
+ 250 2.1.5 Ok
+ DATA
+ 354 End data with <CR><LF>.<CR><LF>
+ hello
+ .
+ 250 2.0.0 Ok: queued as xxxxx
+ quit
+ 221 2.0.0 Bye
+ Connection closed by foreign host.
+ ```
+
+#### Python modules
+
+From
https://docs.weblate.org/en/latest/admin/install/venv-debian.html#python-modules
+
+All-day modules installed:
+
+`$ pip install Weblate aeidon psycopg2-binary`
+
+#### nginx
+
+This root-level service can be found in the `root` repository.
+
+#### uwsgi
+
+uwsgi:
https://docs.weblate.org/en/latest/admin/install.html?highlight=uwsgi#sample-configuration-for-nginx-and-uwsgi
+
+See **systemd** below for customization information.
+
+#### celery
+
+Celery: https://docs.weblate.org/en/latest/admin/install.html#celery
+
+See **systemd** below for customization information.
+
+#### systemd
+
+Our needs require running weblate under `weblate` user as a non-priv service.
This requires running celery-weblate and uwsgi-weblate services as user-level
systemd services.
+
+* See service files under `systemd-nonpriv/` in this repo.
+* On server, non-priv `systemd` files live in
`/home/weblate/.config/systemd/user/`
+* Commands:
+ `$ systemctl --user enable | disable | start | stop | status *servicename*`
+
+### Running Weblate
+
+After installing and customizing, log into `weblate` shell account, and invoke
virtualenv:
+
+`$ . ~/weblate-env/bin/activate`
+
+Now run Django static files collection (required once):
+(https://docs.weblate.org/en/latest/admin/install.html?highlight=uwsgi#serving-static-files)
+
+`$ weblate collectstatic --noinput`
+
+Weblate server should now be set up and visible at the location specified in
the nginx `weblate.site` file. If the site is visible but looks like it's
missing CSS styles, that's a problem with the static files. Common causes:
+
+* static files were not collected
+* nginx is not pointing to the correct location
+ * maybe the `/home/weblate/DATA_DIR` symlink is broken?
+
diff --git a/weblate/settings.py b/weblate/settings.py
new file mode 100644
index 0000000..e83bfc9
--- /dev/null
+++ b/weblate/settings.py
@@ -0,0 +1,865 @@
+# /home/weblate/weblate-env/lib/python3.8/site-packages/weblate/settings.py
+
+# Copyright © 2012 - 2020 Michal Čihař <address@hidden>
+#
+# This file is part of Weblate <https://weblate.org/>
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <https://www.gnu.org/licenses/>.
+#
+
+
+import os
+import platform
+from logging.handlers import SysLogHandler
+
+#
+# Django settings for Weblate project.
+#
+
+DEBUG = False
+
+ADMINS = (
+ ('Weblate Admin', 'address@hidden'),
+)
+
+MANAGERS = ADMINS
+
+DATABASES = {
+ "default": {
+ # Use 'postgresql' or 'mysql'.
+ "ENGINE": "django.db.backends.postgresql",
+ # Database name.
+ "NAME": "weblate",
+ # Database user.
+ "USER": "weblate",
+ # Database password.
+ "PASSWORD": "Mei3ein7ooZieGhe",
+ # Set to empty string for localhost.
+ "HOST": "127.0.0.1",
+ # Set to empty string for default.
+ "PORT": "",
+ # Customizations for databases.
+ "OPTIONS": {
+ # In case of using an older MySQL server,
+ # which has MyISAM as a default storage
+ # 'init_command': 'SET storage_engine=INNODB',
+ # Uncomment for MySQL older than 5.7:
+ # 'init_command': "SET sql_mode='STRICT_TRANS_TABLES'",
+ # Set emoji capable charset for MySQL:
+ # 'charset': 'utf8mb4',
+ # Change connection timeout in case you get MySQL gone away error:
+ # 'connect_timeout': 28800,
+ },
+ }
+}
+
+BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
+
+# Data directory
+DATA_DIR = os.path.join(BASE_DIR, "data")
+
+# Local time zone for this installation. Choices can be found here:
+# http://en.wikipedia.org/wiki/List_of_tz_zones_by_name
+# although not all choices may be available on all operating systems.
+# In a Windows environment this must be set to your system time zone.
+TIME_ZONE = "UTC"
+
+# Language code for this installation. All choices can be found here:
+# http://www.i18nguy.com/unicode/language-identifiers.html
+LANGUAGE_CODE = "en-us"
+
+LANGUAGES = (
+ ("ar", "العربية"),
+ ("az", "Azərbaycan"),
+ ("be", "Беларуская"),
+ ("be@latin", "Biełaruskaja"),
+ ("bg", "Български"),
+ ("br", "Brezhoneg"),
+ ("ca", "Català"),
+ ("cs", "Čeština"),
+ ("da", "Dansk"),
+ ("de", "Deutsch"),
+ ("en", "English"),
+ ("el", "Ελληνικά"),
+ ("en-gb", "English (United Kingdom)"),
+ ("es", "Español"),
+ ("fi", "Suomi"),
+ ("fr", "Français"),
+ ("gl", "Galego"),
+ ("he", "עברית"),
+ ("hu", "Magyar"),
+ ("hr", "Hrvatski"),
+ ("id", "Indonesia"),
+ ("it", "Italiano"),
+ ("ja", "日本語"),
+ ("kab", "Taqbaylit"),
+ ("kk", "Қазақ тілі"),
+ ("ko", "한국어"),
+ ("nb", "Norsk bokmål"),
+ ("nl", "Nederlands"),
+ ("pl", "Polski"),
+ ("pt", "Português"),
+ ("pt-br", "Português brasileiro"),
+ ("ru", "Русский"),
+ ("sk", "Slovenčina"),
+ ("sl", "Slovenščina"),
+ ("sq", "Shqip"),
+ ("sr", "Српски"),
+ ("sv", "Svenska"),
+ ("tr", "Türkçe"),
+ ("uk", "Українська"),
+ ("zh-hans", "简体字"),
+ ("zh-hant", "正體字"),
+)
+
+SITE_ID = 1
+
+# If you set this to False, Django will make some optimizations so as not
+# to load the internationalization machinery.
+USE_I18N = True
+
+# If you set this to False, Django will not format dates, numbers and
+# calendars according to the current locale.
+USE_L10N = True
+
+# If you set this to False, Django will not use timezone-aware datetimes.
+USE_TZ = True
+
+# URL prefix to use, please see documentation for more details
+URL_PREFIX = ""
+
+# Absolute filesystem path to the directory that will hold user-uploaded files.
+MEDIA_ROOT = os.path.join(DATA_DIR, "media")
+
+# URL that handles the media served from MEDIA_ROOT. Make sure to use a
+# trailing slash.
+MEDIA_URL = "{0}/media/".format(URL_PREFIX)
+
+# Absolute path to the directory static files should be collected to.
+# Don't put anything in this directory yourself; store your static files
+# in apps' "static/" subdirectories and in STATICFILES_DIRS.
+STATIC_ROOT = os.path.join(DATA_DIR, "static")
+
+# URL prefix for static files.
+STATIC_URL = "{0}/static/".format(URL_PREFIX)
+
+# Additional locations of static files
+STATICFILES_DIRS = (
+ # Put strings here, like "/home/html/static" or "C:/www/django/static".
+ # Always use forward slashes, even on Windows.
+ # Don't forget to use absolute paths, not relative paths.
+)
+
+# List of finder classes that know how to find static files in
+# various locations.
+STATICFILES_FINDERS = (
+ "django.contrib.staticfiles.finders.FileSystemFinder",
+ "django.contrib.staticfiles.finders.AppDirectoriesFinder",
+ "compressor.finders.CompressorFinder",
+)
+
+# Make this unique, and don't share it with anybody.
+# You can generate it using weblate/examples/generate-secret-key
+SECRET_KEY = "+6e0m$7i_sr26pb4p%rhag9cd5zz&9))o+!d!s0_kht0rp3&6j"
+
+_TEMPLATE_LOADERS = [
+ "django.template.loaders.filesystem.Loader",
+ "django.template.loaders.app_directories.Loader",
+]
+if not DEBUG:
+ _TEMPLATE_LOADERS = [("django.template.loaders.cached.Loader",
_TEMPLATE_LOADERS)]
+TEMPLATES = [
+ {
+ "BACKEND": "django.template.backends.django.DjangoTemplates",
+ "DIRS": [os.path.join(BASE_DIR, "weblate", "templates")],
+ "OPTIONS": {
+ "context_processors": [
+ "django.contrib.auth.context_processors.auth",
+ "django.template.context_processors.debug",
+ "django.template.context_processors.i18n",
+ "django.template.context_processors.request",
+ "django.template.context_processors.csrf",
+ "django.contrib.messages.context_processors.messages",
+ "weblate.trans.context_processors.weblate_context",
+ ],
+ "loaders": _TEMPLATE_LOADERS,
+ },
+ }
+]
+
+
+# GitHub username for sending pull requests.
+# Please see the documentation for more details.
+GITHUB_USERNAME = None
+
+# GitLab username for sending merge requests.
+# Please see the documentation for more details.
+GITLAB_USERNAME = None
+
+# Authentication configuration
+AUTHENTICATION_BACKENDS = (
+ "social_core.backends.email.EmailAuth",
+ # 'social_core.backends.google.GoogleOAuth2',
+ # 'social_core.backends.github.GithubOAuth2',
+ # 'social_core.backends.bitbucket.BitbucketOAuth',
+ # 'social_core.backends.suse.OpenSUSEOpenId',
+ # 'social_core.backends.ubuntu.UbuntuOpenId',
+ # 'social_core.backends.fedora.FedoraOpenId',
+ # 'social_core.backends.facebook.FacebookOAuth2',
+ "weblate.accounts.auth.WeblateUserBackend",
+)
+
+# Custom user model
+AUTH_USER_MODEL = "weblate_auth.User"
+
+# Social auth backends setup
+SOCIAL_AUTH_GITHUB_KEY = ""
+SOCIAL_AUTH_GITHUB_SECRET = ""
+SOCIAL_AUTH_GITHUB_SCOPE = ["user:email"]
+
+SOCIAL_AUTH_BITBUCKET_KEY = ""
+SOCIAL_AUTH_BITBUCKET_SECRET = ""
+SOCIAL_AUTH_BITBUCKET_VERIFIED_EMAILS_ONLY = True
+
+SOCIAL_AUTH_FACEBOOK_KEY = ""
+SOCIAL_AUTH_FACEBOOK_SECRET = ""
+SOCIAL_AUTH_FACEBOOK_SCOPE = ["email", "public_profile"]
+SOCIAL_AUTH_FACEBOOK_PROFILE_EXTRA_PARAMS = {"fields": "id,name,email"}
+SOCIAL_AUTH_FACEBOOK_API_VERSION = "3.1"
+
+SOCIAL_AUTH_GOOGLE_OAUTH2_KEY = ""
+SOCIAL_AUTH_GOOGLE_OAUTH2_SECRET = ""
+
+# Social auth settings
+SOCIAL_AUTH_PIPELINE = (
+ "social_core.pipeline.social_auth.social_details",
+ "social_core.pipeline.social_auth.social_uid",
+ "social_core.pipeline.social_auth.auth_allowed",
+ "social_core.pipeline.social_auth.social_user",
+ "weblate.accounts.pipeline.store_params",
+ "weblate.accounts.pipeline.verify_open",
+ "social_core.pipeline.user.get_username",
+ "weblate.accounts.pipeline.require_email",
+ "social_core.pipeline.mail.mail_validation",
+ "weblate.accounts.pipeline.revoke_mail_code",
+ "weblate.accounts.pipeline.ensure_valid",
+ "weblate.accounts.pipeline.remove_account",
+ "social_core.pipeline.social_auth.associate_by_email",
+ "weblate.accounts.pipeline.reauthenticate",
+ "weblate.accounts.pipeline.verify_username",
+ "social_core.pipeline.user.create_user",
+ "social_core.pipeline.social_auth.associate_user",
+ "social_core.pipeline.social_auth.load_extra_data",
+ "weblate.accounts.pipeline.cleanup_next",
+ "weblate.accounts.pipeline.user_full_name",
+ "weblate.accounts.pipeline.store_email",
+ "weblate.accounts.pipeline.notify_connect",
+ "weblate.accounts.pipeline.password_reset",
+)
+SOCIAL_AUTH_DISCONNECT_PIPELINE = (
+ "social_core.pipeline.disconnect.allowed_to_disconnect",
+ "social_core.pipeline.disconnect.get_entries",
+ "social_core.pipeline.disconnect.revoke_tokens",
+ "weblate.accounts.pipeline.cycle_session",
+ "weblate.accounts.pipeline.adjust_primary_mail",
+ "weblate.accounts.pipeline.notify_disconnect",
+ "social_core.pipeline.disconnect.disconnect",
+ "weblate.accounts.pipeline.cleanup_next",
+)
+
+# Custom authentication strategy
+SOCIAL_AUTH_STRATEGY = "weblate.accounts.strategy.WeblateStrategy"
+
+# Raise exceptions so that we can handle them later
+SOCIAL_AUTH_RAISE_EXCEPTIONS = True
+
+SOCIAL_AUTH_EMAIL_VALIDATION_FUNCTION =
"weblate.accounts.pipeline.send_validation"
+SOCIAL_AUTH_EMAIL_VALIDATION_URL =
"{0}/accounts/email-sent/".format(URL_PREFIX)
+SOCIAL_AUTH_LOGIN_ERROR_URL = "{0}/accounts/login/".format(URL_PREFIX)
+SOCIAL_AUTH_EMAIL_FORM_URL = "{0}/accounts/email/".format(URL_PREFIX)
+SOCIAL_AUTH_NEW_ASSOCIATION_REDIRECT_URL =
"{0}/accounts/profile/#account".format(
+ URL_PREFIX
+)
+SOCIAL_AUTH_PROTECTED_USER_FIELDS = ("email",)
+SOCIAL_AUTH_SLUGIFY_USERNAMES = True
+SOCIAL_AUTH_SLUGIFY_FUNCTION = "weblate.accounts.pipeline.slugify_username"
+
+# Password validation configuration
+AUTH_PASSWORD_VALIDATORS = [
+ {
+ "NAME":
"django.contrib.auth.password_validation.UserAttributeSimilarityValidator" #
noqa: E501, pylint: disable=line-too-long
+ },
+ {
+ "NAME":
"django.contrib.auth.password_validation.MinimumLengthValidator",
+ "OPTIONS": {"min_length": 6},
+ },
+ {"NAME":
"django.contrib.auth.password_validation.CommonPasswordValidator"},
+ {"NAME":
"django.contrib.auth.password_validation.NumericPasswordValidator"},
+ {"NAME": "weblate.accounts.password_validation.CharsPasswordValidator"},
+ {"NAME": "weblate.accounts.password_validation.PastPasswordsValidator"},
+ # Optional password strength validation by django-zxcvbn-password
+ # {
+ # 'NAME': 'zxcvbn_password.ZXCVBNValidator',
+ # 'OPTIONS': {
+ # 'min_score': 3,
+ # 'user_attributes': ('username', 'email', 'full_name')
+ # }
+ # },
+]
+
+# Allow new user registrations
+REGISTRATION_OPEN = True
+
+# Middleware
+MIDDLEWARE = [
+ "weblate.middleware.ProxyMiddleware",
+ "django.middleware.security.SecurityMiddleware",
+ "django.contrib.sessions.middleware.SessionMiddleware",
+ "django.middleware.common.CommonMiddleware",
+ "django.middleware.locale.LocaleMiddleware",
+ "django.middleware.csrf.CsrfViewMiddleware",
+ "weblate.accounts.middleware.AuthenticationMiddleware",
+ "django.contrib.messages.middleware.MessageMiddleware",
+ "django.middleware.clickjacking.XFrameOptionsMiddleware",
+ "social_django.middleware.SocialAuthExceptionMiddleware",
+ "weblate.accounts.middleware.RequireLoginMiddleware",
+ "weblate.middleware.SecurityMiddleware",
+]
+
+ROOT_URLCONF = "weblate.urls"
+
+# Django and Weblate apps
+INSTALLED_APPS = [
+ "django.contrib.auth",
+ "django.contrib.contenttypes",
+ "django.contrib.sessions",
+ "django.contrib.sites",
+ "django.contrib.messages",
+ "django.contrib.staticfiles",
+ "django.contrib.admin.apps.SimpleAdminConfig",
+ "django.contrib.admindocs",
+ "django.contrib.sitemaps",
+ "django.contrib.humanize",
+ "social_django",
+ "crispy_forms",
+ "compressor",
+ "rest_framework",
+ "rest_framework.authtoken",
+ "weblate.addons",
+ "weblate.auth",
+ "weblate.checks",
+ "weblate.formats",
+ "weblate.machinery",
+ "weblate.trans",
+ "weblate.lang",
+ "weblate.langdata",
+ "weblate.memory",
+ "weblate.screenshots",
+ "weblate.fonts",
+ "weblate.accounts",
+ "weblate.utils",
+ "weblate.vcs",
+ "weblate.wladmin",
+ "weblate",
+ # Optional: Git exporter
+ "weblate.gitexport",
+]
+
+# Path to locales
+LOCALE_PATHS = (os.path.join(BASE_DIR, "weblate", "locale"),)
+
+# Custom exception reporter to include some details
+DEFAULT_EXCEPTION_REPORTER_FILTER =
"weblate.trans.debug.WeblateExceptionReporterFilter"
+
+# Default logging of Weblate messages
+# - to syslog in production (if available)
+# - otherwise to console
+# - you can also choose 'logfile' to log into separate file
+# after configuring it below
+
+# Detect if we can connect to syslog
+HAVE_SYSLOG = False
+if platform.system() != "Windows":
+ try:
+ handler = SysLogHandler(address="/dev/log",
facility=SysLogHandler.LOG_LOCAL2)
+ handler.close()
+ HAVE_SYSLOG = True
+ except IOError:
+ HAVE_SYSLOG = False
+
+if DEBUG or not HAVE_SYSLOG:
+ DEFAULT_LOG = "console"
+else:
+ DEFAULT_LOG = "syslog"
+
+# A sample logging configuration. The only tangible logging
+# performed by this configuration is to send an email to
+# the site admins on every HTTP 500 error when DEBUG=False.
+# See http://docs.djangoproject.com/en/stable/topics/logging for
+# more details on how to customize your logging configuration.
+LOGGING = {
+ "version": 1,
+ "disable_existing_loggers": True,
+ "filters": {"require_debug_false": {"()":
"django.utils.log.RequireDebugFalse"}},
+ "formatters": {
+ "syslog": {"format": "weblate[%(process)d]: %(levelname)s
%(message)s"},
+ "simple": {"format": "%(levelname)s %(message)s"},
+ "logfile": {"format": "%(asctime)s %(levelname)s %(message)s"},
+ "django.server": {
+ "()": "django.utils.log.ServerFormatter",
+ "format": "[%(server_time)s] %(message)s",
+ },
+ },
+ "handlers": {
+ "mail_admins": {
+ "level": "ERROR",
+ "filters": ["require_debug_false"],
+ "class": "django.utils.log.AdminEmailHandler",
+ "include_html": True,
+ },
+ "console": {
+ "level": "DEBUG",
+ "class": "logging.StreamHandler",
+ "formatter": "simple",
+ },
+ "django.server": {
+ "level": "INFO",
+ "class": "logging.StreamHandler",
+ "formatter": "django.server",
+ },
+ "syslog": {
+ "level": "DEBUG",
+ "class": "logging.handlers.SysLogHandler",
+ "formatter": "syslog",
+ "address": "/dev/log",
+ "facility": SysLogHandler.LOG_LOCAL2,
+ },
+ # Logging to a file
+ # 'logfile': {
+ # 'level':'DEBUG',
+ # 'class':'logging.handlers.RotatingFileHandler',
+ # 'filename': "/var/log/weblate/weblate.log",
+ # 'maxBytes': 100000,
+ # 'backupCount': 3,
+ # 'formatter': 'logfile',
+ # },
+ },
+ "loggers": {
+ "django.request": {
+ "handlers": ["mail_admins", DEFAULT_LOG],
+ "level": "ERROR",
+ "propagate": True,
+ },
+ "django.server": {
+ "handlers": ["django.server"],
+ "level": "INFO",
+ "propagate": False,
+ },
+ # Logging database queries
+ # 'django.db.backends': {
+ # 'handlers': [DEFAULT_LOG],
+ # 'level': 'DEBUG',
+ # },
+ "weblate": {"handlers": [DEFAULT_LOG], "level": "DEBUG"},
+ # Logging search operations
+ "weblate.search": {"handlers": [DEFAULT_LOG], "level": "INFO"},
+ # Logging VCS operations
+ "weblate.vcs": {"handlers": [DEFAULT_LOG], "level": "WARNING"},
+ # Python Social Auth
+ "social": {"handlers": [DEFAULT_LOG], "level": "DEBUG" if DEBUG else
"WARNING"},
+ # Django Authentication Using LDAP
+ "django_auth_ldap": {
+ "level": "DEBUG" if DEBUG else "WARNING",
+ "handlers": [DEFAULT_LOG],
+ },
+ },
+}
+
+# Remove syslog setup if it's not present
+if not HAVE_SYSLOG:
+ del LOGGING["handlers"]["syslog"]
+
+# List of machine translations
+# MT_SERVICES = (
+# 'weblate.machinery.apertium.ApertiumAPYTranslation',
+# 'weblate.machinery.baidu.BaiduTranslation',
+# 'weblate.machinery.deepl.DeepLTranslation',
+# 'weblate.machinery.glosbe.GlosbeTranslation',
+# 'weblate.machinery.google.GoogleTranslation',
+# 'weblate.machinery.microsoft.MicrosoftCognitiveTranslation',
+# 'weblate.machinery.microsoftterminology.MicrosoftTerminologyService',
+# 'weblate.machinery.mymemory.MyMemoryTranslation',
+# 'weblate.machinery.netease.NeteaseSightTranslation',
+# 'weblate.machinery.tmserver.AmagamaTranslation',
+# 'weblate.machinery.tmserver.TMServerTranslation',
+# 'weblate.machinery.yandex.YandexTranslation',
+# 'weblate.machinery.weblatetm.WeblateTranslation',
+# 'weblate.machinery.saptranslationhub.SAPTranslationHub',
+# 'weblate.machinery.youdao.YoudaoTranslation',
+# 'weblate.memory.machine.WeblateMemory',
+# )
+
+# Machine translation API keys
+
+# URL of the Apertium APy server
+MT_APERTIUM_APY = None
+
+# DeepL API key
+MT_DEEPL_KEY = None
+
+# Microsoft Cognitive Services Translator API, register at
+# https://portal.azure.com/
+MT_MICROSOFT_COGNITIVE_KEY = None
+MT_MICROSOFT_REGION = None
+
+# MyMemory identification email, see
+# https://mymemory.translated.net/doc/spec.php
+MT_MYMEMORY_EMAIL = None
+
+# Optional MyMemory credentials to access private translation memory
+MT_MYMEMORY_USER = None
+MT_MYMEMORY_KEY = None
+
+# Google API key for Google Translate API
+MT_GOOGLE_KEY = None
+
+# Baidu app key and secret
+MT_BAIDU_ID = None
+MT_BAIDU_SECRET = None
+
+# Youdao Zhiyun app key and secret
+MT_YOUDAO_ID = None
+MT_YOUDAO_SECRET = None
+
+# Netease Sight (Jianwai) app key and secret
+MT_NETEASE_KEY = None
+MT_NETEASE_SECRET = None
+
+# API key for Yandex Translate API
+MT_YANDEX_KEY = None
+
+# tmserver URL
+MT_TMSERVER = None
+
+# SAP Translation Hub
+MT_SAP_BASE_URL = None
+MT_SAP_SANDBOX_APIKEY = None
+MT_SAP_USERNAME = None
+MT_SAP_PASSWORD = None
+MT_SAP_USE_MT = True
+
+# Title of site to use
+SITE_TITLE = "GNU Taler Weblate Translations"
+
+# Whether site uses https
+ENABLE_HTTPS = False
+
+# Use HTTPS when creating redirect URLs for social authentication, see
+# documentation for more details:
+#
https://python-social-auth-docs.readthedocs.io/en/latest/configuration/settings.html#processing-redirects-and-urlopen
+SOCIAL_AUTH_REDIRECT_IS_HTTPS = ENABLE_HTTPS
+
+# Make CSRF cookie HttpOnly, see documentation for more details:
+# https://docs.djangoproject.com/en/1.11/ref/settings/#csrf-cookie-httponly
+CSRF_COOKIE_HTTPONLY = True
+CSRF_COOKIE_SECURE = ENABLE_HTTPS
+# Store CSRF token in session
+CSRF_USE_SESSIONS = True
+# Customize CSRF failure view
+CSRF_FAILURE_VIEW = "weblate.trans.views.error.csrf_failure"
+SESSION_COOKIE_SECURE = ENABLE_HTTPS
+# SSL redirect
+SECURE_SSL_REDIRECT = ENABLE_HTTPS
+# Sent referrrer only for same origin links
+SECURE_REFERRER_POLICY = "same-origin"
+# SSL redirect URL exemption list
+SECURE_REDIRECT_EXEMPT = (r"healthz/$",) # Allowing HTTP access to health
check
+# Session cookie age (in seconds)
+SESSION_COOKIE_AGE = 1209600
+# Increase allowed upload size
+DATA_UPLOAD_MAX_MEMORY_SIZE = 50000000
+
+# Some security headers
+SECURE_BROWSER_XSS_FILTER = True
+X_FRAME_OPTIONS = "DENY"
+SECURE_CONTENT_TYPE_NOSNIFF = True
+
+# Optionally enable HSTS
+SECURE_HSTS_SECONDS = 0
+SECURE_HSTS_PRELOAD = False
+SECURE_HSTS_INCLUDE_SUBDOMAINS = False
+
+# URL of login
+LOGIN_URL = "{0}/accounts/login/".format(URL_PREFIX)
+
+# URL of logout
+LOGOUT_URL = "{0}/accounts/logout/".format(URL_PREFIX)
+
+# Default location for login
+LOGIN_REDIRECT_URL = "{0}/".format(URL_PREFIX)
+
+# Anonymous user name
+ANONYMOUS_USER_NAME = "anonymous"
+
+# Reverse proxy settings
+IP_PROXY_HEADER = "HTTP_X_FORWARDED_FOR"
+IP_BEHIND_REVERSE_PROXY = False
+IP_PROXY_OFFSET = 0
+
+# Sending HTML in mails
+EMAIL_SEND_HTML = True
+
+# Subject of emails includes site title
+EMAIL_SUBJECT_PREFIX = "[{0}] ".format(SITE_TITLE)
+
+# Enable remote hooks
+ENABLE_HOOKS = True
+
+# Number of nearby messages to show in each direction
+NEARBY_MESSAGES = 5
+
+# By default the length of a given translation is limited to the length of
+# the source string * 10 characters. Set this option to False to allow longer
+# translations (up to 10.000 characters)
+LIMIT_TRANSLATION_LENGTH_BY_SOURCE_LENGTH = True
+
+# Use simple language codes for default language/country combinations
+SIMPLIFY_LANGUAGES = True
+
+# Render forms using bootstrap
+CRISPY_TEMPLATE_PACK = "bootstrap3"
+
+# List of quality checks
+# CHECK_LIST = (
+# 'weblate.checks.same.SameCheck',
+# 'weblate.checks.chars.BeginNewlineCheck',
+# 'weblate.checks.chars.EndNewlineCheck',
+# 'weblate.checks.chars.BeginSpaceCheck',
+# 'weblate.checks.chars.EndSpaceCheck',
+# 'weblate.checks.chars.DoubleSpaceCheck',
+# 'weblate.checks.chars.EndStopCheck',
+# 'weblate.checks.chars.EndColonCheck',
+# 'weblate.checks.chars.EndQuestionCheck',
+# 'weblate.checks.chars.EndExclamationCheck',
+# 'weblate.checks.chars.EndEllipsisCheck',
+# 'weblate.checks.chars.EndSemicolonCheck',
+# 'weblate.checks.chars.MaxLengthCheck',
+# 'weblate.checks.chars.KashidaCheck',
+# 'weblate.checks.chars.PuctuationSpacingCheck',
+# 'weblate.checks.format.PythonFormatCheck',
+# 'weblate.checks.format.PythonBraceFormatCheck',
+# 'weblate.checks.format.PHPFormatCheck',
+# 'weblate.checks.format.CFormatCheck',
+# 'weblate.checks.format.PerlFormatCheck',
+# 'weblate.checks.format.JavaScriptFormatCheck',
+# 'weblate.checks.format.CSharpFormatCheck',
+# 'weblate.checks.format.JavaFormatCheck',
+# 'weblate.checks.format.JavaMessageFormatCheck',
+# "weblate.checks.format.PercentPlaceholdersCheck",
+# "weblate.checks.format.I18NextInterpolationCheck",
+# 'weblate.checks.angularjs.AngularJSInterpolationCheck',
+# 'weblate.checks.qt.QtFormatCheck',
+# 'weblate.checks.qt.QtPluralCheck',
+# 'weblate.checks.ruby.RubyFormatCheck',
+# 'weblate.checks.consistency.PluralsCheck',
+# 'weblate.checks.consistency.SamePluralsCheck',
+# 'weblate.checks.consistency.ConsistencyCheck',
+# 'weblate.checks.consistency.TranslatedCheck',
+# 'weblate.checks.chars.EscapedNewlineCountingCheck',
+# 'weblate.checks.chars.NewLineCountCheck',
+# 'weblate.checks.markup.BBCodeCheck',
+# 'weblate.checks.chars.ZeroWidthSpaceCheck',
+# 'weblate.checks.render.MaxSizeCheck',
+# 'weblate.checks.markup.XMLValidityCheck',
+# 'weblate.checks.markup.XMLTagsCheck',
+# 'weblate.checks.markup.MarkdownRefLinkCheck',
+# 'weblate.checks.markup.MarkdownLinkCheck',
+# 'weblate.checks.markup.MarkdownSyntaxCheck',
+# 'weblate.checks.markup.URLCheck',
+# 'weblate.checks.markup.SafeHTMLCheck',
+# 'weblate.checks.placeholders.PlaceholderCheck',
+# 'weblate.checks.placeholders.RegexCheck',
+# 'weblate.checks.source.OptionalPluralCheck',
+# 'weblate.checks.source.EllipsisCheck',
+# 'weblate.checks.source.MultipleFailingCheck',
+# )
+
+# List of automatic fixups
+# AUTOFIX_LIST = (
+# 'weblate.trans.autofixes.whitespace.SameBookendingWhitespace',
+# 'weblate.trans.autofixes.chars.ReplaceTrailingDotsWithEllipsis',
+# 'weblate.trans.autofixes.chars.RemoveZeroSpace',
+# 'weblate.trans.autofixes.chars.RemoveControlChars',
+# )
+
+# List of enabled addons
+# WEBLATE_ADDONS = (
+# 'weblate.addons.gettext.GenerateMoAddon',
+# 'weblate.addons.gettext.UpdateLinguasAddon',
+# 'weblate.addons.gettext.UpdateConfigureAddon',
+# 'weblate.addons.gettext.MsgmergeAddon',
+# 'weblate.addons.gettext.GettextCustomizeAddon',
+# 'weblate.addons.gettext.GettextAuthorComments',
+# 'weblate.addons.cleanup.CleanupAddon',
+# 'weblate.addons.consistency.LangaugeConsistencyAddon',
+# 'weblate.addons.discovery.DiscoveryAddon',
+# 'weblate.addons.flags.SourceEditAddon',
+# 'weblate.addons.flags.TargetEditAddon',
+# 'weblate.addons.flags.SameEditAddon',
+# "weblate.addons.flags.BulkEditAddon",
+# 'weblate.addons.generate.GenerateFileAddon',
+# 'weblate.addons.json.JSONCustomizeAddon',
+# 'weblate.addons.properties.PropertiesSortAddon',
+# 'weblate.addons.git.GitSquashAddon',
+# 'weblate.addons.removal.RemoveComments',
+# 'weblate.addons.removal.RemoveSuggestions',
+# 'weblate.addons.resx.ResxUpdateAddon',
+# 'weblate.addons.yaml.YAMLCustomizeAddon',
+# 'weblate.addons.autotranslate.AutoTranslateAddon',
+# )
+
+# E-mail address that error messages come from.
+SERVER_EMAIL = "address@hidden"
+
+# Default email address to use for various automated correspondence from
+# the site managers. Used for registration emails.
+DEFAULT_FROM_EMAIL = "address@hidden"
+
+# List of URLs your site is supposed to serve
+ALLOWED_HOSTS = ["*"]
+
+# Configuration for caching
+CACHES = {
+ "default": {
+ "BACKEND": "django_redis.cache.RedisCache",
+ "LOCATION": "redis://127.0.0.1:6379/1",
+ # If redis is running on same host as Weblate, you might
+ # want to use unix sockets instead:
+ # 'LOCATION': 'unix:///var/run/redis/redis.sock?db=1',
+ "OPTIONS": {
+ "CLIENT_CLASS": "django_redis.client.DefaultClient",
+ "PARSER_CLASS": "redis.connection.HiredisParser",
+ "PASSWORD": None,
+ "CONNECTION_POOL_KWARGS": {},
+ },
+ "KEY_PREFIX": "weblate",
+ },
+ "avatar": {
+ "BACKEND": "django.core.cache.backends.filebased.FileBasedCache",
+ "LOCATION": os.path.join(DATA_DIR, "avatar-cache"),
+ "TIMEOUT": 86400,
+ "OPTIONS": {"MAX_ENTRIES": 1000},
+ },
+}
+
+# Store sessions in cache
+SESSION_ENGINE = "django.contrib.sessions.backends.cache"
+# Store messages in session
+MESSAGE_STORAGE = "django.contrib.messages.storage.session.SessionStorage"
+
+# REST framework settings for API
+REST_FRAMEWORK = {
+ # Use Django's standard `django.contrib.auth` permissions,
+ # or allow read-only access for unauthenticated users.
+ "DEFAULT_PERMISSION_CLASSES": [
+ "rest_framework.permissions.IsAuthenticatedOrReadOnly"
+ # Use following with LOGIN_REQUIRED_URLS
+ # "rest_framework.permissions.IsAuthenticated"
+ ],
+ "DEFAULT_AUTHENTICATION_CLASSES": (
+ "rest_framework.authentication.TokenAuthentication",
+ "weblate.api.authentication.BearerAuthentication",
+ "rest_framework.authentication.SessionAuthentication",
+ ),
+ "DEFAULT_THROTTLE_CLASSES": (
+ "rest_framework.throttling.AnonRateThrottle",
+ "rest_framework.throttling.UserRateThrottle",
+ ),
+ "DEFAULT_THROTTLE_RATES": {"anon": "100/day", "user": "5000/hour"},
+ "DEFAULT_PAGINATION_CLASS":
("rest_framework.pagination.PageNumberPagination"),
+ "PAGE_SIZE": 20,
+ "VIEW_DESCRIPTION_FUNCTION": "weblate.api.views.get_view_description",
+ "UNAUTHENTICATED_USER": "weblate.auth.models.get_anonymous",
+}
+
+# Example for restricting access to logged in users
+# LOGIN_REQUIRED_URLS = (
+# r'/(.*)$',
+# )
+
+# In such case you will want to include some of the exceptions
+# LOGIN_REQUIRED_URLS_EXCEPTIONS = (
+# r'/accounts/(.*)$', # Required for login
+# r'/admin/login/(.*)$', # Required for admin login
+# r'/static/(.*)$', # Required for development mode
+# r'/widgets/(.*)$', # Allowing public access to widgets
+# r'/data/(.*)$', # Allowing public access to data exports
+# r'/hooks/(.*)$', # Allowing public access to notification hooks
+# r'/healthz/$', # Allowing public access to health check
+# r'/api/(.*)$', # Allowing access to API
+# r'/js/i18n/$', # JavaScript localization
+# r'/contact/$', # Optional for contact form
+# r'/legal/(.*)$', # Optional for legal app
+# )
+
+# Silence some of the Django system checks
+SILENCED_SYSTEM_CHECKS = [
+ # We have modified django.contrib.auth.middleware.AuthenticationMiddleware
+ # as weblate.accounts.middleware.AuthenticationMiddleware
+ "admin.E408"
+]
+
+# Celery worker configuration for testing
+# CELERY_TASK_ALWAYS_EAGER = True
+# CELERY_BROKER_URL = 'memory://'
+# CELERY_TASK_EAGER_PROPAGATES = True
+# Celery worker configuration for production
+CELERY_TASK_ALWAYS_EAGER = False
+CELERY_BROKER_URL = "redis://localhost:6379"
+CELERY_RESULT_BACKEND = CELERY_BROKER_URL
+
+# Celery settings, it is not recommended to change these
+CELERY_WORKER_MAX_MEMORY_PER_CHILD = 200000
+CELERY_BEAT_SCHEDULE_FILENAME = os.path.join(DATA_DIR, "celery",
"beat-schedule")
+CELERY_TASK_ROUTES = {
+ "weblate.trans.tasks.auto_translate": {"queue": "translate"},
+ "weblate.memory.tasks.*": {"queue": "memory"},
+ "weblate.accounts.tasks.notify_*": {"queue": "notify"},
+ "weblate.accounts.tasks.send_mails": {"queue": "notify"},
+ "weblate.utils.tasks.settings_backup": {"queue": "backup"},
+ "weblate.utils.tasks.database_backup": {"queue": "backup"},
+ "weblate.wladmin.tasks.backup": {"queue": "backup"},
+ "weblate.wladmin.tasks.backup_service": {"queue": "backup"},
+}
+
+# Enable plain database backups
+DATABASE_BACKUP = "plain"
+
+# Enable auto updating
+AUTO_UPDATE = False
+
+# PGP commits signing
+WEBLATE_GPG_IDENTITY = None
+
+# Third party services integration
+MATOMO_SITE_ID = None
+MATOMO_URL = None
+GOOGLE_ANALYTICS_ID = None
+SENTRY_DSN = None
+AKISMET_API_KEY = None
+
+# E-mail settings from
https://docs.weblate.org/en/latest/admin/install.html?highlight=email
+#EMAIL_HOST = 'localhost'
+EMAIL_HOST_USER = 'weblate'
+#EMAIL_PORT = '25'
diff --git a/weblate/systemd-nonpriv/README b/weblate/systemd-nonpriv/README
new file mode 100644
index 0000000..2330cf4
--- /dev/null
+++ b/weblate/systemd-nonpriv/README
@@ -0,0 +1,3 @@
+These files belong in /home/weblate/.config/systemd/user/ and are invoked with:
+
+systemctl --user start | stop *servicename*
diff --git a/weblate/systemd-nonpriv/celery-weblate.service
b/weblate/systemd-nonpriv/celery-weblate.service
new file mode 100644
index 0000000..bf84a03
--- /dev/null
+++ b/weblate/systemd-nonpriv/celery-weblate.service
@@ -0,0 +1,24 @@
+[Unit]
+Description=Celery Service (Weblate)
+After=network.target
+
+[Service]
+Type=forking
+#User=weblate
+#Group=weblate
+EnvironmentFile=/home/weblate/celery-weblate
+WorkingDirectory=/home/weblate
+RuntimeDirectory=celery
+RuntimeDirectoryPreserve=restart
+LogsDirectory=celery
+ExecStart=/bin/sh -c '${CELERY_BIN} multi start ${CELERYD_NODES} \
+ -A ${CELERY_APP} --pidfile=${CELERYD_PID_FILE} \
+ --logfile=${CELERYD_LOG_FILE} --loglevel=${CELERYD_LOG_LEVEL}
${CELERYD_OPTS}'
+ExecStop=/bin/sh -c '${CELERY_BIN} multi stopwait ${CELERYD_NODES} \
+ --pidfile=${CELERYD_PID_FILE}'
+ExecReload=/bin/sh -c '${CELERY_BIN} multi restart ${CELERYD_NODES} \
+ -A ${CELERY_APP} --pidfile=${CELERYD_PID_FILE} \
+ --logfile=${CELERYD_LOG_FILE} --loglevel=${CELERYD_LOG_LEVEL}
${CELERYD_OPTS}'
+
+[Install]
+WantedBy=multi-user.target
diff --git a/weblate/systemd-nonpriv/uwsgi-weblate.service
b/weblate/systemd-nonpriv/uwsgi-weblate.service
new file mode 100644
index 0000000..e04ec35
--- /dev/null
+++ b/weblate/systemd-nonpriv/uwsgi-weblate.service
@@ -0,0 +1,17 @@
+[Unit]
+Description=Weblate uWSGI Service
+After=multi-user.target
+
+[Service]
+Type=simple
+Restart=always
+RestartSec=1
+#User=weblate
+#Group=weblate
+ExecStart=/home/weblate/weblate-env/bin/uwsgi --home=/home/weblate/weblate-env
--module weblate.wsgi:application -s /home/weblate/uwsgi.sock --chmod-socket=660
+PIDFile=/home/weblate/pid/weblate-uwsgi.pid
+WorkingDirectory=/home/weblate
+LogsDirectory=logs
+
+[Install]
+WantedBy=multi-user.target
--
To stop receiving notification emails like this one, please contact
address@hidden.
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [taler-deployment] branch master updated: weblate setup docs and supporting files,
gnunet <=